Share this post:
Reducing costs but appeasing regulators seems like an oxymoron, yet, many AML compliance and operations leaders are being asked to do just that. Several companies have invested a lot of money and time over the past several years to increase their level of compliance and ensure they are able to effectively identify and manage potential money laundering activities being conducted by their clients… and now they are realizing that their high ongoing costs are not sustainable. Some are in the middle of this journey and have not yet discovered what their ultimate run rate costs will be. Even organizations with consent orders, facing MRAs, dealing with remediation activities, and under threat of fines are faced with this challenge as they try to keep rising compliance costs from dragging down the rest of their business. But is it possible?
The key is simple: financial institutions just need to improve the efficiency of their people and systems. The question is, how to do this, while keeping the regulators happy? The question’s answer has now become apparent to me. Several companies have begun applying innovative technologies like artificial intelligence, machine learning and robotic process automation to AML activities and the initial results are very promising. Even better, regulators have recently begun encouraging the application of these techniques.
Federal encouragement starts now
On December 3, 2018, five US government agencies, including the Federal Reserve, FDIC, FinCEN, National Credit Union Administration and OCC, issued the Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing encouraging banks to implement innovative approaches and specifically referencing artificial intelligence. They even mentioned that these approaches “can maximize utilization of banks’ BSA/AML compliance resources.” However, this isn’t the only place where we are seeing this type of encouragement. AUSTRAC launched an initiative to facilitate collaboration across the Australian banks that includes the application of advanced analytics to improve the investigation of suspicious activities. Also, the UK Financial Conduct Authority (FCA) has conducted multiple public workshops bringing together fintechs and financial institutions to experiment with how various new technologies can be used to improve the identification and management of potential financial crimes.
“Appropriate and responsibly”
However, financial institutions still have to figure out where to get started and there are some important considerations that need to be taken into account as they begin their journey, especially if they are to gain the support of their relevant regulators. Reading between the lines will be important here. For example, the joint statement from the US agencies specifically encourages banks to “consider, evaluate, and, where appropriate, responsibly implement innovative approaches.” As you can see here, the regulators have started with encouragement of experimentation (such as consider and evaluate) but are still somewhat hesitant in their encouragement of implementation, where appropriate and responsibly. What does this mean? The first part, where appropriate, is about picking the right use cases for application of the technology. The second part, responsibly, is about ensuring the technology is used in the right way and with the appropriate controls.
Let’s tackle the second part first, as it will have an impact on where to get started. I would advise financial institutions to focus on investing in areas that improve their current process, as I believe regulators will be much more welcoming of approaches initially that focus on helping analysts complete their reviews faster and make quicker but more informed decisions, rather than automating decisions or completely replacing humans in the process. This is why some people in the industry are referring to the application of “augmented” intelligence rather than “artificial” intelligence. In fact, the joint statement even specifically references that “innovation has the potential to augment aspects of banks’ BSA/AML compliance programs.”
Providing useful insights paramount
Another aspect of this responsible implementation will be the avoidance of black box approaches that have long been a concern with the application of artificial intelligence and machine learning techniques. The key here will be to make the insights and decisions explainable, both to the internal users of the technology (for example analysts, investigators, QA, audit, etc.) and to the regulators conducting exams and reviews of the banks’ activities. As such, initial implementations should focus on delivering insights to people that are understandable and can be used to make a decision, and the reasons behind the decisions should be systemically captured. Explainability is still a major challenge for most artificial intelligence and machine learning systems, so this will be an evolving space that will likely be closely monitored by the regulators.
We can now get back to the first question – where to get started. Given these considerations, initial efforts should really focus on techniques that sit on top of and enhance the efficiency of existing systems. In fact, even the joint statement suggests that “the innovations and technologies can strengthen BSA/AML compliance approaches, as well as enhance transaction monitoring systems.” You don’t really have to read between the lines here. One of the drivers of costs for most organizations is the ineffectiveness of most existing systems. Based on a number of conversations I have had with financial institutions, it seems that, for every 100 alerts generated, typically only 2-3 will result in an actual suspicious activity report being filed with the regulators. This means organizations are dealing with 97-98% false positive rates, which results in a lot of noise and a lot of non-value-added manual activity. This is the number one opportunity to improve efficiencies. As such, the top use cases for financial institutions to get started with these types of innovations are related to augmenting existing transaction monitoring and screening systems to better understand the alerts being generated and reduce the time it takes to disposition those alerts.
Balance can be found between efficiency and compliance
Another bank was able to prove that, after using machine learning to risk rate and prioritize alerts generated by their transaction monitoring system, 70% of the alerts resulting in SARs had been identified as high risk, and only 4% were in the ones identified as low risk. There have been similar results from application of artificial intelligence techniques to sanctions alerts, with one bank identifying 50% of alerts for special handling based on cognitive classification of likely mismatches between the entity involved in the transaction and the actual sanctioned entity.
These techniques can be used to intelligently route alerts and accelerate the reviews, sending the high-risk alerts directly to higher skilled analysts or investigators, and the lower risk alerts to less experienced, lower-cost resources, potentially with a lower level of sampling for QA. If the appropriate insights are highlighted for the analysts and investigators, the reviews can be conducted faster.
An IBM Financial Crimes Alerts Insight with Watson alert
The other use case some banks are starting to experiment with is focused around streamlining the enhanced due diligence process on medium and high-risk customers. Increased regulatory scrutiny means banks are now forced to perform additional due diligence on a larger number of customers to address regulator driven Know Your Customer (KYC) requirements. This continues to be an extremely manual process, requiring analysts to go to multiple sources to collect and verify various pieces of information related to their customers, understand politically exposed persons (PEPs), validate potential sanctions hits and review any negative news about the customer to better assess AML-related risks. These activities are prime candidates for the application of robotic process automation and cognitive-based text analysis to extract relevant insights and present analysts with the information needed to more quickly complete their tasks. And exactly why we’ve designed IBM® Financial Crimes Insight to do just that.
There have been some encouraging initial results with this use case also. One particular proof of concept demonstrated the ability to reduce the time it takes to complete these activities by as much as 60%, and some organizations have already begun using these techniques in production. Once again, the key to regulator support is ensuring that all of the evidence is captured and included in the ultimate customer dossiers maintained for audit and compliance purposes. While initial uses cases are indeed focused on augmenting existing systems, banks are still eager to take these techniques to the next level, and many have a desire to ultimately replace the traditional systems used to generate alerts and perform KYC due diligence. Experiments in this area have already begun, and initial results are encouraging.
Innovative approaches that incorporate artificial intelligence, machine learning, graph analysis, network analysis, behavioral analysis, cognitive text analysis and other advanced analytics are showing promise. However, it will take longer to prove that these techniques can replace existing systems without missing what the current systems catch, and in a manner that the regulators are comfortable with. Some of the traditional techniques will likely still be required and combined with the new techniques in an effective manner. There is also still some work to do to operationalize these techniques versus using them in a one-time analysis, which is as far as most initial experiments have gone. But there is some light at the end of the tunnel, and banks can now more comfortably begin their journey to use new techniques to reduce their costs of AML while still appeasing regulators.