Tag: risk & security

Optical character recognition (OCR) has been around for decades, and it’s still a technology that banks regularly use to scan and process paper or PDF forms, such as loan applications or account servicing requests. Although OCR is a well-established tool for data capture, it has a number of inherent problems that make it less than ideal when you’re thinking about true digital transformation.

We believe that OCR keeps your business trapped by thinking about forms inside the old “PDF paradigm” – viewing a form as a static and fillable document. Asking a customer to fill out a blank form by hand, or even complete a fillable PDF online, which then needs to get scanned via OCR, isn’t exactly a digital or mobile-friendly experience. Not to mention, OCR systems are notorious for data errors that result in high NIGO (not in good order) scores, which create more work to fix downstream.

Here’s how you might think differently about data collection and forms in the context of triggering and automating banking processes.

How Optical Character Recognition Works
Here’s how organizations typically use OCR solutions to manage forms data:

1. A customer, employee or business partner downloads a PDF form or prints a paper one.
2. They go through the form, gathering information and filling in each field by hand.
3. They send the form back into the business, along with required documentation, where it enters a queue.
4. Someone on staff has to scan that form and OCR technology parses the information to turn it into usable data.
5. That data is sent to back office systems for customer management purposes – with a human needing to QA that data either before or after.

How OCR Scanning Stops Digital Transformation
While that process sounds simple and straightforward, it can go wrong in plenty of ways.

The Customer Has to Find the Right Form
The modern customer journey means making things as fast, easy and convenient as possible. Putting the burden onto your customer or financial advisor to find and download or print the right form, in the right language, feels like friction. Even if that form is a fillable PDF on your website, it’s not really a personalized experience.

Filling in Forms is Cumbersome and Awkward
No one likes having to fill in forms, especially when they’re lengthy and require lots of data. Bank form questions sometimes can appear complex, especially for processes like business lending. Unfortunately, for OCR scanning, it’s a necessary evil. The scanner and OCR software expects to see specific data in each field, and completing it wrong or missing data can cause errors.

Receiving and Scanning Forms Takes Too Long
In the digital era, consumers want to interact quickly and efficiently. Unfortunately, posting a form back and then waiting for it to be scanned before processing can add several days to processing lead times. Meanwhile, your prospective customer gets tired of waiting and may choose a competitor.

OCR Scanning Can Introduce Data Errors
No matter how well a form is filled out, or how good the OCR scanning hardware and software, perfect scanning isn’t possible. This creates inefficiencies and duplication of effort in your business. Not to mention compliance errors. Going back to the customer to make corrections or gather more information just takes more time.

Data Capture and Digital Transformation: Rethinking Forms
Instead of relying on traditional forms to collect customer data in a process, many banks are moving toward creating intelligent, guided digital interviews, prefilled and personalized to the customer, state or jurisdiction, and business process – essentially enabling a two-way conversation designed for the digital world. What does this look like?

• Ask customers “what do you want to do today” and guide them, instead of asking them to find and complete the right form
• Personalize the interview experience with information you already know in your system, and allow customers to confirm known data rather than rekeying it
• Enable customers to use more of the capabilities of their mobile phones, such as geo location and cameras to add photos
• Eliminate the need for customers to figure out confusing if/then statements and simplify the journey with business rules that govern which questions are relevant
• Enable customers can start the process on one device and switch to another without starting over – and securely add supporting documents as needed
• Synch data automatically back to core banking and CRM systems, without the need for intermediate steps like OCR
• Generate personalized documents correspondence, agreements or loan packages automatically – tied to e-signing for fast close and auto archived as needed
• Incorporate workflows to update the right people and systems at the right time

This is a truly digital way to go about collecting information from customers. Everything is seamlessly provided online, you only ask the questions you really need to, and due to the verification process, error rates fall to almost zero.

OCR is a one-trick pony – all it can do is bring data into your core system. But most banking processes require information to flow back and forth from a customer and back out to them again in the form of agreements and correspondence. Accelerating this process can deliver both revenue and cost savings.

Don’t get caught in the scanning cycle – make the true leap into digital transformation, starting at the point of customer need. If you’ve got dozens or hundreds of existing forms, and you need to move them to digital, Smart Communications can help. Read our white paper explaining why forms shouldn’t be a four-letter word, and then learn more about how our SmartIQ solution can help you transform your PDF forms into a truly interactive customer experience.

Debt collection is challenging even during times of economic expansion, so when a recession looms, banks and lenders (and the customers you serve) are in even more of a bind. Higher interest rates are making debt more expensive and potentially more challenging for customers to stay current on payments, especially when facing job loss or other consequences of a recession. This means defaults are rising. Meanwhile new (and constantly changing) regulations put banks at risk of heavy fines for breaking the rules, especially around consumer protections.

This current economic reality means that banks, lenders and credit servicing agencies need to take a hard look at the ways they communicate with borrowers, especially in default or collections scenarios. Improving the content and delivery of your communications has positive short-term implications, to be sure. But it can also result in higher longer-term loyalty when the customer seeks access to credit again in the future. If you treat a customer well during financial difficulties, that can form a lasting impression that results in additional revenue down the road.

So how can you reduce risk of potential losses and improve the customer experience, while staying compliant with the Consumer Financial Protection Bureau (CFPB) and other regulators? The research is clear: traditional methods aren’t working anymore. Even before the pandemic, the average collections rate was below 20 percent, the lowest in 25 years, according to EY Parthenon. Moreover, banks’ outbound collections strategies have been costly and inefficient, with their success rate standing at roughly 5 percent. Despite poor response rates, 65 percent of bank-initiated contact related to debt collection is still through “traditional” channels (phone, voice, mail or letter). Meanwhile CFPB has already put limits on channels like phone calls.

With that, it’s no surprise that lenders are shifting to digital channels for communications:

• Digital-first customers who are contacted through electronic means make 12% more payments than those sought out through traditional channels, according to a 2019 McKinsey report.
• Lenders favoring digital-first solutions have seen monthly installment payments triple across portfolios and the cost of collections fall by more than 15%, McKinsey reports.

Not only are digital methods more effective, but they also hold the potential to demonstrate that empathy. Frequency of contact, tone and the ability to “opt out” are tracked much more easily via digital channels, with some technology solutions offering a full audit trail of every communication sent and received.

Modernizing Collections Communications

Lending and default operations leaders should look at these four areas related to digital-first customer conversations to improve total performance:

1. Think about a holistic collections customer journey that makes it easier (and less embarrassing) for customers to get the help they need online, when and how they need it, while improving the amount you can recover. Make it easier for customers to remain current on their payments with digital reminders. Make it easier to consider simplifying repayment with debt consolidation, pointing to digital resources. Replace paper or static web forms with smarter digital interviews that guide borrowers to request a skip-a-payment, loan deferral or modification. Equip your contact center with these as well, so they can lead customers to the right offers.
2. Make it easier to update language in your communications across every channel. The more you can empower business users instead of IT to make changes to dunning letters and digital forms – the greater the business agility. At the same time, give your contact center reps places where they can personalize correspondence to the individual to provide a better customer experience, while locking down other sections to ensure compliance. Make it easy for a customer service person to see what communication was sent to what customer, in what channel. And find a solution that gives you a full audit trail on who changed what, when, to support your compliance team.
3. Use content intelligence tools to optimize your collections communications for impact. Messages should be clear and easy to read. This is important for regulators too, as noted above. Content intelligence tools are popular for just this reason: they allow you to optimize the readability, tone and sentiment within your communications, enabling you to focus on what you are striving for – truly engaging with your customers. Artificial intelligence tools can also help you coordinate across channel, so you can start maybe with email or SMS, and then fall over to print and mail letters automatically based on customer response.
4. Look for customer communications solutions that are cloud-native and have API-driven integrations with best-in-class tools and workflow automation. Many organizations are moving from on-premise credit management solutions to composable, cloud-native solutions, like Salesforce or CGI Credit Studio. When you connect your CCM solution to core collections systems like these, or process automation tools, you can automatically trigger the right communications at the right time, which can help improve repayment rates.

Whether borrowers run into financial challenges affecting their ability to pay – or they simply lose track of the due date – it’s important for lenders to communicate with empathy. This is especially important when it comes to vulnerable or at-risk customers. No one wants to end up in collections, but it can also represent an opportunity to build the customer relationship.

Learn how the Smart Communications Conversation Cloud™ platform enables banks and lenders to solve these challenges, and about our integrations with core systems and download the eBook: Changing the Lending Conversation.

Payment fraud continues to plague the financial services industry.  According to the American Bankers Association, fraud against bank deposit accounts totaled $25.1 billion in 2018^[1].  In 2022, eight U.S. Senators sent letters to the CEOs of seven of the largest U.S. banks concerning fraud at one real-time payment firm.  With real-time payments growing globally by 41% in 2020^[2], there is an obvious need to modernize fraud prevention as criminals try to exploit the system.

To help combat payment fraud, companies are investing in technology that leverages hybrid cloud architectures and AI / ML.  In a hybrid cloud, compute workloads can be spread across on-premise data centers, private clouds, public clouds and even edge locations depending on requirements such as data sovereignty, latency, capacity, cost and more.  Advances in AI / ML, allow machines to be trained to recognize patterns across billions or trillions of data points.  These relationships are then incorporated into “models”  which are built into real-time payment workflows.

One hybrid architectural pattern is for high privacy payments infrastructure to remain on-premise with the public cloud being used for model training.  By using the public cloud, firms can parallelize training across a vast number of nodes, only pay for time used and have access to hardware acceleration such as GPUs.  To protect privacy or improve data quality, firms can generate synthetic data which is transferred to the cloud and used for training.  Trained models are then imported into a firm’s runtime environment where they execute on-premise with local access to privacy data.

For global financial institutions, data sovereignty requirements might dictate another architectural pattern that keeps payment and fraud data in the originating country.  With federated learning, a single foundation model is created centrally and distributed to remote sites.  These sites then train the model on their local, private data before sending their model, without privacy data, back to the central site.  The models are then aggregated into a new global model that can then be sent to the remote sites for more iterative rounds of training.  Once the model is fully trained, models run locally without ever having to move privacy data outside a regulatory jurisdiction.

While architectures will vary based on needs, financial institutions will all agree that running these workloads at scale requires a modern platform that leverages the hybrid cloud, improves operational efficiencies, reduces operational risks and helps improve the security posture.  With a platform such as Red Hat OpenShift, firms can successfully build, modernize and deploy applications with a consistent experience both on-premise and in the cloud.  As business needs evolve, workloads can then be shifted between on-premise servers or those running at Amazon AWS, IBM FS Cloud, Microsoft Azure or Google Cloud. To learn more, visit Red Hat

– Aric Rosenbaum, Chief Technologist, Red Hat

Aric Rosenbaum serves as the Chief Technologist on Red Hat’s Global FSI team, where he helps clients meet their strategic priorities through the use of open source technology. Prior to joining Red Hat, he led large, digital transformation projects at Goldman Sachs’ Investment Management Division and was co-founder/CTO of several FinTechs in equity and FX trading.

^[1] American Bankers Association: 2019 Deposit Account Fraud Summary

^[2] ACI Worldwide Research

A handful of financial institutions have made waves in international news due to lawsuits and multi-million-dollar fines. The issue is that they chose, whether intentionally or unintentionally, to be noncompliant with BSA and AML regulations—a costly decision.

SYSTRAN hears from our clients in the banking sector that the possibility of fines for noncompliance forces them to continually monitor and assess their organization to ensure that there are no compliance issues. But one of the largest underlying reasons for non-compliance is a poor method for the translation of multi-languages that doesn’t ensure every communication channel is monitored. Machine translation is the solution to this very real and prevalent problem.

Bad actors are everywhere, inside, and outside of your organization. Using MT across the board gives you a pulse on what is happening globally across your organization (and in every language) to prevent similar fines from happening to you.

Here are some of the hardest lessons learned regarding AML enforcement actions for Fortune 50 companies that did not have a language monitoring system in place to track global activity.

1. Westpac – $1.3 Billion

Westpac, one of Australia’s largest banks, has been under fire for years. In addition to being fined for charging fees to the dead in 2022, Westpac was fined a record setting $1.3 billion in 2020 as part of an AML suit where they failed to meet AML obligations.

Lesson Learned: Don’t invoice dead people.

2. Robinhood – $30 Million

Investment platform Robinhood was fined $30 million for significant failures when dealing with compliance regarding BSA and AML obligations.

According to Superintendent of Financial Services in New York, Adrienne Harris, Robinhood “failed to invest the proper resources and attention to develop and maintain a culture of compliance.” This failure led to significant violations, particularly with its transaction monitoring system.

Robinhood’s internal processes were understaffed and did not provide enough resources to cover their potential risks, which created significant shortcomings in compliance. As Robinhood continued to grow, its compliance team did not grow with them, leaving gaps in coverage and increasing the risk of noncompliance throughout the company.

Lesson Learned: Leverage machine translation technology and AI to pick up the slack where you don’t have enough staff to ensure sufficient coverage. This violation would have been detected earlier if automated processes were in place.

3. Helix – $60 Million

Helix and Coin Ninja were Darknet services that allowed users to anonymously launder an estimated $300 million through cryptocurrency.

Larry Dean Harmon, the operator of cryptocurrency mixing services Helix and Coin Ninja, was charged a $60 million fine. In addition to money laundering fines, he agreed to forfeit more than 4,400 bitcoins with a value estimated at more than $200 million.

Lesson Learned: Refuse anonymous laundering and only accept laundering from “known” bad actors.

4. USAA Federal Savings Bank – $140 Million

USAA was charged a $140 million fine for violating BSA by lacking an adequate AML program. The bank admitted it willfully failed to report transactions. The bank was fined $60 million for noncompliance in 2022, with an additional settlement of $80 million for persistent noncompliance issues going back to 2016.

Lesson Learned: Quit willfully failing to report. Standardizing training resources across languages can go a long way in closing this gap.

5. MoneyGram – $8.25 Million

MoneyGram failed to maintain an effective and compliant AML program and faced an $8.25 million fine. This fine was charged because of MoneyGram’s lack of supervision over only six agents. The agents made dramatic increases in transactions without any reasonable explanation and, in a 17-month period, transferred more than $100 million to China.

Because MoneyGram had already taken significant steps to improve its AML programs, the fine was reduced to this lower amount.

Lesson Learned: A.I. is smarter than you. Let a machine detect suspicious activity so you don’t get lost in the language. If you’re dealing with international deals, have machine translation integrated so there is automatic transparency in all communications.

6. Wells Fargo Advisors – $7 Million

Wells Fargo failed to file at least 34 suspicious activity reports between April 2017 and October 2021. Rather than dispute the charge, Wells Fargo agreed to pay $7 million to settle the charges of noncompliance.

While Wells Fargo had an AML system in place, the system failed to reconcile the different country codes used to monitor foreign wire transfers. The result of this failure was that Wells Fargo unable to file a timely report of suspicious activity for at least 25 of those 34 suspicious activities.

Lesson Learned: Leverage Smart Machines, rather than dumb machines. It’s too expensive, even when you settle! Machine translation can help streamline the monitoring process to make sure you’re never behind schedule.

7. Capital One – $390 Million

Due to willful and negligent violations of BSA, Capital One was fined $390 Million. Capital One admitted to failing to implement and maintain an AML program and neglecting to file thousands of suspicious activity reports (along with thousands of CTRs) between 2008 to 2014.

In addition to money laundering, this opened the doors for millions of dollars in suspicious transactions to go unreported.

Lesson Learned: Never wait to report suspicious activities. Automated MT and AI solutions would have identified issues when they happened so that the problem didn’t grow for years.

8. ABN Amro – $574 Million

ABN Amro was fined $574 million after being prosecuted by Dutch officials because of their AML procedures. They had previously been cited for their weak AML processes, but the improvements added were insufficient, leading to this fine.

Lesson Learned: Weak AML processes can result in prosecution.

9. AmBank – $700 Million

AmBank, in conjunction with the acts of former Malaysian Prime Minister Najib Razak, was fined $700 million for several counts of money laundering, abuse of power, embezzlement, and breach of trust.

Lesson Learned: Working with criminals can cost you.

10. DNB ASA – $48.1 Million

Norway’s largest lender, DNB ASA, was fined over $48 million for failing to comply with AML regulations. In addition to noncompliance with BSA and AML regulations, the bank faces corruption charges.

Lesson Learned: Corruption doesn’t pay.

The Key Takeaway – Global Compliance Isn’t Optional

Too many companies ignore compliance regulations or don’t have adequate coverage and training. But, compliance isn’t optional. AML fines on banks apply even when just one employee fails to follow compliance regulations.

Regardless of the compliance processes you have in place, if you cannot monitor every communication in every language, you are at risk of huge fines like those described above. However, you can reduce that risk significantly by leveraging AI that watches for illegal actions at scale and eliminates the temptation for employees to seek out non-compliant solutions.

AI-Enabled Machine Translation from SYSTRAN Can Help

• Understand every email, PDF, SMS, and document
• Keep private information away from the bad actors lurking just outside your firewalls. You own and control the information on your SYSTRAN servers—no outsiders are allowed in.
• Enable fully compliant communications at all levels of your organization. Employees don’t have to go elsewhere for translation when SYSTRAN is accessible in the programs they use daily.
• Create an accurate picture of where you stand on compliance. SYSTRAN gives your compliance-monitoring teams the visibility they need to identify risks before they become fines.

SYSTRAN’s MT busts open global visibility so nothing can hide, allowing you to ensure every document and communication channel is in compliance with all laws and security regulations.

Translate the unknown into known so you don’t miss a thing! Schedule your free demo today to see how SYSTRAN keeps information secure and gives deep visibility of your potential risks.

Non-compliance with audit standards and requirements is detrimental to a bank or lender. For standards such as PCI, non-compliance can result in financial penalties or in a bank being unable to process credit card payments. The CCPA assesses civil penalties of up to $7,500 for each intentional violation. Additionally, some standards require public disclosure of violations and incidents. Such disclosures result in reputational harm and public impact.

While it is difficult to quantify the impact of non-compliance accurately, it is clear that it has far-reaching effects. Reputational risk is a significant concern for banks, as a negative reputation leads to lost customers, decreased revenue, and overall harm to the banks standing in the community.

In addition to penalties and fines, a company found to be non-compliant may face civil or criminal litigation. If a bank knowingly fails to comply with regulations they may be subject to punitive damages and significant fines. To avoid these negative outcomes, banks must take proactive steps to ensure compliance and effectively manage risk.

Internal audit scorecards, communications, and assessments are legally discoverable in court matters. They can be used to demonstrate a bank’s negligence or prior awareness of potential issues. Some banks engage consulting firms for their economic, financial, and strategic expertise to provide attorney-client privileged assessments to mitigate risks and become more compliant.

Be Proactive in Protecting Yourself

There are various strategies to protect yourself from audit, regulatory, and reputational risk. A combination of controls and monitoring, software-driven analysis, and awareness of penalties and their impact help organizations manage and reduce risk. By taking proactive steps to ensure compliance and address potential risks, banks can protect themselves and their employees from negative consequences.

• Strict controls and monitoring: Enhanced visibility through operational security practices, spot checks and enhanced authentication controls can reduce or eliminate risk.
• Software-driven analysis of multiple standards: Software applications take the hard work out of compliance, providing an intuitive, cost-effective interface capable of managing multiple requirements.
• Crosswalks: Identification of standards and commonality enable banks to improve audit outcomes.
• Awareness of penalties and impact: Non-compliance and disregard of requirements can severely impact organizations and their officers and employees. Public awareness of breaches and other incidents usually results in increased oversight and accountability.

Governance Trends to Watch

Throughout 2022, we saw mounting pressure on risk, legal, and compliance teams to improve coordination with line-of-business and other teams in the operations function. The three lines of defense – front-line business activities, risk and compliance, and internal audit remain a strong governance model. However, the recent siloing of functions limits the ability of controls to be fully integrated throughout the organization.

Reducing Risk

Risk reduction happens when IT and the business take appropriate actions. Compliance capabilities must shift from reporting to achieving outcomes. This is critical as organizational risk will likely be re-scoped in 2023 to include the broader partner channels and third-party vendors, increasing demand for this capability. Banks and lenders should increase integration and collaborate to reduce risks. To improve overall risk management, teams must emphasize  outcomes over reporting, for example, by prioritizing the time to remediate risk over assessment frequency.

Compliance Management

Compliance requirements continue to evolve. Privacy regulations such as the California Consumer Privacy Act (CCPA) and industry-specific regulations such as the New York Department of Financial Services (NYDFS) and Cybersecurity Regulation (2018), are raising the bar. We see indications this pace will continue and accelerate. And, the systemic risks identified in 2022 will likely result in increased oversight and obligations.

So this year, legal and compliance teams should:

• Prepare to scale up to meet compliance requirements and obligations.
• Increase the use of automation and orchestration to enforce the policy.

Roadmap Recommendations

Start shifting from Reporting to Demonstrable Risk Reduction. Legal and compliance teams often excel at auditing, identifying, and reporting on risk. But continue working towards the shift from analysis to action by collaboratively reducing risk with other teams. To do this:

• Bring legal and compliance objectives and key results (OKRs) into alignment with the business.
• Integrate legal and compliance services, such as classification and service management.
• Develop a business case process for risk reduction – by addressing concerns over increasing costs or reduced performance, for example.
• Improve program metrics and executive reporting.

As an industry, we have the opportunity to transform the lives of millions of people. Informed has the power to drive industry collaboration and financial wellness for all. Come find me at the Bank Automation Summit to continue the conversation!

By Jessica Gonzalez

With more than 15 years’ experience in the financial services industry, including tenures at Santander Consumer USA and Visa, Jessica Gonzalez is now the Director of Lending Strategies at Informed.IQ.