The motto of the New York Police Department (NYPD) is ‘Faithful unto death’, so perhaps it should be no surprise that this sense of passion for fighting crime and getting the job done is baked into Patricia Sullivan’s DNA. Deutsche Bank’s Head of Institutional Cash Management is the daughter of a former NYPD officer, and her brother, along with various cousins also served as officers.

“In my family, and I am one of five, everyone was required to take the test to become a New York City police officer. I opted out,” she admits. But while at Columbia University studying Political Science, she found herself opting into a rather different crime prevention journey when, in her junior year of college investment banker Trisha Meili was brutally attacked in Central Park and left for dead while on her routine jog after work.¹ Listening to the leading prosecutor on the case on newsreels sparked a lightbulb moment. Sullivan wanted to do something about violent crime. “I went to law school and my dream job was working in the Manhattan District Attorney’s office (DANY) where the case had been prosecuted.” Sullivan’s wish came true; straight from Fordham University School of Law, she ended up at DANY working her way from street crime up to the unit that led the case. “It was an interesting prosecutor’s office to be in, because not only do you have to tackle the violent crime going on in Manhattan, but you also have a major financial centre. All US dollars flow through Manhattan to be processed by the Federal Reserve. This gave it a jurisdiction over illicit activity that was flowing in – either cross-border or domestically.”

The District Attorney for New York County from 1975 until his retirement in 2009 was Robert Morgenthau (making him the longest-serving DA in the state’s history). “He seized that jurisdiction and started a really top-level economic crime bureau,” reflects Sullivan. The new unit “allowed our office to prosecute all manner of international economic crime such as the money laundering around drug cartel transactions and human trafficking rings”.

She loved the job, but her experience of prosecuting economic crime made her an ideal fit for a global bank. A role in financial crime compliance at UBS beckoned in 2007, a field she remained in until the close of 2023 with nine years of that spent at the Swiss bank. It was here she was nurtured by “an amazing mentor”. “How I think about financial crime risk management is very inspired by him,” she reflects. Sullivan continues, “Our ethos was always to help the bank do the right thing, keep our clients safe, and support prevention of illegal activity in society by working with law enforcement agencies where appropriate. As a bank you are really on the front line of all the transfers of illicit dollars – and other currencies.” Cash management and trade finance are the product lines most at risk of financial crime, she notes, and for this reason she would always work very closely with those businesses within the bank.

“Our ethos was always to help the bank do the right thing, keep our clients safe, and support prevention of illegal activity in society”
Patricia Sullivan, Global Head of Institutional Cash Management, Deutsche Bank

Within large organisations, risk management and financial crime prevention is typically managed in accordance with the three lines of defence framework, examples of which can be found in many risk management publications. But these are just frameworks, as the Institute of Internal Auditors puts it, “Although risk management frameworks can effectively identify the types of risks that modern businesses must control, these frameworks are largely silent about how specific duties should be assigned and coordinated within the organisation.”² It is, of course, down to the organisation to own its defence from front to back, and managing that process has been the core of Sullivan’s career. As Deutsche Bank’s Head of Financial Crime and Compliance Business Control and Oversight from 2021 -2023 responsible for building a frontline team first line of defence framework, she is of the firm opinion that managing risk is everyone' responsibility and not just the territory of Anti-Financial Crime (AFC) and Compliance.

At Deutsche Bank, says Sullivan, “our management board is committed to placing risk management and control activities close to the business to drive a strong culture of risk and control supported by an expert second line of defence acting as an effective check and challenge function, and group audit as the third line performing independent testing”. Figure 1 demonstrates that in the three lines of defence risk management pyramid (see Figure 1), the first line is the foundation in and must be strong and empowered supporting the lines above. If the foundation is weak the pyramid will collapse.

Figure 1: Line of defence framework

Management consultant Peter Drucker once remarked how “culture eats strategy for breakfast”. In other words, however dynamic a corporate vision might be, it will not happen if the employees that work are disengaged from it.³ Sullivan is a firm believer in making sure that everyone fully understands the wider consequences of failure to comply with financial crime laws and regulation. This goes beyond the fines, prosecutions, employment terminations, destruction of strategy, lost profit, and possible loss of licences to operate and shape the role banks play in the fabric of society. “We are not here just to take a tick-box approach to regulation but to help make a difference in society keep the bank on the right side of the discussion, elevate the discussion to the policymaker level and work across the public/private/societal sectors to build an ecosystem to drive sustainable outcomes to tackle financial crime. Banks need to go beyond their four walls and not hunker down internally,” she states.

Now, all Deutsche Bank employee training courses that cover the impact of financial crime go to some length to explain how fighting financial crime plays a vital role in protecting society from threats such as human trafficking and terrorism. Overall, a huge amount of work has gone into educating business lines – together with our clients on how to implement strong controls and spot suspicious activity. Examples could include:

• Cloned bills of lading and other false documents;⁴
• Unusual deposits;
• Unclear or unverified beneficial owners of accounts;
• Unexplained changes in payment or trade corridors following introduction of new sanctions; and
• Invoices over or under-pricing the goods being shipped.

Sullivan is very much one for seizing the moment. During her tenure as the UBS Americas Head of Anti-Financial Crime in 2009, she received a phone call from a peer based in the Hong Kong office to say he was leaving the bank. She saw an opportunity to relocate to a dynamic new region covering 13 countries in Asia and moved fast. “I got lucky with my management but importantly, my husband immediately said ‘yes’ – he was raised in a foreign services family and had spent his childhood in the Middle East. All five of us got on a plane within several months and relocated without any kind of ‘go see’ trip earlier. When we got off the plane, we didn’t even have a school for my five-year old and I’d never stepped foot in Hong Kong before, but it all worked out and it was an amazing five years. My daughter went to a boarding school in Beijing where there was no choice but to speak Mandarin – she now works in the film industry.” Her extraordinary career path has not been easy, she reflects, but she is “really happy” she was able to do this work – the support from her husband and the wider family has been a lynchpin. “I always encourage women, if they can, to stay in the workforce – especially when it is super-hard in those early years. It is just so hard to get back at the same level if you step away. Her sons are “pretty serious athletes” (running and lacrosse), and Sullivan herself “likes to run”.

She took up the Global institutional cash management helm at the start of 2024. “It was an opportunity that was presented to me, and probably for the first time in my career, one that I had not previously thought about or gone after,” reflects Sullivan.

For her, it was an exciting time to lead the business after years of work to build strong controls while maintaining strong relationships with Deutsche Bank’s clients, the business was now positioned for growth across people, technology, and process. In a highly competitive marketplace for payment clearing, it is, Sullivan reflects, “it is vital to grow and defend market share in a landscape where payments look set to grow from US$150trn (2017) to US$250trn by 2027”⁵. After all, as continues, “The ICM business is not only the gateway connecting our clients to all corners of the world in more than 140 currencies, but its billions of dollars in deposits fuel liquidity for other businesses”. Her mandate is to grow and innovate ICM products and services maintaining the highest levels of financial crime controls – the continued collaboration towards a more inclusive global payments system being the wider contribution to society.

“The unintended consequence of de-risking is that it will impact a country’s ability to enable law enforcement”
Matthew Probershteyn, Head of ICM Non-Financial Risk and Controls, Deutsche Bank

In Sullivan’s view, a thorough understanding of financial crime risk management is pivotal to running ICM – without it “you cannot be a true partner to the the second line – who are not as close to the business line products and the clients the way our relationship managers are”. And this, she explains can lead to decisions being made that are not fully risk-based or disproportionate to the risk, a point developed by Matthew Probershteyn, Head of ICM Non-Financial Risk and Controls, Deutsche Bank (one of Sullivan’s early ICM managing director hires) in the flow article, ‘An ecosystem approach to limit de-risking’. The unintended consequence of de-risking is that it will impact a country’s ability to enable law enforcement, and for example to develop the anti-bribery or anti-corruption environment that would have been there if the bank was present and fighting that fight. “This will impact generations to come, yet it remains unseen and unmeasured,” he says.

He heads a team of seven that works with clients “so that we can safely bank them”. Probershteyn and Sullivan worked together at their former bank since 2014 with Probershyeyn joining Deutsche Bank shortly after Sullivan so they come from the same school of thought. Launched in 2024, the ICM ‘De-risking through education’ roadshow works with clients to develop financial crime risk management programmes that meet the best standards. One example is the recent work with Greek banks – heavily exposed to the shipping industry and risk of sanctions evasion and other financial crime concerns. Commenting on LinkedIn, Probershteyn reported, “During our roundtable…we recognised that Greece’s inherent financial crime risk landscape has evolved over the years and compliance programmes have become increasingly sophisticated in managing financial crime threats and implementing Financial Action Task Force (FATF) recommendations.”⁶ Although early days, the result of this strengthened control environment is the ability to take on new clients, resulting in small increase of EUR clearing market share by August 2024, rather than continued relationship exits.

Screening payments several times over before they leave a jurisdiction and arrive at a counterparty for the process to happen all over again, creates “a lot of friction”, reflects Sullivan. She believes an optimal development of shared services requires an enabling legal and regulatory framework that supports data and information sharing to ensure the balance between privacy protection and fighting financial crime. While clients want utilities such as the Swift KYC Registry⁷ and Global Screening Services⁸, regulators still expect each bank to have their own accountabilities – although not all are treated the same. “Depending on where a bank currently stands with its regulators the expectation on risk appetite may vary from one bank to another which may lead to different degrees of controls applied from one bank to the next making use of shared utility more challenging,” she says.

While progress is being made in turning the need for data sharing in the collective battle against financial crime, the sheer pace of its growth each year underscores the need for a collective sense of urgency to “do more together across the ecosystem of parties responsible for fighting financial crime”.

She cites the example of how the Transaction Monitoring Netherlands (TMNL) shared service pilot that launched four years ago where five Dutch banks shared transaction data and performed AML monitoring over the consolidated data pool. It gained law enforcement recognition for effectiveness but on 30 May 2024, the new EU anti-money laundering rules⁹ made it impossible for the TMNL to operationalise in its current form, and, as the TMNL states in a press release, “TMNL will now adapt itself to the new law, which will come into effect in mid-2027. The precise details of what is required will take time to emerge, as will the re-engineering of TMNL’s operations from the current to new legal frameworks.” In the meantime, the TMNL has paused its operations.¹⁰ The delay worries her and the broader impact for utilities struggling to make a difference with any sense of urgency. On the bright side, technology such as artificial intelligence (AI) has huge potential to improve KYC processes. Swift has launched a pilot testing AI enhancement in payment controls. It uses AI-based algorithms to better detect fraud in transactions. “The new AI model will be trained using historical patterns of activity on the Swift network to create a more nuanced and accurate picture of potentially fraudulent activity,” says Swift.¹¹ In an ideal world, the AI tools would make it possible for shared service solutions to take on board new regulation as it comes in, rather than send it back to the drawing board.

We circle back to Sibos Beijing 2024 where Sullivan launches the new ICM strategy and will be talking to clients about the bank’s integrated product range “opening up connectivity and multi rails across the globe”. “I can’t wait,” she smiles, and I found myself wondering if she had been practising Mandarin with her daughter. This is a professional who always does her homework.

Sources

¹ See history.com
² See theirm.org
³ See thecorporategovernanceinstitute.com
⁴ See "Fighting trade-related fraud" at flow.db.com
⁵ See bankofengland.co.uk
⁶ See fatf-gafi.org
⁷ See swift.com
⁸ See gss-rose.com
⁹ See consilium.europa.eu
¹⁰ See tmnl.nl
¹¹ See swift.com