Webinar Recap: How to Get a 360-Degree View of Customer Risk
Hawk AI’s Craig Wood moderated a webinar on customer risk with Josh Blazer of SoFi, Chris Sidler of FS Vector, and Prakash Samaga of Forbright Bank. The discussion covered some of the biggest issues facing compliance teams amid growing regulatory pressure.
Banks face significant challenges in achieving the objectives of remaining compliant with AML regulations and truly understanding customers and the risks they pose.
Collecting information, leveraging available information, bridging data silos, adapting to changes in customer behavior, employing auditable customer risk ratings, overcoming the subjectivity inherent to models, and managing third-party risk are all significant hurdles for compliance teams.
Craig Wood, Hawk AI’s head of financial crimes solutions in the banking sector, moderated a webinar with three leading industry specialists to discuss some of these challenges and the tools banks can use to overcome them and proactively set themselves up for success.
With SoFi recently winning regulatory approval to become a national bank in the US, Craig kicked off the webinar by asking Josh Blazer, SoFi’s Chief BSA/AML Officer, about how an online-only institution can get to know its customers without the kinds of personal relationships that are still important in traditional banking.
“One of the things that we do to mitigate some of those challenges is try to understand what is expected of our respective customer, based on occupation, income, source of funds, potentially citizenship,” says Josh.
Collecting this contextual information, in addition to standard attributes, can help compliance professionals refine their models to get a truly holistic view of the customer, which they can then use to make more accurate decisions.
Rather than bombarding customers with questions during onboarding, Josh added that it can be prudent to wait for high-risk activity to trigger a review.
“If we see that activity, we can then ask, ‘OK, well now we see that you’re leveraging cash. How often do you intend to use it?’ That way, at least we have a baseline and we’re not just randomly asking a couple of million customers this question unnecessarily on the way in the door.”
Leveraging available information
Prakash Samaga, BSA/AML officer at Forbright Bank, acknowledged that these types of challenges are common even for commercial banking relationships, which are increasingly conducted through digital channels. To build a complete view of risk, Prakash stressed the importance of leveraging all the available information that banks have within the organization.
That can include everything from the jurisdictions a client is active in or the counterparties its transacting with, all the way to 314(b) requests or adverse news coverage.
“Do you have a system or process in place that is making use of this information?” he asked. “A lot of institutions struggle with collecting this information. Even though they have it, they just don’t have a system or a process in place that makes use of it all.”
These types of processes are critical for banks that want to advance beyond periodic reviews to a position where they can have confidence in the risk judgements they make about customers, said Chris Sidler, a partner at FS Vector. But it’s still a challenging area.
“If we're going to get away from reviewing this customer periodically, what can we say about our understanding of the portfolio and where this customer fits in that portfolio that gets us comfortable knowing that we can wait for an event to cause us to refresh?”
Bridging data silos
Breaking down silos is key to achieving that level of comfort. Systems integration is essential for data and work product sharing across the following verticals, allowing for both 360 and real-time risk assessment:
- Customer screening
- Transaction monitoring
Disparate systems and disparate departments can become siloed intentionally or just by practice.
“Over time, they don't communicate with one another, and you have a lot of work that's occurring in the FIU, in the EDD group, at onboarding, or even perhaps remediating customer list screening or transaction list screening alerts and counterparties. That is all valuable work, all in separate silos, that is not being shared across the board,” said Chris.
Overcoming subjectivity in models
Even when information is flowing seamlessly across silos, models are built by humans and have biases built into them. Can financial institutions control for these biases?
“The truth is there’s a significant subjective nature to it,” said Josh. “It’s really about marrying a significant number of attributes and bringing them all together for the most accurate model.”
Of course, there will inevitably be a binary attribute that makes somebody high-risk, but institutions can get too hung up on these distinctions.
“To some extent, that’s the model at work,” said Chris.
Managing third-party risk
As highlighted by community bank Blue Ridge’s recent censure by the OCC, regulators are starting to look more closely at banks’ relationships with third parties such as fintech companies. Craig pressed the webinar participants about the challenges of monitoring relationships with the fintechs.
“At the end of the day, the buck stops with the bank,” said Prakash.
“Banks need to make sure, if they are relying on the fintech partners, that the products and services they offer are in alignment with the bank’s risk tolerance and review this alignment on a regular basis.”
Josh agreed, worrying about banks that allow themselves to become too far removed from control and even wondered about selling “compliance in a box” to fintechs.
"That way, they can properly manage the risk correlated to their business and, at the same time, give the bank itself the comfort that it needs to provide its service and meet its regulatory requirements.”
While that may make sense, especially for fintechs that want to move quickly, Chris said that he advises fintech clients to build their own “compliance muscle” early on. It might be the bank’s accountability, but fintechs that have thought carefully about compliance as a startup will find it easier to grow and scale.
State of compliance
The webinar closed by polling attendees on their customer risk practices, getting a pulse on the current state of play. Here are the results:
What is your FI’s greatest customer risk challenge?
- CDD: 34%
- Transaction Monitoring: 25%
- KYC: 20%
- Screening: 13%
- Other: 8%
Are you seeing greater regulatory pressure to manage and enhance customer risk rating?
- Greater Pressure: 64%
- The Same Pressure: 36%
- Less Pressure: 0%
Are you currently doing event-driven reviews?
- Yes: 58%
- Planning to: 34%
- Not planning to: 8%