In a few months I will be back in securities services after spending 18 months away. Delighted to be ‘home’. In anticipation, I did some pulse tests with our global colleagues and our regulators. This paper, the first of a series, captured the temperature on due diligence. The questions are simply:
- What’s going down?
- What’s staying constant?
- What’s going up?
In other words, what are the benchmarks and where are they taking us.
Going down
Inadequate industry and group assessments: so far as it simply demonstrates the tick the box mentality, these are old news or at least should be. It was never the best solution, but it allowed cost cutting and was placed under the banner of efficiency. It used to have a place when we were all learning. Not anymore.
Anything in bulk: an extension of the above, but expanding to include desktop reviews not addressing specifics, surveys not asking the right questions and the results stored without any interrogation. The last of the sleepy and reactive. Goodbye comfort in numbers.
FinTech for the sake of it. You had the budget, you wanted to keep up with the herd so you actioned the spend, without knowing or addressing the problem. Technology has an incredible place. It has to work for you, not as a window display or elaborate accessory. More brain less brawn required.
Staying constant
Audit and access. Here to stay and morphing at constant speed. It started, it hasn’t stopped and it’s needed.
Challenging your comfort level to identify and plan for the unknown: Be it Brexit, COVID-19, the junk we’ve put in space having to return, we have to continue to re-think risk. An upshot of COVID, perhaps, was to make this even more real and to highlight that most had not adequately considered the requirements, a fact the regulators are very aware of. Food for thought, there are between 540,000 to 850,000 unknown viruses in nature worse than COVID.
AML and KYC: Crypto and the black trading venues are not going away, in fact they appear to be growing. It’s basic – understand who you are dealing with (and who they are dealing with). Perhaps re-distribute your capital to prioritise this yet again.
Regulation: You need the team, but (!) have the right team for tomorrow and give them the skills and tools today to really do their job. It is critical. The alternative – and you know the story – means those pending fines in the pipeline with all the ‘bells and whistles’ that go with them (the expensive remediation plan, Board escalation and years of the ‘assess, control, test and repeat’ regime). Regulation is manageable with the right people and some good regulation technology. Estimated spend on reg tech? KPMG and Capgemini peg it at $1.9 Billion in 2020 stretching north rapidly to $76.3 Billion in 2022. The smart firms are also using their regulation teams to develop their new products. Nice.
Transparency and notification: Effective escalation features in most internal procedures, but is still not as efficient as it needs to be. Fundamentally, it’s too late when you receive the client email or call. Effective due diligence can assist this also such that you’ll know before your clients do and you’ll have the correct answer/a resolution ready.
Doing the work: Some matters can’t be delegated, one being the assessment of what risk is on your business and what your due diligence should cover. Only you really know your business and its infrastructure. Give the task to a third party and something (critical) will be missed. No short cuts left it seems.
Going up
Granular: Being even more detailed and evidencing your methods, learnings, assessment back to key risk metrics in a crisp, razor sharp manner is the next wave. Problem is that we think we are doing this now. Ask yourself how well you interrogate your data every week and how that fits into your due diligence assessment. We may ask granular questions, but we don’t test the answers at the same level, nor apply the findings and we are happy to let the data stay static for too long. Simply, get granular and proactive.
Know your supply chain: With the increase of e-money regulated payment platforms being inserted and technology being provided by FinTech in the supply chain we need to rethink due diligence. Does your due diligence really cover all the JVs, partnerships and supplier suppliers? The level of responsibility is on the up. The due diligence has to match this.
Spider sense: Irreplaceable and not easily teachable. Going up in buckets is the spider sense. We tried to replace it by technology but that mostly failed and its needed more than ever. We need EQ and IQ and it’s a balancing act as both have a place. The pandemic we are in was forecasted over five years ago and not by a machine.
Data and its security: I know. Who isn’t talking about this but with the next large breach looming think about what right now you can demonstrate by way of mitigation of that possibility in your space and in your supply chain. Cliché, but you are only as strong as your weakest link. Consider also if you really do have the consent of your customers. Recent case law would hedge that you probably don’t.
Specialised BCP: The pressure to enable your clients to view and participate in your BCP should be the test of your BCP. Most run from this, but this is looking like the new norm.
Tech: ChatBox is, it seems, already old news with complaints that a continued focus on solving only the front end only drains the back end.
Legacy Platform ‘fix its’: Smart consolidation or separate consolidation of legacy platforms is costly and time consuming. The better option is the revised technology solution – that ‘seamless’ platform held together by string and tape is now very noticeable. The time has arrived to take the leap to implement actual financial technology.