NextGen AML: Technology driven

Endless possibilities

The Regtech market is awash with new applications that can make an FI’s AML processes more efficient and effective. As discussed in our previous blog, technology is vastly improving data collection, processing and validation. But where technology really makes a difference is in data analytics. Artificial Intelligence (AI)-based solutions can analyse data and detect irregularities much faster and more precisely than humans,. What’s more, the self-learning models can increasingly recognise and ignore false positives, leaving AML staff more time to focus on the true hits.
These are some of the hottest technologies that have already delivered meaningful results and are promising more in the future:

1. Advanced entity resolution enables fully holistic client views and provides context to individual client attributes and transactions;
2. Machine learning predicts risk scores on alerts and sorts them by priority (supervised machine learning) or detects unknown risk signals and finds new patterns (unsupervised machine learning/anomaly detection);
3. Network analytics make it possible to follow unusual money flows end-to-end and analyse complete networks and communities on unusual patterns;
4.  Recognition systems (e.g. facial recognition) can verify identity in a smooth client process with much better certainty than traditional human judgment;
5.  Orchestration engines combine a range of risk signals (fraud, AML, extraction requests, sanctions, etc.), making CDD processes faster and more effective.

The benefits of technology like this are spectacular, but not necessarily futuristic: in many areas (also beyond AML), FIs are already applying these methods with the utmost caution and with great success. However, there is no single technology providing a solution for all AML business problems. The AML tech stack of the future will therefore contain a combination of various technologies and models (including traditional business rules). Rather than each FI choosing its own favourites, it would be good for them to compare notes, pool talent and develop collective solutions, also involving the public sector parties. For example, it would be great to maintain an “AML github”, secured but open to all ecosystem partners and including pieces of code that operationalise the newest typologies and models. TMNL, which monitors the transactions of five Dutch banks, is in that context a best practice worth copying in other areas.

Legacy woes

To make the most of these advanced technologies, FIs first have a big hurdle to overcome: IT legacy. When computers made their entrance in the world of business, FIs were among the early adopters, building big mainframes to handle their administrative processes. Over the decades – as FIs went through mergers and acquisitions, as new technologies emerged, as regulations changed and quick fixes were applied – their IT infrastructures grew organically into a “spaghetti” of older and newer software applications. Looking specifically at AML, FIs have collected a basketful of separate applications for things like sanction list checks, KYC, transaction monitoring and FATCA compliance. Some bought new in the Regtech market, some just an existing program more or less successfully repurposed. Each add-on poses more risk to the stability and security of the legacy infrastructure, certainly given the vast amounts of data to be stored and processed. Moreover, as discussed in our previous blog, all those promising new technologies cannot work effectively with non-standardised, poor quality data scattered across such a system.

Long-term tech strategy

When faced with technology choices under increasing regulatory and public scrutiny, the temptation for FIs is to do what they have always done: step into a dozen different ad-hoc solutions for a dozen individual problems, based on department-level decisions. FIs would do better, however, to step back from day-to-day pressures and think at strategic level about how they want to be dealing with AML a decade from now. With a long-term vision in place they can develop an integrated strategy to reach that destination: NextGen AML.
Specifically, this means rethinking the IT architecture behind the AML solutions. Instead of a duck-taped landscape full of unexplainable dependencies, it needs to become a modular platform that can readily accommodate further innovations as they emerge. A platform that can continuously inherit, test and productionise these innovations. And it also means ditching ad hoc solutions in favour of a holistic approach, encompassing all AML needs (KYC, TM, sanctions) and possibly more (other client risk and business domains).
Given the need for flexibility, NextGen AML is almost certainly going to happen in the cloud. The transition to cloud that is ongoing in the financial sector will unlock new tech enablers for FIs and give a boost to innovation. With data and key AML processes on multi-modal cloud platforms, there’s no end to the incremental steps FIs can take to advance AI models and other functionalities. The AML cloud platform will be a key accelerator for tech innovation towards NextGen AML.

Regulator’s role

For all the exciting possibilities that new technologies offer to really benefit the sector, however, the regulator must also keep up with them and create regulatory scope for their application. Current supervision is focused on individual human-based processes, like periodic client reviews and transaction monitoring. If these processes become machine-based, the focus of supervision will have to shift to a higher and deeper level: model validation. To assess models, the regulators will need in-house AI expertise. And they will have to use this new expertise to set new standards and frameworks that will reduce regulatory uncertainty and thereby support and embrace innovation. It is an encouraging sign that the Dutch regulator is taking meaningful steps in this direction.
With this shift in focus, regulators will have to assess FIs’ performance differently: based on the effectiveness of the entire effort (for example model and data governance or orchestration of their signals) rather than on individual missed signals. For example, there is often discussion to what extent any new technology deployed must also be applied to historical data (lookbacks). Because the enhanced detection is bound to reveal irregularities that slipped through the net before, FIs, rather than being incentivised to innovate, are in fear of being penalised. In the US, proposals for a more balanced approach to innovation in AML, where FIs that innovate are given some room for error, have been received with great enthusiasm. Such an approach deserves consideration in our country as well.

Trust

The final question, then, is: how do all ecosystem players learn to trust these new technologies? Trust is an issue we cannot afford to ignore. Any application of AI that undermines trust will attract massive media attention and set back public acceptance of AI by years. An old-fashioned rules-based tool, despite its limitations, is perceived to be relatively transparent and explainable to both regulators and stakeholders. Unlike AI-based tools, which, if they are not adequately managed, documented and explained, can to non-experts be a black box . The challenge is to fanatically document the models and the underlying considerations, ensuring a clear audit trail that makes their operations explainable. The proposed EU legislation on Trustworthy AI offers detailed guidelines to avoid ethical pitfalls. As this field matures further, it will provide further foundation and trust for innovation.

In the driver’s seat

New technology is a must-have to lift AML to NextGen status. It has powerful potential to transform AML and change the way we do it, think about it, and look at the outcomes. There are risks, but with proper awareness and a concerted approach they can be managed within maturing frameworks. Fears of computers taking control are unfounded. Technology, even smart technology, supports rather than replaces human decision making, and humans will always remain in the driver’s seat. New AML technology is a car built for speed and performance. To perform to the max, all it needs is a brave and responsible driver, guided by clear ”rules of the road” and inspired by a culture and system of open innovation.

Read the following blog about taking a holistic approach on AML: NextGen AML: Getting there

Click here for an overview of the blog series