![Native[risk]](http://images.squarespace-cdn.com/content/v1/65704856a75e450a6d17d647/f3aa0ca7-8a4d-4034-992f-9ae514f1127e/Native+risk_logo-invert.png?format=1500w){kind=logo}
Is Revolut struggling with fraud?
Revolut has released its 2022 report to a lot of fanfare at the end of 2023. However, I think they are experiencing headwinds when it comes to Risk & Compliance.
In the report, the bank has boasted great metrics, namely a 45% YoY increase in revenue. But the context of this (2nd-in-a-row) delayed report is their bid for getting a UK banking license. As such, it’s interesting to note the central place Risk and Compliance take in the statement.
For starters, the section devoted to Risk takes 30%(!) of the strategic report. The bank states that they’ve spent 2022 enhancing their “3 Lines of Defence” (3LoD) concept and by this and through other means they see “clear signs of the maturing of the organisation and a positive evolution of our risk profile”.
Let’s break it down and take a closer look.
Revolut’s 3LoD concept can be summarized as follows:
1LoD - “embedded” Risk & Compliance managers that sit within the relevant product units and operate the compliance & operational financial risks.
2LoD - the centralized Risk & Compliance group that oversees, trains and guides the 1LoD. It’s also responsible for policy making and reporting.
3LoD - an internal audit team made by independent non-executive directors.
This structure isn’t unique to Revolut, but I don’t find it an effective one. There are just too many cost centers and conflicting goals to allow for big investments in infrastructure (data, tooling, AI).
“Well, this is what you have the 2LoD for, right?” Indeed, the statement does mention a 24% headcount increase in the risk team during 2022. But in light of a 45% increase in revenue, 112%(!) increase in total headcount, and 74% increase in the “Products” functions headcount, one might think that was a token investment.
OK, so that was the only hard figure in the report about investments into Risk & Compliance. What about Key Risk Indicators? Also here there’s little data to look at, namely the ECL (Expected Credit Loss) figures. Comparing 2022 to 2021, we see an increase in ECL coverage of 74% in loans and 30% in credit cards. While that’s a very considerable increase in loss exposure, you can argue that is to be expected due to aggressive expansion (+1,200% YoY in loans amount) and macro economics.
And indeed, it doesn’t look like Revolut’s figures are any special in the Neobanks category (look at Nubank’s report for 2022 as an example). But is that really what you call a “positive evolution of our risk profile”? More so, when it comes to compliance topics, and specifically AML, KYC and APP Fraud, there’s no information whatsoever in the report. I would at least expect mentioning new partnerships or internal investments other than fluffy language about the “development of our industry-leading, data-driven infrastructure”.
Balancing aggressive growth against a healthy risk profile is always tricky. What I’ve learned from Revolut’s 2022 report is that they are still prioritizing growth. That is a sound business decision, but I wonder how it’ll affect their UK license bid.
