News & Press: ACFCS News

Special Contributor Report: Can AI Solve Every Problem in Financial Crimes Compliance?

Tuesday, December 12, 2017   (0 Comments)
Posted by: Brian Monroe
Share |

By Sujata Dasgupta
Sujata.dasgupta@tcs.com
December 11, 2017

Financial crimes across the globe have steadily risen in the last two decades – not just in volume, but also in terms of complexity and sophistication.

Banks and financial institutions have been investing heavily in prevention, detection, investigation and reporting of financial crimes on the one hand, while bearing the burden of direct losses as well as staggering remediation and compliance costs on the other as a result of failing to detect some such crimes!

Banks have been upgrading their legacy systems and optimizing manual processes in an attempt to block financial crimes, as new technologies are emerging with unmatched sophistication and technical complexity tied to data analysis and pattern detection capabilities – something which neither legacy systems nor human intelligence is capable of!

Artificial intelligence (AI), as it has been christened, is now being increasingly deployed by banks to enhance the effectiveness of financial crimes compliance (FCC). In this article, we discuss the current pain points in the FCC landscape, explore the innovative AI-powered solutions that are emerging to combat such problems, and look at the future of AI in strengthening FCC as it is set to replicate and possibly surpass human intelligence.

Financial Crimes Compliance - The Current Challenges

FCC is an extremely dynamic domain, with a plethora of regulatory bodies across jurisdictions, new regulations being enacted in quick succession and existing ones being made more stringent, increased focus on compliance governance, processes, reporting and so on.

While these steps are imperative in the face of the growing complexity and scope of financial crimes, banks and FIs have been finding it an uphill task to keep pace with the changing regulatory requirements in this volatile environment, in order to remain compliant.

The reason for this can be attributed in parts to some of the challenges banks currently face in terms of their FCC landscape – systems and processes – which have evolved over a period of time, and are not necessarily capable of accommodating the new regulations in their current form.

Beyond complying with the letter and spirit of the regulations, current bank systems – and their human analysts – may also be outmatched when trying to identify increasingly creative criminal patterns spanning fraud, money laundering, corruption, cyberattacks and other crimes using bulk cash, international wires, prepaid cards, virtual currency, trade – or a mix of them all in some multi-layered schemes.

That could be an even more herculean task when you fact in that some banks are already constrained by older, fragmented systems and a dearth of anti-money laundering (AML) expertise due to budget constraints.

Now let’s take a look at some of the specific AML issues banks face on a daily basis:

·         Lack of an enterprise-wide, single customer view: This is one of the challenges banks face in the KYC (know your customer) and case investigation space. Customers holding multiple relationships with a bank, through different lines of businesses, are onboarded through disparate systems and more often than not, such information is inconsistent. Their transactions and account behaviors are also captured in various different platforms. This results in fragmented and mismatched customer data residing in multiple systems, thereby making it impossible for the bank to have a 360-degree view of a person’s overall profile and capture transaction behavior across the bank.

·         High false positive alerts generation: This is another major problem plaguing banks in the area of AML and fraud control. Legacy alert generation platforms use static, rule-based triggers that are not necessarily reviewed and modified at frequent intervals. This contributes, to some extent, to the high volume of false positive alerts - in the range of 80-90%, while also being exposed to chances of slippage of true positives. As a result, some 50% of true positives in FCC are estimated to be missed by rule-based platforms! Investigation of false positive alerts consumes huge amounts of resources from the bank, and missing true positive alerts can have serious regulatory repercussions, from penalties to closure of certain bank business lines, or even the bank itself. HSBC, for example, paid about $1.9 billion in fines to US regulatory authorities in 2012, for failing to detect drug money laundered out of Mexico through the bank’s branches in that country!

·         KYC activities, including Watchlist and PEP screening, involve intensive manual effort and time: This an activity which is generally manned by lesser skilled staff in banks. Manual data entry, document verification and other KYC due diligence requires long SLAs for client onboarding. Manual triage of huge numbers of screening alerts takes up a lot of analysts’ time, sometimes leading to the aging of alerts well beyond days. Dependence on humans to dispose of such large volumes of alerts is also prone to error. Given the extremely sensitive nature of this activity, banks have been trying to find means to automate this function for enhanced compliance.

·         Legacy systems are incapable of combining structured and unstructured data: This is crucial for generating a holistic view of customer behavior. A lot of information about customers lies hidden in their emails, chat messages, web and social media clips, which, if properly analyzed, can provide early warning signals of suspicious activity.

AI For Strengthening Financial Crimes Compliance

A lot is being said and written about AI and the way it is changing everything around us. AI has the power to navigate through colossal amounts of data – structured and unstructured – and generate meaningful insights, which can then be used to improve the efficiency and accuracy of systems and processes while reducing human intervention at the same time.

This capability is also being tapped to enhance the effectiveness of financial crimes compliance, while attempting to resolve some of the current challenges in FCC.

Now we looked at some of the key challenges in AML compliance, so let’s take a look at how AI can address  some of the these:

·         Entity resolution tools, capable of generating a single view of a customer:  Systems able to maintain multiple identities and relationships across the bank are now being built on AI platforms, without having to overhaul any of the disparate legacy systems of the bank which hold the customer data. Sophisticated analytics are used for such matching, sometimes augmenting bank’s data with that of external third party data to arrive at accurate matches.

·         AI-based network and linkage analysis: This is becoming an increasingly important tool for banks to identify hidden relationships and networks through which financial crimes might be committed. Bank of New Zealand has recently engaged Intel Saffron for using the latter’s AI-based financial crimes detection platform to generate insights on suspicious hidden relationships and criminal networks. The platform will link the data available in the bank – including unstructured customer data in the form of mails and chats - with that available in external sources, including social media, to unearth suspicious networks. Such networks can then be red flagged by the bank, and subjected to greater scrutiny for detecting financial crimes.

·         Using AI-based platforms for financial crimes alert optimization and false positive reduction: This initiative has been catching on fast with banks large and small across the globe. Machine-learning-based alert generation solutions are being adopted to discover suspicious behavior, leading to some missed money laundering and fraud threats being uncovered, and to detect outliers even when they do not breach any defined alert triggering scenario – something which rule-based platforms are incapable of. Some Banks are also using AI tools for automatically discounting false alerts – that are generated by the rule-based systems – based on dynamic rules created by the AI algorithm. HSBC bank has adopted AI for FCC alert optimization, which has resulted in a drop of around 20% of false positives, without reduction in the volume of true positives the bank was reporting during its manual investigation era.

·         Automation in client onboarding and KYC activities, like Sanctions and PEP screening: These are being enabled by robotic process automation (RPA). The software robots are programmed to mimic human steps, which are repetitive, and rule-based, and can complete tasks involving the accessing of multiple systems, data entry and collation, report generation and so on – just like humans, but at a fraction of the time and cost. Standard Bank, Africa’s largest bank, has used RPA combined with AI-based cognitive automation, to bring down the client onboarding and KYC timelines from 20 days to 5 minutes!

·         Machine learning is enabling dynamic risk assessment and peer profiling of customers in banks: While periodic risk rating reviews of customers are conducted by banks, dynamic risk rating is a much more effective mechanism to update risk rating of customers based on their transactional behavior and account activity on a near real time basis. The social media information of customers is also being integrated to accurately map their peer profile buckets dynamically, and any deviation from such updated profile behavior can be flagged as suspicious.

·         Alert case management is also being reimagined using RPA: As a result, the routine steps of investigating alerts – viz. visiting multiple systems for collecting customer, account and transaction information, checking for previous cases, and so on, and finally coming up with an investigation report – are being delegated to software robots. While decision making on the report is still being done by humans, the journey toward intelligent RPA has already started. Large Australian banks, like ANZ and NAB, have been making rapid strides in their RPA programs in this very direction. So very soon we can expect robots to study the report and decide whether to close the alert or file a SAR!

From Human Intelligence to AI – The Way Forward in FCC

As criminals are getting more tech savvy and finding new ways to commit financial crimes, and banks are embarking on using increasingly stringent crime prevention and detection rules, the race to outsmart each other will continue and even accelerate!

Citibank and Barclays have implemented voice biometrics to prevent phone banking-based frauds. Banks worldwide are also envisaging the use of AI to conduct social media screening of their customers to detect early warning signals of suspicious behavior.

As well, card fraud continues to be on the rise, especially in cases of online transactions.

While large banks in UK, viz. RBS, HSBC and Lloyds, are embracing AI platforms to detect such frauds, several machine-learning-based online identity verification tools, combining customer biometrics and computer vision technology, are emerging with enhanced security for the prevention of such frauds.

At the same time, the speech and visual recognition capability of machines is getting superior, and is expected to exceed that of humans in the next few years!

The day may not be too far when a single AI platform will carry out end to end FCC functions, as machine learning and analytics are integrated with RPA and chatbots, along with tools like optical character recognition (OCR) and OCR confidence reporting engines to complete the automation landscape.

But a path-breaking innovation would be to develop AI that can pre-empt what criminals might do to bypass the prevention and detection mechanisms employed by banks to commit financial crimes, and create algorithms-based-rules accordingly for blocking such crimes.

Can we expect AI to create its own threat intelligence list and generate alerts when transactions involving such individuals/entities are initiated? Can natural language processing (NLP) be built to interpret and analyze new regulations, and create rules for changes to be implemented in the bank’s systems and processes as a result?

This may not be a distant dream, as AI has set its sights to conquer all!

About the Author:

Sujata Dasgupta

Experienced Industry Consultant in Banking Risk and Compliance (R&C), with a demonstrated history of working in Banking, IT services and consulting. Currently leading RegTech solutions, alliances and client programs in the area of Financial Crimes Compliance tower within BFS Risk & Compliance Practice at Tata Consultancy Services Ltd., Bangalore, India.   

A subject matter expert in R&C, specializing in Financial Crimes Compliance covering KYC, AML, Fraud control and Regulatory Compliance. Has worked for premier international banks globally, in major financial hubs like New York, London, Singapore, Hong Kong, Frankfurt, on large regulatory transformation programs, leading teams on KYC/CDD, AML, and regulatory reporting engagements.

She is also the author of various published thought papers.

LinkedIn


©2016 Association of Certified Financial Crime Specialists
All Rights Reserved