One major area of focus that we see in both the US and internationally is an emphasis on cybersecurity. Insufficient cyber controls can take down a financial institution very easily.

For instance, we have seen regulators from the New York Department of Financial Services (DFS) issuing regulations causing financial institutions to exercise enhanced controls and lockdown on their programs and vendors.

There is sometimes a conflict between successful compliance and innovation. Many of the [regtech firms] moving forward with artificial intelligence (AI) and dealing with compliance programs may not have the longest track record. They may be using the cloud or other technologies that are uncomfortable for FIs.

FIs are really grappling with how they embrace innovation, while continuing to meet the requirements to [identify and report on financial crimes] and the standardized requirements that are in place, [such as the technical requirements of the four-pronged AML compliance program]. There is a bit of a tension there.

We see that tension particularly with larger FIs, where the financial crime groups may want to pilot an innovative technology in a sandbox, but the information technology (IT) division is not as comfortable with doing that.

IT is concerned with the risk that the innovative technology has not been established for a long time or has a different kind of secondary framework and controls. There can also be parochial desires by IT to control and develop in-house solutions, rather than looking to use innovative, but unproven, vendor technologies.

Certainly, that remains a big challenge. A lot of FIs are contending with how to bring IT and cyber controls into the compliance space more effectively. We have seen many different models to do that, but I don’t think any institution has found the perfect model yet.

Why? That answer depends on the culture of the institution. There can also be big differences in terms of a talent gap of compliance professionals who are comfortable with data and IT. If you are not comfortable with data, including data management and data governance, you will be falling behind.

Tomorrow’s compliance is embedded with IT systems. If you don’t understand it, you can’t update the business rules and apply the right technology to your problems.

The December 2018 joint statement of innovation is encouraging institutions to think about how to be more innovative, not just on the systems front, but on the human front as well. A bank championing innovation is also one of the most critical ways to hire employees with the unicorn skill set that bridges both areas.

Having a statement from the examiners is very important because FIs are very risk adverse. Just look at the de-risking movement. But even if there is a pattern with regulators using 20/20 hindsight, getting FIs to be innovative is tough.

The perspective of the banks tends to be using what they are familiar with, even if it doesn’t catch everything, because the institution will not be further penalized for unknown liabilities on untested innovative technologies.

FIs are worried about being penalized for taking risk-based chances. Innovation is a very important thing to do, but the culture of some FIs is not always to innovate.

Despite these challenges we are seeing banks start to bring in individuals who are innovative. And how do they do that? By breaking down separate compliance and IT divisions and requiring them to work together in new ways.

That is important. A lot of compliance professionals have been at banks a long time and have seen banks get a penalty even while seemingly doing the right thing.

They may not want to make changes because they believe that the risk of a large compliance fine or penalty when using standard industry software is pretty low compared to the risk when trying new technology or approaches.  

So overall when it comes to banks broadly innovating, I am not sure we are there yet. It also does add costs to institutions to innovate and keep things going to make sure there is no unknown vulnerability. But there is a large upside.

It’s also very important for examiners to embrace some of these innovations. Confirmation that examiners are open to new ideas and new ways of meeting traditional compliance objectives is a key piece in a bank’s willingness to consider innovation.

For examiners, the proof of whether banks are innovating the right way will be in the results. Once we see that the examiners are applying the risk-based approach rather than simply unrealistic compliance expectations, that will allow banks to push back.

But with the current regulatory system it’s hard for FIs to trust that innovation will be credited by examiners. This hesitation was borne of years of regulators dinging banks on minor program issues, rather than overlooking those small stumbles and giving credit for overall effectiveness.

In addition, exam consistency is also difficult because banks have a myriad of examiners with different areas of regulatory focus.

Even if one group of examiners is fostering innovation, another group could be dealing with it differently. Banks must find a common denominator to see if their plans and their approaches are working [across multiple examiners and exam cycles].

It will be a while until institutions can trust that that is going to happen. But I am hopeful that examiners will more consistently focus not on form, but on substance. At the end of the day, if you are allowing criminals and cyber threats to get into your institution, no one wins. Focusing on what matters is really important, regardless of how your program looks or what tools you’re using.

Looking ahead, the increasing volume of [financial crime compliance innovation] can help address some of the problems banks are getting penalized for today. For instance, embracing a blockchain can reduce non-transparent payments and minimize opportunities for financial crime.

There will still be penalties for banks that make missteps, but regulators are also going to have to recognize and adjust those fines on a more risk-based approach and taking into account the good faith activities to improve compliance by those institutions.

When penalties start to be adjusted downward because banks are making a good faith effort to improve and test new technologies, other institutions will think hard about that. Making changes and investing in new technology is very difficult for them, so I think that FIs need continued encouragement and regulatory support.

We certainly are seeing FIs partnering with fintechs because they are struggling with the effectiveness of the old methods to detect and prevent financial crime given the changing society.

It’s very important that institutions think about the mindset of regulators when it comes to the next step of how [banks, regtech and crypto-related firms] can better prevent financial crime.

But I still see a great deal of skepticism from legacy financial institutions in, for instance, partnering with a crypto exchange, which is slightly ironic, because in some cases, the methods and practices are stronger than what you see in traditional institutions, given the transparency of the blockchain.

As the Chief Executive Officer of Guidepost Solutions, Julie focuses on helping corporations resolve problems with government agencies, ensuring they are proactively addressing compliance requirements.

Prior to joining the private sector, she held leadership positions with the U.S. Departments of Homeland Security, Commerce, Treasury and Justice.

This included serving as the Head of Immigration and Customs Enforcement, Homeland Security’s largest investigative component, as well as the Assistant Secretary for Export Enforcement and the Chief of Staff for the Criminal Division at the Department of Justice.

Throughout her government and private sector career, she has helped develop, implement and execute compliance programs and crisis management plans and responses across a wide range of industries for numerous companies.

Julie is nationally recognized as a speaker for her expertise on compliance, security, immigration and other law enforcement issues and has testified before Congress.

Want to start a dialogue with Julie? Feel free to connect with her on LinkedIn and follow her on twitter @guidepostglobal, @myerswood