Q&A: Optimising AML compliance with technology
February 2024 | SPECIAL REPORT: CORPORATE FRAUD & CORRUPTION
Financier Worldwide Magazine
February 2024 Issue
FW discusses the process of optimising AML compliance with technology with Stephan Lemkens, Marcus Johnen and Yalcin Bogazci at INFORM.
FW: To what extent are stringent anti-money-laundering (AML) regulations spurring companies to adopt new technology to identify and report suspicious activity to authorities?
Lemkens: Regulatory demands undoubtedly play a pivotal role in convincing financial institutions (FIs) to explore advanced technology solutions to meet evolving AML compliance. The desire for shorter reporting times and the necessity to proactively block transactions, such as those linked to terrorist financing, are both on the rise. This shift from monthly ex-post reviews to real-time evaluations requires technology that efficiently handles big data and adapts swiftly to changes. Also, changes in the payment industry itself are pushing companies to embrace more sophisticated solutions. With the surge in instant payments and a rise in cross-border transactions, the demand for reliable and fast technology has become paramount. The international context adds complexities due to constantly changing country risks which need to be reflected in anti-money laundering (AML) controls. In response, companies are overhauling their IT landscapes for AML, emphasising the importance of technology that is not only fast but also adaptable and futureproof.
Johnen: The rise in transaction volumes necessitates real-time evaluation outside the scope of anti-fraud, particularly in transaction sanctions screening. Fuzzy name matching at high speeds is crucial, as is the ability to minimise false positives. The inflexible nature of outdated technology becomes a significant hurdle, especially during sudden regulatory changes, as exemplified by the broad sanctions imposed on Russian entities since the 2022 invasion of Ukraine. Considering these challenges, there is a clear call for software solutions designed to meet constantly evolving needs while handling huge amounts of data. Such solutions must exhibit reliable and adaptive capabilities to ensure effective AML compliance in a dynamic regulatory landscape. Embracing these technological advancements is not just a choice but a necessity for the financial sector to navigate the complexities of modern compliance requirements.
“The primary focus should be on achieving a holistic customer view and the long-term integration of all systems and data into the AML process.”
FW: What potential penalties may await those companies found to be non-compliant with AML regulations?
Bogazci: Non-compliance with established AML regulations exposes companies to many repercussions, with financial penalties being the foremost concern. According to Deloitte, global fines for AML and counter financing of terrorism (CFT) increased in 2022, with US banks carrying the most significant share. European banks, too, have contributed to these negative statistics. A Spanish bank, for example, faced a fine exceeding £100m for not properly monitoring customer transactions. However, the consequences extend beyond financial penalties. Failures to meet regulatory demands naturally lead to enhanced scrutiny by authorities, involving more frequent examinations and audits. In extreme cases, as demonstrated in Denmark in 2019, a bank shut down all its regional branches in the Baltic region and Russia after pleading guilty to hiding money laundering activities.
Johnen: Besides penalties and repercussions from the authorities, AML violations can lead to severe reputational damage. Especially today, when integrity is so important, negative publicity and loss of trust among clients, partners and the public can have long-lasting effects on a company’s brand. News of misconduct or inappropriate behaviour can easily lead to the loss of customers in the long run. The recent sanctions imposed on Russian assets exemplify how fragile the reputation of a bank can be. Although Swiss banks complied with regulatory stipulations regarding sanctioned entities, their ongoing business ties to Russian oligarchs and their families led authorities and the press to closely scrutinise all their banking activities.
FW: Drilling down, what types of innovative digital and analytical technologies are companies using to optimise their AML compliance?
Bogazci: Many companies are strategically embracing a wide range of innovative digital and analytical technologies to enhance their AML compliance efforts. A common theme among experts is the shift from traditional database-driven systems to advanced transaction monitoring solutions. The adoption of cloud-based software as a service (SaaS) models is also gaining traction, reducing ownership costs and allowing organisations to concentrate on their core business functions. They also contribute to centralised data management, offering users transparency and streamlining AML processes.
Lemkens: Big data and visual analytics empower companies to process and integrate large volumes of data from diverse sources, facilitating the creation of peer group profiles, monitoring changes in customer behaviour, and identifying outliers. Artificial intelligence (AI) plays a crucial role in decision making, enabling organisations to prioritise hits and cases, focusing on critical instances of potential money laundering, terrorist financing and sanctions violations. By incorporating these advanced technologies, companies can build sophisticated AML frameworks that not only comply with regulatory requirements but also improve operational efficiency, reduce false positives, and offer a more comprehensive understanding of financial transactions. However, the quality of underlying data is as vital as the employed technology. For instance, transparency registers with ultimate beneficial owners illustrate this point. Even with sophisticated AI in place, if the data within these registers lacks accuracy, completeness or timeliness, the entire purpose of fostering transparency and combatting financial misconduct is compromised.
Johnen: Addressing specific AML challenges, the adoption of strong and flexible fuzzy name matching technology is recognised for calibrating sanctions and politically exposed persons screening without generating excessive false positives. Highlighted for empowering investigators to focus on the investigation itself without manual data collection, powerful case management systems play a crucial role. In addition, real-time transaction monitoring is essential, enabling companies to identify and address potential risks immediately. Digital identification in onboarding processes improves the accuracy and efficiency of customer identity verification, another crucial aspect. Last but not least, machine learning (ML) should be leveraged for pattern detection, enabling companies to identify and analyse complex patterns associated with potential criminal activities.
“The adoption of strong and flexible fuzzy name matching technology is recognised for calibrating sanctions and politically exposed persons screening without generating excessive false positives.”
FW: To what extent have you seen a reluctance among companies to invest in and adopt new AML technology? Are attitudes changing?
Bogazci: Generally speaking, fines have definitely acted as a ‘wake-up call’ to some, spurring a willingness to change. However, we see a variety of attitudes. On the one hand, we see that larger banks in particular are demonstrating the benefits of integrating data and state of the art technology. On the other hand, it is a major challenge for companies to create the holistic customer view required by the regulatory authorities with their legacy systems. As these systems were initially not designed for seamless data exchange, isolated systems and data silos are a common problem. The delta to modern, futureproof IT architectures is often so large that the organisations concerned are reluctant to completely renew their IT landscape. Long-term ownership structures also contribute to this reluctance, which is why many banks are considering SaaS, cloud-based solutions and partnerships.
Lemkens: In a completely different context, we have found that the willingness to invest in new technologies depends on the varying degrees of jurisdiction in the country in which a company is based. FIs in highly regulated countries with strict authorities tend to be more willing to invest. Moreover, there is a general trend of increased investment, driven by a perception that regulations are becoming stricter across the board. Overall, the trend appears to be shifting toward a more positive attitude regarding new AML technology. The increasing frequency and sophistication of financial crimes, coupled with a tightening regulatory environment, have pushed many companies to realise that traditional approaches may not be sufficient to combat evolving financial threats. Thus, they have come to reevaluate the strategic value of staying ahead on the technological curve.
FW: What key steps should companies take to evaluate their AML programmes to identify potential weaknesses, vulnerabilities or inefficiencies which may be remedied with technology?
Bogazci: Developing a strategy to assess and improve AML programmes requires a comprehensive and systematic approach. The primary focus should be on achieving a holistic customer view and the long-term integration of all systems and data into the AML process. A thorough review of past AML cases is instrumental in identifying significant issues, including communication gaps between IT systems and the respective teams, such as those often in place between ‘card payment anti-fraud systems’ and ‘online banking anti-fraud systems’. Regarding internal resources, a strategic approach involves consolidating tasks like predictive analysis and customer investigation instead of segregating them into areas such as fraud and AML. This integrated approach, also known as ‘FRAML’, fosters collaboration and efficiency within the organisation.
Lemkens: Understanding the unique nuances of data is paramount; there is no ‘one size fits all’ global ruleset. Each bank has a distinct customer base which must be reflected in its AML ruleset. Therefore, we believe each customer should apply a hybrid approach to data processing and rule development in which human expertise complements the AI-based understanding of patterns within their data. Currently, a European Union-wide AML/CTF ruleset is under discussion by different member states, to formulate rules to combat the most common AML risks observed in the past. While this is a step in the right direction, it does not absolve the banks from continuously adopting their own implementation of this future rulebook to react to ever-evolving crime patterns.
Johnen: An initial step toward implementing such a tactic involves a dedicated commitment to efficient communication among various stakeholders, including technical experts, business experts and case investigators. In addition, management commitment is required for long-term success. AML compliance is the responsibility of top management who should be aware of the risks associated with non-compliance. But culture and technology are two sides of the same coin. Achieving cross-organisational collaboration necessitates establishing a connected IT system environment. The primary goal of such an architecture should be to streamline tools and provide centralised data access to all relevant systems. In addition, any implemented solutions should be prepared to leverage cloud technology and promote automation, especially in processes such as customer onboarding and continuous lifecycle review.
“The emergence of AI in malicious activities, such as deep fakes and the misuse of generative AI, indicates a growing sophistication among bad actors.”
FW: What essential advice would you offer to companies on optimising the effectiveness of their AML and sanctions compliance frameworks? How can they overcome the likely challenges of integrating new technology into existing frameworks?
Bogazci: We strongly advocate a long-term vision and an adaptive approach. In the short term, the focus should be on consolidating data into a unified, customer-centric system. In the medium to long term, this may entail modernising interfaces to legacy systems or considering replacements. In such cases, the introduction of a new system should be phased to ensure a smooth transition without disrupting operations. The challenge lies in balancing the long-term necessity for real-time capabilities with the practicalities of a step by step replacement. Our advice is to recognise that not all data delivery systems need to be real-time capable at once, and instead prioritise modernising investigation tools and upgrading to state-of-the-art rule systems with data analytics, ML and dynamic profiling.
Johnen: To reduce costs, leveraging cloud and SaaS models is crucial. However, it is essential to ensure seamless communication interfaces between such solutions and existing legacy systems. This consideration is likely to influence vendor selection. Any newly integrated system should be futureproof and capable of adapting to faster and more frequent regulatory changes. Additionally, organisations should refrain from starting with solutions that focus solely on ex-post databases and data silos.
FW: Looking ahead, what are your predictions for the role of technology in the fight against money laundering? How important is it for companies to continually review and upgrade their systems in response to AML risks?
Johnen: As new technologies become available, regulators are raising their expectations for preventive measures against money laundering and sanctions control. Not only are companies expected to adopt AML technology, they are also in a competitive environment where superior AML measures set the standard for the entire industry. At the same time, regulators ask for transparent and explainable systems. Thus, it is vital to know which data was used to derive automated decisions. This is only possible with systems that allow their users to understand the reasoning behind AI-driven decision making. This trend emphasises the need for continuous technological advancements to meet evolving regulatory demands.
Lemkens: The emergence of AI in malicious activities, such as deep fakes and the misuse of generative AI, indicates a growing sophistication among bad actors. This development requires a technology-driven response to stay ahead of evolving patterns. The future of AML relies heavily on the continual evolution of technology.
Since 2018, Dr Stephan Lemkens has served as a consultant, gathering expertise in projects centred on transaction and session monitoring within the domain of fraud prevention. Shifting his focus to compliance in 2020, he collaborates closely with INFORM clients on initiatives related to suspicious activity monitoring and customer due diligence. Currently, he holds a position as one of the solution owners in this domain. He can be contacted on +49 2408 9456 5000 or by email: riskshield@inform-software.com.
For more than three years, Dr Marcus Johnen has been part of the risk & fraud division at INFORM GmbH, serving as a consultant for projects in which INFORM deploys RiskShield for AML compliance. He oversees aspects such as AML transaction monitoring, as well as sanctions and watchlist screening. He can be contacted on +49 2408 9456 5000 or by email: riskshield@inform-software.com.
With a consulting journey at INFORM that began in 2017, Yalcin Bogazci has been a driving force in customer projects, enhancing their transaction and session monitoring, risk-based authentication and solvency checks. Currently is responsible for leading the AML compliance team. He can be contacted on +49 2408 9456 5000 or by email: riskshield@inform-software.com.
© Financier Worldwide
Q&A: Data-driven anticorruption compliance programmes
US government agencies raise the bar on national security-related corporate compliance
Economic uncertainty and fraud
The ‘je ne sais quoi’ of preventing corporate fraud
Corporate integrity: employee training on fraud awareness and ethical conduct
Whistleblower programmes: the why and the how