As in years past, we are making some predictions for what’s to come in the risk and compliance space. In many ways, the world suddenly seems less predictable than in year’s past when you think about a U.S. election (and impeachment trial), ongoing trade war and recent military action in the Middle East, but here we are seeking to separate the trend lines from the headlines. To focus on what is possible, if not probable, as we begin this new decade.
Unlike last year, we separated the predictions into three categories: i) highly probable; ii) probable; and iii) possible. Of course, this is not exhaustive, but it should inform risk and compliance conversations going forward.
- Expect a lot of financial crime-related enforcement work and announcements to happen in 2020. A lot. Some of this will be clean up from years past, though, some of it will be in connection to a renewed focus on enforcement by the American government.
- Increasing influence of ESG factors. And within this, further definition around the “G” and what firms are doing - and how they are measuring progress - around financial crime and anti-corruption measures. For example, Fitch estimates that for 1,500 firms in their rated universe, 22% had ESG factors which influenced their ratings. In other words, firms will need to start looking at these factors in a different way to stand out and attract capital.
- Compliance is hot. Regtech investment and compliance in general is something that has begun to now transcend what was previously a professional niche. Why? U.S. politics, a real passion by young investors to ensure their money is not connected to financial crime or those who enable it and the sheer size of the industry contribute to the trend.
- The rapid rise of challenger banks and quasi-pay-day-lending will increasingly be questioned (e.g., are we making people richer or poorer here) and investigated across a range of authorities. Separately, but related, the pressure to onboard customers and the rise of an API-economy will lead to control breakdowns and failure that if detected will result in significant fines in the fintech arena as we have now seen in the general tech arena.
- China will continue to experiment with its own sanction regime(that diverges more significantly from American, UK, European and UN approaches). Preparing for a dual-regulatory world seems increasingly likely, though its not quite here fully.
- Recent military and para-military operations in the Middle East will not result in significant regional war, but will form the basis for actions (e.g., Iran re-starting enrichment, etc.) that will likely lead to an increase in sanctions and limited kinetic spats.
- 2019 was a harbinger of continued global unrest - that will include nearly every continent. What does it mean? Too early to tell, but it certainly increases the overall risk picture and is possible almost anywhere (e.g., relatively unpredicted unrest in Chile last year for example).
- Corporations to increasingly face sanction and AML-related risk and corresponding enforcement. OFAC noted late last year a clear focus here. This is particularly true for any company with a global supply chain and/or global operations; particularly in high-risk industries and jurisdictions.
- Blockchain to continue to fade as a hot trend. Its use cases are real, but the application of blockchain will probably not reach the scale needed to impact everyday purchasing and global commerce.
- Realization – like with blockchain and other trends – that artificial intelligence is not that intelligent in many facets. It will probably not solve your problem unless it is used in a highly targeted way and by incredibly experienced operators. That said, firms will continue to embrace and benefit from it if leveraged correctly.
- The Europeans will continue to make progress on combatting AML/CFT, but the framework to do so will remain flawed and vulnerabilities will persist.
- Citing national security, the United States begins to implement stricter controls on foreign firms seeking access to U.S. markets and correspondent banking services.
- Further realization - and legitimate policy action - on the lack of success in fighting financial crime globally. Success will require change around data provided by governments, transparency and a real move from box-checking to one that embraces testing around effectiveness at the country and entity level.
Look back on 2019
- The Europeans will get tougher on risk and compliance in the wake of Danske Bank and ten years of foreign (primarily U.S.) enforcement actions.Since the prediction, we have seen a number of actions across northern Europe. CEOs have lost their jobs and market participants are increasingly asking the question: “If this can happen here, what is happening in the rest of the world?” Real questions around correspondent banking remain and industry has not solved this with the Wolfsberg DDQ which does not provide testing or comparability at scale.
- The U.S. will be less aggressive than in years past but will continue to roll out enforcement actions targeting a number of institutions in Europe, Asia and the Middle East. Regulatory action in the rest of world will be important to watch as geopolitical tensions rise (with positive correlation between geopolitical tension and enforcement). The U.S. has been aggressive against typical targets like Iran, Russia and increasingly others that have little recourse like Venezuela. The announcement by FinCEN of a more global role may broaden this stance and provide a much-needed complimentary enforcement approach to the more predictable OFAC.
- The dollar will remain the primary settlement currency, but there will be increasing exploration into the use of other currencies (including dollar-pegged currencies). This will pose enforcement challenges. There are clear indications that this is happening. In the United States, the introduction of Facebook’s Libra and the continued work by Ripple to become the “world’s Central Bank” are indicators. Russia and others continue to talk about alternative payment channels, as do the Europeans. In our work across markets, we have been told by market participants that many avoid running afoul of sanctions or money laundering concerns by clearing in Euros or some other currency that can easily convert to dollars. This should be worrying for anyone earnestly interested in fighting financial crime.
- Innovative and newly formed emerging market banks will increasingly look for ways to circumvent normal payment channels (e.g., SWIFT), but tradition will take longer than people think to displace. See above.
- Risk and compliance will continue to be one of the many battlefields in international spats. The Huawei situation is only the beginning and one that has already now involved the United States, Canada, Poland, New Zealand and Australia. Moreover, it will become clear that a number of other internationally-minded companies may have circumvented sanctions to increase the bottom-line. The full explosion of a trade war is upon us and shows no signs of abating.
- China will begin to test its own form of sanctions. Various geopolitical or economic flash points could make that a reality sooner rather than later. This was one of the bolder predictions. And it is now coming true and is being used to retaliate and to influence policy.
- International confusion (resistance) around the Trump Administration’s re-imposition of Iran sanctions will lead to a number of violations – likely regarding global corporates versus banks – who operate in the Middle East but have not fully contained their compliance risk exposure. Russia will remain a manageable, yet risky prospect for companies as well. It is almost a certainty that sanctions are being broken; to be determined via sanctions enforcement work in 2020.
- With a civil lawsuit against the former CEO of Danske Bank as precedent, Boards and management will increasingly fear personal liability around risk and compliance and begin to demand further independent (emphasis on external) auditing and testing of processes, procedures, customer risk profiles, etc.We have seen this in our business and interactions with clients globally. This year alone, we have seen an increase in the number of ratings requested. Sigma has also been asked to present to a number of forums, including the NACD, on the importance for boards to hit these issues head on.
- The recent announcement by U.S. federal regulators encouraging regtech experimentation and other innovative solutions to reduce compliance spend and increase efficiency will help potential users get comfortable with adopting new technology, but business-as-usual at global banks and corporates will slow progress (despite a real desire to improve). Innovation remains slow for the world’s largest banks. In northern Europe, a shared KYC resource has been announced, but will take time. Banks and others also ask about the quality of the data that their competitors provide. For example, is the data quality equivalent?
- Nonetheless, investment in regtech will continue to soar. For example, more money was invested in regtech in the second half of 2018 than in all of 2017 combined. In comparison to other related investment opportunities that are heavily saturated (e.g., payment, wealth management, challenger banks and blockchain), there is still significant upside in a space that is underinvested. This has slowed down some, partly on account of the sales cycle into financial institutions. It has also slowed some given the resistance of many banks to actually innovate despite a federal mandate to do so. Nonetheless, the space is still hot on a relative basis.
- Compliance departments and regulators will be presented with new challenges from crypto currency innovations, such as the Lightning Network, that further obfuscate transactions on the blockchain. Emergent monitoring technologies will face challenges in keeping up (as will law enforcement). This is only starting. Power users of crypto currency are looking for ways to get around KYC and remain anonymous. We see this in our monitoring of chat rooms and other forums where it is openly talked about on a near-daily basis.
- Corporations, governments, and banks will spend more money on cyber defense. A lot more. In particular, counterparties will be increasingly scrutinized as they have become a large surface vector for attack. This is now the most significant issue for almost every major bank and corporate. Every month there seems to be a new issue, including successful targeting of governments and municipalities.
- Serious questions will begin to emerge around Environment, Social and Governance “ESG” investing criteria, particularly, around how data is collected and how missing data is proxied via “industry averages”. Some will ask whether or not ESG is actually delivering on its promise given the mismatch between recent scandals and ESG scores in 2018. The cracks are there. How can any serious investor in ESG trust self-reported data alone?
- In line with this, there will be a premium for companies (particularly in emerging markets and frontier markets) that are increasingly transparent. In other words, the harder it is to understand entity risk and ownership, the harder it is for investors and counterparties to make decisions. This remains true and is a major thesis around the founding of Sigma.
- Firms will begin to value new, enriched data to make better risk and investment decisions. Nowhere will this be more coveted than across emerging and frontier markets who represent 70% of global GDP growth over the next five years. We see this. The explosion of public data has created an opportunity to turn data into risk insight at scale. Sigma is leading efforts to make this cost effective for the largest corporates on the planet.
- Risk and compliance evolve. The current approach to risk and compliance was envisioned and constructed before the public Internet was fully realized. Understanding and managing internal data will remain a requirement, but how firms handle, and mange public data will separate the followers from the leaders. This is starting to happen, but corporates still have a long way to go in getting good at how they manage internal data.
- Leading institutions will demonstrate to regulators (and shareholders) a more proactive approach to risk management. Proactive approaches, to include ones that allow for more dynamism in understanding and monitoring enterprise risk across hundreds of countries and thousands of clients will prevail. They will also help firms avoid significant regulatory and reputational risk. Firms who are proactive and independently test are far more likely to avoid trouble than those who don’t.
What previously required multiple tools and countless man hours, Sigma executes in under 10 seconds, giving your team faster-than-ever, unparalleled insights.