Subject Matter Experts vs. Subject Matter Enthusiasts

Like most industries, the financial crimes risk management industry is rank with jargon, axioms, and hackneyed phrases we all toss around with plenty of abandon but little discipline.  Rising to the top of this heap is “Subject Matter Expert” or “SME”.

More important to the success or failure of any endeavor than the self-styled Subject Matter Expert is the dreaded Subject Matter Enthusiast.  The Expert is just that: someone with talent, training, subject matter knowledge, environmental knowledge, and years of experience (and not just one year of experience many times, but many years of experience). The true Expert doesn’t see him or herself as an expert, won’t call himself (I’m going single pronoun from here on, if that’s OK) an expert, probably doesn’t see himself as an expert, but he possesses those traits, or enough of them, to truly be, and be seen as, a Subject Matter Expert.  The Enthusiast, on the other hand, often calls himself an Expert when he isn’t, or thinks of himself as possessing enough of as many of the traits needed to pass himself off as an Expert. The Enthusiast overcomes his lack of true expertise with just enough confidence, hubris, and (frankly) enthusiasm to move a project ahead or design a monitoring system just long enough to allow auditors, regulators, and prosecutors to catch up … and for the experts to bail him (and the project or monitoring system) out.

A Subject Matter Enthusiast usually means well but isn’t the “expert” he thinks he is. Unwittingly, he can cause all sorts of damage (note that the word immediately after “enthusiasm” is “entice” … indeed, Enthusiasts often entice people into doing things they wouldn’t otherwise do). And as a rule, a business person in a typical financial institution is a Subject Matter Expert in their business and a Subject Matter Enthusiast in your business (financial crimes risk management), and risk management professionals are Subject Matter Experts in risk and Subject Matter Enthusiasts about the businesses. The trick is to be respectful of and acknowledge where each other’s expertise begins and ends, and enthusiasm begins and ends, and somehow meet in the middle.

Oddly enough, most of us in the financial crimes risk management industry are a little bit of both: we may be an Expert in technology and an Enthusiast in AML, or an Expert in auditing and an Enthusiast in AML, or an Expert in AML and an Enthusiast in technology … the key is to recognize where (whether) your Expertise begins and ends, and where your Enthusiasm begins and ends, and to know where your colleagues fall on the Expertise/Enthusiasm spectrum.  And the most successful financial crimes risk management efforts are those where everyone involved in the effort knows where his and everyone else’s expertise and enthusiasm begin and end, and where everyone is respectful of and accepts others’ expertise.

This seems particularly important in this new age of disruptive fintech. I’ve seen some great fintech companies that are technology experts but financial crimes enthusiasts but aren’t aware (or aware enough) of their lack of financial crimes expertise and are not respectful enough of the financial crimes expertise of those they’re trying to sell to.

So, the next time you’re pulling together a team to solve any financial crimes problem – and that team can include fintech companies looking to sell you a “solution” – make sure everyone on the team recognizes and is aware of every team member’s Expertise/Enthusiasm spectrum. Knowing, and admitting, where/whether your expertise begins and ends, and your enthusiasm begins and ends, will make your team, and project, a success.

(Thomas Friedman had a different twist on subject matter enthusiasts in a NYT Op/Ed from April 24, 2001, where he wrote: “The well-intentioned but ill-informed being led by the ill-intentioned but well-informed.”)

“The Courage To Change” Podcast has been published


Please take the time to listen to Jo Ann Barefoot’s podcast. The notes provide:


We’re moving into a new era of regulation and compliance that will be driven by new technology. Most of our listeners know I’ve co-founded a regtech firm, Hummingbird, to help bring this new model, first, to anti-money laundering, which is widely seen as the arena where the old compliance model is most broken, and where new technology could go the farthest, fastest, to solve everyone’s problems — by both improving outcomes and cutting costs. There is a growing global “regtech” community, in both the public and private sectors, aiming to transform financial regulation and compliance, and specifically to make them both digitally-native, with all the power of digitization to make everything better, faster, and cheaper, all at once.

Executing this transformation will take imagination, vision, wisdom and even courage, which is why I invited today’s guest to join us.  He is Jim Richards, founder of the new firm, RegTech Consulting, and I think he used the word “courage” six times, in our talk.  We sat down together at this year’s LendIt conference in San Francisco, just a few days after Jim had retired from his position as the Bank Secrecy Act Officer and Global Head of Financial Crimes Risk management at Wells Fargo, a job he held for more than twelve years. He’s also an attorney and a deep expert in financial crime.

Jim is famously outspoken. He’s also funny (he says the book he wrote on transnational financial crime sold more copies in Russian than in English. Most of all, though, he’s frustrated. He thinks we can do better in fighting financial crime.

I do too. According to the United Nations, there’s about $2 trillion in global financial crime each year, and we’re catching less than 1 percent of it. To achieve these paltry results, the financial industry spends around $50 billion a year. In other words, launderers can fund terrorism and amass wealth by trafficking in drugs, weapons, and human beings, with very little risk of getting caught. No wonder financial crime is a growing global business.

Jim says that the heart of this problem is that incentives are misaligned, which means resources are too. He thinks we’ve built a regulatory system that does not reward effectiveness but instead prizes compliance “hygiene.” The theory of the system, of course, is that banks’ careful compliance with the AML regulations should lead to high levels of effectiveness in helping law enforcement stop financial crime. Possibly, in an earlier era, it did. Today, though, there is a massive mismatch between the compliance activities required by our regulations and the desired outcomes — partly because the technology of both money laundering, and anti-money laundering, has shifted under our feet. And today’s methods can’t scale up.

Like many people in the AML world — including me — Jim envisions a better system in which, mostly through newer technology, we could take some of the thousands of people and billions of dollars devoted to this effort and redirect them to drive better results, and cut the costs, too.

He has lots of ideas. They include updating the rules on Currency Transaction Reports; fixing the Know Your Customer process through more information standardization, prescreening, and data sharing; addressing the new beneficial ownership requirements (which he calls a tsunami hitting banks and their small business customers; and resolving what he calls “The Clash of the Titles” — the four titles of the US Code that govern financial crime. He suggests getting law enforcement input into financial regulators’ enforcement efforts. He has thoughts on how AML and fraud detection overlap and differ. He says there’s a lot to learn from how fintech companies do AML since they generally have good data and new systems. Like our previous Barefoot Innovation guest, Ripple’s Chris Larsen, Jim sees a useful model in how global trade was transformed by the advent of standardized shipping containers, as explained in Marc Levinson’s book, The Box.

A key issue is transaction monitoring (although Jim vigorously argues that term is obsolete). The law requires banks to monitor their customers’ activity and report suspicious patterns.  Today, this process, systemwide, produces huge over-reporting of meaningless alerts that drown both bank personnel and law enforcement in low-value information they don’t have the tools to analyze. It’s a perfect use case for AI, which Jim says Wells Fargo began using in AML as early as 2008 and is now building further under his successor, Graham Bailey (whom Jim calls a genius, the best AML technologist in the industry).

Jim says that banks like Wells Fargo devote less than ten percent of their AML compliance people to working on sophisticated, complex crime, while the other 90+ percent do regulatory compliance, just “crunching through the volumes.”  This is at a time when the crime itself is getting more and more sophisticated because the worst criminals are adopting new tech and are building global networks, most of which we can’t find with current methods. He makes the case that it would be good to flip that and deck the 90 percent against the big problems. We already have the technology to do that, both in process and analytics. We just need to enable the system to adopt it, for both government and industry.

The original AML law in the United States, the Bank Secrecy Act, is approaching the half-century mark. It’s been modernized and automated along the way — FinCEN has brought in a lot of automation — but the system doesn’t yet leverage the newest technology. It needs to shift to digitally-native design, probably with open source technology that can enable new, efficient, effective approaches, system-wide. A few weeks after we recorded this episode, I hosted a roundtable in Washington where experts from across the AML ecosystem — large and small banks, fintechs, regtechs, bank regulators, trade groups, Congressional staff, academics and, crucially, law enforcement — spent a day together thinking through next-generation AML. The new Comptroller of the Currency, Joseph Otting, has made AML modernization a top priority. Change is coming.

And it’s attracting great people, including great tech people, into solving these problems, including many who, a year ago, would surely have laughed to hear Jim Richards say, as he did to me, that BSA Officer is “the most fascinating job you can have in banking.”  People think compliance is boring. They’re wrong. It’s fascinating, and it’s important.

Jim has founded his new firm, RegTech Advisors, to, as he puts it, “develop the next generation of professionals, technologies, programs, and regimes and really make a difference.” He thinks doing that will take courage… including the courage to make some mistakes. That’s a type of courage that doesn’t come easily to the regulatory sector, but we’re going to have to develop it.

Jim Richards featured in two podcasts

Thomson Reuters Legal Executive Institute podcast on the beneficial ownership rule, with Holly Sais Phillippi, Partner Director in Governance, Risk & Compliance for Thomson Reuters Legal; Brett Wolf, Reuters senior financial crimes correspondent; and Jim Richards.

American Bankers Association/American Bar Association (ABA/ABA) Financial Crimes conference podcast with Ryan Rasske, Senior VP, Risk & Compliance, ABA’s Professional Development Group, available at https://www.youtube.com/watch?v=gDCnAujJHMA&feature=youtu.be (“Jim Richards, former BSA Officer at Wells Fargo and currently the Principal at RegTech Consulting LLC, talks with ABA’s Ryan Rasske about the synergy between BSA/AML, fraud and cyber-enabled crimes, including the focus on clean data to fight financial crimes. Learn more about the ABA/ABA”)

For all of the great ABA/ABA Financial Crimes podcasts, go to the “Experience Page” at https://www.aba.com/Training/Conferences/Pages/fce-podcasts.aspx

Dress Appropriately – AML Policies, Procedures, and Policedures

“As chief executive at General Motors, Mary Barra practices what she preaches. Her management philosophy is epitomized by GM’s workplace dress code—which is equally brief, and also an antidote to the restrictive, wallet-draining policies at many large corporations. It reads, in full: ‘Dress appropriately.’”

Much can be learned from this when it comes to writing BSA/AML policies (what you must do), procedures (how you must do it), and policedures (those bridge-too-far documents that describe what to do and how to do it).  Tremendously detailed and prescriptive policies and procedures are usually impossible to adhere to on a day-to-day basis, invariably ignored in times of stress, and often turned against you by regulators and prosecutors.  Granted, a two-word policy may not cut it with regulators or those in the implementation trenches, but a general rule to follow may be that you keep your policies below 1,500 words: after all, if the US Colonies can declare their independence from Britain in 1,458 words, a decent BSA Governance team can declare that a bank adhere to customer due diligence regulations in 1,458 words (or less).

A common policy drafting mistake is to assume that the theory of the policy will translate into sound practice in the front line units. As the great philosopher Yogi Berra said, “in theory there is no difference between theory and practice: in practice there is.” So give your policies and procedures (and your policedures) to those people in your organization that are supposed to be following them, and have them tell you whether the practice of implementation meets the theory of compliance.

And on a related note, if your program is replete with “Roles & Responsibilities” documents and intra-company service level agreements, take another look at your corporate policies and line of business procedures: R&Rs and SLAs are often manifestations of the failure to write policies and procedures that can actually be understood and followed.

Public/Private Sector Partnership in Combating Financial Crime: The More Things Change, The More They Stay The Same

“Operationalizing the provisions of the Bank Secrecy Act and USA PATRIOT Act has been and continues to be a complex endeavor.  From the policies, procedures, and practices for know your customer or enhanced due diligence; to the systems and tools to monitor transactions and conduct surveillance of high-risk customers or classes of customers; to the ability to analyze, investigate, and report suspicious activity; and to trending, training and testing for and of those programs, the tasks of individual financial institutions are daunting.  As daunting is the task of the regulatory community to set standards for and examine those programs.  Continued cooperation and dialogue between the regulatory community and the institutions it regulates is critical to understanding and controlling the unique risks posed by money laundering and terrorist financing.”

This is an excerpt from Congressional testimony of Jim Richards almost fourteen years ago, yet it remains true today.

See attached testimony of James R. Richards on behalf of Bank of America before the House Financial Services Subcommittee on Oversight and Investigations on “Improving Financial Oversight: A Private Sector View of Anti-Money Laundering Efforts”, May 18, 2004

2004-05-18 Richards Testimony House Financial Services