10 Questions: Partners in Crime Prevention

The purpose of this interview is to provide readers with a little insight into compliance organizations from the perspective of senior leadership. The exact same questions will be asked of both the business and technology heads at a US-based global bank, highlighting the similarities and differences in the partnership to protect against financial crime. Their responses have been edited for length only, and not content. First, an introduction:

• Deputy Head of US Financial Security (FS)

• Regulatory Controls IT Manager (IT)

PLEASE GIVE ME A LITTLE BACKGROUND ON HOW YOU GOT TO THE POSITION YOU HOLD TODAY.

FS: I have been doing this for 25 years now. I started as an investigator at Chemical Bank and just worked my way up. I was initially on the Fraud side; this was before AML really became popular. So I began as an investigator, then became a manager, I ran an FIU for a little bit, and now I'm here.

IT: My career path is different than most others. My path originated on the process side, where I was an Operations Manager in several capital markets businesses. Midway through my career at Lehman Brothers, I migrated into more of an IT Project Manager role. As I did that, I went back to school for further education in IT Management. In my opinion, the higher you go it is almost more important to understand the business you support than the technology itself.

WHAT DO YOU ENJOY MOST ABOUT YOUR JOB?

FS: When I first started, the investigations were great. You were actually catching bad guys, bad checks, bad employees who had embezzled money. Now what I enjoy most is watching the younger investigators and grooming them, seeing them improve their skills.

IT: I like the variety. I do different things every 30 minutes of the day. I also like when I get to do more creative things, like trying to figure out how best to accomplish something and add value. This in particular grew over time as my role evolved.

WHAT WOULD YOU SAY IS THE HARDEST PART OF YOUR JOB?

FS: Regulatory scrutiny. There is a lot of change in regulations and multiple regulators have different views on different things. Trying to satisfy them all is a challenge, especially more recently. On one hand it's good because it keeps us busy. On the other hand it's just one slip-up away from putting your name in the paper.

IT: What I don't like as much is the heavy administrative burden from being at a large, multi-national bank and in the regulatory business. The challenge is in balancing those two, as it takes away an increasingly large amount of time that could be spent on more strategic thinking.

WHO DO YOU CONSIDER TO BE YOUR TOP THREE STAKEHOLDERS?

FS: Clearly, we cannot work without IT. Next, the business is important because we need to make sure we understand which direction they're going in and that we have the right coverage and risk appetite going forward. Last is senior management. In managing them all, it really comes down to the business whose job it is to make money - without that the bank doesn't exist. But if we don't have the right controls in place we could get fined or put out of business anyway. It's a delicate balance. With different leaders, different budgets, different priorities it is important to get everybody working together.

IT: I don't really view the regulator as a personal stakeholder. By design, I don't have that much direct interaction with them because you want to have a clear and consistent message. That is the responsibility of Compliance. My number one stakeholder is the Compliance department. While it is a partnership, it is clear that we are a service provider and therefore do not always carry the same amount of clout. However, due to the amount of expertise we have, they rely on us heavily for certain things. You cannot really call yourself a partner unless you bring something to the table.

DO YOU THINK THAT BANKS, IN GENERAL, DO A GOOD JOB OF PREVENTING MONEY LAUNDERING AND OTHER FINANCIAL CRIMES?

FS: Every bank is under some sort of consent order, or will be at some time. I think the US-based global banks that have been hit have gotten better because they had to. I don't believe that any bank or bank employee is not trying to do their job right. So it is unfair when a regulator will name an individual, put them in the newspaper personally, when in earnest they're just trying to do their jobs. Perhaps they made a bad decision based on what they knew at the time. It's unfortunate because I think they are really trying.

IT: I do think they are doing a good job. There has been a huge investment forced on the banks by the regulators. As a result, I think it is almost overkill or too much monitoring. Where the industry may be missing the mark is the practicality.  There is a lot of regulatory direction, but it may not be purely hitting anti-money laundering. It may be getting at it, but that is just due to how broad the scope is.

WHAT DO YOU THINK YOUR TEAM SPECIFICALLY COULD DO BETTER TO PROTECT AGAINST MONEY LAUNDERING?

FS: I think the team has to stay abreast of the latest trends and typologies. Sometimes as an investigator you fall into the trap of seeing a refrigeration company receiving funds from a restaurant, which seems normal, but not necessarily digging and getting to the next level. Unfortunately, that is driven by how much time and work you have. If you have hundreds of alerts you have to get through and the activity looks legitimate on the surface, you may let it go.

IT: I believe that we are really following the regulatory directive closely. The only thing that I do see that is true of every bank is the data. How good or clean is your data? There is work to be done, especially on the know-your-customer side. There are some conversations underway about having industry-wide repositories of client data, so each organization does not have to maintain that independently. I think most banks are just trying to keep up and are not thinking more broadly than that.

WHAT CONSTRAINTS DO YOU FACE THAT PREVENT YOU FROM DOING THOSE THINGS?

FS: Alerts keep coming and you have to investigate them in a certain period of time. You have to get them done within 30 days, so you have to make quick decisions. That is where I see technology, whether it be artificial intelligence or just better monitoring systems, that can definitely be improved upon. Utilizing big data in the banking industry would be a big help. Though of course there are some problems with that. There is the financial investment, but also explaining it to your regulator because it's non-traditional. If the true purpose of a suspicious activity report is to provide law enforcement with leads to stop financial crimes, but the regulator is punishing your institution for not filing enough, you end up over-filing and flooding the system. There is definitely a misalignment.

IT: One of the biggest constraints is the complexity of our infrastructure. In large global organizations, it is not always easy to make changes. To do that takes a lot of people and time.

DO YOU THINK YOUR TEAM IS INVESTING ENOUGH (TIME, MONEY, ETC.) INTO PEOPLE? WHAT ABOUT TECHNOLOGY?

FS: Technology is great but you still need the people. There is no tool out there that is going to have a "solve case" button. As much as you want to see technologies come in to limit the number of alerts or narrow the focus, you will always need people. I think we're doing better. We have expanded from a small team to over 90 people over the last two years, and we had support for that. Problems are always going to arise and you want management that is committed to working together to solve them.

IT: From a technology perspective, the challenge is having the time and money to make a shift towards strategic versus tactical. It seems like what most of us are doing is tactical. On the people side, I think the industry has shifted towards viewing people more and more as a commodity. Just bring in whoever is needed and let them go when they're not needed anymore. So I see a smaller investment in people and a much larger one in tactical technology.

WHAT DO YOU CONSIDER TO BE THE GREATEST SOURCE OF FINANCIAL RISK IN THE NEXT 3-5 YEARS?

FS: Right now, I would say shell companies and beneficial ownership. With the Panama Papers we saw those are real issues and there has been a big push there. In the next five years, probably block chain and virtual currencies.

IT: I think there is a rapid shift going on right now towards cyber. It is pretty well known, but may be one of the biggest risks. The line of what is and is not money laundering is a little blurry now. You may have funds being redirected from one account to another, but if it is being used to finance some sort of terrorism or illicit activity then that is definitely a serious financial crime.

WHAT ADVICE WOULD YOU GIVE TO YOUNG PROFESSIONALS ENTERING THIS SPACE?

FS: Be patient. There is plenty of work so learn what you can and your career will progress. It will take some time. Everybody wants it now and I understand that. But if you are in a good place with good management and learning opportunities, it will eventually happen if you remain patient.

IT: The one thing I would advise them is to not go into financial services (joking). It is a difficult business and highly competitive. It is heavily regulated. But ultimately, it's a matter of building your own personal resume. That is what you're going to sell. In our more transient employment structure now, that is the one value nobody can really take away from you.