Financial Institutions (FIs) like banks and Non-Bank Financial Institutions (NBFIs) are always under constant pressure to meet the compliance requirements set by regulatory bodies. The regulations are put in place to ensure information security and increase cybersecurity. The main framework regulating banks is the Anti-Money Laundering (AML) and the Bank Secrecy Act (BSA). These two frameworks seek to reduce money laundering and fraud while increasing information security. The other policy that FIs and NBFIs should adhere to is the Know Your Customer (KYC) policy. KYC require that FIs and NBFIs to collect the names, social security numbers, address, date of birth and contacts of their clients at the point of registration.
With the rise trading internationally as well as the global economy, this has resulted in an increase in financial crimes. Comprising over 39 countries, FATF has a ministerial mandate to establish international standards for combating these financial crimes.
Financial Risk Management
Financial risks are potential threats that affect the company like frauds or hacking. Â Financial risk management is the process of assessing the potential threats from customers, credit extended, information security, cybersecurity, and fraud. The risks identified are then analyzed and control measures are put in place. FIs and NBFIs have sensitive information about their customers which they are expected to store in a secure location.
Other than information security, FIs and NBFIs face credit risks, cyber risks and vendor risks. Cyber risks are getting priority over credit risks nowadays. However, credit risks should be monitored constantly to avoid incurring losses. Cyber and information risks can be managed as part of the company’s asset-liability management.
 Risks Mitigation Strategies Financial Institutions
- Know Your Customer
KYC is a policy that is used to mitigate the risk of fraud and information security risk. The information collected during the KYC process can give FIs and NBFIs an in-depth understanding of the customers. KYC policies can detent customers falsifying information to open accounts or get some financial services. KYC requires that businesses provide their articles of incorporation and their tax identification number.
- Record KeepingÂ
Records are kept for future reference, monitoring and evaluating purposes and for compliance purposes. Â All transactions done in FIs should have a physical record showing the same that is a receipt. The records for an online transaction can involve a third party. FIs and NBFIs should assess the risks that are associated with the third-party vendors like VISA and Master cards.
- Bank Secrecy Act (BSA) and Office of Foreign Assets Control (OFAC)
FIs and NBFIs are responsible for the security of their customers from criminal activities. The BSA demands suspicious activity report and cash transaction reports should be generated by FIs. These reports are useful in monitoring activities in the institutions. These reports have sensitive information and they should not be disclosed to the board of directors.
How ERM Overlaps FI Compliance
FIs and NBFIs face immense compliance risks in comparison to other industries. ERM endeavors to view the risks of an organization as a whole. FIs and NBFIs face more risks since their services involve third-party vendors who handle sensitive details. Financial institutions have adopted online account opening and card payments. These require an end to end security encryption to keep the information confidential.
FIs and NBFIs normally outsource collection agents for defaulted loans. They are also part of the third-party vendors that the institutions should analyze the risks they pose. Â Meeting the compliance regulatory requirements is a struggle with the various facets of financial institutions without the help of risk management software.
Monitoring Vendors in FIs and NBFIs
Business partners are valuable assets to an organization since they provide products and services that the organizations lack the know-how. They are commonly third-party vendors. They can be a source of security risks because of the data they handle on behalf of the organization. Vendor management could be done using a spreadsheet in earlier days. Currently, FIs and NBFIs cannot effectively manage vendor risks on a spreadsheet. They need software that closely monitors vendor activities and sends a notification in case there are suspicious activities.
How Blockchain Technology Can Be Useful to FIS and NBFIS
Blockchain technology has evolved and is becoming a secure way of storing information. Data is protected by a cryptographic key that can only be accessed with the right access key. The basic of this technology is each transaction done by any party forms a ‘block’. A block accepts information being added forming a chain of data. Blockchain allows the financial institution to record and retain detailed information anonymously to protect customers.
Technology is being used daily for financial services. This puts FIs and NBFIs at higher risks and they have to evaluate their internal controls in light of online financial services. Traditional internal controls are no longer efficient to monitor customer transaction and information security. Â Advancement in technology requires the financial institution to put more internal controls in place to regulate the flow of sensitive information.
Author Bio
Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT. Learn more at ReciprocityLabs.com.
