In a regulatory environment which demands ever higher standards for anti-money laundering (AML) compliance, many financial institutions have responded by significantly increasing headcount in their AML functions, often at significant cost. However, an investment in headcount alone may not yield the desired results, as it may lead to a large number of false positives while still missing signs of sophisticated money laundering schemes hidden within large volumes of unstructured and unorganised data.
As criminals become increasingly sophisticated and adept at evading the scrutiny of traditional AML controls by using complex and intricate networks of companies and cross-border transfers, financial institutions have often struggled to keep pace.
To deal with these problems, more financial institutions are integrating big data analytics and artificial intelligence (BDAI) solutions into their AML controls and processes, and some regulators have also encouraged greater industry adoption of such regulatory technology (regtech) solutions.
BDAI and AML compliance
One global bank recently deployed BDAI in AML surveillance for its global trade and receivables finance business. The BDAI-driven AML compliance system combines the bank’s internal data on a customer, such as their identity and transaction information, with external data sources, such as company ownership, in order to identify hidden relationships between the customer and its counterparties, and sophisticated payment networks. The data points are screened by BDAI systems against dozens of scenarios that are indicative of possible money laundering activities, such as smurfing and structuring, or false invoicing. After suspicious customers or transactions are identified during BDAI screening, human analysts would then investigate the matter with the assistance of BDAI-driven analysis which can quickly show payment patterns and relationships that may otherwise be lost within vast volumes of data.
Given the high volume, velocity and variety of data that needs to be analysed in the case study above, traditional database software and human analysts would be poorly-suited and inefficient for such tasks. Additionally, traditional rules-based transaction monitoring may perform poorly at identifying sophisticated money laundering schemes designed to evade monitoring thresholds, and, may also generate too many false positives, therefore diverting resources and attention away from investigating transactions which justify closer scrutiny.
However, although there are significant advantages to using BDAI as a tool to fight financial crime, institutions should also be aware of the potential challenges in adopting BDAI for AML compliance, as well as how they can satisfy regulatory expectations in the use of BDAI.
Challenges in adopting BDAI for AML compliance
Although there are significant benefits from proper adoption of BDAI for AML compliance, some financial institutions may face challenges in effectively implementing such systems.
|Poor quality data and data silos||An impediment to using BDAI is poor-quality data, which can seriously hamper the usefulness of BDAI-driven decisions. Some financial institutions also have the legacy problem of data silos, whereby data collected over many years from different data sources by different departments may be stored in a fragmented and unstructured manner. Without consolidation and centralisation of data, institutions may not realise the full benefits of BDAI.|
|Ethical use of BDAI and data||There is growing awareness of ethical issues in the use of BDAI, such as the bias in BDAI systems when used improperly, which may result in discriminatory or other adverse decisions being made against individuals. Biases can arise because of bias in the data pool, bias in algorithms, and human bias influencing the design and implementation of BDAI. For example, an algorithm may yield poor results if decisions are based on patterns with little meaningful predictive value. In the context of AML compliance, this could lead to unfair and possibly discriminatory outcomes where certain groups of people are excluded from participating in the formal financial system.|
|Limitations on use and transfer of data||Data privacy legislation and regulations are undergoing reforms in many jurisdictions with a trend towards enhancing protection of personal data, and giving individuals greater control and ownership of their data. These reforms may limit the use and transfer of data, which may complicate the deployment of BDAI. Technology companies are developing solutions to address this, for example, a Singapore-based bank partnered with a semiconductor chip manufacturer to adopt a federated analytics model which facilitates the sharing of algorithms across borders (designed to draw out specific insights, indicators and patterns to identify money laundering activities), but without the need to share data subject to privacy and data protection regulations.|
|Regulatory expectations and accountability||Although regulators may encourage the use of regtech such as BDAI for AML compliance, institutions should bear in mind that they remain accountable for AML failures and should be prepared to demonstrate that its AML processes and controls are robust. Regulators are unlikely to accept an excuse that BDAI is a ‘black box’ as a reason for not being able to identify the cause of a compliance failure.|
Meeting regulatory expectations in the use of BDAI for AML compliance
Different regulators have taken a different approach with setting standards for using BDAI and other regtech in compliance. Some regulators may favour a highly prescriptive approach, with specific requirements on the technologies and specifications adopted, whereas other regulators have stated that they will adopt a risk-based technology neutral stance which does not positively or negatively discriminate against the technology used so as to not hinder innovation.
In the latter case, it is important that financial institutions take steps to demonstrate that their internal controls and processes remain robust after the adoption of BDAI.
Best practice checklist for implementing BDAI in AML compliance
- Financial institutions should implement appropriate governance, oversight and accountability frameworks, with the board of directors and senior management remaining accountable for BDAI-driven decisions and processes.
- During the planning, design and deployment of BDAI solutions, financial institutions should ensure that their BDAI models produce objective, consistent, ethical and fair outcomes, and comply with applicable laws and regulations. The BDAI system design should allow for human intervention to mitigate unfair BDAI-driven decisions where necessary.
- BDAI should be rolled-out in a gradual manner, ensuring that the models are explainable, and that BDAI-driven decisions are robust, with proper validation and review before launch.
- Financial institutions should maintain comprehensive and up-to-date documentation for all aspects of the BDAI system, including design decisions, results from validation processes and ongoing review, manuals explaining how the models operate, etc.
- Financial institutions should ensure adequate transparency and disclosure to customers regarding its BDAI applications, including informing customers that certain financial services are powered by BDAI technology, and inform customers of the mechanism for enquiring and requesting reviews of BDAI-driven decisions.
Explore our campaign
The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2021