Artificial Intelligence, Machine Learning and Anti-Money Laundering (AI/ML & AML)
The laundering of money has now become the leading source of compliance fines for North American and European financial institutions. In 2016, regulators and governmental agencies levied fines in excess of $42 billion. In addition, it is estimated that each year, money-laundering transactions account for around $3 trillion or about 5 % of global GDP.
Even with these staggering numbers, estimates are that only about 1 percent of illicit global financial flows are ever seized by the authorities.
AML operations in banks consume an inordinate amount of manpower, resources, and capital to manage the process and comply with the regulations. The savings can run in the millions and in some cases billions of dollars in direct costs. As we have seen in many recent cases, reputational costs can also carry a hefty price.
Also, the alphabet soup related to anti-money laundering (AML) that financial institutions must deal with keep getting bigger. In recent years, financial institutions have navigated through a rising tide of regulatory obligations and compliance requirements counter-terrorist financing (CTF), Bank Secrecy Act (BSA) and Know Your Customer (KYC).
Given the plethora of new tools the financial industry has available, the potential headline risk, the amount of capital involved and the tremendous costs in the form of fines and penalties, this shouldn’t be the case.
Banks and financial institutions should be further along in their development of AML and compliance tools. Artificial Intelligence and Machine Learning offer a variety of possibilities to enhance, automate and improve the detection of fraudulent transactions and money laundering activities. However, despite some low hanging fruit opportunities to use AI/ML for AML, adoption of AI/ML has been slow. There are a couple reasons for this.
(1) A limited understanding of the application of AI/ML within the context of AML compliance programs;
(2) the notion of AI/ML being a “black box” where the inner workings are not clearly understood by business people, regulators, and compliance officers; and
(3) The cautious tack taken by regulators requiring compliance officers to demonstrate understanding and provide validation about the results provided by the models.
These are some of the reasons why banks are moving slowly. Now, let’s now analyze how AI/ML can help financial institutions get out of the rut:
A recent survey of large financial institutions by PwC has shown that of transaction alerts generated by banks’ current anti-money laundering detection efforts 90 to 95 percent of AML alerts were found to be false positives.
To complete due diligence reviews of the hundreds of thousands of alerts produced monthly under current AML detection programs, financial institutions must employ thousands of personnel (both internal and external) at a cost of hundreds of millions of dollars per year. Even a small decrease in the number of false positives generated can save firms millions of dollars while enhancing the overall efficacy of the program (meaning catching more bad guys).
Machine learning has been shown to be particularly useful in conducting suspicious activity monitoring. A common challenge in transaction monitoring, for example, is the generation of a vast number of alerts, which in turn requires operation teams to triage and process the alerts. AI/ML models can detect and recognize suspicious behavior and furthermore they can classify alerts into different classifications or “buckets” (For example, critical, high, medium or low risk). Furthermore, we can apply heuristics to these alert classifications to determine the “Next Best Action” (NBA) for those alerts. For example, for the low-risk alerts, we might be able to automate the alert processing but critical alerts might be routed to senior analysts on a high priority to immediately investigate.
Another application of AI/ML is in the generation of the alerts themselves. Traditionally these alerts have been generated based on a set of rules most of which are hand-coded and a few rely on rudimentary data mining and statistical techniques. Some of these rules are obvious and are based on the value of a single input parameter or feature. For example, a $100,000,000 transaction should draw much more scrutiny than a simple $100 wire. Or if someone is trying to send money to North Korea that might immediately draw flags. However, certain transactions should need to be scrutinized because of a subtle combination of the features. After all, there is inherent motivation to disguise and hide money laundering transactions. In addition, bad actors continuously come up with new and innovative ways to stay one step ahead of the monitors. If the monitoring system is based on how people have been able to beat the system in the past, it will fail to find new methods and techniques to cheat the system. This is a limitation can be overcome by using advanced AI/ML techniques and models. If the system is engineered to detect anomalies rather than to detect past patterns, it will have more success of detecting old as well as new money laundering techniques.
Robotic Process Automation
- Customer Due Diligence (CDD). Use cases within CDD include customer setup, onboarding, refresh and enhanced due diligence. During refresh, for example, RPA can be used to validate existing customer information, pulling customer data from various internal repositories to verify the customer’s information or to hand off to an associate for review. Combining several internal and external sources available for customer verification, RPA can be leveraged to search internal data repositories as well as approved third-party data sources for customer information. RPA can also automatically send emails to frontline staff and customer s, requesting necessary “Know Your Customer” (KYC) documentation.
RPA can also be used to capture screenshots of the customer information that was collected and verified, and based on the information received during the onboarding or refresh processes, it can manage further due diligence based on the customer’s risk level.
- Customer Screening. RPA can help compile and consolidate customer information from multiple databases and hubs and send to screening vendors or compare directly to watch lists. RPA can also perform first level reviews and determine if screening results are “actual cases” or “false positives” based on predetermined business rules. As is the case with CDD, RPA can manage screening based on the customer’s risk level.
- Transaction Monitoring. The most important use case in transaction monitoring is “alert review”. Screening systems can generate thousands of duplicate alerts that must be examined individually by investigators. RPA can identify repeated alerts, check for changes in status, and take action to close without involving the investigator. RPA can also manage the data collection process for suspicious transaction alerts, handing off to associates to review or closing the alert on its own, based on predetermined business rules.
This eliminates simple reviews and data gathering, leading to a lower rate of human error and a clearer focus on higher risk transactions. Many financial institutions struggle with a lengthy backlog in their alert queue. An analytics-based method can be used to detect and aggregate false positives, with RPA taking the output from this analytics solution to update and close cases in batch.
- Offboarding. Institutions determining when to close accounts or when to place a customer on a “Do Not Do Business” (DNDB) list can use RPA to check the client’s account status and provide insights on account activity. RPA can take over the manual process of updating restriction and closure codes to help reduce errors and automate mundane tasks. Based on business rules, RPA can proactively monitor and prevent transactions with specific clients on the DNDB list.
AI/ML technologies can effectively improve, automate and optimize anti-money laundering transactions. These technologies can scale to handle the volume, velocity, and variety of data that is generated by the today’s financial institutions while being able to counter the ever-evolving approaches of bad actors to money laundering. For financial institutions, the time is now to deploy AI/ML into their ecosystems. AI/ML offers real solutions to reducing risk related to financial crimes, fraud, compliance, and AML.