Digital banking is evolving from being simply online bank-account management to encompass offering a variety of financial products and services. Multi-national banking operations now must expend significant resources to maintain compliance with the regulations in many jurisdictions.
Mistakes that create a compliance failure can be extremely costly with record fines being imposed on many major banks for illegal practices, money laundering, and other regulatory violations.
Digital Banking Compliance
Digital banking compliance has the added risk exposure of needing to maintain strict compliance in multiple countries for cross-border transactions along with the increased risk of losses due to cyber-attacks and fraud.
The key compliance issues facing the banking industry, as reported by McKinsey, include:
- More Active Compliance Department — There is a change in the role of the compliance department from being in solely an advisory position to now taking on an active role to directly participate in risk management.
- Focus on Residual Risk — Instead of monitoring and documenting all risks and all controls, there is more focus on the management of residual risk by using breakpoints in the critical processes. This helps to ensure that any material risk is noticed. The goal is to have the breakpoints trigger a response that is risk-based with enough oversight and remediation efforts made before a problem gets out of control.
- Integration: The governance of risk management with regulations is achieved by a risk management framework that is fully integrated to work with a bank’s operational-risk protocols and procedures.
KPMG Global Bank Fraud Survey (2019) reports that the types of fraud are:
- Credit and Debit Card Fraud — Bank card fraud accounts for 53% of the total, which is about $1.3 billion annually in America. Another $17 billion in fraud attempts are blocked each year.
- Social Engineering Fraud — The FBI reports that business email spoofing of American companies resulted in $12 billion in losses from 2013 to 2018, which averages to over $2 billion per year.
- Scams — There were 152,595 scams reported by victims from July 2015 to April 2019. There are romance scams, lottery scams, tax payment scams, and “too good to be true” financial scams. Banks are often blamed for the losses from these scams even though the account holders are the ones usually making the mistake of giving account information to criminals. Elderly people are targeted frequently. Push payment scams are used to gain a customer’s trust, then access personal information, and then take over their bank accounts.
- Cyber and Online Fraud — Identity theft continues to be a major problem with billions of users’ account information breached by hacking attacks. Some of the biggest breaches in the past decade were Yahoo (3.5 billion accounts), Marriott Hotel (500 million records), Adult Friend Finder (412 million accounts), eBay (148 million accounts), Equifax (148 million people), Target (110 million people), and Facebook (50 million accounts).
Compliance with regulatory issues related to fraud are serious concerns and whether a bank, a merchant, or a customer is responsible can become a matter of significant dispute and this matter settled differently depending on the laws of a specific location that has jurisdiction.
Money laundering compliance failures caused banks to pay many billions of dollars in fines. HSBC ($1.9 billion), Standard Chartered Bank ($1.1 billion fine), Deutsche Bank ($12.5 billion in fines since 2000), and UBS ($5.1 billion fine) are just some banks fined huge amounts.
Banks are required to file suspicious activity reports with various government organizations that monitor financial crimes like FinCEN in the United States and other regulatory bodies in the EU and the UK, which passed the Sanction and Anti-Money Laundering Act in 2018.
‘Know Your Customer’ Rules
Digital banking has more money laundering risk because of the opportunity for banking transactions to occur without ever having seen the person who owns or controls the account. Billions of dollars move through the international banking system in a day.
The real ownership of an account and the source of funds can be hidden from the bank. False identification documents and shell corporations are frequently used to open bank accounts for illicit transactions.
When banks fail to file suspicious activity reports and fail to take appropriate actions to stop money laundering, they are subject to severe prosecution and enormous fines This is why banks are spending billions of dollars to try to stay in compliance with anti-money-laundering regulations. Digital banking further complicates this issue.
Banks typically have many cross-border issues. Even if there are no branches in a country, the use of a bank card by a customer, to buy something or get cash from an ATM, can trigger local compliance issues. The biggest challenge is the massive amount of complex regulations that continually change. Thomas Reuters reports that there were more than 56,000 regulatory changes in 2017 related to banking.
Compliance with regulations is made more challenging with the innovations happening in digital banking. It makes it more difficult when regulations have not yet caught up with the technological advancements in mobile apps, trading systems, cryptocurrencies, advisory systems, and digital assets.
Many times, the technology runs ahead of the regulations, such as the use of encryption for the messaging system called WhatsApp that is now owned by Facebook. When laws come into being that regulates an innovation, it may be a long time after some service is already in use by millions and quite popular.
An example of these challenges is the recently passed Australian data encryption law. The law requires online companies that use encryption to have a “back-door” key to give the Australian government access.
This means if Facebook wants to be available to Australians, it must break its product WhatsApp to create a way for the Australian government to be able to read everyone’s encrypted messages. That destroys one of WhatsApp’s main features. This is extremely difficult for Facebook to do. It would cost a fortune and Facebook could lose millions of customers for WhatsApp in the rest of the world.
The new Australian regulations are severe for any company doing business in Australia. The definition of what it means to do business in Australia is very broad. Outsourcing work to companies that have some workers in Australia may be enough to trigger the need for compliance with Australian law. What will companies like Facebook do in response to this new Australian encryption law? That remains to be seen.
Open-Banking is a tremendous innovation. However, it is also creating significant risk, new challenges, and in some countries increased compliance issues where Open-Banking is a regulatory requirement. Open-Banking is a system for banks to give third parties access to customer data. It started in the UK and now it is becoming the standard in Australia, Canada, Hong Kong, Japan, Israel, Mexico New Zealand, and Singapore.
The challenge for Open-Banking is the reliance on third-party controls. However, Open-Banking is meant to create a more accurate and detailed master customer database across all banking and fintech systems to help prevent and detect fraud and to make it easier to recover losses.