Waves of regulatory change have been engulfing the financial services sector since the 2008 crisis. With businesses struggling to stay afloat in this sea of regulation, it’s no surprise that ‘regtech’ is the latest buzzword on the financial services block.
Increasingly complex regulations have put more pressure on firms to remain compliant with operational costs increasing as a direct result. Firms are naturally looking to operate more efficiently, and the integration of artificial intelligence (AI) processes such as machine learning and stress-testing means that many repetitive and time-consuming tasks can now be automated.
However, the idea that ‘regtech’ is the complete solution is dangerous. No matter how much automation you throw at being compliant, there’s no silver bullet.
In fact, the single biggest risk facing any firm still exists – the failure to invest in staff.
Terms such as artificial intelligence (AI), cognitive computing and machine learning may sound impressive, but the reality is that these technologies are still in the early stages of development and will take time to integrate into everyday processes. What happens if, say, tomorrow, something unexpected occurs during a processing cycle? Can we rely on a computer to adapt to the situation, alter its own programming and learn from it so it doesn’t happen again?
And what happens when ‘computer says no’? Under GDPR, a data subject has the right to have a decision made automatically overturned and reviewed by a human. This means that automated decision-making can – if it doesn’t go in the customer’s favour – result in even more work than it would have if it was carried out by a person in the first place.
This is not to say that technology can’t help businesses to be more compliant. But, ultimately, the final line of defence lies with people making human judgements. So, why is it that many firms still practice a laissez-faire attitude towards investing in their employees?
Firms that fail to make an adequate investment in their staff run risks in training, messaging, culture and output.
The true price of failing to provide employee training goes far beyond what it actually costs to train them. The problem is that many firms see training as an expense rather than an investment. This needs to change. Untrained staff will, inevitably, lack the knowledge and skills to execute their role effectively, impacting client relationships, business growth and, ultimately, revenue.
Failing to meet the needs of your staff sends a brand message of negligence and disregard for employee welfare. Unsurprisingly, there is a strong correlation between job satisfaction and the success of a business. Failing to invest in training can cause staff to feel undervalued, become frustrated, make more mistakes and fail to meet expected requirements, let alone exceed them.
A common mistake is the belief that regulatory compliance is a job solely for compliance or operational risk management. We’re all familiar with the ‘it’s not my job to...’ brigade. But this is not to say they aren’t hard working. Rather, it’s a failure to implement a firm-wide risk culture that needs to come from the top down – that risk and compliance is everyone’s responsibility.
Ultimately, failing to invest in the right training, messaging and culture makes a firm more susceptible to a number of risks:
1. Internal fraud
A lack of staff investment can lead to employees feeling disgruntled and, in turn, abusing their position. Remember, the neglected employee can also be an opportunistic one, and is more likely to take advantage of any identified weaknesses if the risk is low and personal gain is high.
2. External fraud
If staff aren’t trained properly, they are less likely to be able to identify a breach of controls. Even if they do have the right knowledge and skillset, if they feel undervalued, they will be less inclined to do so.
3. Collusive fraud
Undervalued and ill-trained staff will be more susceptible to the influence of professional criminals outside of the organisation.
Failure to train staff to spot these risks means that, sometimes, they won’t necessarily spot the warning signs that they are being bribed or groomed by other employees or external influences.
5. Money laundering
Fraud and bribery are often the stepping stones to implicit activity in money laundering. As such, when the risk of these offences increases, so does the likelihood of employees becoming involved in money laundering schemes.
Staff always have been, and always will be, a firm’s strongest or weakest link. The question is, how much longer can firms continue to be comfortable with risks such as these going unchecked?
There’s no denying that the latest developments in technology can help firms meet the demands of increasingly complex regulations in financial services.
However, no matter how much businesses invest in the latest regtech, if firms fail to invest in their staff, they are likely to fall short of compliance. This is why the AI versus humans debate is moot – it is not a question of either/or, but of choice versus necessity.
Martin Schofield is a financial crime director at RFS