2024 is proving another standout year for the regulatory space, finding itself under the spotlight, for better and worse reasons. This month, The Fintech Times will look at some of the biggest issues regarding compliance and financial rules, as well as the solutions hoping to ease the compliance journey for firms and make the fintech world fairer and safer.
Whenever we discuss fraud prevention strategies or solutions, it is always clear that while new technologies could potentially help protect firms from attacks, the very same tech is being leveraged by cybercriminals to achieve the opposite result.
With this in mind, remaining agile enough to see off emerging threats can seem like an impossible task. However, risk orchestration is a process promising to help fintechs and financial institutions combine their customer onboarding, authentication and risk management processes into one place.
“Risk orchestration lowers risk and boosts resilience of financial institutions by facilitating quick threat detection and response,” Kelvin Lim, senior director at the Synopsys Software Integrity Group. “This is done through the integration of risk management, adaptive risk mitigation, process automation, and real-time analysis. Risk orchestration provides a strategic approach that enables seamless compliance and fraud management for financial institutions. It helps improve the agility of financial institutions against emerging threats.”
So is risk orchestration all it’s cracked up to be? How important could its role be in enhancing a financial institution’s agility against emerging threats, while helping them remain compliant? To find out, we spoke to industry experts.
Automation supports compliance
Sarah A. Lynn, partner at BPM, an assurance, advisory, tax and wealth management company, explains the benefits that automation can offer firms: “Risk orchestration is designed to enhance fraud detection and reduce risk to the entity that implements it.
“Automation and workflows make work faster and more efficient, reduce errors, and remove subjectivity. In addition, laws and regulations can generally be programmed into the orchestration workflows, so that these are not overlooked (unintentionally or intentionally), ensuring the firm stays in compliance with laws, like the Fair Lending Act and others.”
By enabling constant monitoring of threats, firms can ensure their response time is fast enough to mitigate risks, explains Javvad Malik, lead security awareness advocate at KnowBe4, a security awareness training provider.
“One of the key benefits of risk orchestration is that it enables organisations to be more proactive in their approach to risk management. By continuously monitoring for emerging threats and vulnerabilities, organisations can take swift action to mitigate risks before they escalate into a full-blown crisis.
“This is particularly important in the context of cyber threats, where the speed of response can make all the difference.
“Risk orchestration also helps to improve collaboration and communication between different teams and departments. By providing a common platform and language for discussing risk, it breaks down silos and enables teams to work together more effectively.”
‘A beacon of hope’
“A risk orchestration platform offers a beacon of hope, enhancing financial institutions’ agility,” says Brenda Banks, VP of BaaS and BSA at DataVisor. “By integrating and coordinating various risk management strategies, institutions can respond more swiftly to emerging threats.
“This holistic approach ensures a more resilient framework, enabling firms to adapt to new risks and regulatory changes flexibly and efficiently.
“It also provides a central location for regulators to view operations and structure, enhancing transparency and trust in the industry.”
Real-time risk management
Karan Kapoor, global head of regulatory and risk consulting at Delta Capita, a global financial services provider of managed services, also added: “Risk orchestration is essential for synchronising disparate compliance processes, enhancing agility in the face of emerging threats. By integrating risk assessments, controls, and regulatory obligations in real-time, and within a unified framework, institutions can proactively identify and mitigate risks associated with new regulations, such as operational resilience requirements.
“Automated workflows facilitate real-time risk management, ensuring a coordinated response to evolving threats. This approach not only improves compliance efficiency but also strengthens the institution’s ability to adapt swiftly in a dynamic regulatory landscape.
“Ultimately, effective orchestration enables better decision-making drawn from a holistic view of risks, and more effective regulatory compliance in a complex and dynamic environment.”
‘Fostering a culture of awareness and collaboration’
However, as Emem Etim, global head of compliance at Verto, explains: “Risk orchestration must extend beyond the compliance function and be a company-wide initiative.
“To respond timely and effectively to emerging threats, every team and role within the organisation should be adequately empowered to identify potential risks within their respective areas. Effective orchestration is key to ensuring these risks are communicated across departments, enabling agile and appropriate responses.
“By fostering a culture of awareness and collaboration, companies can better anticipate and mitigate risks, maintaining resilience in an ever-changing landscape.”
Encompassing the ‘full spectrum’ of financial crime risk
Steve Marshall, director of advisory services at FinScan, an anti-money laundering (AML) sanctions and PEP compliance solutions provider, appears to echo this: “Risk orchestration should not be limited to AML and fraud but encompass the full spectrum of financial crime risk.
“Over the past decade, there has been a significant evolution in how companies approach risk management. Previously, the AML focus was primarily on conducting due diligence during the onboarding of new customers and periodically throughout the customer lifecycle. For fraud, the focus was historically on customer identity. However, the modern landscape demands a more holistic approach, requiring companies to evaluate their entire network of customer and counterparty relationships and the associated financial crime risk.
“This necessitates a complementary risk identification and mitigation effort involving AML and fraud. However, combining the organisations may not lead to the intended benefits. Rather, looking at the potential overlap of risk and risk mitigation may be the appropriate focus.
“Fintechs must vigilantly identify and monitor financial crime risks to identify potential sanctions violations and suspicious activity. Failure to do so can lead to significant financial penalties. Beyond financial repercussions, inadequate risk management can lead to severe reputational damage, emphasising the importance of a robust and forward-looking financial crimes analysis and risk assessment process.”
Addressing a 64% increase in fraud attacks
“Risk orchestration in KYC and AML practices has emerged in recent years as the most efficient way for financial institutions to tackle emerging threats,” adds Ben Lachenal, enterprise account manager at Customer Lifecycle Intelligence (CLI) platform FullCircl.
“In the UK alone there were over 1,600 recorded AML events last year, that’s almost 2.5 events per 100,000 people. Financial institutions have reported a 64 per cent increase in fraud attacks but it’s not just the scale of the threat, it’s the fact that it’s becoming more sophisticated, with an increasing number of ways the threat can find its way in. Take identity fraud for example, which is quickly becoming one of the fastest-growing financial crimes globally, thanks to the rise of generative AI criminals can continually sharpen their social engineering tactics, deep fake and data harvesting techniques.
“Risk orchestration enables financial institutions to manage their processes more tightly, taking consideration of regulatory variance and cultural differences across jurisdictions. Single-platform solutions delivering an accurate real-time view of all activity in one place and a range of advanced KYC and AML tools working harmoniously together to detect and prevent fraud and money laundering are serving to reduce risks, enhance compliance, and improve customer experiences.”
An interconnected approach to risk is ‘imperative’
Finally, Gaurav Kapoor, co-CEO and co-founder of MetricStream, a governance, risk management, and compliance solutions provider, concludes: “In today’s interconnected world, an equally interconnected approach to risk – like risk orchestration – is imperative to building resilience and agility.
“Financial institutions that are thriving in today’s volatile environment are using integrated risk and GRC platforms that bring all risk and resilience functions under one holistic view that routinely gets updated as internal and external conditions change.
“It’s the opposite of looking at risk in siloes – and it drives resilience and agility. In an integrated or orchestrated approach, all your regulations and regulatory changes will be organised in one location with instant updates, and cyber risks will be streamlined to create visibility into your entire network of third parties. You’ll also gain instant access to how market volatility, including macro and micro economic conditions, affect your business, and can make preventative and predictive decisions quickly.
“Banks that look at risk strategically and holistically have as a competitive advantage – risk as a business driver, not a reactive cost centre.”