Make Your Financial Crime RFx All That It Can Be!
RFIs and RFPs (Requests for Information and Requests for Proposals) for our financial crime solutions come across our desk on a regular basis. While many are well crafted, too many still lack a number of the necessary elements to give the requestor enough information to make an educated decision. Assuming you are canvassing multiple vendors to help you detect fraud and money laundering, you want to create a document that allows you to compare each company equally as it applies to your specific needs. A well-crafted RFx helps your team accurately narrow down the list of companies most likely to improve your effectiveness for a specific task or set of activities.
An RFI or an RFP?
Whether you write an RFI or RFP largely depends upon how sure you are of your needs and how much you know about what the prospective vendor does.
What’s the difference between the two? Well, an RFI seeks to identify what a company does, what it stands for and the types of services and solutions it offers. An RFP solicits proposals for a possible contract. It lays out what you hope to accomplish and asks how the supplier proposes to meet your specific needs.
If you are uncertain of the current financial crime detection landscape, or if your bank is currently relying on an outdated legacy system, you’ll probably want to start with an RFI to learn how technology has advanced in just the past few years for both criminals and financial crime detection. You’ll want to ask pointed questions to determine the vendor’s knowledge of current fraud and money laundering activities, their approach to the situation and their technical capabilities. Needless to say, your questions should be the same for each potential vendor so you can make an “apples-to-apples” comparison.
What to include in your RFI
Before asking questions about the vendor’s capabilities, it’s a good idea to ask them to write a few short paragraphs demonstrating their knowledge of modern financial crime. How do they describe the current landscape? Do they understand current regulatory trends and enforcement and how they affect financial institutions? How do they see the evolution of cryptocurrencies and DeFi affecting financial institutions now and in the future?
Do they ingest customer data? Account data? Transaction data? Do they address other data, such as web session data? Is transaction data ingested in real time for fraud detection? Are they able to easily integrate third-party applications?
How do they approach detection?
A multitude of questions should be asked about detection. Do they offer transparent analytics so users can understand the reasons for an alert? Do they detect wire fraud? Do they perform any tuning or review of analytics or data outside of your home country? Do they support big data programs? Do they offer visual analytics? Are you able to update models in production on your own, without vendor support?
What about alert orchestration?
Are alert screens configured to reflect payment type? Can they provide a visual example of what their alert screens look like? Does their solution provide the ability to ingest external alerts? Does their solution support multiple user domains?
Case management questions are critical
How does their case management methodology address internal and confidential cases? Does the system allow the recording of loss, risk and recovery information? Can users create tasks within an alert or case? Does the case management system provide linking of customers, accounts and transactions to the case? Does their solution allow for alerts to be sent to defined queues? Can queues be prioritized?
How does the vendor’s platform handle reporting?
Disclosures and reporting are critical in today’s regulatory environment. Does the vendor’s case management system provide reporting functionality? Can a third-party reporting tool be used to create additional reports? Does the regulatory reporting functionality allow for review and/or approval prior to filing?
This, of course, isn’t necessarily a complete list of questions you may want to include in your RFI. Nor is it meant to imply that each question pertains to your organization. But it is important that you structure your RFI to obtain the most-relevant information possible.
Follow up with an RFP
Now that you’ve reviewed vendor responses and narrowed down your list of potential suppliers, it’s time to think about asking selected candidates for their proposals.
Because you’ve done your due diligence with your RFI, you already know what the selected candidates can and can’t do. Now’s the time to hit them with your specific needs. Let them know what systems you may already have in place. Let them know your concerns about your legacy systems and what type of results you may be looking for. Be completely honest. Let them know exactly why you are in the market for a new solution.
Use the information you’ve collected from the combined RFI responses to ask questions specific to your situation. You need to know if a stated ability will actually address a particular concern you’ve posed. Again, be as detailed as possible in explaining your need.
Don’t be afraid to ask about a vendor’s competitors. Chances are you already know who they are, but their willingness to answer is an indication of their transparency and belief in their own abilities and resources. It also gives you a chance to learn of other suppliers you may have overlooked.
Now that you’ve described specific concerns, ask how their support team will respond to those concerns. How will they support training? What would be the implementation timeline based on your specific needs? Is the vendor willing to supply references? If not, can they supply case studies specific to your needs?
It’s also important to ask about security. What does the vendor do to ensure confidentiality of your data? How do they make certain that regulatory concerns are addressed to reduce risk?
Well-crafted RFIs and RFPs benefit both you and the vendor. They allow the supplier to accurately respond to your specific needs. They result in the most accurate vendor responses, saving time and helping to eliminate or reduce assumptions by both parties. And because all requests are based on the same RFI/RFP, it makes the usually burdensome task of comparing vendors much easier.