Defining outcomes in the anti-financial crime industry: skip out on counterfactuals, build on a probabilistic approach
When it comes to preventing financial crime, today’s banking industry is stuck in a cycle of endless investments, and limited returns. With the global cost of financial crime holding steady, and the price of prevention increasing annually, the financial industry seems to be stuck in a loop. With an inability to effectively achieve, or in many cases even define positive outcomes, banks are left with limited ability to guide their efforts towards a general reduction in financial crime risk.
Ultimately, this issue is a result of the ways in which prevention outcomes are measured, and how they are viewed by financial institutions. To understand “prevention” in today’s industry one needs to look no further than to the consistent focus on “control implementation” as the end-all of best practices, with no view on the actual effectiveness of these controls (ACAMS/Killick and Parody, 2007). With no view on the actual ability of these controls to prevent financial crime, banks are left unable to know whether they are effectively directing resources towards actual financial crime prevention.
The industry on the whole must go through a paradigmatic shift in the way that financial crime prevention outcomes are understood, towards control effectiveness as the new standard, built on data-driven views on prevention outcomes. Whilst large-scale change can seem difficult and a mediocre status quo is powerful, the industry has reached a point where spending can no longer increase without clear evidence of effectiveness.
Increasing costs, no evidence of effectiveness
In the market today, financial institutions spend approximately 3.1% of global turnover on financial crime prevention, and this number is rising (Refinitiv/Sidanius, 2019). Across the industry, spending in 2019 has been projected to increase nearly 51% over previous years (Sidanius, 2019).
Yet there is little evidence of any substantive reduction in the occurrence of financial crime. In fact, approximately 72% of financial institutions report having been the victim of financial criminals in the previous twelve months (Sidanius, 2019). In the late 1990s, the IMF released a study indicating that financial crime measured roughly 2–5% of the world’s global gross domestic product (UNODC). In 2009, the UNODC put this number at 3.6% (FATF). Today, current UN predictions still place the total amount of money laundered across the planet at between 2–5% of global GDP (UNODC). In short, whilst financial crime prevention spending is increasing, financial crime remains untamed.
As such, no definitive reduction in the exposure of financial institutions to financial crime can be meaningfully identified. Different factors may contribute to this. One of which is the fact that industry largely views positive “outcomes” as being synonymous with compliance with regulatory requirements. One needs to look no further than the FATF 40 Recommendations, or any recent consulting report to find that the predominant view on financial crime prevention outcomes relies on the assumption that the mere presence of adequately designed controls acts as a substantive stand-in for effective financial crime prevention. As such, banks are left with no view on the actual ability of these controls to prevent financial crime.
A probabilistic approach to prevention outcomes
What is required is a paradigmatic shift in the way that control outcomes are defined, towards a robust data-driven methodology. The primary metric for defining prevention outcomes at the control level, should be based on the extent to which any given financial crime attack can be prevented by the current control framework. For any given control, or any inherent risk indicator, there is a probabilistically definable likelihood that the presence or absence of that control will lead to an actualised risk event. The increase or reduction in this likelihood can be understood as an outcome in and of itself.
When control effectiveness is measured in this manner, as improvements are made to a bank’s controls, there will be a corresponding decrease in the likelihood that a bank is exposed to financial crime. In other words, the effective reduction in a bank’s exposure can be measured against the investments made to achieve that outcome.
The Elucidate FinCrime Index (“EFI”), the data-driven risk management platform
The EFI is built using probabilistic modelling approaches similar to those used to quantify financial risks such as credit or operational risks, and is supplemented by BigData technology, machine learning, and automation.
The EFI evaluates inherent risk indicators and a bank’s associated controls. Controls are evaluated on their probabilistic effectiveness, ensuring that banks are provided with a transparent, objective, and factual risk assessment. Financial institutions are able to assess the quality of individual control areas, and identify where their greatest risks are. The risk indicators evaluated indicate potential exposure to financial crime risk, and as such an accurate prediction of the outcomes of a bank’s control framework.
As investments are strategically targeted towards the areas of greatest concern, banks are able to see the defrayal of their risk exposure swiftly through the EFI platform. For banks, the EFI means an end to undirected investment, and an end to invisible outcomes.