In a candid conversation between Krishan Grover, Chairman of leading technology services provider, Grover and Rivi Varghese, Founder CEO of category leading real-time banking financial crime management technology solutions, Clari5 interpret what the new regulation means for the Philippine banking sector and the way forward.
Financial institutions (FIs) regulated by the Bangko Sentral ng Pilipinas (BSP) are now required to have an automated and real-time fraud monitoring and detection system to address the growing incidents of frauds. BSP recently issued circular number 1140 as an amendment to the IT Risk Management Framework.
BSP wants the FIs’ automated fraud monitoring systems, as well as their AML system, to be integrated so as to have a cohesive and comprehensive financial crime prevention system. The circular is expected to lessen losses from fraud and cybercrimes, and boost the central bank’s bid to further increase digital financial transactions in the country.
Grover – The Philippines is experiencing massive transaction volumes. From over 21 mn transactions amounting to PHP 1.3 trillion in 2021, the volume and value of PESONet transactions reached over 26 mn to PHP 2 trillion, respectively, to date and InstaPay volume as of end-April this year grew by 32.7% to 166 mn from 125 mn transactions in the 1st 4 months last year. While this is encouraging, isn’t there a need for banks to simultaneously further fortify their anti-fraud defenses? What are your views?
Varghese – Absolutely. While the shift to digital is quite encouraging, the surge in transaction volumes also warrants a key question – are banks doing enough to secure the transactions? For instance, credit card fraud in Philippines went up by 21% even as online transactions are growing exponentially. While the BSP continues to ensure that systemically important payment systems follow standards that are at par with global practices to ensure safety and reliability, the onus lies on each and every bank to implement the regulatory mandate in letter and in spirit.
Grover – True. In fact the BSP has asked for a holistic and coordinated approach among industry players to ensure that funds cannot be easily siphoned off by fraudsters and cybercriminals. In line with this, the BSP will continue to engage with relevant stakeholders to ensure that policy frameworks and supervisory actions are effective and responsive amid a fast-evolving cyber security environment. Meanwhile, there’s a lot of talk globally as well about combining fraud management and anti-money laundering efforts for combating financial crime in a unified, holistic fashion. In fact, this is one of the central point in BSP’s circular 1140. How doable is this?
Varghese – Historically, fraud and money laundering have always been treated as 2 separate problems. Given the rise in digital payments and the simultaneous rise in real-time fraud, banks can no longer afford to keep it that way. Which is why there’s this new concept called FRAML or Fraud + Money Laundering. The drive to combine forces is also triggered by the real world of financial crime, because criminals operate across these two areas.
When they commit fraud, they need to launder the proceeds of it, and both crimes are often committed within the same banking system.
So, what FRAML does is converge the separate worlds of the bank’s fraud and the financial crime compliance teams. While the primary goal for the fraud department is to reduce loss, for the compliance team it’s staying on the right side of the regulators, but they have common goals including:
- Reducing the impact of financial crime on customers
- Protecting the reputation of the bank
- Improving efficiency and driving down cost
- Operating in accordance with relevant regulations
Grover – Interesting. So how can banks expect to benefit from a real-time FRAML?
Varghese – Real-time FRAML converges real-time enterprise fraud management and real-time AML management into a force multiplier. There are three key points here:
- Fraud detection analytics can be applied to AML. Until now, solutions for managing fraud and money-laundering have been on different tracks. Driven by infamous cases and high fines, bank personnel tasked with fighting money laundering, want the functionality available to the fraud department.
- Growing demand for real-time detection of money-laundering behavior, because the sooner suspicious behavior can be identified, the sooner corrective action can be taken. Similarly, the compliance team can benefit from the AI and Machine Learning technologies that have been available to the fraud department.
- Economies of scale reduce costs. When both departments share solutions and resources, overall costs can be reduced. In addition, the fraud department will use skills they could bring to the compliance department, and vice versa, giving banks more flexibility in how they deploy personnel.
Grover – You have implemented financial crime solutions in over 60 banks worldwide – most of them leading banks. What have been some of the challenges? What would be some pertinent observations?
Varghese – Channel-based, siloed fraud management systems have been around for over 30 years now and most banks are grappling with a large number of such systems. This is the one reason why banks wanted to move to a cross-channel, real-time enterprise fraud management system. However, a majority of banks are not able to go live with a ‘true’ EFRM system (even after years of implementation), while some banks emerge victorious. We analysed the situation and discovered four primary reasons for these pitfalls –
- Any EFRM implementation must have a real-time data intelligence interface with Core Banking from day one. Without this EFRM implementation just becomes yet another siloed install.
- 90% of EFRM implementations fail because of interfacing, especially when one tries to get into the complex interfaces with core systems, beyond the easier structured channel-based interfaces. The root cause of these failures is because of vendors conveniently pushing interfacing requirements to bank’s IT team.
- Banks fail to include the cost of sizing and ignore looking at the cost of say what is the overall TCO increase if my requirement increases by 100%. Also, many a times the bank lands up spending 400% in TCO for a 100% growth in requirement.
- TCO sensitivity is vital. TCO should include cost of license, AMC, cost of infra, cost of DB, cost of application server, cost of making changes, cost of upgrades, cost of customization over a 5-year period. Many a times we notice that a bank pays 500% – 1000% of the original license fees as costs.
Grover – So, a mindset pivot at the bank leadership level, coupled with a unified, real-time approach to combating fraud and money laundering seems to be the ideal way forward. Thanks Rivi for taking time out to share these insights. I am positive that Philippine banks will use this opportunity to start viewing fraud and AML in a holistic fashion and consider proven ways to implement a unified framework to manage financial crime as we race towards becoming a 100% digital transaction ecosystem.