Why financial institutions see mandates as a hindrance in the fight against fraud and financial crime.
Recent research from Featurespace and PYMNTS discovered that regulatory constraints are the number one barrier inhibiting financial institutions (FIs) from innovating, particularly in relation to preventing fraud and fighting financial crime. More than sixty percent of FIs pinpointed regulatory constraints or difficulties as factors inhibiting innovation, including preventing the addition of new features or technologies to existing solutions. This concern was echoed by FIs of all sizes and by both fraud and AML professionals. Clearly it is an industry-wide issue.
Regulation is supposed to make the financial services world a safer and fairer place to transact, but between policy and production there seems to be a disconnect.
Why regulation is seen as a blocker by FIs
Typically, regulation is seen as a blocker by financial institutions because it does a couple of things that are unfortunate. The first is, it increases the cost of compliance. And when large investments must be made just to maintain compliance, it leaves little resources for innovation. It slows down development of new products and tools that they can provide to consumers.
Secondly and perhaps more importantly, a lot of regulation is about secure sharing of data and information, and financial institutions like to protect the information they guard as custodians of their account holders. Sometimes regulation has the unfortunate side effect of disclosing information that customers did not want to share.
What regulators can do to unblock innovation in financial services
There are a lot of challenges that regulators can solve for people by the way that they design, develop, and implement regulation. First, it is important that they involve the constituents that will be affected by the regulation through industry groups, policy groups; and, that they speak directly with the people responsible for complying with any mandates. They work with the FIs that will implement the compliance with the regulations they put forward, to understand the short, medium, and long-term impact.
Regulations are static, so although bodies might pass a bill or rule that is suitable in 2022 it might not be applicable in 2025. Policy makers may not be experts in quantum computing, or advances in artificial intelligence, or other technologies that will render that earlier rule either not relevant or hard to implement. That is why working groups, hackathons, tech sprints, and feedback sessions with a wide range of industry experts are so important.
Why do mid-sized FIs struggle the most when it comes to the challenges from regulations?
Mid-sized FIs are in a difficult position when it comes to dealing with new regulations and compliance, and the reason for it is they are not large enough to invest in all the top, world class leading solutions. They must carefully marshal their investing, and in some cases settle for mediocre or underperforming solutions, which are one of the few affordable solutions that are regulatorily compliant. However, they are not small enough that they are willing to accept the restrictions of a shared, non-custom solution of a pure outsourcing into a managed service offering.
They want to retain a degree of control over their strategies without creating large technology and operational overhead. This usually results in trading off investments against risk coverage and budget priorities, without an enterprise approach to compliance solutions. It does not retain capacity to address the next threat vector which FIs will be held accountable for by the regulators.
The role of payment service providers in regulatory compliance
One of the areas where there is a lot of growth in terms of involvement with regulatory compliance is with the Independent Software Vendors or ISVs expanding their Software as a Service offers to include regtech and compliance. ISVs typically represent many customers and financial entities, and those that traditionally do not have input into financial regulations such as retailers, as well as other non-traditional financial institutions. ISVs collect the requirements from this customer base, and then they can advocate on behalf of them. As the voice of the smaller ecosystem participants, ISVs surface potential challenges such as how new regulations will impact and even slow down economies, financial institutions, merchants, and their customers.
ISVs also can support the implementation of regulatory change through their expansive knowledge and expert teams, who have documented best practice in these kinds of projects. As they support a large customer base, they repeat these approaches and refine them over time to support smaller FIs.
Increasing regulatory overhead for intermediaries
Payment facilitators, processors, intermediaries, and financial exchanges including cryptocurrency are beginning to feel the squeeze of increasing regulatory pressure as they are required to identify money laundering activities as well as all kinds of fraud and scams. This can result in tactical point solutions for each element of fraud, scam, or criminal activity. But doing that puts a tremendous amount of processing overhead on your payment system and introduces latency. It also creates a lot of complexity and opportunities for failure within payment systems and integrating with other payment networks. As the regulatory burden on these intermediaries increases, it is important to consider how to consolidate compliance strategies and systems to reduce the overhead that you have on a transaction through everything from Know Your Customer (KYC) checks to sanctions, AML, fraud, and scams.
How FIs can prepare for upcoming regulations
Actively participating in industry groups run by regulators is crucial to being aware of regulations as soon as possible. New rules undergo many drafts and are developed by committees, which consider the feedback sessions from participants. The industry representatives often have a clear vision of how to make policy aims a reality in their market and wish to be involved.
For the FIs themselves, joining industry associations for both payments and banking can be another way to get closer to regulatory roadmaps without being directly involved in potentially limited or inaccessible working groups. Foresight is crucial when it comes to preparing for new regulations.
Scams and reimbursement regulations
Regulatory bodies around the world are currently focused on rules similar to the UK’s Contingent Reimbursement Model (CRM) code, which “aims to reduce both the occurrence and impact of Authorized Push Payment (APP) scams, and is designed to give people the confidence that, if they fall victim to an APP scam and have acted appropriately, they will be reimbursed”.
Regulation E (Reg E in the U.S.) historically focused on unauthorized transactions i.e., traditional fraud typologies, and the right to reimbursement for the customer. But with the rise in APP around the world, there’s growing pressure for The Consumer Financial Protection Bureau (CFPB) to exercise its authority under Regulation E and the Electronic Fund Transfer Act (EFTA) to better protect consumers from payment scams, particularly on peer-to-peer (P2P) services like Venmo. In fact, it seems the CFPB has taken notice and is expected to release guidance that could expand banks’ and payment platforms’ liability for fraudulent transactions.
Scams are categorized as authorized fraud under The Federal Reserve FraudClassifier Model, and don’t currently come under Reg E. But a lot of FIs are concerned about the impact on their fraud losses and total cost of fraud should the regulation be updated to include scams.
Preventing scams does require improvements to existing rules-based fraud prevention systems and managing that investment alongside potentially spiraling scams reimbursement costs would be a challenge.
It is unclear right now whether the customer’s issuing bank or FI will bear complete liability for scams losses, or whether it will lie partially or completely with the account holder, the merchant, or any of the intermediaries in between, and so it is important that an open dialogue discussing this allocation of risk, responsibility for criminal acts, and what protections are required to be in place.
Choosing a partner in compliance
For FIs, an effective compliance strategy really requires a trusted network of expert partners. It is not effective or efficient to attempt an in-house build for all systems. As a result, FIs now must monitor the compliance of an expanding supply chain, which is becoming more of a partner ecosystem. Clear frameworks and guidance on how to run compliance programs from regulators will be essential to ensuring the long-term viability of the regtech industry.
Regtech partners, including fraud and financial crime systems need to be as active a participant in the regulatory development and feedback process as possible to ensure their systems and consultancy remain ahead of the mandates, and support innovation for their customers. We need to ensure we understand and are ahead of the regulatory compliance needs of our customers, to enable their regulatory compliance success.
Featurespace is an active participant in regulatory working groups and publishes regular responses to calls for input. Read our recent publications below.
4 ways to modernize the Bank Secrecy Act and Anti-Money Laundering Regulations: Response to Financial Crimes Enforcement Network (FinCEN)’s review of the Bank Secrecy Act (BSA) Regulations and Guidelines.
Collaborating to Combat Payments Fraud in Europe: Response to European Banking Authority’s discussion paper on the preliminary observations on selected payment fraud data under the Payment Services Directive (PSD2).
Synthetic Data Innovations for Fraud and Financial Crime Prevention: Response to the Financial Conduct Authority (FCA) in the UK recently issued a call for input on synthetic data to support financial services innovation.