How to pick a risk screening system that suits your needs
by Duncan Edwards
Senior Advisor, Idenfo
The Monetary Authority of Singapore (MAS), a leading global Regulator, identified that a number of “Financial Institutions (FIs) placed undue reliance on system vendors to set (financial crime) parameters, without adequately understanding how the settings impact the accuracy and effectiveness of the screening results.” Does this apply to you?
We have all done it, bought something based on someone else’s experience and ended up with a “not quite right” purchase: a sofa that looked fine in the shop, but looks too big at home; a bed that felt so comfortable, but doesn’t give a good night’s sleep. The trouble is that ‘someone else’ based their advice on what they had seen and heard, not on what you really wanted and needed.
Well, it can be the same with financial crime system vendors. They have implemented their system at other FIs and, in doing so, have understood what industry ‘standard screening settings’ need to be implemented. And to be fair, they have probably seen ‘good ideas’ at other FIs and added them to their settings. But do these settings and calibrations really suit your business? Probably not 100%.
And worse, whilst most Regulators allow FIs to outsource processes e.g. to system vendors; what many FIs forget is that ‘you can outsource, but ownership and responsibility still remain with the FI and its management.’ Yes, individuals, as well as entities, remain liable and that could mean you.
So if that ‘someone else’ has implemented screening settings for your FI, be it transaction monitoring, name screening etc, have you and your team robustly reviewed them to assess their accuracy and effectiveness? And is it fully documented, because the typical reaction is ‘if it’s not documented it never happened?’
So what do you need to do? You need to be ready before Regulators and auditors inspect your business. One way is to take the approach that Idenfo adopts – a demonstrable, documented risk-based approach, using risk categories applicable to your business, that documents and lists the risks introduced by, for example, the products you sell; the risk profile of your customer base; the geographies you operate in; the operational risks that your processes bring with them. For example, would your settings identify front-line personnel selling products to gain commission, rather than selling correctly and for the right reason? This is where Idenfo can help.
But what do we do when we have identified all these risks? At Idenfo we take ‘standard industry settings’ and cross-reference them to your risks. But then, practical experience and understanding have to be applied. At Idenfo we work with our clients to provide solutions to:-
- Are screening scenario settings sufficient to mitigate each individual risks?
- What additional screening scenarios, specific to your business risks, are needed?
- Do screening scenario settings, together with prevent and detect controls, mitigate risks?
- What risks are not supported by screening scenarios and how do we best control them?
- What can we do to make settings more efficient and effective, with less false positives?
- What calibration does each setting need to manage your business risks?
At Idenfo we work with clients so that you can demonstrate you have ‘retained ownership and responsibility ‘, in a fully documented, robust manner. If any of this resonates with you, please contact us without obligation.