Corruption, cybercrime and compliance – managing the risks

By Alois Maluvu, Financial Crime Compliance expert, SWIFT

Managing risk in financial institutions has never been more complex. As cyber-attacks continue to evolve and increase in frequency and sophistication, cyber security has become a major area of attention and investment.  Complying with the large number of global regulations that aim to combat money laundering and terrorist financing is also a challenge for the industry, both in terms of costs and resources.

As a result, many global transaction banks have been reviewing and rationalising their relationships with banks in areas of perceived high risk. The phenomenon, known as de-risking, is driven primarily by concerns about anti-money laundering, counter-terrorist financing, fraud and the associated regulatory pressures, as well as the costs associated with maintaining their correspondent banking network.   

Following a UN report that Africa loses $100 billion annually to illicit financial flows and a recent cyber security survey which revealed that cyber-attacks cost African businesses $3.5 billion annually[1], it is clear Africa has been hard-hit by de-risking. In fact, according to a new white paper by SWIFT, ‘Africa Payments: insights into African transaction flows’, almost all African regions have experienced a significant drop in the number of foreign correspondent banking relationships since 2013.

In such a challenging environment, what more can African banks do to remain secure and compliant and maintain their relationships with international correspondents?

First of all, banks need to understand why they may be de-risked. Factors such as the political and economic landscape in specific African countries are certainly part of this equation. However, banks are more likely to be affected if they provide insufficient transparency over their activities, business lines and behaviour. The more difficult it is for correspondents to access KYC or AML information, the greater the cost of doing business with a specific bank becomes.

In order to address this issue, banks can put measures in place to improve both their transparency and the consistency of their information. The right screening tools, backed up by clearly auditable processes and controls, can go a long way toward providing such clarity and reducing compliance costs for correspondents. Compliance controls such as transaction screening can be used to take control of the sanctions compliance process with maximum accuracy, efficiency and cost-effectiveness. These should include transaction and name screening, the use of standardised sanctions lists and quality assurance.

Industry KYC utilities can also help by acting as a platform of up-to-date information for correspondent banks. SWIFT’s KYC Registry, for example, has more than 5000 financial institutions on its books and enables banks to provide validated information, making it cheaper and easier for their correspondents to access the information they need.

Data analytics enable banks to manage risk and identify problematic transactions in a more targeted and efficient way, by identifying and prioritising areas that the bank may wish to investigate further. This can give banks better information about their exposures and a clearer understanding of how their networks operate.

With fraud moving increasingly from data theft to payment fraud, financial institutions need to reassess the security of their payment environments.  Transaction reporting can provide an important layer of quality assurance, a global summary of inbound and outbound counterparty payments flows. It can highlight when suspicious activity occurs and enable banks to cancel messages and recover funds. Monitoring payments in real time takes this a step further, allowing banks to instantly take action if a transaction seems risky.

While all of the above can significantly help financial institutions boost their defences and illustrate transparency, collaboration within the community is just as important. This is why SWIFT is building a compliance utility, a set of standardised services, that will help banks to meet their ever-growing compliance challenges. Since SWIFT is a trusted network, owned by the banks, it can help its customers increase compliance standardisation and efficiency while better managing related cost and risk. Additionally, SWIFT has launched the SWIFT Information Sharing and Analysis Centre (SWIFT ISAC) to facilitate the community’s access to actionable cyber-security threat intelligence, enabling the community to better defend itself against potential future cyber-attacks.

One thing is clear - banks have taken notice and are taking action. They have realised the real risk of non-compliance and exposure to cyber threats, and are therefore investing heavily in cyber security and compliance processes and tools. According to a 2018 LexisNexis Risk Solutions report, the financial services sector in South Africa spends an estimated $2.05 billion (R24.3 billion) a year on AML compliance. MarketsandMarkets has reported that the African cybersecurity market is estimated to grow from $0.92 billion in 2015 to $2.32 billion by 2020.

However, there is still a lot to do and no room for complacency. Banks in Africa, as elsewhere, need to continue with their efforts to provide increased transparency, reduce compliance costs for their correspondents and manage compliance and cyber risk hand-in-hand.

[1] Serianu 2017 Africa Cyber Security Report