A holistic approach to financial crime prevention is vital for financial institutions in Asia today, said Tim Phillipps, Deloitte analytics and forensic global leader, at the Deloitte Financial Crime Strategy Conference in Singapore last month.
Financial institutions today need "an enterprise-wide, integrated risk management strategy" that accounts for the entire financial crime prevention lifecycle, he added. The financial crime prevention lifecycle includes compliance; prevention and detection; investigation and remediation; and monitoring and testing.
Following are Deloitte's advice on how financial institutions in Asia should address the different parts of the financial crime prevention lifecycle:
Compliance: A strong governance structure and financial crime strategy are required to maintain an effective compliance programme. Financial institutions can do so by having internal and external target operating models around fraud, anti-money laundering, sanctions, and market abuse; as well as conducting change management programmes that inculcate financial crime prevention into the company culture. They should also ensure that the technology and analytics that they are using are aligned with regulatory requirements.
Prevention and detection: To identify early misuse and prevent financial crime incidents, financial institutions need to have the requisite level of operations and control. Thus, they should have an enterprise fraud and misuse management that provides an integrated set of technology platforms, advanced analytics and services that proactively address fraud. Besides that, they should implement crisis management and incident response processes as well as vulnerability monitoring solutions to address real-time cyber threats.
Investigation and remediation: Financial institutions that are victims to financial crimes should work with their legal advisors and experts to remedy the situation and create a method to prevent a reoccurrence. The experts hired to help need to have a good understanding of the laws and regulations around anti-fraud, financial crime and anti-corruption, as well as offer a suite of services to address the permutations of an investigation. It is also recommended to have a cyber response services team that is designed to handle the management and investigation of the origin and cause of the cyber incidents.
Monitoring and testing: Financial institutions need to continually monitor and test their financial crime systems and policies for the required efficiency and tailor those systems to the changing nature of external and internal threats. They should thus find and implement the monitoring tools that best suit their needs, as well as train their employees to empower them to use the tools in an effective manner.
"A tight interlock among risk, security, fraud and financial crime management" is now required to combat financial crimes, said Bill Donellan, an i2 executive at IBM who spoke at the symposium. He added that point solutions and a silo approach are no longer effective due to the "frequent and complex fraud schemes" today, and will only "increase the risk of fraud activities and financial crimes going undetected."