Dovetailing with the issue of invisibility, is the challenge in obtaining a single source of truth when it comes to what should and is being reported. The inability to consolidate reporting data across silos, storage architectures, IT systems, RegTech vendors, global systems, and excel spreadsheets, prevents financial institutions from ever having a complete picture of their ability to comply with reporting mandates.
Every application, transaction monitoring system (TMS), sanctions-screening tool, fraud-detection software, and other reporting systems produce crucial, but segregated data streams that must be compared, searched, and analysed to ensure accurate and complete AUSTRAC reporting.
The absence of a consolidated view makes it hard for institutions to recognise and priortise the correct information when it is most needed. Inaccurate, stale, or unavailable data places an additional burden on compliance units, forcing them to spend time manually collecting, validating, and remediating the data that is available, so it can be properly reported.
Specifically, this manual processing ends up draining precious time, operational resources, and costs from financial institutions, be it via exceptions handling, investigating false positives, or going back to customers with additional questions and confirmation requests. What’s more is these information-gathering processes typically occur over unsecure channels such as email and fax, heightening cyber-security risks.
In fact, these process inefficiencies are the reason McKinsey found that first-and second-line compliance staff at a typical financial institution are “spending 80 percent of [their] time on issues of low or moderate materiality, and only 20 percent on critical high-risk issues.”
To highlight the scope of the problem, consider that a single KYC reporting error can result in the “wholesale remediation of thousands of client files and supporting documentation,” according to a 2018 PWC report on productivity.
The PWC report also found that 51% of financial services respondents cited “lack of integration of new data and technology” as one of the primary challenges to enterprise productivity. And a 2018 “Digital Regulatory Report” authored by the UK’s Financial Conduct Authority found that updating systems to deal with new requirements and reporting through multiple systems was one of survey respondents’ most vexing points of friction.
Further highlighting the productivity drain, a 2015 study from FinTech research advisory firm Celent found that the upkeep of outdated systems cannibalises three-quarters of FIs’ IT spend. Inevitably, it is the human cost required to change systems to accommodate new rules and remediate other information gaps that comprise most of this cost centre.
However, a local store of ‘truth’ can remove financial institutions reliance on central, global reporting systems that are often difficult to update with the latest requirements, due to competition between regions and jurisdictions. Thus, these global reporting systems are burdened with the endless reconciliation of fragmented data streams that flow into them and attempt to comply with the rapid pace of multi-jurisdictional regulatory change.
This insight is especially vital for third-party reporting entities that need to know what must be reported and the nature of records being reported, even if a local FI bears responsibility for sharing this data with regulators. Getting third-party compliance reporting right, and right the first time, is essential for reporting entities in their pursuit of operational productivity and cost efficiency.
But even more critical is that first-strike reporting accuracy is essential to mitigate non-compliance risk. According to the FCA report, “fines associated for non-compliance or erroneous reporting have the potential to be higher than the cost of reporting itself.” In financial-services compliance, these reporting failures are far from limited to the UK. They are universal.
In our fourth blog due next week, we further examine the impact of third party reporting relationships on AUSTRAC reporting, in particular how both entities can be held accountable by the regulator.
Clare Rhodes is Identitii’s Director of Marketing and Communications, based in Sydney.