Compliance-tech vendor LexisNexis has commissioned a study that says financial institutions in Asia Pacific spent $45 billion last year on financial crime compliance.
Most firms said their annual compliance costs rose by 11 percent to 20 percent in 2023, but about one-fifth of firms say their costs rose by more than 20 percent.
Twenty percent in one year!
The report didn’t say if banks are getting bang for their bucks, but previous conversations with compliance chiefs suggest the answer is no, with a meagre portion of laundered money identified and captured. So what’s this $45 billion going to?
Labor
The biggest spend in Asia is people. The survey finds 41 percent of financial compliance costs are on labor.
That figure can be interpreted a little differently than just saying labor costs are driving costs. The other 59 percent went to technology, infrastructure, and outsourcing (including cloud computing and data centers). Broken down, tech is the second-largest item (32 percent).
This money reflects a surge in financial crime and money laundering. Post-Covid boosts in use of digital payments and crypto, along with AI technologies, are shifting crime patterns to cyber, and that means banks are bigger targets – and their digital rails are carriers of criminal money.
Fine. Digital crime’s up, banks’ spend is up. But if banks are pouring 10 percent or more increases into compliance, surely they’re winning the compliance battle? Isn’t whiz-bang AI, data lakes, cloud efficiencies, and distributed-ledger technology supposed to address all these problems? Aren’t banks on advanced digital-transformation journeys?
Legacy drag
Shouldn’t the fintech revolution be making banks better and more efficient at financial crime compliance? Where’s all that $45 billion getting?
The report didn’t address this, but Ramanathan Sivabalan, LexisNexis’s regional managing director in Singapore, says the answer is: not much.
For all the talk of digital transformation, banks aren’t that good at it, he says. Sivabalan has spent a career as a chief compliance officer at institutions such as MUFG and Société Générale.
Without referencing his former employers, he says banks in general can’t bridge their legacy systems and infrastructure. They’ve built pools of data but still aren’t good at sharing it internally. Bank systems are organic beasts, with every new market or product requiring a tech-related solution, and this way of doing business hasn’t changed. “The banks all have amazing technology but they’re still making do with Excel,” Sivabalan said.
There are other factors at play. He says banks, to save costs, rely on outside contractors to set up systems or investigate problems. The revolving door costs banks in the currency of institutional knowledge. And if a bank outsources too much of its tech building, it loses the capacity to understand new technologies.
It then falls to compliance officers to try to connect the dots within an organization. Their empowerment varies among firms.
Harder in Asia
The banks are able to hire people, though. The challenge is that in Asia, compliance talent is rare and increasingly expensive.
“It’s difficult to find people in-country that understand global standards and speak English,” Sivabalan said. “Even in India and Malaysia, banks struggle to find people who fulfil global mandate rules and understand sanctions regimes.”
Asia’s talent shortage is one issue for banks. Another is the region’s daunting challenges in terms of dodgy jurisdictions.
The Financial Action Task Force, a global body coordinating regulators for AML activities, blacklists three countries worldwide, where institutions aren’t supposed to do any business or serve those customers. Two are in APAC, Myanmar and North Korea (along with Iran). Its gray list is more populated by African countries, but also includes Philippines and Vietnam.
Which means there’s a lot more work for financial crime experts to do in this region. This also drives up labor costs.
Sivabalan says despite the advances in AI, firms can’t just hand the work over to a computer. “AI can do a lot of the heavy lifting, but you need an experienced compliance person to take responsibility for decisions.”
Fintech companies are also important players in financial crime controls. They have much better tech stacks (duh) but they are too small to hire enough human specialists.
While labor costs are rising the most, tech inflation is also a contributing factor. But Sivabalan notes that many banks invest in user-experience technology at the cost of under-funding operations, risk and compliance. Many Asian countries are quickly becoming cashless, which reflects a big investment in digital payments. It also makes these rails juicy targets for criminals. But banks and fintechs haven’t put the commensurate dollars to work to ensure their safety.
Yet the compliance budgets keep rising.
Glimmers of hope
A compliance tech vendor – especially one commissioning this sort of report, which can usually be used to generate any sort of narrative – is obviously going to say banks are spending more than ever and need better solutions, so buy mine.
While DigFin takes the numbers with a grain of salt, the survey’s thrust is worth considering. Banks are spending a ton of money on AML and KYC, and yet the bad guys appear to be winning. This isn’t exactly news. But the advances in AI and other tech are supposed to be, if not silver bullets, at least bullets made of, what, copper? Stainless steel? But it seems like the finance industry, because of its nature, is buying bullets of cubic zirconium.
One technology that’s making things a lot worse, but could be making things a lot better, is blockchain. On the one hand, criminals love their crypto for ransomware. And the amount of fraud and hacks in the crypto industry is epic. Now that traditional institutions are dipping toes into the blockchain waters (with bitcoin ETFs and so on), bad guys must be twirling their evil mustaches in greedy anticipation.
On the other hand, Sivabalan says blockchain is a great tech for compliance. It’s all about ledgers that everybody can see and agree. In theory, there’s no need for Excel (although that seemed to be the tool of choice for FTX’s risk management squad). What crypto lacks is scalability and a culture of best practices.
Financial crime compliance is complicated. It also involves regulators, tax authorities, and law enforcement. Banks are often made to police what governments cannot. Yet DigFin wonders if the real reason for these escalating compliance costs are because banks and fintechs don’t really want to know what’s going on, so instead they throw money at half-baked solutions.
But imagine if banks started to use blockchain to establish the provenance of assets, and if crypto firms inculcated a culture of compliance and AML. Cats and dogs lying down together! Crazy talk. But who knows, maybe the world will become a better place.