Technology innovation is both exciting and groundbreaking for customers and business, yet it brings real societal risk. Where senior leaders see digital and data solutions that attract revenue and support operational efficiencies, sophisticated financial criminals see new ways to infiltrate, attack and cheat the system.
In this paradoxical environment, trustworthy data and analytics are crucial, bringing great opportunities if used correctly but considerable pitfalls if not.
In this blog, I'm going to consider three important factors that need addressing if organizations are to reap the rewards of data and analytics, rather than raising the risk of financial crime. They should know and trust that their data is held securely, trust that the quality of data can be relied upon for business decisions, and trust that the data is being used for the right purpose and in the right way.
With the right approach, these three factors can be tackled and managed, and in my experience, that can bring rewards for all.
Secure your data throughout - no matter how or where it sits
To the first of the three - let's consider how data should be robustly handled and held securely to underpin the organization's fight against financial crime.
It is a truism that data must be secure. But, in practice, data can be incredibly complicated to track, administer and store when it sits across multiple different geographies, departments and systems, and is subject to a wide array of different legal and regulatory requirements. Poor internal handling and weak cyber security controls can undermine any anti-financial crime efforts and can threaten to open the door to your most valuable asset - your customers' data. Indeed, nothing can make your customers turn their back on you quicker than a breach in your security defenses.
But it's challenging. Organizations should find the balance between having highly robust data processes in place, while not stifling the ability to use that data both to enhance customer experience and in the fight against criminal activity. This is further complicated by the reminder that financial crime isn't just an external force, it may manifest via a data breach by a malicious employee exploiting weak system access controls.
A strong data security program can tackle these challenges. This means a trusted program with a thorough risk assessment at its heart, with knowledge of the possible compromise events that create data security vulnerabilities in an organization, both external and internal.
Strive for quality, to monitor with confidence
The second factor in the trio considers the quality of data; many leading organizations make this a business obsession. Businesses collect all sorts of information for their Know Your Customer (KYC) and anti-financial crime practices, and those who can trust it can move forward with confidence in their risk management and their customer relationships.
Quality covers the accuracy, provenance and 'freshness' of data, all of which are vital for the effective operation of an organization's financial crime monitoring activities - from fraud detection, to sanctions screening, anti-money laundering (AML), and more.
But these monitoring operations are costly. As well as the systems and technologies involved, there is the significant manual effort required to review red flags and alerts, so businesses should do all they can to avoid poor quality data being a major contributor to the numbers of false positives that are generated. In fact, some organizations experience a level of false positive alerts in AML transaction monitoring of over 95 percent.
It's clear, therefore, that trustworthy data is a vital foundation to successful monitoring, which is arguably at the heart of financial crime prevention and detection.
Ignore purpose at your peril
Finally, conducting data analytics in the right way requires integrity and a consideration of purpose, particularly when fighting criminal activity that pervades every part of society and can be difficult to distinguish from legitimate behavior.
Purpose means aiming to ensure that the use of data is acceptable and is appropriate to the context in which it is being used. To take a broad example - using crime statistics as a proxy for economic vibrancy in a specific geographic area is only justified if the right statistics are being leveraged in the right context; getting this wrong could have devastating societal effects on people and communities, and reputational damage to organizations.
Businesses should consider whether the way they are using data is ethical and trustworthy, and that ensuing predictions are managed with integrity. While the end goal of fighting financial crime is inherently purpose-driven, it doesn't necessarily follow that the journey is easy or without risk of inadvertently discriminating against innocent individuals. These pitfalls can occur when an organizations' use of data is unsafe and allows unsound or spurious correlations (for example, customer exits that are linked to nationality) to slip through the net. This is an area of great uncertainty and rapid change, with again, enormous potential reputational risk.
In building trust in these three crucial factors - data security, quality and purpose - I'm confident that organizations can begin to fully reap the expected benefits in their financial crime prevention programs. The fight against crime is underpinned by this trust, particularly in a world where organizations are facing a growing list of challenges, such as the costs of compliance, the increased sophistication of criminals, relentless regulatory pressures, the explosion of digitization and cloud computing, and the rise of cryptocurrencies.
But help is at hand with KPMG firms' trusted data and analytics methodology and approach. KPMG professionals have the subject matter expertise, data science capabilities and global alliances which can help build systematic protection, bringing tools that can help secure and manage data, and fight sophisticated financial criminals in this ever-changing world.
Read additional blogs in our Financial Crime series.