In the last two decades, regulatory bodies that oversee anti-money laundering (AML) policy, have tightened enforcement considerably. Over the 10 years to 2019, fines imposed by global regulators to banks for failure to comply total over USD 342 billion. The message is clear: regulators expect Financial Institutions (FIs) to do more in their fight on financial crime and contribute to reducing the amount of money laundered every year, which, according to recent (approximate) estimates, amounts to about 5 percent of the world’s GDP.
Working towards the solution, FIs, along with implementing fines for non-compliance with the regulators, are also investing heavily in expensive systems and processes that will support them in mitigating money laundering risks and detect suspicious customer activity.
However, this approach so far has proven to be largely inefficient, and has a negative impact on the overall customer experience.
In our opinion, assessing customer risk is the first and foremost factor that can help FIs mitigating their financial crime risks and simultaneously improve effectiveness of transaction monitoring (TM). That said, it is crucial to understand the technology challenges that need to be addressed to make sure an effective customer risk assessment (CRA) process is put in place.
In our opinion there are three key challenges in the way FIs assess customer risk that need to be addressed:
- Poor data quality – Accessing good quality data is critical to assess customer risk. The data acquired during the on-boarding process by FIs is limited to static data and often resides on legacy systems or is stored in obsolete data marts. Alongside this the customer’s transactional behaviour, once commenced, is not captured to full effect as the transaction attributes used to monitor behaviour are limited, of poor quality and not widely assessed in the context of the customer risk profile. Data throughout an organisation is kept segregated in different source systems and is not brought together to deliver a holistic and contextual risk profile of the customer.
- Limited/non-existent detection of customer changes – Currently, FIs rely upon obsolete and inefficient processes designed to detect and apply changes in the customer data and profile (e.g. change of address, change of employment/nature of business, etc.). These rigid detection rules fail to proactively apply risk changes in customer data and hence, are inefficient and ineffective in providing a timely assessment of customer risk based on the changes in their profile and behaviour.
- Lack of a holistic view of customer behaviours – In our experience, we have witnessed a lack of contextual monitoring as data is not routinely shared across and between internal organisational processes such as customer due diligence reviews and transaction monitoring investigations. These limitations are further compounded by limiting access to the internal data itself which means the organisation is not monitoring for risk in a wider and more enriched data set, that it holds, such as IP addresses and mobile devices. Organisations do not routinely see connections and relationships between customers owing to the limited data being accessed and the way it is monitored.
- Limited data sharing between financial institutions - there is limited customer data sharing among financial institutions that critically hinders banks from building a fuller picture of the customer’s financial behaviour thus narrowing the risk factors that can influence the current customer risk assessment.
In recent years, we have observed emerging trends that address some of the challenges outlined above. Critical to the emergence of these trends is the development and application of Big Data, Artificial Intelligence and Machine Learning technologies in the context of anti-financial crime. Addressing the problem, these technologies are making the process simpler and more efficient.
- Improvements in data foundation – Financial institutions are directing significant investments in improving data quality and management, facilitating the sharing of data across the organisation by utilising data lakes accessible to the whole enterprise. Furthermore, field experts in the fight against financial crime translate their insights of known criminal and suspicious behaviour into data indicators so that data engineers can then capture these as red flags and convert into data features to be used and analysed by the FI’s data scientists, intelligence and investigation teams.
- Detect changes in customer behaviour – Recent solutions enable financial institutions to ingest, process and analyse internal and external customer data in near real-time. There have been some RegTech firms that are able to build detailed customer profiles and generate alerts whenever an anomalous or significant change in behaviour is detected. The approach creates a holistic picture of customer behaviour and context to enrich review processes and obtain a fairer assessment of the risk posed by each customer based on the behaviour displayed. Only targeted changes in customer data and/or behaviours that constitute a material financial crime risk for the FI generate near real-time requests for an in-depth customer due diligence review. This real-time element is important as it will help ensure that potential high risk changes are identified and investigated in the shortest timeframes possible; reducing the bank’s overall exposure to financial crime risks.
This approach enables banks to fine tune their risk assessment towards a more holistic contextual assessment of the customers’ behaviour over time, not just relying upon a single customer transaction or a piece of information collected during a periodic review of the customer’s file.
- Data Sharing though Privacy Enhancing Technologies (PET) – PET techniques are a family of developing cybersecurity techniques to store data in a form that enables FIs to share, analyse and process data without exposing raw information. Thus, the process is in compliance with data confidentiality and privacy requirements of a given jurisdiction and enables FIs, regulators and police forces to organise around a more effective approach to fighting against financial crime.
We believe that AI will enable the convergence of all financial crime related controls (money laundering, fraud, financial sanctions, market abuse and bribery and corruption, ) into a single, dynamic view of customer’s risk. Near-real time feeds from internal (transaction, customer, and product data) and external (news feeds, watch lists [and the wider regulated sector]) data sources help banks to keep record of recent and continuous changes in customer behaviours and events. This approach will enable banks to derive a near real-time customer risk profile to improve efficiency and effectiveness of their anti-financial crime systems, reduce operational costs and improve customer experience.