On July 1, the Financial Action Task Force (FATF) published its report on the opportunities and challenges of using new technologies to prevent money laundering (ML) and terrorism financing1. The FATF sets out practical advice on where financial services firms could use new technologies to improve overall anti-money laundering (AML) compliance. It also gave warnings on the potential pitfalls in using these technologies. In this article, we summarize the key observations made in the report.
It is recognized that one of the key challenges in implementing effective AML measures is a poor understanding of the ML risks and threats. Consequently, this has an impact on the quality of decisions made by firms regarding mitigation of these risks. One of the risks that needs to be recognized is the use of legacy systems, which in order to remain operational have to be upgraded with new algorithms or manually inputted information. While this may provide some level of comfort, the systems rarely allow for data to be analyzed on a large scale. This general weakness may result in the following two distinct problems for financial institutions (FIs), thus increasing the need for resources:
- Lack of capability to detect new or emerging risks
- Application of complex risk mitigation measures in lower-risk situations
The solution could be found in the application of AI, allowing for a quick and accurate analysis of large volumes of data and resulting in partial or full automation of the processes such as customer risk assessment or customer due diligence (CDD). However, the FATF notes that there is a degree of hesitancy within the financial services industry when it comes to the implementation of new AML technologies. The key obstacles noted include:
- Potential for supervisory criticism if a pilot of a new solution proves unsuccessful
- Potential for supervisory action if a pilot exposes gaps in an existing AML compliance program
- Emergence of additional regulatory expectations if innovative approaches are implemented
One way to overcome these perceived obstacles is for regulatory supervisors to engage with the industry to encourage the adoption of the new technologies.
New technologies are key in processing and analyzing large data sets to improve customer risk assessments, CDD and transaction monitoring. In turn, this can result in releasing human resources for more critical tasks, such as analysis of complex ML cases. There are three underlying technologies that could help FIs take advantage of these opportunities: AI, application programming interface (API) and distributed ledged technology (DLT).
Machine learning, as a subset of AI, is thought to offer the greatest advantage through its ability to learn from existing processes or data, reducing the need for manual intervention and improving the ability to filter out the complex cases requiring attention. Its key advantage is in detecting anomalies and eliminating duplicate information, thus improving data quality.
Natural language processing (NLP), another subset of AI, enables machines to understand, interpret and manipulate human language. The use of NLP can improve the effectiveness of fuzzy matching (e.g., in customer screening) and result in the reduction of false positives. Furthermore, there is a potential in using NLP to combine politically exposed persons’ (PEP) lists with internet search engines.
In transaction monitoring, application of machine learning and NLP may allow to carry out investigations with greater speed, filter out cases requiring complex investigations and increase conversion rate of alerts into suspicious activity reports.
Furthermore, in the context of remote onboarding and authentication AI, including biometrics, machine learning and liveness detection techniques can be used to perform micro expression analysis, anti-spoofing checks, fake image detection and human face attributes analysis.
A responsible and risk aware use of DLT has the potential to speed up the CDD process, allowing consumers to authenticate themselves and, through the use of smart contract, can allow for automatic customer acceptance. DLT can also have its application in information sharing amongst FIs. For example, in China, DLT is used to share customer watchlists and red flags within the confidentiality constraints built into the information exchange system.
APIs allow different software applications to connect and communicate. For example, through APIs, one can connect customer identification software with monitoring tools or risk and threats identification tools with customer risk profiles in order to generate alerts or alter risk classifications.
An area that provides one of the best case studies for the use of AI, DLT and APIs, and is widely adopted and supported in several countries is the use of Digital ID. The FATF has issued a dedicated guidance on the subject.2 Digital ID may improve customer access to financial services through mobile devices and smartphones while ensuring the security and accuracy of customer information through biometric information (supplementing personal identity information). There is also an opportunity to increase the diversity of data sources by collecting additional data from customers, with their permission, which ultimately strengthens the knowledge and ability to manage the business relationship. The examples of the use of Digital ID in practice include the eIDAS Regulation within the European Union and the National Digital Identity service MyInfo launched in 2007 in Singapore.
The FATF notes the following challenges in adopting new technologies to manage AML frameworks.
The supervisory authorities must provide more support to and engage with industry and technology developers in order to improve their understanding of the technologies and their benefits. There is also a need for the supervisors to quickly adapt their regulatory practices to the pace with which new technologies are introduced. The FATF highlights that while supervisors should be expected to understand the models used in AI tools, FIs should remain responsible for the technical details of the technologies, prior to their deployment.
The core operational challenges are identified as those relating to adapting the existing processes and practices to new and not-fully-tested systems. The cost of the technologies, the ability to train staff and the replacement of legacy systems are often difficult to overcome. An issue related to the standardization of data between technology providers and FIs, allowing to take full advantage of APIs, is also highlighted as a significant challenge.
There is a potential conflict between the benefits of adopting new technologies and assuring and protecting the privacy of consumers and their data. The growing use of technology has raised a number of ethical and legal concerns that have generated widespread calls and numerous workstreams to develop appropriate government and private sector standards and safeguards. Furthermore, while algorithmic decision-making may seem to offer an objective way of overcoming human subjectivity and prejudice, researchers are discovering that many AI algorithms replicate the program developers’ conscious and unconscious biases and apply them at scale to unfairly target the financial activities of certain types of individuals or entities.
Technology Risk Assessment
It is important for FIs to continually examine the effectiveness of the new technologies to detect and combat ML risks through risk assessments. FIs should also continuously assess whether there is any residual risk arising from the implementation of the solutions, thus ensuring there is no over-reliance on technology.
How We Can Help
Kroll assists a wide range of financial services firms to identify, remediate and manage regulatory risk in their businesses, including developing risk assessments and sound due diligence and monitoring practices that are tailored to individual firms. We operate globally, meeting our clients’ diverse needs and giving us exposure to risks associated with different countries. We often undertake reviews and recommend style assessments for firms identifying hidden gaps in financial crime systems and control frameworks and provide tailored and practical recommendations on how to address them.