A common theme when viewing failing financial crime compliance programmes which leads to regulatory fines, is the presence of poor Management Information (MI) and data controls.

Firms amass an enormous amount of data on a daily basis, across an increasingly diverse product portfolio. This diversification creates large numbers of business units, all with their associated internal functions, data repositories and specific financial crime risks.

This fragmentation can make it difficult for a firm to manage financial crime risk at a strategic level. An effective way to combat this is to maintain accurate, timely and consistent MI, allowing for different areas of that firm to be viewed through one lens.

How to identify and track risk

Client Life cycle Management (CLM) and Financial Crime programmes hold inherent risks in a number of different ways, which includes:

·       Events – tracking of events due to possible failure of controls.

·       People – individual and/or team performance and/or measuring communication of issues which require management’s attention.

·       Systems – tracking the efficiency of software and“downtime” of systems.

·       Processes – MI could identify possible bottlenecks in process flow.

By tracking these criteria against predefined targets and tolerance levels, a firm can better understand how a function is performing and can identify any areas which require attention or improvement.

The most commonly used measures in firms are:

• Key     Performance Indicators “KPI’s” – performance measurement against strategic     and business plans.
• Key     Risk Indicators “KRI’s” – measures against risk management targets.
• Key     Control Indicators “KCI’s” – measures the success of controls in place.

Each function would have their own set of tolerances and thresholds which it would be measured against. Therefore, giving consistency and allowing for the aggregation upward through management levels of the firm. It must be noted that if actuals are consistently too low or too high vs. the agreed tolerances and thresholds, then a review should be triggered. This review should result in defined remedial actions and/or adjustments of thresholds.

The importance of a consistent approach

When MI is designed for a specific function, it is important to not only consider how to track the function’s performance and risks, but to also consider how the function fits within the wider firm. MI design should have a consistent approach across functions, allowing for aggregation upward through the managerial lines without losing the intended message.

Being able to escalate issues effectively to senior management can often be a challenge due to a broad spectrum of issues that must be considered,and the more important issues can sometimes be overlooked. A well designed and consistent approach to MI, will help drive the message up the chain, and inform management of potential risks that require more focused attention.

Key considerations

Data quality for MI inputs has always been the most difficult fundamental to manage. A firm needs to have timely and robust controls in place to ensure that the MI, which is displayed, is a true representation of the situation/risks and reduce errors.

It is also imperative to document how the thresholds were set and why. This detail must be well understood and easily accessible should a ‘deep dive’ or root cause analysis be required due to a risk event or regulatory investigation. At this point, a firm must be able to show how thresholds were set and provide all assumptions and considerations that were part of the process.

Automation is another part of MI creation that should be at the forefront of designing an MI dashboard. Effective MI reporting avoids human error and allows for consistent and efficient re-creation.

Expert intervention

Lysis Group understands that a key objective of any effective financial crime prevention programme is to understand the risks critical to the regulator, and at what level these risks are against thresholds at any onetime. It is also important to consider how management information travels within a large firm, allowing for effective strategic decisions to be made by senior management. As a result, Lysis Group has the required expertise to design effective management information streams and thereby helping clients to manage risk in these areas.

‍