Strengthening AML protection through AI
July 2018 | COVER STORY | BANKING & FINANCE
Financier Worldwide Magazine
July 2018 Issue
Artificial intelligence (AI) has the potential to transform financial institutions (FIs), disrupting every aspect of financial services, from the customer experience to financial crime.
AI technology can be utilised by FIs in a number of ways, with anti-money laundering (AML) one of the main areas of focus. FIs can employ AI to analyse large amounts of data, to filter out false alerts and identify complex criminal conduct. It can identify connections and patterns that are too complex to be picked up by straightforward, rule-based monitoring or the human eye.
FIs are awakening to the potential of AI, both internally and externally, and beginning to embrace it. According to the Digital Banking Report, 35 percent of financial organisations have deployed at least one machine learning solution. AI has the potential to improve the financial services industry by aiding with fraud identification, AML transaction monitoring, sanctions screening and know your customer (KYC) checks. But there are concerns about its uses in the highly regulated financial crime compliance space, when it comes to AI decision making, algorithmic bias and lack of regulatory acceptance, for example.
Given the complex data, detailed workflows and significant human involvement in the AML process, FIs must ask themselves a number of questions before utilising AI. For example, is the technology relevant to their AML processes, and which processes are best suited? If the technology is relevant, does it have the right focus and skills to be successful? They must also assess the implications of rolling out AI and focus on how and where the technology’s implementation will most benefit the organisation.
Regulatory concerns are an issue for all FIs. Over the course of the last decade they have had to navigate an increasingly complex compliance landscape, face demands for increased transparency from customers and regulators, and combat financial crime while minimising conduct risk.
Yet despite the increased focus on combating it, financial crime is actually rising. According to the United Nations Office on Drugs and Crime, financial crime accounts for around 3.6 percent of global GDP, or around $2.1 trillion each year. As criminals become more sophisticated in their methods and disguise their activity, FIs must change the way they operate. Better collaboration within the sector must be complemented by increased cooperation among local governments, compliance specialists and technology providers.
As AML, counter-terrorist financing (CTF), Bank Secrecy Act (BSA) and KYC compliance obligations grow in importance, FIs are rising to the challenge. Some are spending $60m per year to meet their AML compliance costs, according to Accenture. Though for larger firms the costs can be significantly higher – $500m annually – and often these efforts are found wanting, resulting in firms being hit with significant fines. Regulatory enforcement actions against FIs led to approximately $321bn in penalties worldwide between 2009 and 2016, according to the Boston Consulting Group. In 2017, United Overseas Bank was fined $900,000 and Credit Suisse Group was fined $700,000 for breaching AML requirements and control lapses.
AML compliance obligations
The stringent regulatory backdrop is having an impact on the financial services space. In the EU, the fourth Anti-Money Laundering Directive has established standards for identifying and verifying business clients and beneficial owners, applying customer due diligence, and enhancing due diligence in higher risk situations. In the US, firms must comply with the BSA, and the Financial Industry Regulatory Authority (FINRA) will review a firm’s compliance with AML rules under FINRA Rule 3310. Furthermore, the implementation of FinCEN’s new customer due diligence requirements, and the New York State Department of Financial Services’ Part 500 and Part 504 certification requirements are also increasing pressure on the sector. Additional impending regulations are also on the radar. The Fifth Anti-Money Laundering Directive, for example, will focus on a number of issues, including the emergence and use of AI. It will also extend the scope of the application of existing EU AML regulations to cover other growth areas, including virtual currency exchange platforms and custodian wallet providers, ending the anonymity that could be associated with such exchanges.
This highly regulated environment makes AML a complex, persistent and expensive challenge for FIs. Compliance does bring operational benefits, however. AI is transforming aspects of the AML workflow and delivering performance improvements in the process. Through electronic identity verification services, for example, AI can help FIs control not only the complexity of their AML provisions, but also the cost. Better compliance practices and an improved customer experience are also possible. Given these potential applications, it is easy to see why so many FIs are enthusiastic about the technology and beginning to invest.
In April 2018, HSBC announced that it would be utilising AI technology from Big Data start-up Quantexa to track and combat money laundering. HSBC paid fines of $1.9bn in 2012 for reportedly facilitating the laundering of drug cartel money in Mexico and for contravening sanctions to do business with Iran, as well as agreeing a five-year deferred prosecution agreement (DPA) with the US Department of Justice (DOJ) under which it promised to take action to correct compliance failings. The firm, which committed over $1bn to strengthen its compliance measures, has announced the “global roll-out of an AI tool capable of analysing data logs and tracking transactions within a customer’s wider network”.
The cost of implementing technology solutions will grow in the coming years, as will the cost of maintaining regulatory compliance. For example, recruiting new compliance staff, and retaining existing teams will continue to be a significant burden. According to LexisNexis Risk Solutions, between 2015 and 2017, overall AML compliance costs in Europe increased by 21 percent. European financial services providers face overall AML compliance costs of €70.1bn a year, with employment and labour costs one of the most significant components. “Compliance is already expensive,” says Nick Parfitt, product director at C6 Intelligence. “And it is becoming more costly as constantly changing regulations lead to increasingly complex processes that need more human input. So the opportunity to save costs while maintaining, and even improving, results is of great interest to any organisation to which AML and CTF rules apply.”
One of the most important efficiencies AI can generate is through algorithms to monitor customer activity, rather than using trained employees to undertake this task. “AI can be particularly useful for detecting unusual single transactions which employees find harder to spot by using systems to build up an image of normal customer behaviour and creating an alert when something unusual arises,” says Johanna Walsh, a partner at Kingsley Napley LLP. “This is a new way of ‘knowing your customer’. However, firms may find that they need to invest significantly, particularly at the outset, to ensure the competency of any systems that are adopted and in up-skilling employees to accurately monitor and interpret results,” she adds.
To fully reap the cost-saving benefits of AI, FIs must ensure that the technology is compatible with their operations. “The implementation of AI within an institution’s compliance framework requires fine tuning and is iterative,” says Khalil Maalouf, counsel at Skadden, Arps, Slate, Meagher & Flom LLP. “The extent to which AI is implemented at an institution will depend on dynamic factors, including how an institution is able to marry the new technologies with its existing IT and compliance structures.” There must also be a clear understanding of success parameters and performance indicators, particularly with respect to the firm’s risk appetite.
AI capabilities have grown considerably in recent years. Robotics, virtual assistants and other forms of AI have become an everyday reality, reducing costs and helping companies manage risk and increase productivity. According to a report from Autonomous, AI could save the banking industry more than $1 trillion in projected cost savings by 2030. The report ‘Augmented Finance & Machine Intelligence’ notes that over the next 12 years, traditional financial institutions could reduce their costs by 22 percent. Applying AI to compliance, KYC and AML processes, as well as other forms of data processing, will generate savings by targeting compliance, KYC/AML, authentication and data processing, resulting in a reduction of $217bn.
Accordingly, investors are warming to its potential. Annual venture capital investment into US startups developing AI has increased sixfold since 2000, according to the AI Index 2017 annual report. Investment in RegTech is also rising. On the front end of their operations, FIs are using AI to secure customer identities, mimic bank employees, deepen digital interactions and engage customers across channels. On the back end, AI is aiding employees, automating processes and pre-empting problems. In the mid-office, AIs can perform real-time KYC and AML checks. All of this is strengthening AML compliance.
In the years to come, as AI becomes more mature and more common, there will undoubtedly be headwinds and reliability issues. FIs will need to be patient.
“AI adoption will increase significantly in terms of scope and depth, and its reliability will improve compared to human operation,” says Mr Parfitt. “But there are still barriers to overcome. Regulators need to be convinced, the real-world benefits need to be proven and everyone needs to be comfortable that AI and machine learning behaviours and results are well within risk tolerances.”
Quality of data inputs, selecting the right use-case for experimentation, scaling successful proofs of concept, and integrating new tools within existing IT systems, are all potential challenges.
“Data quality and accessibility can be hampered in a number of ways,” says Mr Maalouf. “Bank secrecy and data protection laws can restrict the type of information that can flow into centralised systems that rely on machine learning. Legacy systems can also raise interoperability and data compatibility issues. An understanding of the practical limitations of an institution’s data environment is key to not only calibrate machine learning solutions, but also to effectively assign risk ownership at an institution.”
Furthermore, there are concerns around the decision-making capabilities of AI, as well as its ability to reinforce existing human biases. A greater understanding of the capabilities, risks and limitations of AI must be established. FIs need to develop an ethical framework to govern AI and consider the impact of greater automation on their brand. Thousands of jobs will be put in jeopardy when FIs roll out AI systems. In key areas, including compliance, huge numbers of human jobs will likely be replaced as a result of automation, particularly those which have been outsourced to lower-cost countries in emerging markets.
Data limitations and a failure to adapt to changes that humans could otherwise identify are among the flaws in machine learning and AI. In the event something goes wrong, a further stumbling block is the question of liability attached to AI.
AI has incalculable potential. It may be the next great disruptor in the financial services space, transforming virtually every area. For FIs, finding ways to marry AI and machine learning solutions with existing rules-based AML systems will be advantageous and will reduce disruption.
One of the areas in which AML could have the biggest impact is in the number of false positives detected by traditional parameter-based transaction monitoring systems. AI could potentially reduce the number of false positives FI’s identify, which will lower compliance costs without compromising regulatory obligations. AI can also identify more complex behavioural patterns that might otherwise be undetectable to compliance staff. Traditional rules-based monitoring, by comparison, only allows for the detection of known and existing scenarios; as such, AI can reduce cost pressures and augment monitoring processes.
From a regulatory perspective, however, FIs must be wary of how they use AI. In an AML context, it will involve the retention and automated processing of vast amounts of personal data, some of which may be sensitive. FIs must be careful to ensure that this is done in accordance with local data protection laws. “The need to comply with data protection laws, particularly with the GDPR now in force, will be at the forefront of the minds of any firms considering AI,” says Ms Walsh. “Article 22 of GDPR prohibits an entity from carrying out fully automated decision making other than in certain exceptional circumstances, including where explicit consent is given. AI depends on data and increasingly strict rules on how data can be used and how long it can be kept may pose a problem to the use of this technology. A further issue which firms should consider is that there is a risk that in using personal data, particularly in combination with publicly available data, machines may generate sensitive personal data to which different data processing considerations apply.”
However, it is not clear whether Article 22 prohibits fully automated decision making, subject to certain exceptions, or whether it provides an individual with the right to object to fully automated decision making, again, subject to certain exceptions.
AI is still a developing technology, and one which potentially raises suspicions with the public, particularly in how it will be used by the banking and financial services sector. Nevertheless, the speed at which technological developments occur, coupled with the growing threat of cyber and financial crime, mean that FIs cannot afford to discount the effect AI and machine learning will have on AML processes. The increasing complexity of money laundering has made AI and machine leaning a ‘must have’, rather than a ‘nice to have’, despite the uncertainties surrounding its application and results.
© Financier Worldwide