The fight against financial crime must continue, and financial institutions have a choice of technologies and techniques.
In the first of this blog series on financial crime, we saw that banks and other financial institutions have a primary obligation to know their customers, to detect and report anomalous and potentially criminal customer behavior. Now, we turn to the practical options available to help institutions comply with AMDL4, prepare for AMDL5 and transform AML from a regulatory burden to an optimally supported operational reality.
The technology infrastructure context is challenging. The standardized and efficient reporting regime required by the AML directive is almost impossible to achieve with the majority of older bank IT systems. From this starting point, institutions have at least three routes to fighting financial crime: develop systems and solutions in-house, look to external managed service providers or employ advances in data analytics and artificial intelligence. Let’s examine the advantages and the downsides of each route.
Developing systems and solutions in-house
“Must be invented here” was for many years the mantra of financial institutions’ approach to infrastructure development. The upsides included more perceived control and accountability, but often the legacy created was one of rigidly standardized and inflexible IT systems.
These systems are often suboptimal when faced with the challenges of implementing new business models or adjusting to regulatory demands. The older systems were not created for today’s mammoth data volumes, they may lack interfaces to other banking applications, and they may not even be configurable. Looking ahead, these systems will demand significant levels of resources and effort to transform and equip with adequate AML/CTF and KYC capabilities.
The downside of the in-house approach is, therefore, the many technology challenges it presents, as proven by the numbers of error-ridden, late, expensive and even failed projects.
Engaging with external managed service providers
The option of outsourcing KYC processes to third parties means moving to a managed service model. This model takes on the tasks of centralized search, storage and provision of specific customer information from multiple and globally distributed data sources.
The first upside is systemic clarity. A bank sends customer data to the service provider for verification. What they get back is a thoroughly analyzed customer data record, enriched with relevant customer information and fully checked against current KYC regulatory benchmarks.
However, there are downsides. The first is that no single outsourcing model is prescribed by the regulators. This means, in turn, that there is no compulsory standardization between models. Consequently, different service providers implement different approaches, leading to discrepancies in results from one provider to another.
This route to KYC efficiency may be very cost-effective, but it is not a universal “gold standard.” If there are discrepancies and errors that lead to KYC defects, the bank itself remains liable. It is not surprising, therefore, that many banks remain averse to the risks of outsourcing. Culturally, banks also remain reluctant to pass confidential customer data to external parties.
Employing advances in Data Analytics and AI
Many banks are starting to benefit from the advantages of applying advanced technologies, including automation through intelligent systems and highly centralized data management and interpretation. The advantages include the ability to comply with AML/CTF regulations predictably and efficiently.
Big data technologies enable the bank to check very high volumes of customer and transaction data in a search for anomalies and potential money laundering activities. The data analysis itself is automated, simplifying and accelerating compliance checks and transaction monitoring. In a globalized banking system, further good news is that big data applications can now analyze and match data across numerous non-Roman alphabet scripts, including Cyrillic, Arabic and Chinese.
Fighting financial crime in the cyber environment demands data inputs beyond banking-related transactions. Financial criminals typically operate in ways that involve many different platforms, including social media. Applications capable of screening and cross-referencing wider internet activity – in jurisdictions where this is legal – now exist. So-called semantic technologies use AI not only to collate and centralize high volumes of data, but also to extract underlying connections and deduce their significance. Where this process identifies conspicuous and potentially dubious issues within data related to individual bank customers, the appropriate bank personnel are automatically informed and further investigation can be triggered.
It’s an overused label, but these new technology approaches really are smart. Machine learning enables systems to learn from existing data and the relationships between one data set and another. Systems can also understand the nature and impact of compliance decisions that have already been made. They can even change the existing systemic AML rules and their scope. For example, if a country has generated a certain volume of questionable transactions or customers, the system can automatically adapt the acceptable risk level parameters for that country.
The upside, indeed the enormous advantage, of these technology-enabled approaches is the automation of vast volumes of previously manual AML/CTF and KYC process tasks to improve the quality and predictability of regulatory compliance. Crucially, the human agents – relationship managers and compliance specialists – are spared the routine tasks of data gathering, centralization and cross-referencing. Instead, they can fully focus their skill and experience on data analysis and making highly informed decisions.
Engaging external technology expertise to support compliant infrastructure development
For banks that decide not to opt for the outsourced managed service route, there will always be an element of infrastructure challenge to overcome. They will need to develop and install new IT systems and upgrade existing systems. Such projects are large and complex and will impact the bank’s entire IT infrastructure. In this error-prone and high-risk context, the value of experience is crucial. Most institutions will benefit measurably from engaging with a specialist and proven external resource.
Ultimately, whether banks chose a DIY approach, choose managed service, apply cutting edge technologies or turn to external specialists, the obligation to comply with the regulations remains. In the fight against financial crime, what will the best-equipped banks look like, and what advantages will they have? Those are the questions we’ll address in the third and final blog in this series.
Renato Ndokaj is a principal consultant at Capco and has over a decade of experience in regulatory reporting, risk and compliance in financial services.
The content and opinions posted on this blog and any corresponding comments are the personal opinions of the original authors, not those of Capco.