PYMNTS-MonitorEdge-May-2024

Compliance As Competitive Advantage

Compliace

As financial services fraud grows ever more sophisticated, tracking the bad guys must be top of mind across the organization and all levels and departments within the organization. Cheryl Gurz, program director of global payments products at CGI, told PYMNTS’ Karen Webster about the ways in which compliance efforts need a technology boost and can contribute to better information organization-wide.

Detecting financial crime activity is no longer a payments problem siloed by job title and sloughed off to payments professionals — it is an organizational effort. As more payments go digital, bad guys must be more closely scrutinized by all levels of any organization.

In an interview with PYMNTS’ Karen Webster, Cheryl Gurz, program director of global payments for CGI, said that to properly address financial crime, it must first be defined.

“When we think of financial crime, we see it as the full spectrum of bad players in the financial services system, which used to be identified across many different points throughout the customer’s experience,” Gurz said.

The crimes themselves can range from identity theft to falsification of corporation ownership to even simply doing business with criminals on a watch list. In short, the definition ties in with “some type of crime relating to trust.”

The roster of players here can extend across the organization from both insiders and external culprits, she continued. The tricks of the trade may have been limited to cash once upon a time, but now there is an ecosystem in place that allows things to happen beyond the realms of physical currency and transactions. This was made possible, of course, by a movement to embrace digital payments.

Yet this movement, Gurz said, takes place over disparate payments networks — each with its own highways in and out.

In the past, she continued, some channels received more scrutiny when it came to bad player identification than others. An example is that cross-border wires were among those payment conduits most closely examined due to higher risk. Savvy fraudsters then found a way to siphon funds from international ACHs as an alternative to the wire networks, Gurz said. Efforts to combat fraud must therefore involve to an enterprise-wide discussion, not solely limited to payments professionals and panels.

Bringing such dialogue to the enterprise level is not without its own complexities, however. Different executives and professionals within banks have different responsibilities amid payments flow and may not necessarily interact on a regular basis.

“Payments technology is bringing these far-flung methods together in the spirit of modernization,” Gurz said.

This leads, for example, to the processing of payments across one hub and catching activity in one database and applying uniform business rules.

“But technology only solves one side,” said Gurz, who went on to say that there is also a human component at work. Compliance is also becoming an enterprise-wide endeavor, and compliance officers must adopt a global mindset.

Against a backdrop where there are no global business rules governing financial services crime, Gurz said that reference data can give rise to hierarchies that allow business rules to be set in accordance with regional laws, regulations, bank risk appetites and unique payment workflows.

“You want the overall workflow to remain the same,” she told PYMNTS. “But if you are doing a review of customers in Thailand and you are doing a review of customers in the U.S., where the rules are a little more stringent, you’d want to use the same technology, and you have to have a technology that is flexible enough to allow the rules to be defined at that hierarchy of region or state or business unit.”

Artificial intelligence does have a role to play, agreed Webster and Gurz, but models are only as good as the model maker’s design. Gurz noted that machine learning has been in place in CGI’s products for some time and that there have to be checks and balances in determining that the data and rules being fed to the machine in the first place are not erroneous. CGI looks to their sandbox capabilities for these real-time validations.

When asked as to what the three things that are most urgently in need of attention when it comes to compliance and fraud, Gurz said that “one is balancing efficiencies versus risk. Another is how to manage and control false-positives. And yet another is keeping up with how some of the bad players are structuring their data to work around the current logic [in systems].”

She said the best way to address these concerns is to view successful anti-money laundering technology and risk control as forms of competitive advantage.

PYMNTS-MonitorEdge-May-2024