The High Costs and Low Returns of AML Compliance for Banks: Is There a Better Way?
March 25, 2022
Aiming for the “sweet spot” of digital enhancement in your transaction monitoring can set your anti-money laundering compliance up for long-term success.
Financial crime is one of the biggest threats to global economic development and stability. Yet despite the enormous resources that financial institutions (“FIs”) pour into managing the associated risk, the bad guys continue to stay one step ahead. In 2020, compliance spending topped USD$213 billion worldwide. Meanwhile, total estimated funds laundered reached upward of USD$2 trillion, nearly nine times as much.
Banks and financial services organizations (“organizations”) are under intense pressure to adapt to meet consumer demands driven by new digital payment options and factors related to the pandemic. Organizations have responded by innovating their self-service offerings, payment methods and transactions, policies, processes, systems and controls.
These changes have made organizations more competitive. But the new offerings have also become potential points to exploit by financial crime syndicates and lone wolves looking to take advantage of the frenetic pace of change and the confusion that can accompany it.
As if that weren’t problem enough, organizations leaning heavily on legacy transaction monitoring (TM) systems have found them to be difficult to maintain and quick to become outdated. And because organizations struggle to keep up and upgrade key aspects of the monitoring process, they frequently resort to manually prioritizing and reviewing high-risk alerts, often postponing enhancement tasks until a later date, resulting in an ever-increasing alert backlog population. Considering how quickly fraud and anti-money laundering (“AML”) typologies (e.g., money mule scams, eCommerce scams and cybercrimes) are evolving, manual prioritization and alert reviews are both highly inefficient and ineffective.
Organizations know that compliance costs will keep rising and that continuing to rely on archaic systems — often sustained by large teams and manual execution — is unproductive and expensive. A more sustainable approach to transaction monitoring and associated transformation that considers cost as much as risk is key, especially given the compressed margins and competition from digital banks that are free from legacy system issues and risks.
The question is: How do you implement this new approach in the most effective and timely manner?
One starting point on the path to an improved compliance program is to look at four key aspects of operations that affect TM and consider legacy issues.
Compliance Algorithms — Are they current?
The heavy investment in TM systems is intended to automate compliance using rules-based algorithms. While these algorithms represent positive steps, organizations with legacy TM systems frequently discover that their algorithms are outdated and need to be significantly enhanced. Artificial intelligence/machine learning (“AI”/”ML”) techniques can provide a path forward to keep up with new products and better manage the risk from growing fraud and AML typologies.
Organizational Data — Is it accessible?
Organizations are rich in transaction, demographic, customer, product and market data. But if that data are siloed or scattered, or inconsistently maintained or treated within the enterprise, governance is a challenge and can compromise fraud and AML risk monitoring. Garbage in, garbage out!
Regulatory Rules — Do you speak the language?
Regulators often respond to uncertainty by increasing oversight. While they may also provide guidance and encourage innovation in many areas, their unfamiliarity with the AI/ML technologies and techniques has caused organizations to hesitate or even resist large-scale use of more advanced analytical methods. Key for any organization is to increase focus on explainability and ensure regulatory defensibility.
There are signs of forward thinking in the regulatory space, nonetheless. Regulators such as MAS and HKMA in Asia and FCA in the UK are encouraging FIs to harness the power of technology and have established initiatives such as the opening up of sandboxes and chatrooms to regulatory technology (“RegTech”) providers and introducing banks to RegTech use cases. Some are providing funding and contributing government data and expert stakeholders to drive AI/ML adoption.
People & Talent — Do have the right skills within your organization?
Workers skilled in the use of AI/ML are in high demand but in short supply worldwide. With data assets representing highly strategic sources of insight and risk mitigation, organizations must recognize the value of analytics as a support function and empower analytics leadership to play a strategic role in adapting and transforming the organization’s data ecosystems. Additionally, organizations should spend time understanding how, where and when to deploy analytics talent, an area especially critical to talent retention.
What About RegTech
Many organizations have turned to RegTech applications to tackle their compliance issues. This is a very positive step as there are some strong technologies in the market. However, organizations often struggle to understand and appropriately match their problems to RegTech solutions and to know how to move from proof of concept to production without “tearing down the rest of the house.” Pointedly, in a world where so many RegTech vendors market themselves as “the best” or “cutting edge” or the only real solution to financial crime compliance, buyers of RegTech solutions need to devote close care to evaluating potential technology partners.
Make no mistake, RegTech has been a boon to the financial industry. But as many organizations have discovered after the fact, these applications are not a panacea — many have limitations. No single vendor has the capacity to fully optimize a TM program. The challenge of multiple systems existing within and across organizations — including legacy systems with data that aren’t fully known or governed — is simply too significant. Additionally, ensuring defensibility of a new system for organizations faced with regulatory issues remains a challenge.
Small Changes, Big Results
As much as organizations would like to simply flip a switch to improve their compliance programs, the reality is that a thorough self-assessment supported by a structured transformation plan with an eye on the big picture works better.
The good news is that transformation doesn’t have to happen in one fell swoop, nor should it. Once you identify areas requiring attention, you can execute tactical changes — stopgap measures, quick wins — that will immediately improve the maturity of your TM while also setting you on the path to greater transformation.
As the “TM maturity” chart above shows, your organization may already employ digital techniques that are part of business as usual (BAU) and marginally benefit from these optimization techniques. From there, the objective is to implement techniques shown in the gray oval — the “sweet spot” of TM maturity — that will have a much greater long-term impact and provide efficient cost savings.
Determining where your organization stands on the line above is a first step toward identifying where you can make quick wins and where you can hold for long-term gains.
Critical to this process is accepting legacy issues and working around them for now; transformation doesn’t happen overnight, and personalizing your organization’s journey with scalability is key. Here are a few potential points along the way:
Validating Systems. Thorough testing and validating of your anti-money laundering, TM, customer screening and risk scoring systems is an excellent launching point on the transformation journey. Doing so can enhance your compliance right away by helping you achieve a higher degree of accuracy.
Custom Analytics Solutions. Consider leveraging AI/ML technology to transform data quality, reduce false positives and improve overall efficiency. Be aware that off-the-shelf products can’t realize the same value as bespoke tools, which can leverage elements of existing systems to create a seamless, integrated experience for internal and external users.
Digital Transformation. An efficient risk management mechanism will almost certainly involve reducing manual functions to an absolute minimum. That means greater convenience and simpler and faster responses for your clients and customers. For your project team, however, it can be a heavy lift with more-complex data challenges, ML and AI, staff training, cloud reliance, models deployment, and new analytics to create meaningful and compelling user experiences. Partnering with an expert with industry experience can bridge the skills gaps in the interim as you continue to build new digital paradigms internally.
Technology as an Ally
As financial crime evolves, so too must organizations caught in the whirlwind of advancing technology, shifting consumer demands and aggressive regulators. By carefully reviewing your financial crime risk management program and acting incrementally, you can make technology your ally. After all, the mission to find the balance between efficiency and effectiveness and stay one step ahead of the bad guy grows stronger every day, bit by bit, byte by byte.
About The Journal
The FTI Journal publication offers deep and engaging insights to contextualize the issues that matter, and explores topics that will impact the risks your business faces and its reputation.