False Sense of Security: How Some Compliance Officers May Be Getting Away With Murder

Published by Yana on

Let’s talk about FinTech and regulatory scenarios when people think they are “doing ok” and don’t realize they have a problem until it’s too late or costs too much to fix.

I recently created a couple of surveys and here are some interesting observations:

  • Over 80% of compliance officers feel very confident about being able to do their current jobs without much help (they rated their level of confidence as 7 or higher out of 10). At the same time, statistically, FinTech compliance officers stay on their jobs for about a year and rarely longer than 2 years. If they are so confident and don’t need help, why do they leave? 🤯
  • Over 60% of respondents estimated (I don’t suspect they had the exact numbers at the time of completing the quiz) that their false positive rate is under 10% of the total transactional alerts. The industry average statistics is at about 20-30%, the larger the organization and the broader the geographies served, the higher the false-positive ratio. I think my audience is very smart but statistically, some of the people are underestimating the size of the problem.
  • The top risk areas are (hands down) related to technology: fraud risk, lack of confidence, understanding of information security, and difficulties with the deployment of compliance tools. Funnily enough, this is the easiest one to solve because usually there is tech expertise in-house within FinTech and there are so many tools available.

So, what does it tell us? 💭

I suppose, compliance officers know they work really hard and do their best, which makes them reasonably confident and potentially explains why they don’t push harder for better implementation of better tools and automated solutions. But there is a bigger and more fundamental “false sense of security” trap: people accept slower growth, delays, slow decision-making, and suboptimal results and explain it by “this is how things are these days in our industry”.

There is an opposite risk, which I would call “getting away with murder”. This happens when you constantly push, grow, take risks, leave things to be fixed later, and essentially live in an environment with elevated risks all the time and forget how much risk is actually “normal”. 💁🏼

I’m not necessarily referring to Wirecard or even Revolut in this case, but one of the risks could be the simple concentration of knowledge and know-how with one person. For example – with one of my clients, I historically had a lot of trust in the founding team and made a lot of interpretations and adaptations for their business model. I knew how intercompany agreements were connected to the T&Cs for the customers, how data flows across tools, when flows of funds change hands, and where the risks are. I knew how everything fits together, which contractual provisions exist with partners and vendors, and why. So I had no problem explaining or defending the company in from of the auditors and regulators, every time they had a question, the answer was available. And even when all the contracts and policies and regulatory submissions are available, it’s hard if not impossible to document your experience and your thought process. Yes, I’m a little happy purely from the egoistic perspective to be difficult to replace but from the enterprise perspective, the concentration of knowledge in one head for a long time is a risk. 

What are your thoughts on the false sense of security blind spots? Do you notice any? 🤓

>