- In this special video version of the ACFCS Financial Crimecast, Stephen Taylor, the General Manager of Anti-Money Laundering (AML) for compliance technology leader NICE Actimize, discusses tips and tricks to bolster program effectiveness – from the perspective of complex systems and analyst training.
- He also touched on the continued duality of AML teams being required to satisfy regulatory expectations – and be open and honest about warts and weaknesses – to ensure an “adequate” program while shifting toward a higher standard of effectiveness, that is aligned with countrywide priorities and law enforcement needs.
- Taylor also previewed what will be coming in 2022, noting that more banks will likely be more willing to test the waters on potentially transformative technologies – like artificial intelligence – to better analyze data flowing in their own institution and swim that information against others, in some cases, empowering public-private partnerships with traveling algorithms under the rubric of “federated learning.”
By Brian Monroe
January 31, 2022
In this special video version of the ACFCS Financial Crimecast, Stephen Taylor, the General Manager of Anti-Money Laundering (AML) for compliance technology leader NICE Actimize, discusses tips and tricks to bolster program effectiveness – from the perspective of complex systems and analyst training.
He also highlighted the continued duality of AML teams being required to satisfy regulatory expectations – and be open and honest about warts and weaknesses – to ensure an “adequate” program, while at the same time shifting toward a higher standard of effectiveness.
These efforts to move away from a fincrime program focus on rote examiner tasks done in an at-times defensive posture to an offensive stance championing results must also be aligned with countrywide priorities and law enforcement needs – no small feat for banks with wildly different levels of resources and risk concentrations.
But it must be done, he said, as the current cumulative results of global compliance efforts and government investigations leave the bad guys winning more often that not.
“The regulators need to get more effective information,” Taylor said. “We are not really being that effective right now.”
Overall, there is $2 trillion laundered each year and we can get maybe “one or two percent of that,” he said. “There are 40 million people captured in modern slavery. Those are terrible stats. We need to be more effective.”
Taylor also previewed what will be coming in 2022.
He noted that more banks will likely be more willing to test the waters on potentially transformative technologies – like artificial intelligence – to better analyze data flowing in their own institutions and swim that data against others, in some cases, empowering public-private partnerships with traveling algorithms under the rubric of “federated learning.”
Shifting from adequate to effective: A new standard emerges
Here are some of the topics we covered in our roughly 30-minute discussion:
- Exploring the Consortium topic for increasing program and technology effectiveness.
- The changing nature of the tenor of effectiveness – regulators are working alongside banks, but are also putting more force behind compliance. As you mentioned, more foot on the gas while at the same time they are fostering more innovation.
- Tips and tricks on being more effective.
- The global state of regulation and Tips on managing the changes.
- Some AML aftershocks of the Pandora papers, after the Paradise Papers, from the Panama Papers.
- What’s coming in the first six months of 2022
The genesis of the crimecast is a potential glimpse of the future of financial crime, which many believe will have “effective” compliance teams generating “highly useful” and “relevant” intelligence for investigators in focused, shifting defined “priority areas.”
These more targeted programs would ensconce both broad generators of illicit income, like corruption and cyber-enabled fraud, but also be attuned to the actions and reactions of international threat actor groups.
Those are just some of the key takeaways from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) releasing its formal list of its national anti-money laundering and countering the financing of terrorism (AML/CFT) priorities last year.
The priorities are a collection of historic foils like organized criminal groups and other rising risks, like record ransomware attacks and crypto-fueled paydays.
The FinCEN priorities: a new framework to fight financial crime
The FinCEN priorities, likely familiar drumbeats to large, international banks, are still given more weight and attention as they stand front and center at the new countercrime vanguard, the tip of the spear for fincrime fighters, not buried in dense and didactic reports, such as the Treasury’s 2020 Illicit Finance Strategy, the 2018 National Risk Assessment and others.
FinCEN’s stated AML priorities are:
- cybercrime, including relevant cybersecurity and virtual currency considerations;
- foreign and domestic terrorist financing;
- transnational criminal organization activity;
- drug trafficking organization activity;
- human trafficking and human smuggling; and
- proliferation financing
The widely-watched and highly anticipated AML priorities are the first concrete update to implement the U.S. Anti-Money Laundering Act (AML Act) – the most significant upgrade to the country’s fincrime framework since the 2001 U.S.A. Patriot Act.
The AMLA is an expansive package of updates to break open beneficial ownership bastions, bolster public-private information sharing, usher in a new era of innovation and focus on effectiveness – with the threat of higher penalties for violations, and serial scofflaws.
Coinciding with and underpinning the release of FinCEN’s AML priorities, the Wolfsberg Group issued a critical missive to detail in practical, tactical steps how financial institutions can actually demonstrate effectiveness, a term in recent years bandied about with much fanfare, but little in the way of bright-line, auditable boundaries.
In short, the Wolfsberg metrics of effectiveness include:
- Are you compliant with local AML laws, cognizant of global standards?
- Are you producing highly useful information to law enforcement, guided by national AML priorities?
- Do you have a reasonable compliance program that reviews internal and external threats, gaps and vulnerabilities and adjusts based on rising or receding risks and law enforcement input?
As a result, the AMLA, new FinCEN priorities and Wolfsberg metrics of effectiveness has caused quite a bit of soul searching for the various players in the fincrime compliance supply chain, including compliance officers, regulators, investigators and auditors.
Some questions we cover in the discussion:
- So what are banks and vendors doing to adjust to this new standard?
- Are banks, and maybe vendors as well, under more pressure to engage in public-private partnerships with law enforcement groups to be more aligned with their strategic needs?
- What are, or should, banks and vendors be doing differently to shift analytical and investigative resources to these areas? Are vendors having to do any broad updates or algorithms, scenarios or backend systems?
Part and parcel, however, of the effort to be more effective is firming up the foundations of fincrime compliance efforts: deeper and more valuable suspicious activity reports (SARs) crafted by banks and sent to regulators and investigators.
“A lot of the information sent to regulators and law enforcement is not that effective, insightful or useful,” Taylor said. “And there is a lot of weeding through the data to find the reports that are really useful.”
From the perspective of banks, there is “an awful lot of time and energy filing structuring SARs,” he said, adding that the industry must shift to allow banks to focus their efforts on the highest risks and highest “concentrations of risk,” ideally, guided by regional law enforcement priorities – as partners.
Tips, trends and timestamps
2:00 – Effectiveness in programs, divination in data across banks, regulatory vulnerability.
What does effectiveness look like in practice?
How can a consortium approach work by taking the data of multiple banks to find broader trends?
As well, how can you work with regulators, be open, honest and transparent, without them turning that against you and finding faults in your program?
5:00 – For the bank compliance professional, what should I be doing differently?
What should or could banks be doing to adjust to these newer and apparently stronger standards of effectiveness and being seen as a true ally of law enforcement?
Let’s start with the AMLA 2020 and “highly anticipated” AML priorities. The rulemaking, in all of its various forms and pieces, is still coming.
The regulators need to get more effective information. We are not really being that effective right now.
There is $2 trillion laundered each year and we can one or two percent of that. There are 40 million people captured in modern slavery. Those are terrible stats. We need to be more effective.
A lot of the information sent to regulators and law enforcement is not that effective, insightful or useful. And there is a lot of weeding through the data to find the reports that are really useful.
There is an awful lot of time and energy filing structuring SARs.
8:30 – What is the big deal about this? So much has changed? Nothing has changed? Which is it?
What is the nuance? These AML priorities are not hidden in some U.S. Treasury, GAO or Congressional report. They are front and center.
So what does that mean for you? The AML professional, analyst or investigator on the ground trying to decide if, how or when you should file a suspicious activity report (SAR)?
Here is the answer: The needle has shifted to the pressure point being reporting on suspected money laundering to better identifying, parsing out and reporting on the underlying crime, the suspected unlawful activity generating the illicit finance.
Digging down to uncover that the red flags in your transaction monitoring system are the hallmarks of human trafficking has gone from a nice to have to a need to have.
10:00 – The technology is a big part of how banks can be more effective.
They were buried a little bit, but now they are front and center.
There is so much more that banks can do to really help identify true crime, the needle in the haystack. Machine learning and AI. The more data you give AI, the better it will be.
What else can banks do to more readily find true crime? Engaging new strategies, like the concept of entity resolution, network risk and link analysis.
What can this do? You can understand the individual and understand the hidden connections between various individuals and entities.
Instead of getting 95 percent false positives. That can be reduced considerably.
That takes a lot of the burden off industry, to find everything manually, with the pressure on humans to always make the right decision.
It always takes some of the burden off of regulators, to find anything and everything that a bank AML program could have missed that was suspicious or potentially criminal money laundering activity tied to organized crime, human trafficking networks, grand corruption or terror financing.
It all adds up to giving better insights for law enforcement
13:00 – The beating heart of the AMLA. How to supercharge public-private partnerships? Consortium-based learning, analysis – data across multiple banks.
One of the biggest industry challenges is silo busting. That needs to happen at the institution level and across multiple banks in multiple jurisdictions.
The issue at hand: Sometimes banks are structed in a very rigid way, here is way KYC team, here is my fraud team, here is my AML team. They probably don’t even know each other.
Criminals are not going to one bank to do all of their money laundering institutions. It’s not a one stop shop at one institution.
You need to understand the entity. You need to understand the transactions. And you need to understand the control infrastructures in place.
One of the challenges for the industry as a whole is really following the flow of money across multiple institutions as criminals use them to obviate the money trail. We need to find a better way to follow that money when it goes from one bank to another.
16:00 – We have to find a way, a better way of finding the flow of money.
This can be done through 314(b), but maybe under the AMLA, that becomes compulsory rather than just voluntary. That might be something that actually happens.
But right now there are other ways to share data.
You can apply machine learning across multiple institutions and then got some kind of insights from that. Federated learning is a noninvasive way of getting information from individual institutions without breaking any kind of data privacy laws.
Finding what those insights are where the whole sector can benefit.
We have also seen regulators pushing AML sharing utility programs. In the Netherlands there was one specifically about transaction monitoring. In the Nordics, one on KYC. And the Monetary Authority of Singapore also on KYC.
Technology, encryption, homomorphic encryption without infringing on any data protection legislation.
18:00 – What does a good SAR look like?
We spoke to FinCEN about this in 2020, but what does good look like. What does a good SAR look like?
A lot of banks feel like they file SARs with the regulatory agencies, but they don’t here anything back.
There is a lock of feedback from law enforcement and regulators back to financial institutions. If we can do that securely, banks can better tune their systems more effectively to detect financial crime in the future.
But it’s all about breaking down silos, both in the institution and the stakeholders fighting financial crime more broadly.
20:00 – One of the biggest questions that we get: what are other banks doing?
The two biggest questions banks ask: what are other banks doing and what do regulators want?
Not sharing how to structure an AML program is not a competitive advantage.
Sharing the AML secret sauce, insight, knowledge and best practices, will not dramatically change the fortunes of banks, but it could dramatically improve our capability to detect financial crime.
Getting them right is good for everyone. A rising tide lifts all ships.
22:00 – Going from an “adequate” AML program to an “effective” one, what it looks like in practical steps.
How do you make the jump from having a fincrime compliance program that is adequate for examiners but considered effective from the perspective of value and creation of relevant and timely intelligence for law enforcement?
AML can’t be a tick boxing exercise. We know we have to cover all of these things, so we put them in place, whether they make sense or not.
The change is focusing on the big concentrations of risk. Is it meaningful to meet that risk that you identified?
Instead of just having controls to have controls, you need to really look at the broader law enforcement priorities, bank priorities and concentrations or risk.
What is the focus? If it doesn’t meet those objectives, then redirect and reprioritize, reestablish what is the priority and what is the focus. If it doesn’t meet those requirements redeploy those resources in the right way.
24:00 – The second big thing is silo breaking.
There should be a dialogue between departments to better understand concentrations of risk and not have investigations run in parallel. The is a multiplicative effect when efficiency combines with effectiveness
25:00 – The third thing is the technology.
You need to choose the right technology to do the job, rather than just a rules based approach because that 10 – 15 years ago, that is the only way we could do it.
27:00 – What does the future hold? Regulators getting out of the way – or judging you as ineffective?
It might be a little bit of both. The regulators are willing to do more pilot projects as partners, but they will still come in, still examiner and hand down fines if they banks are willingly or not, failing to have a strong program.
29:00 – A major pitfall for effectiveness: the sliding scale of what is, and is not, “reasonably designed.”
While many banks and regulators appreciated the Wolfsberg Group parsing out what the biggest institutions believe what effectiveness is, a particular persnickety piece of wording: reasonably designed.
32:00 – When it comes to crafting international AML programs: Think globally, but act locally.
Look at the larger trends, such as the top recommendation and guidelines from the Paris-based Financial Action Task Force (FATF), which sets global AML rules, and at the same time, review what are the biggest changes that have happened, or will happen, in places like the United States, the EU, and other major economies.
Then overlay that with regional trends, like Asia, the Middle East, and such, and then finally weave in local laws in the areas you are operating.
Also watch out for crypto, some countries say they are in, then out, then back again.
34:00 – The Pandora Papers: How opening that box can affect fincrime compliance programs.
In the world of evolving and revolving, rising and receding risks, these historic leaks, tacit negative news dumps, can shade and change the rankings of customers and companies – even if they didn’t technically break the law and require an immediate de-risking.
About the speaker: Stephen Taylor, General Manager of AML, NICE Actimize
Taylor has worked within the global financial services industry helping firms manage their risk and compliance obligations for more than 20 years. He has held a variety of key roles in product management and business development.
He started his career at Lexis Nexis in London providing legal and compliance information to the top five law firms, known as the “Magic Circle.” While at Lexis, Taylor helped develop several of the company’s initial online research engines and legal data solutions.
After Lexis, he moved to a small London-based startup called Complinet, where he headed up product development for their Reference Services and AML products. The business quickly expanded and was eventually acquired by Thomson Reuters in 2010.
After Complinet, Taylor joined Wolters Kluwer and became the Global Market Manager for their GRC product (OneSumX).
Taylor’s last position before joining NICE Actimize was Chief Commercial Officer for MyComplianceOffice (MCO).