Machine Learning and AML
How Technology is helping overcome AML Challenges
World is a not flat
No matter how much the globalisation theorists may want you to believe, the world post 9/11 is no longer flat but rather becomean undulated surface. 2008 recession has only added fuel to the fire. On one hand,the growing threat of terrorism has made us increasingly insecure and paranoid, on the other, many nations are responding to continued recession, economic disparity and unemployment byraising new barriers, under the garb of nationalism. While the liberals may be enthused by the digitally linked globe and still swearing by the global bonhomie, thefears of conservatives may not be all wrong.
When the systems were archaic, the impact of any misuse was also limited and localised. However, in an interconnected world, smallest of breach can snowball and can be exploited for ulterior gains. It’s a dichotomy that while digitalisation is a tool for democratisation, it has also been used as a weapon to spread hatred and undertake large-scale money laundering to support the terrorism and drugs machinery.
As per the UN Office of Drugs and Crime estimates, the amount of money laundered globally is anywhere between 2 – 5% of global GDP, or $800 billion – $2 trillion per annum. Other estimates put it to $ 2.5 trillion, almost the size of India’s nominal GDP.
Rapid change in technology paradigm is making even the best of financial institutions and government agenciesunsure if they can have an edge over the new age launderers and for how long.Data breaches and system hacks are the new normal. New cracks and loopholes appear every day.
‘The new theater of war is the modern financial infrastructure’,says Tom Lin in his article titled ‘Financial Weapons of War’. And in this war of good against evil,the reluctantbanker has been pushed to the frontline.
Bankers dont maketh a valorous warrior
2008 has upended many variables in the profitability equation of banks. Rapid technology advancement and consequent disruption has put their legacy systems on the edge of obsolescence. Increased competition, lower credit offtake and poor sentimentshave impacted the margins adversely. While much of this may appear to be asequential trough in the economic cycle, there is a black sheep in the lot-Compliance costs.
To their credit,Banks have tried to adjust – shutting businesses, closing branches, exiting locations and right-sizing workforcebut thespiralling Compliance costsate up all the benefit.The mortgage crisis and sanctions related investigations revealed material lapses on part of the banks. The consequent regulatory push to make Anti- Money Laundering (AML), Countering Financing of Terrorism (CFT), Fraud prevention, Tax evasion and Regulatory Reportingpracticesairtight,led toa frenzy to augment their compliance departments.Citigroup, for example, increased its risk, regulatory and compliance team from 14,000 (4.3%) in 2008 out of total 3.23 Lakhs employees to 29,000 (13.2%) in 2016 out of 2.19 Lakhs. It’s a similar story for other banks. Over the last few years, banks have paid$ 321 Billionin compliance related penalties while simultaneously grappled with the cost of implementing FATCA, CRS and numerous other country specific regulations.The trend isn’t waning.
The 2016 Thomson Reuters Cost of Compliance Report noted that 69% of the institutions surveyed “are expecting regulators to publish even more information in the coming year, with 26 percent expecting ‘significantly more’. “ and “three-quarters of firms are expecting the focus on managing regulatory risk to rise in 2016.”. A WealthInsight reportestimatesthe AML compliance costs to grow at CAGR of 8.86% to $8.2 Billion in 2017.
It is obvious that suchen masse hiring and high cost to win the war against money laundering is unsustainable. May be the traditional approaches to regulatory and AML compliance are inefficient. Or maybe the regulators have chosen a wrong warrior to man the border outpost!
How banks check money laundering
Banks broadly use a3-pronged strategy to check money laundering and fraud
1. Profiling: Banks undertake KYC (Know Your Customer) and CDD (Customer Due Diligence) to identify linkages, ultimate beneficial owners (UBO), establishlegitimacy of business and source of money.Some categories likePEP (Politically exposed person), Public Figures, Money Services et al are then assigned a higher risk grading. This Risk Based Assessment (RBA) grading determines the intensity with which to monitor therespective customer account.
2. Transaction monitoringof inflows and outflows in the accounthelps to identify anomalies. The back-end systems screen the transactions on pre-specified rules like spike in the value or volume of transaction or the counterparties the customer is dealing with. These checks are based on materiality thresholds, decided either by the bank officials or guided by regulators(For example,Reserve Bank of Indiastipulates monitoring ofcash transactions above 10 Lakhs or like theBank Secrecy Act(USA) mandates transactions above $10000 to be verified.)
3. Database match with negative lists of various institutions including Interpol, OFAC, FATF, EU, ECGC, RBI et al to filter out obvious defaulters and criminals.Banks also use database screening services like World Check or Factiva to identify any other linkage to politicians, public figures, sanctioned jurisdictions or criminalsandperform basic web or media search for any negative news.
Overall, the banks performscreening at Transaction level, Account level, Customer level and Industry/Peer group level. Anomalies thrown up by all these checks are then manually verified, first by the front-end teams and subsequently by the compliance staff to determine the veracity. Any transaction assessed as suspicious is reported to regulators through a SAR (Suspicious Activity Report).
While this approach hasevolved over time and helped in reducing money laundering, the significant amount of manual check and judgemental bias reduces consistency and ultimately fails to provide an effective and efficient AML system.
Challenges to AML process
The legacy systems have various shortcomings, causing numerous challenges in creating a robust AML system.
1. Large no. of transactions:As per the Capgemini’s World Payments Report 2016,the global non-cash transaction volume in 2014 stood at 387.3 billion and estimated to be 426.3 billion in 2015. It continues to grow with increasing digital penetration in the emerging economiesand growth of wearables and biometric enabled payments systems convert more and more cash transactions to digital. Put shortly, the transaction data is too huge to be screened comprehensively.It’s difficult for any large bank, with millions of transactions per day,to screen all the transactions in a short time-window using legacy system, especially when market is increasinglydemanding real-time settlement TATs (Turn Around
Time). The alternative is to perform sample based checks, which leads to miss-out.
2. Assessment based on past trends:One significant drawback of the legacy AML systems is that these are designed to monitor known behaviours based on past trends. Much of this is judgemental, based on amount thresholds or spike in transaction value and volume. The criminal minds, however, have enough incentive to work out elaborate schemes over long periods and continuously find new loopholes.Smurfing, for example, is a common tool used by money launderers, where they deposit small amount of money in multiple accounts over a long period of time. Since there is an established regularity of transactions, most of them being of small value, a rule-based system may not find any anomaly for long periods.
3. False positives:A major challenge with the generic rule-based systems is the large number of false positives they throw up. This is a huge productivity loss since each matchneeds to be manually vetted by the bank employees, requiring discrete customer interviews and EDD (Enhanced Due Diligence) to ultimately conclude that the transaction is genuine in 99% plus cases. As the bank is screening an extensive data set and verifying it manually, such a practice may be somewhathelpfulbut iscumbersome and highlyinefficient.
4. New Payment methods: The innovation in payments has opened new avenues for the money launderers. The increased penetration of mobile banking, pre-paid cards and credit cards hasimproved the hit rateof finding gullible people forskimming, phishing attacks and identity theft.The advent of cryptocurrencies like Bitcoin poses another big challenge and beyond the control of banks as these are Peer-to-Peer, completely anonymous with no engagement of formal banking system. The 2010 FATF report on Money laundering using NPMs articulates the dangers, “Anonymity, high negotiability and utility of funds as well as global access to cash through ATMs are some of the major factors that can add to the attractiveness of NPMs for money launderers. Anonymity can be reached either “directly” by making use of truly anonymous products (i.e., without any customer identification) or “indirectly” by abusing personalised products (i.e., circumvention of verification measures by using fake or stolen identities, or using strawmen or nominees etc.)”
5. Skew towards structured data:Much of the statistical assessment to correlate various money laundering indicatorsis done based on the structured data available in the form of account statements, customer forms or external sanctionor negative lists.This gives only a partial picture as most of the structured data is conspicuous to the criminals and therefore may bestage-managed. While analysis of such data doesthrow up some correlation, it may be insufficient to establish causation, leading to multiple false trails and redundancies.
6. Data Silos: Thetechnology landscape in a bank is typically a patchwork of varied platforms, sourced from multiple vendors. In a universal bank, for example, while Commercial Banking may be using a specific CRM or work-flow system, the Retail Banking may have another platform linked to core system for transaction processing and customer lifecycle management and all these may have no relation with the trading or tracking system used by Treasury. While this creates a challenge of interoperability, the problem from AML point of view is to integrate the data generated from each. This data integration takes time, causing significant lag in creating a comprehensive MIS, much after the event has already happened.
7. Every bank is an island:There is limited interaction between the banks to share their AML best practices and a launderer can always move banks in case they feel the bank is getting suspicious or asking too many questions.The information of attempted frauds or lapses does get centralised with regulators(like the Central Fraud Registry of RBIor the list from Financial Action Task Force (FATF), a global inter-governmental body) but is available for use only much later. Areal-timeentity-level alert system may help plug the gaps across banks.
8. Manpower dependence:Since time immemorial there are numerous stories of money launderers conniving withthe bank employees to falsify or omit key details or data points which the bank systems are designed to check.As per a recent RBI report, during April-December 2016 a total of 450 employees from various public and private sector banks were found involved in cases of fraud totalling to 3,870 cases and value of Rs17,750 core. Similarly,in 2014-15 BNP Paribas was found guilty by the US authorities of deliberately omitting key details in transactions pertaining to sanction countries like Iran, Sudan and Myanmar. They were fined $8.97 Billion and faced a one year suspension on USD clearing.
9. Training gestation:Acorollary to high manpower dependence is the difficulty in hiring resources with right skill set. The compliance staff isnot only required to understand and implement the ever-changing internal policies but also needs to keep abreast with the ever-evolving regulatory guidelines. Banks must ensure the staff is trained regularly to build required internal expertise. These trainings are, however, not limited to compliance teams alone. The front-end relationship managers, service managers, tellers et al act as the First Line of Defence against money laundering and need to be sensitised and updatedregularly. This implies long training gestations and ever increasing budgets.
How technology is helping overcome AML challenges
While the challenges abound and complexity continues to increase, thankfully the technology advancement in the last decade is empowering the banks with new tools to tackle the menace.
1. Ability to process large data on the fly: With the advancement incomputing ability, storage capacity and big data analytics,largetransaction sets can now be screened in real time and in a cost-effective manner. As per the reports, the new age chips have reached a level of processing 1.78 trillion instructions per second.This is critical considering banks have a small window to provide Go No-go authorisation as more and more transactions are now required to be processed in real time. Even the postfacto analysis of historical datacan be done much faster and with multiple variables in a much larger data set.Banks need not be restricted by the sample-based checks.
2. Better Data visualisation:The biggest spin-off of the advancement in analytics is the improvement in data visualisationtools. With theadvanced graphical representations, the compliance teams and senior management can see comprehensive dashboards derived from the large amount of transaction data. These tools not only improve visualisation and identifying patterns but are also interactive, thereby enabling deeper data mining and querying capabilities.This helps identifyinterlinkages between accounts, which were otherwise hidden under layers of multiple entities and simply overwhelmed the system.
3. Predictivemodelling: The advancement in statistical modelling toolsis helping banks to proactively identify the problem areas.The clustering techniques bring the capability to easily modulate a multi-dimensional data.For example, proximity analysis may indicate thatseemingly unrelated entities in the same locality may really be a case of layering. Using such tools, banks can red flag geographical, demographic or transactional clusters.As machine learning improves, the response timesreduce and system becomesincreasingly better as more data is fed in. With further advancement in neural networks and Artificial Intelligence, these AML systemswill go beyond anomaly identification and acquire the ability to accuratelyjudge the probability of transaction being genuine or fraudulent/laundering.
4. Unstructured data assessment and Behavioural profiling:The negative fall out of the growth of internet has been the loss of privacy. Every time you are on web, you leave a trace. This is true even for the criminals who use various facades to layer their organisation, linkages and assets. A variety of tools are now available toanalyse social media and web feeds, perform text analytics or assess call centre records. These off-the-record inputs help build a behavioural profile of the customer and bring better predictability to AMLsystems.
5. Development of RegTech and Edutech :In 2016, JP Morgan spent around $325 Million in training and development. While there are no clearestimates, it is safe to assume that push on compliance has increased the training costs significantly as almost entire staff is required to be trained both on internal and external policy changes. However, with the increasing use of webinars and e-trainings, it is becoming easier to disseminate the information in a cost-effective way. The availability of Virtual Reality (VR) tools will further make these trainings interactive, personalised and effective, obviating the need for classroom sessions.
The increasing legal and regulatory complexity is another challenge for the banks and they spend significant amount of money in consultant and lawyer fees. With the development of Regulatory Bots, banks will be able to determine the legality of a transaction without waiting for days for internal& legal teams to respond. RegTech tools like Suade, Silverfinch, Osis and many others are already aiding automation of regulatory reporting while simultaneously reducing costs and improving accuracy. These may ultimately become a bridge between regulators and banks to deal in real time.
6. Blockchain and Smart Contracts: Beyond Bitcoin, one of the important use case of Blockchain is its ability to tamper-proof documentation and contracts. It is already being experimented with Ripple, Ethereum and other such platforms offering blockchain based KYC and Trade transaction solutions. Mixed with good AML practices, blockchain can provide a fool-proof way to make identity duplication, forgery and omission nearly impossible.
But the onus is still on banks
As inventor and futurist Ray Kurzweil predicts, the machines are likely to become as smart as a human brain by 2020. The fears of evil AI taking over the world may make you even more paranoid. But the dangers posed by human to human is no less worrying. It seems for the AML cause, technology will benefit us more than it will hurt by AML processes much more robust and making life a bit difficult for the criminals. Although, some of the development are still nascent and may take some time before they become mainstream. But clearly, the onus is on banks. I’m hopeful that 2017-18 will see a change with more and more banks adopting new age tools, invest in technology, encourage innovation instead of blindly hiring more compliance staff.