Technology, automation and utilities are hot topics for Asia’s compliance professionals in wealth management, as they seek a more proactive – and faster – way to tackle their challenges. But the importance of human judgement cannot be overlooked.
Private banks have historically not invested too much in systematic approaches to doing business. In today's wealth management landscape, however, more standardisation, particularly through regulatory prescription, demands systems and staff to be redeployed to use them for greater scale and efficiency.
Indeed, effective compliance depends on being able to efficiently process the growing volumes of KYC and AML requirements.
The key thing, believe senior practitioners, is to deal with the key transactions of concern rather than every transaction.
This highlights the ever-growing possibilities of improving IT automation of compliance processes.
However, any system or technology-led solution has to be fit-for-purpose for the bank that engages in it. Plus, it needs to address a real business need.
This is according to a Hubbis survey of over 100 of the leading compliance practitioners in Asian wealth management.
Stronger governance needed
Change to achieve the right compliance framework – although painful – can be made better or worse by the way it is orchestrated.
Whether business consolidation, re-engineering, the introduction of new systems or applications (which are commonplace in every organisation), process change is ongoing across the board.
Yet project governance appears to be a major weakness which causes confusion and often a lack of transparency in what is going to change, as well as when and how.
Steering committees are often comprised of unwilling participants who meet and create plans which they seldom fully understand.
Such misguided decision-making often results in more twists and turns than are required, and points of arrival are sometimes not strategically well-defined enough to determine a project's success.
In the meantime, staff ‘on the ground’ suffer to meet challenging demands of a changing environment whilst managing the expectations of clients who become increasingly frustrated with a lack of transparency within the changing organisation.
An automatic solution
While regulatory technology (RegTech) solutions have risen to the fore, they need to be able to satisfy three key conditions to be viable:
• Relieving the administrative burden of compliance
• Creating consistent and reliable data with adequate privacy controls
• Being configurable to be able to solve multiple compliance challenges
The experience of practitioners suggests that he most likely and applicable solutions to meet all three objectives to create the greatest value to wealth managers are in the fields of KYC/onboarding and investment sales suitability.
In these cases, there are masses of both static and dynamic client, product and transactional data.
Transaction monitoring is another aspect of the compliance function which would benefit from more and faster automation – covering AML, market abuse, personal account dealings and cross-border transactions, for instance.
At the same time, a central KYC register for banks to subscribe to would be helpful, agree compliance heads, so that clients do not need to provide the same documents multiple times to different banks.
Centralisation in terms of the regulatory monitoring and approval of specifications would also help to balance the ambition of sophisticated technological enhancements against the increasing risks of cyber-security, such as hacking.
Institutions need to constantly assess these risks. Plus, they need to do careful cost-benefit analysis prior to engaging the tools.
Scope for utilities
Talk of a KYC or AML utility is also getting louder within the compliance community in Asian wealth management.
According to senior practitioners, any such application or utility should be designed to mirror the actual business need.
And given the need for greater efficiency in onboarding clients – and periodically reviewing them – there is real potential for a utility in this space.
This would require several modular (but preferably integrated) steps. These include identification, due diligence, validation, data capture, approval tracking, review tracking and transaction monitoring.
However, some professionals are concerned that once a system is in use for some time, the notion often emerges that the system – not people – performs the risk management. As a result, incidents and/or near-misses tend to be blamed on the system.
People or systems?
This highlights the extent to which a healthy consciousness is useful, therefore, given that we are not at the stage of technology yet where systems can replace thinking.
Indeed, risk practitioners and business people alike need to consider the use of systems as an aide to doing the same job quicker.
At the end of the day, an ‘approver’ still needs to review the information captured about the client before approving; but in the case of a system approach, all relevant information should already be presented.
In a periodic review using systems to assess transactions and patterns against established norms, the absence of any red flags in this process does not mean there is no money laundering going on; it simply might mean the system may not have been programmed fully to detect it – or, in the case of an artificial intelligence application, has not adapted.
This means a reviewer still has to look through the monitoring report to personally observe that nothing is amiss.