<<El futuro de la gestión de riesgo operativo

View all episodes

Juan José Ríos (host)

The phenomenon of globalization with exponential digital growth.
It offers the perfect environment and possibilities for the development of illegal activities dedicated to activities such as drug trafficking, corruption, bribery, among others. There is a social and personal responsibility that seeks to repress the phenomenon of corruption and criminal activities of such groups, which requires knowledge of the modus operandi, the use of new technology that help to give the appearance of legality to the funds, where special attention should be paid to the activities of financial intermediation.

In response to the recommendations made by different international organizations, such as the UN, the FATF, the International Monetary Fund, the Basel Committee, etc. The regulations in force in most countries require the adoption of measures for the prevention and control of these risks by multiple regulated entities in different sectors of the economy. In this podcast we will analyze the change of focus in AML in the technological revolution and some of the main recommendations to mitigate the risk of money laundering and terrorist financing.

Hello, how are you all welcome to this new podcast Mundo Financiero Seguro from Monitor Plus I'm Juan José Ríos. Thank you for joining us once again. This time we are joined by Juan Pablo Rodriguez. He is Colombian, he is director of Rics Management and also Ilian Vasco VP of Marketing and Product. Thank you both for joining us and to all of you who are tuning in and joining this conversation. Thank you very much. But let's get down to business and I'm going to start by asking you Juan Pablo, what are the lessons learned from the information revealed in the Fins and fails?

Juan Pablo Rodriguez

Juan José, thank you very much for the invitation. And the case we know about on September 20 of this year and there are many lessons learned. The first one, that we must be wary of the information that appears in the media, since contrasting the data shown by the ISI investigative journalists' portal, if we realize that in that conclusion there are 2,100 suspicious operation reports of FINSE in the financial intelligence unit in the United States, they do not even represent 0.10% of the 25 million suspicious operation reports that could have been made between 1997 and 2019.

This assumes, then, that the conclusions reached by the investigative journalists are not significant, but unfortunately they certainly caused damage to the financial institutions mentioned. The second lesson learned is that in some cases investigative journalism is relied upon to make decisions, but it is worthwhile to contrast that information to determine how reliable and credible it is. And the third lesson learned is that probably, and although this sounds contradictory, scandals are needed to give importance and support to such a complex task as that of the compliance officer within the obliged entities, which should not necessarily be limited to banks, but many entities that now, by virtue of the regulation, must also have a model against money laundering and financing of terrorism.

If we could add something else, this case teaches us that we continue to fail to comply with regulations, especially on beneficial ownership. Links continue to be generated in the financial entities of companies that do not know with whom they are doing business and that we depend on data leaks to know what type of operations are involved and with what type of organizations outside the law, they have relationships inside. From financial entities to banking products, these would be the four lessons that the Fins and fails leave us and surely many more scandals will come or more publications will come from the right.

Juan José Ríos

Thank you, Juan Pablo. In addition to these lessons that this information leaves us and what Juan Pablo Illán shared with us, what others, what other experiences, so to speak, does this information revealed by the Fins and fails leave us.

Ilian Vasco

Hi Juan, thank you. Yes, this is definitely a topic that generated a lot of buzz. As Juan Pablo mentioned, the Fins and fails. Let's say I did a lot and a lot of fuss was made about it, but in the end they don't say or there is not a lot of data that really corresponds to reality. I think that initially this left a big boom and the boom of the news, but in the end let's say that it is a very important issue. The fact is that people who are not in the media know that the function of compliance is a means, not a result.

In this case one could not take these reports, these leaks as concrete denunciations, because they are not really denunciations, let's say an act after having made a management and a validation that corresponds to each state to validate, it is an issue that, as it happened in the United States and surely happens in other countries, is done by the entities, it is done under a methodology, a methodological framework and others, but in the end it is unknown what the final result of the authorities is.

That is to say, from there starts another procedural stage where one does not know if finally what an entity considered as suspicious finally turned out to be really a laundering issue. So let's say that this is where one speaks and sees the comparative laundering fraud, yes, where evidently when one is doing one's own analysis and monitoring in fraud prevention, fraud is fraud, whether or not the money was stolen. In the case of money laundering prevention it is more complex because I can consider that there is money laundering, but I do not necessarily have to confirm it, so the big lesson, let's say in this case part of everything that can happen and everything that can be leaked and the reputational risks that the entities can suffer with my clients or the people that are reported in these issues is that really the data, no matter how protected they may be, can be compromised and it makes a call, I think, to review internally the institution and the entities themselves on how they are protecting that data.

Juan José Ríos

Thank you very much, Ilian. Well, taking this scenario of the methodology, the results and information. Juan Pablo, I would like to ask you what trends are then foreseen for financial institutions in 2,021 and of course, the return to the new normal of the economies in Latin America?

Juan Pablo Rodriguez

Juan José thank you very much, well the year has been an atypical year. As you all know, the pandemic was not in the strategic prevention of any company, at least in Latin America. And this has forced a lot of changes within organizations, some positive and some negative. Among the positive ones we can mention the digital transformation at a much faster speed than expected, precisely because we were forced to start making non-presential links, to work at home or in remote locations, without leaving, let's say, the economy and sectors as important for countries such as the financial sector, to rest.

That means that by 2021 it is very likely that the way to link customers, the way to carry out the work within financial institutions will continue to be remote. Clients will probably now be more accustomed to a virtual relationship and not necessarily face to face, but this could have consequences. I do not want to qualify them as serious, but we will have to begin to understand the implications of, for example, the closing of branches, because it would no longer be justified to have a staff in an office where customers are not going to go.

But on the other hand, in the face of a significant increase in digital transactions, as Ilian Alejandro rightly commented, now talking about Fins and fails, it will be necessary to protect and guard with greater secrecy the information not only of the financial institution, but also of the customers. Because surely the hackers, the cyber criminals will be very attentive and pending. To get hold of this information to commit their criminal conducts. Finally, 2,021 is looking like a year of economic recovery, hopefully a year of economic recovery. Hopefully a year of economic recovery, a year in which we will come out of the recession that we have had due to the pandemic.

But also, and in the case of Latin America, with unfortunate natural disasters that we did not have on the agenda. It means then that we will have to be very, very attentive to the handling of money, because criminals will also be very attentive to place their resources in the name of other people. I am talking about the front men or the typical mules that lend their name to obtain a benefit from these transactions. And this connects perfectly Juan José with the increase in unemployment levels. When the economy slows down as abruptly as Covid-19 did.

Many people have lost their jobs. They have no way to provide for themselves and their families. And unfortunately, organized crime finds here a breeding ground to find accomplices for the commission of their criminal conducts. Those would be, let's say, the warnings for the year 2021.

Juan José Ríos

Thank you very much, Juan Pablo. Well, in addition to these points presented by Juan Pablo, according to your perspective, Illán, where are we headed? What future do you see for financial institutions in the face of this 2,021 that we are just a few days away from starting and this new normality in Latin American economies? Taking into account the scenario, the perspective and all the characteristics that they present, especially the economies in Latin America.

Ilian Vasco

I believe that in order to achieve what Juan Pablo mentioned, the economic and social environment is really ideal right now, so that criminals can take advantage of it.

I believe that this is the first and very important point to take into account in a risk management framework, because there are many companies that are, let's say, in decline, there are companies that need to grow and in that aspect, then the rescuers can come in to save the business of a company or person and let's say that they are more susceptible to that risk. Within that, I see other options as well, such as, let's say, we have to make a context analysis of this evolution and how the current issue of money laundering prevention is going to behave with these changes, it definitely changes the behavior of the clients, changes in how people are going to work from now on, if they are going to see how long the economic recovery will take. There is an issue of how we are going to work in the compliance areas, that risk management, but aligned to the strategy because many of the entrepreneurs and companies are refocusing their strategies, they are rethinking many risk management issues. It has to be there, let's say, to be able to know where the company is going and how it is going to protect it as well.

We cannot ignore that there are business models that are really leveraged with new technologies and these technologies are the enabler to meet the current needs of customers that were generated. Many or let's say they grew exponentially because of the pandemic. So that is a number of situations that must be taken into account and that are part of this system or ecosystem of risks and trends that must be taken into account. There is another one that is very important and these are the crypto-assets where, as we were talking recently about the growth, for example, of these virtual currencies, the Bitcoin, if my numbers do not fail me more than a year ago, is at 4,000 dollars. Now it is around 18,000, something that, let's say, has had a very important boom because from this market nobody regulates us and this also makes it easier and there in other media, channels for laundering assets, without leaving aside that also the entities today are also venturing into new technologies of artificial intelligence Machine Learning, Deep Learning, which are also part of these models and that they do.
Let's say that the compliance function needs more technological tools.

Juan José Ríos

Thank you very much, Juan Pablo and Ilian. Now, if you like, why don't we talk about future post-pandemic strategies? Or rather we live? With them, with Covid-19 and in that sense, how much do you consider PLD risk management to be a key component in the strategy of the institutions?

Juan Pablo Rodriguez

Juan José. Yes, I believe that it is not now, nor as a consequence of the pandemic, the prevention of money laundering. And now the financing of terrorism. But let's add to that the risk of financing, of proliferation of weapons of mass destruction. Incidentally, a risk that was included in SARLAF 4.0, the Colombian standard that was issued on September 2 of this year and that will come into force on September 2, 2,021.

It will always be a strategic task that unfortunately in some cases is still seen as a minor task or is only given importance when the regulator comes with a sanction or in the worst case scenario, the entity subject to appear linked to a criminal case. I believe that for 2,021 and from now on, financial entities and other entities subject to anti-money laundering and anti-terrorist financing regulations must synchronize from the highest levels of decision making in companies.

The work of prevention and control of these risks and I emphasized prevention and not avoidance, because I think we have made a mistake there and that is to try to think that crime can be avoided, crime can be prevented and that is why we talk about a risk-based approach and as important tools to answer. Juan José is digital identity. Not for nothing in March of this year and even if it coincided with the pandemic. But it is not a product of it. Although some people got it wrong.

The FATF Financial Action Task Force issued a guideline for regulated entities to carry out non-face-to-face linkages, something that some years ago we were very much afraid of because we depended on a face-to-face relationship, a face-to-face relationship that, in my opinion, and this only concerns me. I believe that it contributed little or nothing to the fight against crime. It is not proven that the face to face relationship is better or worse, or that it is better or worse in terms of control to prevent criminal behavior.

I believe that more than that, it is important to have information and information that meets three requirements: complete information, updated information and verified information. And the last important issue here is that information may be collected and verified not necessarily with the owner of the data, that is to say, not necessarily with the client, but we could go to databases that obviously, respecting the regulation of personal data protection or as it is known in other legislations of habeas data, allow the obliged entities to have that information with which they can manage the risks and surely make the relations with the clients much friendlier, because it is proven that the client would be willing, and this by exception, to deliver information to the financial entity or obliged entity if he is the one who has the need.

For example, as in the case of credit operations. But when you talk about liability operations, it is very difficult for the bank or the financial entity to collect all the information it would need for risk management. So those two are the changes that are on the horizon in terms of how to fight organized crime. Changing the paradigm of that relationship of yesteryear that we were used to from Face to Face to move to a digital relationship, but always, in any case, in a secure manner and that serves the purpose of complying with anti-money laundering regulations.

Juan José Ríos

Thank you John Paul washing prevention. Crime prevention, digital identity. You were talking to us. Well, it seems that this is not necessarily an experience that leaves us face to face pandemic. In that sense, Ilian I would also therefore like to ask you what is your opinion on your consideration? If LDP risk management is this key component in the strategies of the institutions, there will be other strategies in addition to what Juan Pablo mentioned.

Ilian Vasco

Yes, I agree, Juan. I think that definitely in the strategy, the institutions of this laundering prevention areas, where it is very important to have within that model the risks of both prevention, laundering and other risks that are part of the institutions. Why have certain issues not been implemented or why have certain processes of digital transformation been slowed down or had you bet that they would not be implemented on time?

Many of them realized that it was because they were not prepared to assume the risk control in front of the projects. If this is done from the beginning, it will be easier to come out positively to a situation, to a clear strategy. Obviously, this allows compliance to have a proactive role in risk management. It is also possible to respond to business changes or to identify and respond to changes in a global context such as the ones we are seeing right now.

In that aspect, I consider that the combination of what the strategy or the whole model of corporate governance and money laundering prevention is really a key component in the strategy of any institution that must have, let's say, a clear and effective strategy to prevent money laundering.

Juan José Ríos

Juan Pablo, continuing with this podcast and this topic, what synergy can you generate between control areas and the LDP unit in the management of financial crime?

Juan Pablo Rodriguez

Well, that is a very good question, Juan José. Especially because about three months ago, or maybe four months ago. The Institute of Internal Auditors globally changed its position of the famous three lines of defense to remind the audience. We have three clearly differentiated lines in the first line. Normally the commercial series are highlighted. The second line highlights the risk and compliance areas, and the third line is the internal auditors upwards.

The relationship with senior management and governing bodies, and from the outside, supervisors or external auditors. Precisely in this new way of showing the lines of defense, the Institute of Internal Auditors expects a higher level of commitment and greater closeness in all lines of defense, and especially in those that refer to the fight against organized crime, especially against money laundering and the financing of terrorism, highlighting some fundamental principles such as integrity, transparency, but above all independence.

And regarding the question of whether or not there is synergy between the control areas and the Money Laundering Prevention Unit, it is very important to draw a line that distinguishes the control functions from the functions of the compliance officer and his team. Because what one can find in professional practice is that controls are being repeated or tasks are being repeated that do not benefit the model, but rather overload it with operational tasks and probably make it less profitable in the eyes of senior management.

Therefore, we are convinced that teamwork is required, but limiting the attributions of each one as far as internal control is concerned. On the review of money laundering and terrorist financing litigants and on the side of the compliance officer and his unit, the management, design, implementation and monitoring of the model, thus ensuring that it is a set of tools capable of preventing crime. And as Ilian Alejandro already pointed out, emphasizing that this is a task of means and not of results.

And that is why, once again, he returned to the concept of how important it is to talk about crime prevention and not crime avoidance, because this would lead to models that would be quite complicated to comply with. From the legal point of view.

Juan José Ríos

And complementing further the question about the control areas and the role of the PLD unit in financial crime management. Ilian, any additional point that you can generate, if precisely in terms of synergy between areas. Let's say that I think that as Juan Pablo mentioned right now one of the most important points is to see how we really include ourselves as a compliance area in the whole digital onboarding process.

All this part of using all the information of linkage, the knowledge in electronic channels of what the institution is already collecting is like the first front, because many regulations and standards are demanding that due diligence is done. Actually, at the very moment when the client is being linked in that order of ideas. If you have to do some processes, you have to automate so as not to affect the customer experience, you have to automate certain issues that normally the recommendations that are given in real time so that there can be a simultaneous validation.

In this part there are also other synergies, such as with the areas of fraud prevention or cyber fraud, where you can use geolocation tools, identification of devices, IP addresses that commonly today, let's say that in some issues, some typologies associated with the identification of these devices have been seen for many years, but they were not really being used in an appropriate manner. And finally, I think that it is the change in the spectrum of, let's say, where it is necessary to ask whether there is a greater integration or not with the traditional control areas such as auditing, fiscal auditing in the case of Colombia and other countries, or what is commonly known as specialized external audits.

So, if we have a risk management model, where we have a synergy, where the control areas identify certain issues, how are we really integrating all that information, do we start integrating those validations and how are we doing due diligence on those activities so that we can really create that, that union that makes compliance management more effective?

Juan José Ríos

Thank you Juan Pablo. Now to conclude this very valuable intervention of yours, what are the challenges faced by institutions with new technologies in LDP risk management? What risks, Juan Pablo, what emerging risks do they represent or what added value can they bring?

Juan Pablo Rodriguez

Well, this technical term emerging risks, understood as the set of events that were not known before. That is the definition we can give. They became much more palpable with Covid-19 because very few made an adequate exercise of risk management and above all of planning in the face of what was happening in the East, which then crossed the Atlantic with the devastating effects we have already commented here. What things should we take into account as emerging risks? First of all, the change in the behavior of criminals.

Criminals. Unfortunately for us on the side. Let's put it this way, the side of the good guys, the side of those of us who fight organized crime. We have not accommodated ourselves as quickly as organized crime. Faced with the challenges of the pandemic. It is also very important. It will start to address challenges like digital identity and non-face-to-face linkages. Number three would be generational change in the banking customer base. It's something that some have probably neglected, but it will be very important to start to give them a taste for it in products and services and ways of communicating.

Millennials, people who probably communicate solely and exclusively virtually, who depend on their phone, who depend on apps, who depend on information that could fit on a screen. And they will be far from used to going to a financial institution and settling down, standing in line or waiting in line and waiting for a long time. Number three. There are on the horizon a lot of tools. I highlight the blockchain, a very important tool for the fight against crime, which unfortunately has suffered from the bad reputation derived from cryptoassets, as Ilian Alejandro already commented.

It is a sensitive sector, like many others in the economy, but I would respectfully say that we should not generalize, as happens in some other latitudes, that this type of business is only and exclusively at the service of the criminal world. I think that with cryptos as well as with cash, criminal conduct can be committed, but perfectly lawful conduct can also be carried out. So with the blockchain we can find a tool that due to its characteristics of security, immutability and above all integrity in transactions, could ensure a new way of doing business.

In fact, I highlight examples shown in the Blockchain Revolution 4.0 book such as Banco Santander, which in Spain is already testing switching from Swift to blockchain technologies that are much cheaper and much faster. Examples of its three can be found in Africa for people who are unbanked, but who need to have business relationships at much lower rates and at a much faster speed in terms of receiving money.

So my advice would be to start working on programming, technology, Machine Learning, artificial intelligence, Big Data and all the tech you can imagine Fintech, Sur Tech, Legal Tech, Rect Tech, which I think is the near future that we need to address. Juan José.

Juan José Ríos

Ilian, as we talked about, the pandemic did not exactly set standards, but it did set challenges for institutions and the imminent use of technologies in the form of PLD risk management new challenges, new risks. In addition to what Juan Pablo already shared, could you add something else?

Ilian Vasco

All right, I think Juan Pablo made a very good summary of everything let's say. These are the challenges that we are facing and complementing and part of what he mentioned. I believe that today the first thing that the compliance areas should consider is to adjust their operating models, let's say, in view of the new market demands, where obviously we have to rethink this information, this methodology and start to see how it can change us and how much I have to change.

I think that evidently we do have to change several issues, to take into account how customer behavior changes. Many of them are probably going to dedicate themselves to totally different activities, certain economies cannot bear to have more than six months of losses. Either you close or you transform, you change, and there is going to be a very important change in a large base of our customers. The issue of, let's say, the risks that have been known for years and, as I was mentioning just now, the issue of the mullah accounts and other new ones such as the issue of how I can make the identification or digital identity where it is really important and that challenge is how I can use technology, in favor of compliance and how I can take advantage of all that technology to include it in our model and generate an added value.

And finally, I really feel that we need to have a real time control time so as not to affect the Costumer Experience, where processes are not manual, but automated processes and where there is little friction.

Juan José Ríos

Today we talk about specific topics, we talk about trends, we talk about choices, we talk about key components, we talk about synergy and challenges. Juan Pablo especially for you at this point, in conclusions, any final points you want to share with us in this podcast?

Juan Pablo Rodriguez

Thank you Juan for the invitation and a special greeting to the entire Plus Technologies family. My final recommendation, which I think is a lesson from the pandemic, is three important concepts: the first one is speed, risk, the second one is behavioral risk and the third one is social discipline. When we talk about speed of risk, the pandemic taught us that any planning we have is going to be thrown out. Everything that the companies did in September and November of last year, today we are being executed.

And if it was executed, surely it was done in a limited way, because budgets were so tight that in the compliance world experts said that the money invested in training and consulting was reduced by 54%. So, any evaluation that one makes in terms of time does not even last a month, but week by week things may change, because today we do not know for sure whether there is a vaccine or not or whether Covid is going to end up yielding to the advances of science and medicine.

Number two: Behavioral risk means that the decisions taken today will determine the positive negative future of humanity. And I apologize for sounding a bit fatalistic, but doing research for the conferences that you have been giving this year and China could have contained 95% of the infections, it would have taken three weeks earlier the containment measures that it then took. That means that those who have the political power to make decisions have a great responsibility. And number three: speaking of social discipline and I take this opportunity to recommend a book The Power of Habits, I think it is going to take its toll on us.

The discipline we have in positive or negative to fight against this invisible enemy. If people follow the isolation measures, if people follow the social distancing measures, if they use the mask, if they do not need to leave their place of residence, then we can surely claim victory in the near future. Otherwise it is not going to be like that. And this has a lot to do with the fight against crime. If we do not have a good habit of crime prevention, we will hardly be able to claim victory in such a complex work as the fight against money laundering and the financing of terrorism, so I invite you to reflect on the three points I have been discussing.

And again, thank you very much for the invitation.

Juan José Ríos

Thank you very much, Juan Pablo, for sharing with us knowledge and views that we value infinitely. In conclusion, Ilian in this podcast Secure Financial World of Monitor Plus well, we touch on topics such as self-regulation, digital onboarding, emerging risk management, artificial intelligence, new technologies, cyber laundering, the Finds and files. But Illán, what is and with this I would like you to go to some conclusion of this podcast. What is the best contribution that Monitor Plus offers to its clients and its new clients? Within this framework of the topic of this podcast.

Ilian Vasco

Thank you, Juan. Regarding your question, one of the greatest contributions that Plus IT solutions and especially our Monitor Plus ACRM, what we offer is an integral vision. What this means is that you are not going to have systems that are combined or that work as islands. You are really going to have a system where you are going to be able to combine all these elements, all these requirements. You are going to have the whole issue of customer risk rating, you are going to have transactional monitoring, you are going to have customer segmentation.

We also have the ISO 32000-type risk management part, where there is a lot of integration of the data from the laundering prediction that goes up to the risk factors and so on, where all this information and all these requirements converge in a single system. So part of what we offer in our solutions is to be able to give and provide all this comprehensive compliance without the need for multiple tools.

Juan José Ríos

Thank you very much. So that was Ilian Vasco VP of marketing and product. Thank you very much. As always, we really appreciate your participation.

Ilian Vasco

Thank you very much to you, Juan José for joining us today, and to Juan Pablo for joining us as well. Very important appreciations and what you share with us.

Juan Pablo Rodriguez

With pleasure. A hug to all of you. Very kind.

Juan José Ríos

That was Juan Pablo Rodríguez, director of Risk Management and from Colombia Ilian Vasco in this new podcast Mundo Financiero Seguro from Monitor Plus I'm Juan José Ríos until next time and thank you for recommending us.

<<El futuro de la gestión de riesgo operativo

View all episodes