This is the second article in a series on the topic of Quality Considerations for Financial Crime Teams. Click here for the first article which set out some high-level definitions for Quality Assurance (QA) and Quality Control (QC) and how they need to work together. This article focuses on Quality Control.
Let’s get one thing straight… QC is a first-line responsibility. The ‘business’ should be making sure that their processes are performing as expected and the outputs are to the right level of quality. In financial crime terms, we are talking about properly on-boarded customers, effective screening and CDD and transaction monitoring processes that identify suspicious activity. If anyone tells you that Quality Control is the Compliance Team’s responsibility, you can happily tell them they are wrong.
A lot of theory for quality comes from manufacturing whether there is a physical product – a car for example. Car manufacturers will implement thousands of quality control checks to make sure each component is produced to the appropriate level of quality. They won’t wait for another team to do some checks once the whole car has been put together.
The same concept applies to financial crime controls. Whether it’s screening, Identification and Verification, Client Due Diligence, Transaction Monitoring or any other activity, the first line should ensure that these processes are being performed to the right level of quality, ensuring errors are kept to a minimum.
The following is a list of activities that we would expect to see within a quality control framework for financial crime processes:
The objective of validation (often referred to as ‘4-eyes’ checking) is to ensure that pre-defined requirements to produce a deliverable have been completed to the right level of quality before it is ‘signed off’.
Some organisations underestimate the value of this key control. Processes such as alert management, CDD checks and Suspicious Activity Reporting can be complex and subjective. Minor details can be missed (as we all know ‘the devil is in the detail’) and what one person might find suspicious, another person might not.
Having a second person reviewing each analysts work will give you significantly more comfort that the team’s conclusions are valid. we would go so far as to say that if any of your financial crime processes are not subject to a 4-eye check, you need to ask yourself why not.
Adequate supervision is a key part of a team’s quality control. Do team members know what they should be doing on a day to day basis? Do you have experienced team leads that are there to answer ad hoc queries from the team? Is poor performance identified and managed?
The supervisor(s) should also be part of the feedback loop with the QA teams to make sure that lessons learnt from QA are addressed in BAU.
It’s pretty obvious that you need to train your teams before letting them loose on your processes (and customers!). Some top tips for training are:
- Make sure that training materials are fully documented and are very clear to follow. As well as high level slides for training sessions, there should be detailed, step by step manuals with screenshots of the systems that need to be used by the team. This will give new team members, and more experienced ones too, a useful reference guide to have on their desk as they go through their cases.
- Classroom training needs to go hand in hand with on the job training. Job shadowing with a more experienced colleague will bring procedures to life and give new team members a chance to get all those ‘stupid questions’ out of the way in a more informal environment.
- Many organisations require new team members to go through an internal certification process before they can work independently. Apart from showing that they understand what they are meant to do, this will also prove to the rest of the business – and any regulators that might be sniffing around – that you know your teams know what they should know. It is also recommended that team members ‘re-certify’ on an annual basis. This will make sure that any updates to procedures are understood.
4. Management Information (MI)
As with any other business process, you won’t know how effective or efficient it is unless you pull together and review pertinent MI. This might be worth an article on its own, but as a minimum, the following types of MI should be reviewed in a suitable forum.
- Performance against targets
- Quality Control Results
- Quality Assurance Results
- Policy/Process breaches
- System performance
- Training Status
- Status of any relevant projects
The next article in this series will explore how Quality Assurance can complement Quality Control to provide an effective Quality Framework.
SQA Consulting helps organisations ensure their financial crime frameworks are effective. If you would like to hear more about our work, then please contact us.