Discover more about our courses.
ICA is the trusted partner for you and your organisation.
Written by Holly Thomas-Wrightson on Monday May 23, 2022
With the growing demands of huge data sets, an everchanging regulatory landscape and constantly evolving typologies, the challenge of assessing, documenting and managing financial crime risk has never been greater. Technological solutions promise to transform business risk assessments. However, companies cannot simply implement a new tech solution and think that that’s the end of their risk worries.
So, what factors should you consider when incorporating new technologies into the risk assessment process?
Risk assessment technology should be treated as what it is: a tool, designed to support a well-established and effective risk assessment process, and to help professionals recognise and minimise the risks their company faces. Technology is not a cure-all fix to problems confronting the business, and it is not a ‘one and done’ solution.
To get the most out of any technology, it is important to first and foremost understand what it is, what it does, and how it does it. Ensure that all team members who are going to be using the software are properly trained in its use and are able to recognise issues if and when they arise. A company could spend a lot of time and money implementing a solution, only for its potential to be wasted if the people using it struggle to understand it and fall back on easier but less effective workarounds.
Part of this is understanding what the technology can and – importantly – cannot do. Every system will have its own strengths and limitations.
Moreover, the old adage ‘garbage in, garbage out’ holds true: the effectiveness of any system will depend on the quality of the data fed into it. It is essential to ensure that your data is accurate and up to date. Tyrone Griffiths, industry expert and ICA Tutor, explains that even with great tech solutions, if you are feeding them information from legacy software, there’s a chance that your time saving tech may still require the human touch to make sure it correctly pulls through the data that you need for checks to run smoothly. ‘Some systems don't talk to other systems, so you'd have to update maybe two or three systems, which requires human intervention. In doing so, there's a possibility you're going to miss one of those systems,’ he explains.
This can mean it may be an absolute necessity to take the time to review and change current ways of working, which may be time consuming in the short term, but will make your tech solution far more effective in the long term.
Finally, technology should be viewed as a complement to, rather than a substitute for, human expertise. Companies must pair tech solutions with active risk mitigation by their professionals.
It’s hard to overstate the role of horizon scanning in high quality risk management. Risk assessments are often viewed in hindsight: looking at what challenges affected the business area in the previous year and ensuring that those gaps are closed for the future. But Griffiths emphasises that businesses that become complacent – for example, assuming that the threat is low as long as they are only handling perceived low risk entities – can find themselves facing serious problems if they turn out to be wrong, such as was seen in the aftermath of the LIBOR scandal. ‘We can't always look retrospectively. We have to start thinking from a horizon scanning perspective, and start predicting potential risks,’ he adds.
Indeed, criminality does not stand still. COVID-19 led to an excellent case study in how quickly criminals will take advantage of a change in situation, and the need for businesses to respond just as fast, predicting what can go wrong before it does, rather than waiting for regulators to tell them what to do after the threat has already been recognised. As Griffiths puts it: ‘Businesses have to start thinking as though they were criminals, start really interrogating their systems and thinking, “OK, we offer this product… How could a potential criminal exploit that product?” It might not have happened already. But it's probably going to happen in the future.’
Technology can support businesses in meeting such challenges, but leveraging the best results from software solutions requires a considered approach.
For more information on the use of technology in risk assessments, see here:
ICA Enterprise Wide Risk Assessment Tool (int-comp.org)
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.