How fintech companies should think about financial crime risk

Sometimes when we talk about risk within fintech companies, we lose track of the core concept. Since risk is such a central aspect of what we do, this can harm our ability to make good decisions.

Risk is a transitive noun. Or for those of us who are not grammar nerds: ‘risk’ does not stand alone as a concept – it requires additional information to be meaningful. ‘Risk of something’ is a complete concept. That something is a bad outcome that you want to avoid. Exactly which bad outcome you are at risk of suffering changes how you try to mitigate the risk.

For example:

  • It is risky to walk alone at night in a bad neighbourhood
  • It is risky to go hang-gliding

These are both true statements, but are insufficient for knowing how to mitigate the risk – both are risky activities, but for very different reasons. Let’s extend them:

  • It is risky to walk alone at night in a bad neighbourhood because you might be robbed
  • It is risky to go hang-gliding because you might fall and injure yourself

OK, now we can do something about these. We can only walk on well-lit streets, for example, or we can carry our keys in our hand to use in defence. And we can only go hang-gliding with a company with a reputation for safety, or we can wear protective gear to minimise potential injury if we do fall.

How does this apply to financial crime?

Dealing with customers is risky. With each customer we take on the risk that they will:

  • Not pay back money they owe us (credit risk)
  • Launder money through our platform (money laundering risk). This include predicate offences such as sanctions violations and using our platform to move the proceeds of criminal activity.
  • Be involved with fraudulent activity (fraud risk)

Credit risk is dealt with by other teams, leaving us with the other two: money laundering risk and fraud risk. Ultimately, that’s the bottom line: everything we do in a team focused on preventing financial crime is managing the risk that a customer will be involved in money laundering or fraud.

Taking this further, this means that there is no such thing as an ‘EDD risk’. EDD reviews are a mitigation measure we use to manage the risk of money laundering and fraud.

This should permeate everything we do as a FinCrime team. Our job is to mitigate the risks of money laundering and fraud – everything else is either a legitimate constraint on how we do that (e.g. regulations) or a distraction.