Financial firms have without question faced more pressure lately – from every direction – to do better at anti-money laundering compliance.
First, regulators in the United States, Europe, and elsewhere are promising more enforcement against anti-money laundering (AML) failures – and they’re imposing hefty fines to prove the point. That push partly comes from new sanctions pressure against nations such as Iran, North Korea, and China, where using AML laws to isolate those countries makes diplomatic sense. It also comes from rising public sentiment against corruption, with new laws to unmask the owners of shell companies and new pressures on social media for banks to cut ties with tax cheats, human traffickers, kleptocrats, and the like.
Second, regulations around enhanced customer due diligence are rising. FinCEN’s enhanced customer due diligence rule from 2018, for example, swept more firms into the scope of requirements to perform due diligence and added new burdens for identifying the true beneficial owners of businesses opening accounts.
Third, despite all those new challenges, the compliance functions at financial firms still face resource constraints. Yes, banks have been ramping up compliance budgets and staff to monitor suspicious activity, but the long-term sustainability of increased expenses causes challenges.
Moreover, the rate of “false positives” from AML compliance remains stubbornly high, to the point that regulators are concerned about the quality of work no matter what compliance budgets may be. For example, one commission in Britain is advocating for reforms to suspicious activity reporting (SARs) because too many reports contain too little useful information.
Clearly the path to alleviate these pressures is better use of technology – and regulators are sympathetic to that point. In December, US banking regulators published a joint policy statement encouraging firms to “implement innovative approaches“ to AML compliance, even suggesting that some banks might want to share AML compliance resources.
So that’s a lot of pressure to improve AML compliance, with better use of technology as a theoretical path forward. Halfway through 2019, how are those ideas developing in practice?
What AML Innovation Should Do
Regardless of exactly what AML innovation a specific firm might want to implement, we can define a few broad objectives that better AML technology must be able to achieve.
- Automate manual tasks. AML compliance analysts can spend significant time confirming a party’s identity, researching previous transactions, seeking adverse media reports, and the like. Better technology should automate those repetitive tasks to let compliance analysts focus on making judgments rather than on performing work.
- Reduce the rate of false positives. A corollary to the above is that human intelligence can only go so far to identify patterns or details that suggest suspicious activity – but artificial intelligence or advanced analytics can go much farther. Better use of such technology can make a firm more confident in its assessment of suspicious activity and reduce the chance of incorrect judgments.
- Alleviate burdens around testing. Independent testing of a bank’s AML compliance program, which is required by law, can be onerous and time consuming. Better AML technology can help gather evidence AML auditors will want to see, accelerate the testing itself, and assist with any remediation that might be necessary after testing.
- Improve the analysis of risks. “Better data analytics” has become a consistent statement in the compliance world. Data analytics allows compliance staff to study transactions in bulk and then see what policy or procedure changes might be necessary to reduce risks.
Firms need to consider several trends sweeping the banking world – and the business landscape generally – that will shape how a compliance officer pursues those objectives above.
First, cloud-based services will continue to proliferate and be embraced by many areas of the enterprise. Compliance officers themselves can use cloud-based services to improve various aspects of the AML function.
Ultimately that means the data your AML compliance program analyzes will come in a variety of formats, from a variety of applications. What’s more, some of the data crucial to AML analysis will come from outside your enterprise – information about adverse media reports or background checks, for example. All of that data will need to be “harmonized” in a way that lets the compliance team see and study the whole of it, to make judgments about suspicious activity.
Second, artificial intelligence and related advanced technology will be indispensable to that harmonization effort. As more business functions use their own cloud-based services or embrace other new services to keep pace with a fast-changing business landscape, AML compliance functions will need to “skim” relevant data from all those sources and analyze it immediately.
In theory, a compliance officer could impose workflow changes on operating units, adding procedures or requirements so that they generate data useful for AML compliance. But in reality, that’s unlikely: Operating units and competitive pressure both would present resistance to such an imposition. Instead, AI and related technologies will become the tools compliance programs use to let operating units stay nimble in their operations while the compliance function gets smarter, faster analysis of its AML risks.
This is not one possible future that might happen – this is the future, as inevitable as next week. It will, eventually, arrive for everyone.
How to Start Innovating
Generally speaking, innovation in AML compliance should follow the same path you’d take with any other innovation: Start small, measure the results, consider the broader implications, and replicate what works elsewhere.
Begin with a pilot program. AML compliance has many moving parts. Identify one particular task where you believe technological innovation could make a big difference for your firm, and design a pilot to test that theory.
For example, at a firm with significant retail operations, innovation in digital customer onboarding could bring significant efficiencies. Such innovation would cut paper documentation from the “compliance food chain” and win over retail sales units with a less cumbersome customer experience. On the other hand, banks that deal with high-net-worth clients, who might move large amounts of money through holding companies or partnerships, might be better served innovating enhanced customer due diligence and transaction analysis.
Measure differences in performance. Whatever the results of your pilot are, they should be weighed against the “control” of the firm’s historical approach to that task. A compliance officer wants to see better results from innovation and an easy path forward to make that innovation a permanent, widespread part of the firm’s AML compliance program.
For example, a US-based financial firm might try using AI software to share certain customer data (sometimes called “pre-suspicion” data) with overseas affiliates to help identify suspicious activity. That experiment should be measured against traditional screening systems and technologies to see whether (a) the AI truly can learn what the firm wants it to do and (b) the innovation is actually cost-effective, given data privacy laws that might restrict the sharing of some kinds of data and the overall cost of implementing AI.
Does it work? Does it work well enough to expand? Those are the crucial questions.
Talk to regulators. FinCEN in the United States and other regulators elsewhere do understand that their AML compliance expectations are high and that innovation in AML can be a tricky business. They want to offer advice, to the extent that a regulator can. US banking regulators put out their statement encouraging innovation for a reason, after all.
FinCEN, for example, has an “Innovation Hours Program” where financial firms can meet with FinCEN officials directly to talk about their firms’ innovations in Bank Secrecy Act compliance or about AML innovation generally. Compliance officers can take advantage of that program to raise their ideas, get feedback, and refine existing pilot programs.
Go from pilot program to transformation. Once a pilot program does work, compliance officers can start to think about implementing the effort more broadly. Some forces may constrain those ambitions (such as our point above about data privacy laws inhibiting the sharing of customer data across borders), but ultimately the idea is, once something works, do more of it.
An important point here is that if an innovation uncovers weaknesses in a firm’s prior AML compliance regime, US regulators have already said they will not necessarily hold those prior deficiencies against it. Innovation is a good thing, so compliance officers should embrace the potential here as fully as possible.
And in the final analysis, compliance officers must also consider the consequences of not innovating. The days of those more traditional approaches to compliance are numbered. A firm maintaining a traditional approach will inevitably meet one of these outcomes: its manpower and other costs will continue to rise, its competitive position relative to peers will fall, or regulatory disaster will strike.
None of those choices are palatable options to put before the board or CEO. The time to innovate in AML compliance is now – and thankfully the technology is there to do it.