How a bank views financial crimes says a lot about that bank according to Jim Candelmo, Executive Director and Banking Secrecy Act Officer at online bank Ally Financial. “It says something to your shareholders, to the government and to your customers.”
Caldelmo strongly recommends using analytics to detect and prevent financial crimes. “You have the analytics in place to track sales and marketing – you need to use those same powerful platforms to protect your customers against financial crime. Customers expect you protect them — and to do that you have to have a plan,” says Caldelmo.
At The Premier Business Leadership Series in Orlando, Caldelmo helped attendees come up with a plan by sharing seven questions they need to be able to answer about their financial crime program:
Question 1: Who are you?
How do you tackle anti-money laundering (AML) and fraud? How do you deal with cybersecurity? Are you essentially siloed? Are you converged? (i.e. do you treat AML and fraud together?) Do you think you’re converged, but are really siloed?
“Most banks are siloed,” says Candelmo. “Most think they’re converged, but aren’t. You need to know because it’s vital to come up with a convergence plan and get rid of the silos.”
Question 2: What is your internal goal for customer view?
Does your bank strive for a single customer view or a risk-based customer view? According to Candelmo, most subscribe to one or the other. And when you talk to those who say they have a risk-based customer view, they’re really still trying to get a single customer view.
Why does this matter? “Because it’s impossible to have a single view of anything,” said Candelmo. “For example, if you look at the front of a house, you can’t see the side, or the back, or a full view of the roof – and when you’re trying to get a single view of a person – it just can’t be done he said. “What you need to do is determine the most effective angle to capture a view for that customer and focus on that,” says Candelmo.
Question 3: Where do you do your strategic thinking?
Do you pay others to think for you? If you have a problem, do you hire a consultant to come up with a solution? “That’s fine, if you need that,” says Candelmo. “The dynamic that drives me crazy is when the consultants come in, interview employees, come up with a plan — and then the employees spend the next three months tearing apart the consultants’ recommendations because the employees didn’t share everything the consultants needed to know.”
In those cases, a step was missed: Once you have all the data, talk about it with your team and incorporate the consultants into that. “Consultants come up with a solution, but they don’t own it – they leave it to be implemented by the employees who tear it apart because they don’t own the solution,” says Candelmo.
Question 4: What is your articulated risk tolerance?
If you say zero, guess what happens when it’s exceeded? You’ve created your own noose and you will be hung with it, warns Candelmo.
Question 5: How do you handle data management?
Is your data managed through crisis? Is it managed through projects? “If you’re doing it either of these ways, chances are you’re not managing your data effectively,” says Candelmo. “If you’re managing by crisis, you’re too late. If you’re managing by project, you’re not effective until the project launches.”
Question 6: Are you doing the right thing?
“Everyone wants to have enough investigators, run the data correctly,” says Candelmo. “But the question is – are you doing the right thing? Fighting financial crime is very simple: you’re not to allow your financial institution to be used by criminals. Criminal are not to put money in, or take money out of your institution. That’s the right thing. And if you’re doing the right thing, you’re telling your people to look for and add something to the suspicious activities report this month.” Train them to look for specific defects he advises.
Question 7: Does your end-to-end process include the customer?
Maybe the single greatest risk to your institution for financial crimes lies outside your firewall. “Ally is an online bank. You can’t walk in and meet a teller – they live and die by online experience,” says Candelmo. “When someone’s computer gets compromised, and they do, and the account gets emptied, there’s nothing I can do to stop that. But that computer in that house was compromised. When that person says they were the victim of a financial crime, they’re not looking at the hacker. They’re looking at Ally Bank. Even though it’s nothing we’ve done, that’s the greatest risk to our institution. I could have all the aystems in place and working perfectly – but when our customers’ accounts are compromised, we’re the ones they look to.”
Learn how other banker’s financial crimes programs are stacking up in Cyberrisk in Banking. This free whitepaper is based on research by Longitude Research (sponsored by SAS).