Viele Großbanken leiden unter den komplexen und schwierigen Prozessen, welche die Bekämpfung von illegalen Geldgeschäften mit sich bringt. Angesichts des Ausmaßes der internationalen Finanzkriminalität und der zunehmenden Kontrolle durch die Aufsichtsbehörden kann es sich keine Bank mehr leisten, weiterhin auf überholte Compliance-Prozesse zu vertrauen. Im Gegenteil: Banken müssen noch viel mehr in moderne Datenanalyse, agile Kontrollabläufe und in die Kooperation mit hoch spezialisierten Regtech-Firmen investieren. Die Studie identifiziert vier Schlüsselkomponenten für den erfolgreichen Kampf gegen illegale Geldgeschäfte:

• Prozesse komplett neu definieren. Statt ihre Compliance-Aktivitäten nur zu überarbeiten, sollten Banken ihre Kontrollabläufe von Grund auf erneuern. In einem Zero-Based-Ansatz definieren sie ihr Zielszenario, vergleichen es mit dem Ist-Zustand und mobilisieren alle Kräfte, um den für sie idealen Regelprozess zu etablieren.
• Ein System für alle Daten. Banken brauchen einen zentralen Datenhaushalt für alle relevanten Compliance-Daten. In einem System können so beispielsweise Kundendaten aus verschiedenen internen und externen Quellen gebündelt werden. Anschließend prüfen Algorithmen diesen Datenpool auf Relevanz und sortieren die Informationen nach Wichtigkeit.
• Advanced Analytics. Künstliche Intelligenz übernimmt bei der Datenanalyse die weniger anspruchsvollen Routinearbeiten wie das Sammeln und die Erstauswertung von Daten. Die Mitarbeiter greifen ein, wenn Maschinen an ihre Grenzen stoßen, etwa bei der Einschätzung nicht eindeutiger Daten.
• Partnerschaften mit Regtechs. Diese Unternehmen verfügen über technologische Lösungen, um die Anforderungen der Aufsichtsbehörden zu erfüllen. Sie haben tiefgehendes Wissen aufgrund von erprobten Algorithmen in der Analyse von Kundenverhalten. Dieses Know-how selbst aufzubauen lohnt sich für viele Banken nicht.

First, banks should develop a streamlined, end-to-end process. Leading banks are starting to review their processes with an eye toward maximizing the client experience, minimizing effort and eliminating breaks and complexity. To do this, some use zero basing, which takes a start-from-scratch view to set the baseline on activities and roles in compliance, rather than starting from existing activities. They are defining the desired future state of compliance, defining the gap between the future state and current state, then mobilizing the organization to redesign processes.

Effective compliance also demands a “golden record’’—a single source for all compliance processes. The record’s core consists of internal structured data that goes through a rules-based cleanup and gets integrated into a data lake. Internal data is enhanced with unstructured and external data such as text, voice and pictures. Some of that data may come from vendors, but banks can also look off the beaten track to non-indexed web pages and search-engine results (see Figure 2). Predefined algorithms then process and score the data for relevance.

Advanced analytics and algorithms form another essential component. Artificial intelligence increasingly can use the enhanced database mentioned earlier to power a proactive compliance model. Machines make a logical substitute for people on routine, low-cognition tasks, as when Fair Isaac introduced a credit scoring model that largely replaced the human element in many lending decisions. Human intervention remains valuable where machines cannot make better decisions, but a growing number of tasks will blend machines and human actors—data collection and crunching by the former, assessment of unclear data points by the latter.

The role of regtechs

Finally, a strong financial crimes compliance strategy now virtually requires some form of partnership with specialist regulatory technology firms, or “regtechs,” which have developed expertise that most banks would find too costly or time-consuming to develop themselves. Regtechs range from know-your-customer or anti-money-laundering specialists such as Palantir, to customer onboarding and workflow process firms such as Encompass and Contego, to major technology firms including IBM, SAS and Oracle. The market also features utilities such as Experian and Accelus, which act as intermediaries or data providers to other companies. We believe that most of the regtech startups will disappear, a few will be acquired and perhaps roughly 2% will continue as standalone firms. Among the established tech firms, one-third to one-half will be able to succeed in this market.

Many banks will outsource activities to regtechs, while some banks might buy a regtech in order to insource a particular technology. And we foresee that some banks might partner with other banks in a joint venture to buy an equity stake or build a new regtech firm. After a bank has redesigned its end-to-end financial crimes compliance process, the transition to a successful regtech partnership requires attention on several fronts (see Figure 3):

• Legal and regulatory compliance. Gaining the confidence of regulators will be essential for a partnership strategy, including with companies that may not yet be approved for certain operations. Regulators will need to be convinced that a bank can outsource activities without hampering reliability and quality, so regtechs must prove that their business and operating models are sound, and that client data will be kept confidential if several banks participate.
• Operations. Most regtechs are digital natives accustomed to using Agile methods. To collaborate effectively with them, banks will have to become more nimble as well, with fewer handoffs, fewer workarounds and clear metrics for each step in the process.
• IT. Banks will need to adapt their core system interfaces to work seamlessly with a network of various plug-and-play applications. As testing cycles get faster, the risk of fraud could rise; IT teams should home in on system stability and security.
• Culture. Banks will have to let go of their traditional bent to build systems themselves, and instead learn to work with firms that are much smaller yet more proficient in their field.
• Project management. Given that regtechs use mainly Agile methods, banks’ own IT and operations teams will have to adopt a similar mindset and greater level of flexibility. If a regtech proposes a new technology, banks won’t have the luxury of taking months for internal approval.

Even as bank supervisors heighten their scrutiny of bank compliance, fraud and money-laundering schemes grow more sophisticated. Banks have no viable choice but to upgrade their crime-detection and crime-fighting capabilities. Their arsenals will increasingly include more powerful analytical models, artificial intelligence and the help of regtech specialists. Yet with each new technology and partnership, banks risk making their compliance operations still more complex. Banks that eventually excel in compliance will be those that strike the right blend of people and machines, build a seamless end-to-end compliance process, and adopt Agile ways of working in order to make the most of regtech expertise.

Jan-Alexander Huber and Matthias Memminger are partners in Bain & Company’s Financial Services practice, and are based in Frankfurt. Michael Soppitt is a partner with Parker Fitzgerald’s Digital Risk Solutions practice. Matthew Hayday leads Parker Fitzgerald’s Risk Technology practice. Soppitt and Hayday are based in London.

Parker Fitzgerald is a global leader in risk management solutions for the banking and capital markets industry, focused on improving resilience and risk-adjusted performance. The firm advises international regulators, governments and key industry bodies in all areas of risk management, capital and liquidity management, market conduct and the impacts of financial technology.