Sigma Ratings’ 2023 Risk & Compliance Trends
For the past 5 years, future predictions in risk and compliance is something that we have fun putting together - and with a high degree of accuracy along the way. We highly suggest following Ian Bremmer, WEF and the Atlantic Council’s risk management predictions for good measure too. Spoiler alert: Rogue Russia, failure to address climate change and a nuclear Iran are among the biggest risks.
Our predictions are tied to industry trends and based on our understanding of the market and global regulatory and geopolitical landscapes, including what we think is probable (likely) and possible (could happen based on something we are seeing).
So what’s in store for the compliance and risk space and its evolution in 2023?
9 Probable Risk Management and Compliance Trends
1. Further geopolitical instability will invariably drive heightened attention from boards and shareholders on how their firms proactively manage regulatory and reputational risk.It is hard to believe, but the word ‘nuclear’ was casually added into modern conflict discussions in the last year. We have also witnessed an unprecedented jump in sanctions (the half-way point between war and diplomacy) and general unease across an increasing number of sectors that have Russian oligarch or other higher risk exposure in their business relationships and throughout their supply chains.
2. ‘Know Your Customer’ as a concept is increasingly mainstream and not just for banks anymore.Know Your Customer stems from the 1970s–with further reaffirmation following the attacks on September 11– and aimed at better monitoring the financial system and those who access it. Today, however, the concept of ‘knowing your customer’ is just good practice and good business given the regulatory and reputational risks associated with bypassing it. For example, knowing not only your customer, but your customer’s counterparties is important given the myriad of threats to screen associated with everything from money laundering schemes to environmental crime to modern slavery and human trafficking (e.g., Uyghur Forced Labor Prevention Act and the German Supply Chain Act). We expect to see non-bank financial institutions, corporations and service providers begin to lean on better technology, workflows and data to ensure they are on par with (or ahead of) decades of investment by the financial services industry.
3. Perpetually knowing your customers becomes (even more) real.We said last year that this would be an increasingly high-interest topic and the market has borne that out - including our own work at Sigma Ratings to bring forward unparalleled capabilities that power perpetual know your customer across ALL of our data and risk taxonomies. Our team has been working toward this since we joined Barclays’ Accelerator in 2017 and honed our risk taxonomy specifically for perpetual KYC. The value of pursuing a more dynamic review of clients is fairly straightforward and includes greater client awareness (and potential to conduct business overall), as well as cost savings, such as those incurred by unnecessary periodic reviews.
4. Artificial intelligence is here to stay as a force for good in risk and compliance operations.
From the processing of news to the automation of level 1 alerts to predictive risk analytics, not using technology and aspects of artificial intelligence makes little sense going forward - particularly if we hope to make progress in the fight against financial crime. Embracing technology has always been a staple of the highest performing companies, and with artificial intelligence, ignoring it in risk and compliance functions will be hard to defend.For example, while ChatGPT is still in its infancy, it compiles a pretty good first cut on what a robust AML compliance program should include (and that’s before I asked it to refine the return with more detail). That description is included at the end of this blog post.
Source: McKinsey, # of AI processes per organization
5. Regularly screening for risk beyond sanctions.Screening for sanctions is a no-brainer, but doing so alone makes it difficult to represent that an institution is truly preventing money laundering or stepping up fully regarding potential sanctions evasion. This is particularly true in payments, corporate banking and trade. Reliance on a counterparty relationship to do the work is imperfect and previous enforcement actions have shown how utilization of publicly available data can dramatically increase the ability to detect anomalies and stop financial crime. How some folks we polled answered below regarding their work to further screen and stop money laundering.TL;DR: Institutions should care about the money laundering and financial crime risk of their customers’ counterparties, but have imperfect ways to take action in an area that Sigma is uniquely positioned to provide support for.
6. Connecting internal and external data becomes increasingly important - but not just for major financial institutions.Understanding both your internal data and the ocean of data and information outside your organization is critical. As one financial crime executive put it to Sigma, “there is more information about our clients outside of our bank than in it and it is changing on a regular basis - and if there is risk there we would want to know.” We agree and this is why we are working to help clients collect, distill and connect external data to their internal files. The goal? As McKinsey notes, data embedded in every decision, interaction, and process is the goal of the data-driven organization.
7. A new round of leaks is imminent.With Russia/Ukraine approaching a year on and tremendous work being done by Western powers to isolate Russia from the formal financial system, oligarch and associated money has to go somewhere and be enabled by somebody. Where and who exactly is anyone’s guess. Though there has been some reporting on it, a more definitive view is something ICIJ and OCCRP will be very interested in.
8. National AML priorities get further prioritized.The U.S. National AML priorities rolled out in 2021, however, tangible moves to devote resources to them is still an ongoing project (some argue the priorities are the antithesis of priorities and in effect cover everything). Certainly, there has been some distraction given Russia/Ukraine and a reeling economy, but expect things to become more clear in ‘23 and beyond, particularly around kleptocracy and ABAC given recent moves by the Department of Justice on the topic.
9. Continued crypto cooling.This one we nailed last year. Crypto cooled and moved into full winter in ‘22. Regulators are taking a closer look than ever before, and understandably so after the collapse of a litany of firms and questions around general safety and soundness. Bitcoin remains the ‘gold’ of crypto, but that too may be changing as more questions emerge and investors flock to safety.
4 Possible Risk Management and Compliance Trends
1. Increasing regulatory focus on neobanks and crypto, as well as other non-financial institutions.With the cascade of fintech failures, regulators will start to look more deeply into existing firms, their risk management practices and their customer bases. A number of recent FDIC statements buttress this view and the impending financial crunch will apply further protection in the name of consumer protection.
2. An increasing number of global regulators broaden their view of proper risk management to include the environment, modern slavery and broader human rights.Expanding the scope of risk management tracks with the boom in ESG and also plays into more comprehensive anti-money laundering efforts.
3. Leading institutions continue to invest in and focus on effectiveness despite budget cuts.Research supports this thesis and we see it increasingly across the institutions we work with. However, it is unclear if this will be universal or a more likely theme for the largest organizations only.
4. Terrorism, or Countering the Financing of Terrorism, makes a comeback in conversation.While sanctions and aspects of money laundering dominate the conversation, terrorism remains a real threat and the one no institution wants to get wrong. For example, it is encouraging to see the U.S. and Turkey (NATO allies, though with a frosty relationship) agreeing to jointly combat ISIS.
Ask ChatGPT: What are among the most important elements of a financial crime compliance program?
Response from ChatGPT: "Financial crime compliance is the set of processes and procedures that organizations put in place to prevent, detect, and respond to financial crimes. These crimes include money laundering, terrorist financing, fraud, and other illegal activities that involve the misuse of financial systems.
In financial crime compliance, there are several key elements that are considered essential to the overall effectiveness of the compliance program:
- Strong leadership and commitment from the top: Financial crime compliance requires strong leadership and commitment from senior management and the board of directors in order to be effective. This includes setting clear policies and expectations for compliance and providing the necessary resources to ensure that the compliance program is properly implemented and maintained.
- Risk assessment and management: Financial crime compliance programs should include a comprehensive risk assessment to identify and prioritize the risks that the organization is exposed to. This includes assessing the risks associated with different products, services, customers, and geographic regions.
- Policies and procedures: Financial crime compliance programs should have clear and comprehensive policies and procedures that outline the steps that employees should take to prevent, detect, and report financial crimes. These policies and procedures should be communicated to all employees and should be regularly reviewed and updated to ensure that they are effective.
- Training and education: Financial crime compliance programs should include ongoing training and education for employees to ensure that they understand their responsibilities and are aware of the signs of financial crime. This includes training on the organization's policies and procedures, as well as training on how to identify and report suspicious activity.
- Monitoring and testing: Financial crime compliance programs should include ongoing monitoring and testing to ensure that they are effective and to identify any areas that may need improvement. This includes reviewing transaction data, conducting internal audits, and using other tools and techniques to detect potential financial crimes.
Overall, financial crime compliance is an essential element of an organization's risk management strategy. By implementing effective policies and procedures, providing ongoing training and education, and continuously monitoring and testing their compliance program, organizations can help to prevent, detect, and respond to financial crimes and protect themselves from the associated risks."