Despite banks’ substantial investments in technology, people and processes to meet regulations, they currently lack effective and efficient systems for tackling financial crimes such as money laundering and terrorist financing. Regulators cannot keep pace with change, and the time and investment to overhaul banks’ legacy systems are too great given the complexity of global organizations and inevitable disruption to operations. But the three elements — technology, people and process — match EY’s strengths in technology consulting, especially when paired with deep financial services industry and risk and compliance expertise. EY continues to invest and evolve its financial crime (FinCrime) practice as it listens to financial institutions’ demands for services that embed regulatory compliance expertise and technology innovation, offered at scale on an outcomes-based pricing model. EY’s FinCrime practice collaborates across the firm to combine legacy capabilities and emerging technologies to differentiate from competitors’ portfolios in the market and provide, in TBR’s current analysis, industry-leading offerings.

EY’s connected approach to disrupting financial crime: Technology disruption, industry collaboration and process innovation

Over the course of EY’s two-day Financial Crime Analyst Summit, the firm’s leaders and banking sector clients spoke with TBR about the challenges financial institutions face, including high operating costs, stifled revenue growth, and demands to undergo business transformation while maintaining compliance with evolving regulations. Many industries contend with the first two challenges, but this last one — transforming while complying — fits well with EY’s strengths: industry expertise, emerging tech capabilities, and a deep understanding of the regulators in the U.S. and globally. In applying those strengths, EY’s financial crime practice relies on three pillars — technology disruption, industry collaboration and process innovation — in other words, meet demand for services and solutions that are backed by regulation credibility, infused with technology innovation and offered with tiered pricing to successfully disrupt FinCrime.

Before getting to the specific ways that EY addresses FinCrime, one key aspect of the financial services market as a whole deserves extra attention: trust. In the consulting and technology spaces, trust has come to mean delivering on promises and securing data. In the banking space, with the additional weight of money and regulators, trust becomes the single most important factor in determining the extent of a provider-client relationship. With a heritage as a trusted auditor, a reputation for delivering consulting services, and a position between clients and regulators, EY has built up enough trust capital to take on industrywide challenges.

Covering the evolution of digital transformation centers over the last few years, we’ve frequently noted that new ways of working have infected many traditionally structured and operated organizations, often through nontypical talent and specially designed workspaces (yes, we’re talking about “funky chairs”). The latest development may be the most surprising as it comes from EY, a long-established and traditional firm in one of the most conservative services lines. EY’s newest security operation center (SOC), which services the Gulf Cooperation Council (GCC) countries, opened its doors in Oman at the end of 2017 and serves local and regional clients with cybersecurity and analytics offerings. According to EY, the center was designed to attract and retain talent, while also reinforcing EY’s strengths around industry expertise and creating opportunities for new EY clients, with layers of activity that call to mind the aggregated lateral movement of security threats (but in a good way).

Constant challenges: Managing talent and clients while delivering security

To tackle the challenge of attracting and retaining talent in the GCC, EY has relied on a staff that is a mix of local nationals and expatriates, acknowledging that increasing the local talent pool will remain a strategic priority over the next decade. While local governments and universities have invested in science, technology, engineering and mathematics (STEM) studies and even cybersecurity specifically, the number of graduates needed to meet local demand will not reach scale for four to five more years, with maturity in security talent coming another five years after that. An additional way EY has addressed this shortfall has been to make the local security work as appealing as possible — the Level One employee staring at a screen identifying false positives has been replaced with analytics and automation in a mixture heavily reliant on EY’s developing security capabilities and enhanced by analytical models, rather than use cases. In the GCC SOC, the entry-level talent begins at Level Two and is investigating all the time, according to EY’s local leadership. Notably, for a region not known for its gender-diverse workforce, roughly half the professional security staff is women in some GCC locations, proving the local governments’ STEM investments are paying off.

While solving for the talent problem, EY must also address client needs, specifically around an operating model that accommodates regional legal structures and plays to EY’s industry expertise strengths. Not surprisingly, Oman as a generally neutral, trusted and respected member of the GCC provides a solid base for a regional security center. Also not surprisingly, EY’s current SOC clients come from government entities, oil and gas companies, and the financial services industry. Quite surprising to TBR was EY’s ability to draw new clients to its new SOC. Typically consultancies have sold security services to existing clients, and almost all clients brought through the new digital transformation centers have already had well-established relationships, making this GCC SOC doubly unique.

Acts of nature helped create the Dust Bowl; AI-enabled acts of man will stir up the Digital Dust Bowl

Myriad developments such as inexperience with newly automated methods of farming, topsoil shifts, and periods of drought and high winds triggered the Dust Bowl of the 1930s, which exacerbated the ongoing decline of the U.S. economy. Today, the high affordability and rapidly spreading use of analytics and machine learning software reduce the amount of labor necessary to perform complex tasks. In short, we are farming our labor pool in different ways and destabilizing our labor markets in a manner similar to the way automated machinery destabilized our topsoil and helped trigger the Dust Bowl, a calamity with far-reaching economic consequences that compounded the troubles of a country suffering through the Great Depression, cemented in history in the John Steinbeck classic “The Grapes of Wrath.”

We are, in essence, creating a Digital Dust Bowl of displaced manufacturing, clerical and middle-management workers whose jobs will be replaced by automated machines and different methods of establishing trust in a wide range of economic transactions. Technology executives and strategists comprehend this better than most other business and political leaders as we have lived in this world for decades. Ways to mitigate the disruptive economic and social impacts to these accelerations have yet to gain broad-based consensus within the policy making institutions as evidenced by the current political climate at the national level. It is this lack of consensus that hinders our ability to mitigate the impending economic impacts of the accelerating rate of technological innovation.

Major economic shifts pressure the interdependencies between citizens, businesses and governments

Figure 1 outlines the main intersecting domains of people (laborers and consumers), businesses, and government and trust institutions tasked with regulating and certifying the activity between individuals and businesses as well as with “protecting the commons.”

In the Internet of Things (IoT) era, successful companies will innovate constantly, at all levels of the organization. The most successful of these companies will change their culture and processes to foster this innovation. For many companies, IoT will trigger organizational change, which, in turn, will drive innovation in other areas as well as IoT. TBR believes that IoT is not a technology revolution, but rather a business revolution that will change how companies operate and evolve.

Innovation will occur at every level of the organization, and IoT and IoT-related solutions will proliferate. To prevent sprawl and consequent security and efficiency implications, IT will set standards and provide standard resources where practicable. At the same time, IT will facilitate innovation by being responsive, and by providing and supporting horizontal IoT tools. Successful IT vendors will serve the needs of IT departments supporting distributed IoT innovation. Dell EMC’s concept of “IT transformation,” which is one of supporting innovation, describes this model very well.

IoT everywhere

IoT and IoT-related solutions will proliferate because IoT offers many valuable potential solutions for many business processes, particularly as additional lower-cost solutions become available. Despite its long history, IoT is immature. The near future will bring many more prepackaged solutions, easy-to-use components and more efficient data utilization. These changes will lower costs, improve ROIs and make many more solutions feasible. Many new solutions will require no new data, but will integrate or analyze IoT-generated data to deliver more value.

IoT’s value potential is not confined to companywide transformative projects. There are opportunities for valuable solutions at every scale and in many different business units and departments within each company. Therefore, successful companies will enable the development and refinement of new IoT solutions throughout the organization, not just in designated departments or groups.