Paul May Editor at Arachnys
Diversified risk: Deutsche Bank challenge the industry to find the right compliance tech
Deutsche Bank’s new leadership is progressing in their attempts to overhaul compliance, and may lead cultural change for the industry.
It has become common knowledge at this point that Deutsche failed to properly insulate itself from risk prior to 2008, and this culture seeped into its everyday banking: a view that the IMF have recently pronounced ‘systemic’. Since 2008, both regulators and banks have made extensive changes to prevent another crisis, and forced banks to perform ‘stress tests’ to assess banks' exposure to risk in the event of another crisis. Whilst Deutsche failed a US stress test in June, incurring a fine of $14bn, talks between the DoJ were amicable and it is widely expected to be reviewed.
Industry commentators suggest that Deutsche’s heightened exposure to risk comes from the fact that around half of its 1.8 trillion euros in assets are linked to trading, but many of those assets (an estimated 28.8 billion euros) have no market prices, raising doubts about whether they are trustworthy. As Martin Wolf, chief economics commentator at the FT speculated:
"the solution remains to ensure adequate capital at all times and in its absence, sufficient bail-in-able debt. In the absence of either, banking remains an accident waiting to happen"
Whilst it is easy to lodge charges about Deutsche’s overexposure to risk as only moral or ethical, the practical challenges are frequently underestimated. Diversification is one of the major methods that banks use to mitigate risk (along with ‘hedging’). But diversification - without appropriate safeguards and a robust on-boarding process - leads to reporting failures and demonstrably higher risk.
Deutsche are hardly alone in this hurdle: Corlytics commissioned a study this year covering the top 10 investment banks which demonstrated customer reporting failures to cost the world’s investment banks more than any other form of compliance failure: $43bn out of $150bn. Diversification often increases asset classes in practice, as well as expanding the client base. If accompanied by poor disclosure, it becomes a practical compliance challenge, even when the ethical challenges have been overcome. These challenges require structural improvements in KYC and EDD, and need to be accompanied by organisational and technological change, not merely ethical inspiration.
Stick to the program
Structural deviance in the machine allows for employees to commit disclosure errors frequently without committing fraud. A workflow-based process ensures adherence to ‘Global Standards’ (or whichever internal legislation the bank rolls out). Whistleblowing legislation needs to be improved, as has been mooted, but it is hardly a sufficient strategy to affect change merely by hoping that individuals within the organisation, innocent of misconduct themselves, speak up and reveal the company to be a breeding ground for misconduct. Nor is it desirable. Whilst this sort of advice befits corporate lawyers (who no doubt benefit tremendously from the inevitable litigation arising from this rash policy), anyone genuinely looking to help the industry change cannot seriously sanction this advice.
The need to ensure that analysts never deviate from mundane (but ultimately accurate) processes is the key insight that we have learned from the crisis - for banks, regulators, auditors and the public alike. Any other approach merely serves to leave the company vulnerable to misconduct. Technological controls are the best way to enforce this.
The ability to spot risks in oversight or EDD ahead of time requires intelligent triage of all relevant sources, including sanctions lists, litigation cases, and PEP lists. Analysts depend upon platforms which allow them to switch sources, flag risks and store their investigations with ease. This is not simply a matter of pleasing the auditors when they come knocking. Of course, everything exists somewhere - an audit trail that enables you to document not only the supporting material behind decisions (but also the process that led to it) will play well to the regulator, but crucially, it allows analysts make better judgements in the first place.
Change is on the horizon
Deutsche Bank CEO John Cryan. Source: Flickr
Unlike these commentators, who appear not to have conceived of the practical realities facing an over-diversified bank, Deutsche Bank appear to making clear strides in recognising the problem. At Docusign’s ‘Momentum’ conference this year, incoming Deutsche Bank CEO John Cryan affirmed the need to ‘revolutionise the business because the world has changed so much’, whilst accepting the challenges of digital for such a ‘diverse customer base’:
"We believe that we need to be sufficiently rapid and accurate that we need to take human error out of our business."…"At the same time, we haven't yet developed interfaces with clients that can substitute for humans.“
Deutsche is already playing with algorithms and robotics, after launching a ‘robo-advisor’ last year called Anlage Finder for their investment platform Maxblue, which uses complex algorithms to match clients to individual portfolios. However, Cryan indicated a need to move to improved technology used internally that is far more down-to-earth and practical than decision-making algorithms for investment:
"We're not at the right place, we're too old fashioned, we're too human-interfaced."…”Internally we’ve got to make ourselves super-efficient. That means, sadly, taking a lot of people out of the process chain. It also means being intelligent about how we gather, store, organise and check data.”
Deutsche Bank CEO John Cryan, speaking at Momentum conference 2016
Elsewhere, Cryan speaks with even greater lucidity about his awareness of the technological challenge diversified banks are now facing. Stating his key strategies for Deutsche bank as ‘disrupt’ and ‘vision’, his acceptance of the new regulatory landscape is fascinating:
"You're regulated as a bank, you have the DNA of a bank, you operate as a bank, but actually these days you need to be a technology company operating in banking."
And Cryan is not alone in indicating a changing tide at Deutsche Bank. Werner Steinmueller, head of Global Transaction Banking at Deutsche, told Reuters that the bank planned to increase spending on AML systems: although "he did not give any figures for this investment", he said it was part of the bank's plans to “gradually double its annual investment of 100 million euros (£74.2 million) in the GTB division." Chief Regulatory Officer Sylvie Matherat intends to spend a year setting up her team, employing 2,200 new staff by the end of 2016 focused on countering financial crime: an increase of 60% on 2014:
"If you really want to solve a problem in a sustainable manner, it will take longer and will be more difficult," The current management team is trying not to do quick fixes. It's much better to clean up properly. But that takes time and the journey can sometimes get a bit bumpy" ... "You have to be able to make a lot of links and you need to have very good data analysis capabilities and very good IT processes"
The FCA are acknowledging that Cryan is attempting to improve Deutsche’s risk controls drastically, with action on AML such as increasing the number of companies registered as ‘high-risk’ (from 30 - 109), and the assurance that transacting with new clients will only be performed once their KYC and AML checks had been completed. The FCA did however give a warning that Deutsche Bank will require a "clear strategy and effective leadership" in prohibiting “the systemic AML failures that had occurred”.
Bigger teams or better tech?
A rarely-cited aspect of the FCA’s report on Deutsche Bank was a damning assessment of its ‘out-of-date’ due diligence software, and ‘creaky’ IT infrastructure:
"[The FCA] found that know-your-client data were held in about 220 separate systems. The lack of a central repository for this data, the watchdog said, led to a number of problems, including leaving some clients with no underlying know-your-client documentation and incorrect risk assessments being applied."
Deutsche have previously been fined by the FCA before for careless transaction reporting, and suggested that there was a careless ‘tick-box approach’ rather than any real judgement being applied. Euromoney subsequently interviewed an [anonymous] US-based transaction banker who suggested that a big part of this approach lay within their outdated Mantas AML platform.
Hang-on! The same Oracle ‘Mantas’ AML platform which was awarded ‘Best anti-money laundering solution provider’ for four consecutive years between 2006-2010? Surely not! Deutsche can hardly be blamed for not attempting to invest in the best compliance solution. The compliance industry has a lot to answer for in reifying software which was clearly not fit-for-purpose, which the FCA has now asserted. The FCA’s criticism of the product as ‘out-of-date’ extends as a criticism both of Deutsche’s implementation and the product itself. The FCA has previously fined Deutsche Bank, Commerzbank and several others for errors in their transaction reporting systems.
As Euromoney’s interviewee highlights, there is and was a clear psychological disconnect between compliance spending and tech:
"When faced with a limited sum of cash for investment, it comes down to deciding where the best place is to put it. Most will opt to put it into compliance, not into tech."
Rather than only expanding teams, banks need to be equipped with the right tools to ensure consistency of process. As Deutsche are clearly investigating, technology has clear applications when it comes to simplifying compliance across an over-diversified business.
The night is always darkest before the dawn
Deutsche Bank last week announced (with little fanfare) that they had managed to make a third-quarter profit of €14bn, despite the adversity. Crucially, they appear to be considering solutions for the long-term, and have been reassessed for their efforts by BaFin, the German regulator. There has been a clear shift in their approach to equities trade, after BaFin withdrew from imposing further fines on Deutsche, as new FIUs have been set up to warn earlier on suspicious transactions. But what is most encouraging is the fact that the bank appears to have acknowledged for the rest of the industry how inadequate technology in an over-diversified bank can have drastic consequences.
"Every conversation we now have is about technology".
(John Cryan, Deutsche Bank CEO)
As Deutsche Bank moves towards procuring a solution, the challenges of due diligence effectively become challenges of Regtech: handling data, ensuring privacy and security to both clients and customers, and greater evidencing for more transactions. Key to their success will be an increase in oversight: a solution which distributes evidence and responsibility, without abdicating it.
Topics: / Analysis