EMEA CRO Merlin Piscitelli discusses the need for more advanced prevention and detection methods when it comes to due diligence in M&A. This article was originally published on Thomson Reuters Regulatory Intelligence on 28th January 2022.
The world has undergone a radical shift in the last two years, but although times and technology have changed, the need to combat financial crime in both the real and virtual worlds remains a constant challenge for financial institutions.
The range, magnitude and frequency of threats are constantly evolving. The digitalisation of financial systems, together with developments such as online banking and crypto-assets, are making it much harder to remediate threats. The pandemic has forced criminals to find new ways of getting illicit funds into the financial system. Lockdowns and the closure of physical banking facilities, meanwhile, have obliged financial institutions to adapt their due diligence protocols and know-your-customer (KYC) processes to deal with virtual, rather than face-to-face, client interaction, and with the challenges of retrieving and verifying physical documentation.
Transaction monitoring has also been recalibrated to respond to new cyber crime and fraud threats. Due diligence in a remote or virtual environment can be tricky, but has also led to some creative ways of harnessing technology such as video conferencing and leveraging drones to inspect facilities.
The financial services industry devotes extensive resources to tackling financial crime. In 2018, the World Economic Forum reported that fraud and financial crime was a trillion-dollar industry, noting that private companies had spent approximately $8.2 billion on antimoney laundering (AML) controls alone in 2017.
The scale of the problem is immense. Financial institutions must analyse vast quantities of data at speed, and make real timedecisions on everything from customer suitability to whether a claim or transaction is fraudulent. All the while, criminals continue to devise increasingly sophisticated ways to exploit the financial system.
Financial institutions are the first line of defence in detecting suspicious activity, and must ensure their regulatory and compliance systems are up-to-scratch, as the penalties for failure are costly from both a monetary and reputational perspective.
Financial crime due diligence and the rise of tech
Firms need more advanced prevention and detection methods with which to tackle financial crime. The use of technological solutions such as regtech, virtual data rooms, artificial intelligence (AI) tools, robotic process automation and machine learning has become much more widespread, but firms still need to understand the financial crime risks to which they might be exposed, and to develop relevant frameworks, systems, policies and procedures to protect themselves.
Financial crime due diligence plays an essential role both in overseeing risk-focused health checks for an organisation's business and in transactions such as mergers and acquisitions.
In M&A, due diligence is not simply a "tick-the-box" exercise to comply with regulatory requirements. It provides clarity on the true condition of a target and helps manage the transaction risk. It should be considered prior to acquisition and/or as part of an effective post-acquisition integration. Taking actions pre-close can help to avoid a long and costly litigation process post-close if any risks are identified.
The sheer volume of data involved in the due diligence process can be problematic and, due to the time sensitivity involved in deal cycles, there is pressure from all sides to identify and de-risk vulnerabilities.
Virtual data rooms, for example, have drastically improved the speed, efficiency and security of transactions in the past decade by providing dealmakers with the data intelligence and tools to help them decide whether a deal is good or bad. They enable involved parties to exchange confidential information in a structured and transparent way, through in-platform messaging and advanced access control to redacting or blacklining.
Other applications such as two-factor authentication also help to minimise security breaches during the due diligence process. Artificial intelligence and machine learning capabilities such as alert management and multilingual search capabilities can also speed up the process by automating repetitive tasks, enabling compliance professionals to focus on risk management.
A survey of EMEA dealmakers found that 64% believed new technology would make the due diligence process less time-intensive, reducing it from the current three-month average to less than one month by 2025.
In the digital age, cyber risk is a very real threat for businesses, particularly in the UK, where a survey found that 54% of UK dealmakers — the highest percentage across EMEA — said data or cyber-security concerns were the most common issue uncovered during due diligence that led participants to withdraw from a deal. Cyber-security audits and evaluations are therefore a vital component of M&A due diligence.
Technological developments will continue to benefit compliance, from both a process optimisation and risk management perspective, but firms will need to customise these types of technology. Pervasive data-quality issues, lack of integration with existing operational systems and tight budgets in a competitive landscape mean this is easier said than done. Smart investment, scaling proven innovation and a risk-focused outlook will allow firms to stay on top of illicit activity and better serve clients.
Financial crime remains at the top of the regulatory agenda. With the UK no longer bound by EU directives and opting out of the Sixth Anti-Money Laundering Directive, there may be some future divergence between the UK's domestic AML and counter-terrorist financing regime and EU rules. This will create additional nuances for both firms and clients.
As part of its Economic Crime Plan, HM Treasury is undertaking a broad review of the Money Laundering Regulations. One of the biggest developments is the Economic Crime Levy, which will be introduced from April 1, 2022 to raise approximately £100 million per year to help fund AML reforms. This new tax will see medium and large professional firms pay an annual fixed fee based on the turnover "size" band to which they belong, determined by their UK revenue.
Further regulatory developments are expected as the UK launches reviews to explore areas of financial regulation, including prudential regulation, crypto-assets and environmental, social and governance (ESG). The UK's operational resilience regime will also start to apply from March 31, 2022, introducing a more prescriptive approach to preparing for cyber attacks, failed IT upgrades and other forms of disruption to firms' systems.
Chief compliance officers battling with legacy systems and often ineffective policy and governance structures may find it challenging to implement an intelligently automated financial crime framework that addresses increasingly complex regulatory expectations. Another M&A boom is expected this year, however, making it imperative for firms to have the right tools, technology, systems and processes in place, alongside a proactive financial crime risk management culture. Smart collaboration within the financial sector, and between the sector and regulatory authorities, will also be vital.
To use one of most often-repeated idioms in sport — the best defence is a good offence.