cyber threat, cyber crime, hacking, cyber security
Image Credit: Gulf News

Managing risk in financial institutions has never been more complex. As cyber attacks continue to evolve and increase in frequency and sophistication, cyber security has become a major area of attention and investment. Complying with the number of global regulations that aim to combat money laundering and terrorist financing is also a challenge for the industry, in terms of costs and resources.

These demanding processes and new frameworks are shifting the economics of correspondent banking models, making some banking relationships expensive to maintain. Concerns over risk and rising costs have led banks to “de-risk” by terminating correspondent relationships and exiting business lines. There is also concern of possible cyber de-risking if banks do not have a resilient cybersecurity model.

An ongoing challenge

The impact of this trend is being felt in a number of regions, including the Middle East. Figures from 2016 by the Arab Monetary Union, World Bank and IMF found that 39 per cent of participant banks in the Arab region indicated that they have experienced a significant decline in the scale and breadth of their correspondent banking relationships. In 2018, the Central Bank of the UAE ordered money exchange houses to raise their compliance standards after several banks cut ties with them due to concerns about the risk of illicit financial flows.

Exchange houses, which play a major role in sending remittance payments from the large populations of expatriates in the region, are struggling with the increasing costs of managing compliance. However, led by the Foreign Exchange & Remittance Group, exchange houses have taken steps this year to ramp up their measures to combat money laundering and introduced a new reporting software system called ‘goAML’.

Cyber security also remains top of mind across the Middle East. According to PwC’s “21st CEO Survey”, an international study conducted in 2018, the fear of cybercrime as a risk to growth is up 16 per cent in the past year alone. Leaders in the Middle East ranked fears around cyber threats higher than anywhere else.

A CSIS and McAfee study, “The Economic Impact of Cybercrime — No Slowing Down”, reported the UAE as the second most targeted country in the world for cybercrime, costing the Emirates an estimated $1.4 billion every year.

In such a challenging environment, what more can Middle East banks do to remain secure and compliant?

Transparency is key

Banks are more likely to be affected if they provide insufficient transparency over their activities, business lines and behaviour. The more difficult it is for correspondents to access KYC (know your customer) or AML (anti money laundering) information, the greater the cost of doing business with a specific bank becomes.

In order to address this issue, banks can put measures in place to improve both their transparency and the consistency of their information. The right screening tools, backed up by clearly auditable processes and controls can go a long way toward providing such clarity and reducing compliance costs for correspondents. Compliance controls such as transaction screening can be used to take control of the sanctions compliance process with maximum accuracy, efficiency and cost-effectiveness.

These should include transaction and name screening, the use of standardised sanctions lists and quality assurance.

Industry KYC utilities can also help by acting as a platform of up-to-date information for correspondent banks. Swift’s KYC Registry, for example, has more than 5,000 financial institutions on its books and enables banks to provide validated information, making it cheaper and easier for their correspondents to access the information they need.

Data analytics enable banks to manage risk and identify problematic transactions in a more targeted and efficient way, by identifying and prioritising areas that a bank may wish to investigate further. This can give banks better information about their exposures and a clearer understanding of how their networks operate.

With fraud moving increasingly from data theft to payment fraud, financial institutions need to reassess the security of their payment environments. Transaction reporting can provide an important layer of quality assurance, a global summary of inbound and outbound counter-party payments flows. It can highlight when suspicious activity occurs and enable banks to cancel messages and recover funds.

Monitoring payments in real-time takes this a step further, allowing banks to instantly take action if a transaction deviates from the normal parameters.

While all of the above can significantly help financial institutions boost their defences and illustrate transparency, collaboration within the community is just as important. This is why Swift is building a compliance utility, a set of standardised services that will help banks to meet their ever-growing compliance challenges.

Since Swift is a trusted network, owned by the banks, it can help its customers increase compliance standardisation and efficiency while better managing related cost and risk. Additionally, it has launched the Swift Information Sharing and Analysis Centre to facilitate the community’s access to actionable cyber-security threat intelligence, enabling the community to better defend itself against potential future cyber-attacks.

No room for complacency

One thing is clear — banks have taken notice and are taking action. They have realised the real risk of non-compliance and exposure to cyber threats, and are therefore investing heavily in cyber security and compliance processes and tools. According to Deloitte’s 2018 Financial Services regulatory Barometer Middle East, the majority have a dedicated financial crime compliance unit and are focusing efforts on improving their standards and processes.

However, there is still a lot to do and no room for complacency. Banks in the Middle East, as elsewhere, need to continue with their efforts to provide increased transparency, reduce compliance costs for their correspondents and manage compliance and cyber risk hand-in-hand.

Sido Bestani is Regional Director, Middle East, Turkey and Africa for Swift.