It is fair to say that the past four years have been challenging: Brexit, the COVID-19 pandemic, economic recession, unprecedented inflation and the war in Ukraine. Each of these events has paved the way for an uptick in criminal activity. The UK’s departure from the EU has resulted in a change in international trading relationships, providing more opportunities to criminals in countries that are more vulnerable to corruption. The COVID-19 pandemic has led to global supply chain challenges and an increase in scams, fraud and cybercrime. Moreover, the unprecedented nature of sanctions imposed against Russia has led to firms becoming vulnerable to the risk of providing services to sanctioned individuals or facilitating a transaction designed to circumvent sanctions. The list of reasons for increased financial crime risks is endless.
While financial crime is very often invisible, making it hard to identify, measure and fight, its impact is felt in many ways and affects individuals, communities, countries and businesses around the world. Governments introduce legislation and regulations to fight financial crime and rely on financial institutions (FIs), lawyers, accountants, estate agents, gambling firms and cryptocurrency exchanges, to name a few, to act as the gatekeepers of the financial system. As criminals often target FIs to act as facilitators in the perpetration of crimes, there is significant pressure on the financial services industry to put in place systems and controls which can detect and, most importantly, prevent financial crime.
Half of all participants surveyed are currently employed in the financial services industry. The survey revealed that 69% of respondents globally expected financial crime risk to increase over the next 12 months with a split between 26% expecting financial crime risks to increase significantly and 43% expecting financial crime risks to only increase slightly.
Additionally, respondents cited cybersecurity and data breaches as the main factors behind the increase in financial crime risk. It is not surprising given the growing diversity, complexity and volume of attacks, amplified by ongoing geopolitical tensions and the additional challenge of hybrid work environments post the COVID-19 pandemic.
Losing Ground in the Fight Against Financial Crime
Despite the increase in financial crime globally, it feels that regulators around the world are constantly playing a catch-up game and, ultimately, criminals are always a step ahead. In fact, more than half cite evolving technologies, digital currencies, data privacy and geopolitical tensions as challenges posed to governments in fighting financial crime.
We have seen in recent years an increase in collaboration between regulators and both the private and public sectors in the fight against financial crime. However, much more needs to be done to allow firms to share information amongst each other. Existing laws prevent cross-industry and cross-firm information sharing and, therefore, act as a blocker against this fight. Furthermore, certain countries are notorious for being quite secretive and not allowing any information sharing outside of their virtual borders.
Most survey responders felt that, in the next 12 months, the level of cooperation between regulators and FIs will not produce as much fruit as one would hope. However, 64% felt that the level of enforcement actions will continue to rise. Over the years, we have seen numerous enforcement actions against FIs; in some cases, multiple fines were issued against the same FI, and yet the level of crime increases, and the strength of systems, controls and processes is not enough to act as a credible deterrent against criminals.
In the UK, the Economic Crime and Corporate Transparency Bill has introduced enhanced data sharing measures, which facilitate data sharing among the registrar, law enforcement, government bodies and the private sector. Future changes to the Data Protection Act (DPA) may also allow for information sharing between specific agencies or for specific purposes (for example, the prevention, detection and investigation of financial crime). However, to allow for data to be shared safely and effectively among all these parties, legal provisions must be complemented by the use of technology.
Other significant challenges governments face are rapidly evolving technologies, the increasing use of digital currencies and geopolitical tensions. All these challenges, including data privacy were cited by most respondents as the emerging reasons why governments are losing or might lose ground in the fight against financial crime.
The Cost of Compliance and Other Technology Drivers
The increase in financial crime caused by world events and the threat represented by the changes introduced to the legislation and by regulators becoming more active in issuing large fines, have contributed to the growth of the compliance industry. As a result, the compliance costs firms must face to fight financial crime is skyrocketing. In the UK alone, the cost of compliance has exceeded GBP 30 billion, which, according to the National Crime Agency (NCA), corresponds to approximately three-quarters of the government’s annual defense expenditure. Despite the increasing costs, as mentioned earlier, FIs struggle to comply with new and existing regulations.
The existing pressure on firms to reduce costs, the demand for technology and the innovation experienced in this sector have led to the rapidly growing use of technology to identify and fight money laundering. Technology investment, increase in cybersecurity budgets and undertaking more frequent business risk assessments have been cited by respondents as the three main steps that firms intend to take during the course of the next year to combat the increase in financial crime.
Regulators and standards setters, such as the Financial Action Task Force (FATF), have also started showing a favorable attitude towards the use of technology. Increasingly, regulators use innovative technology to support supervision and examination (“Suptech”) and encourage the use of new technologies by firms to comply with regulatory requirements more efficiently and effectively (“Regtech”). Further, firms can integrate RegTech with compliance software such as Resolver, to further engage control owners and conduct regular compliance risk assessments.
In the U.S., the Anti-Money Laundering Act (AMLA) of 2020 supports the use of innovative approaches such as machine learning to reinforce FIs’ and Financial Crimes Enforcement Network’s (FinCEN) crime detection capabilities. The AMLA also contains provisions for the creation of a Subcommittee on Innovation and Technology composed of innovation officers to advise on means to support technological innovation.
In Singapore, the Monetary Authority of Singapore successfully introduced a new digital platform named Collaborative Sharing of Money Laundering and Terrorist Financing Information & Cases (COSMIC) to share information on customers and transactions between FIs which should, in the long term, address a common challenge that most FIs globally face.
Many speculate that regulatory visits will start looking more closely at the use of technology as part of firms’ AML compliance programs.
Carefully Choose Your Technology Solution
Technology can be transformative, improve both efficiency and effectiveness and reduce the cost of compliance in the long term. However, to choose the most appropriate technology solution among the significant number of alternatives available, firms must understand what their objectives are, what each solution can offer as well as its limitations and how this can help the firm achieve those objectives. Key areas firms should consider are the nature, scale and complexity of their business, maturity of their compliance programs and the age of their operating environment and technological solutions.
There are a number of reasons why one should invest in technology. For example, replacing an old customer relationship management (CRM) system and integrating it into cutting-edge monitoring tools can allow better detection of unusual activity, high-risk customers and other risk events. Integrated systems can also allow speedy management information (MI) reporting, reducing the time employees spend on the preparation of reports. Often, firms use old operating systems that do not allow new technological solutions to even be implemented.
Depending on the specific goals firms have set for themselves, whether these consist of detecting or preventing financial crime, or simply reducing their costs of compliance, firms need to identify and understand the drivers behind their business and adopt a risk-based approach to AML, counter terrorist financing (CTF), counter-proliferation financing (CPF) and sanctions. Business risk assessment processes would help to identify whether existing systems are not fit for purpose—one technology solution may not be the most appropriate for all the firm’s business lines. Hence, consideration should be given to whether multiple solutions should be deployed. For firms to be able to extract as much value as possible from the technology solution adopted, its use must be tailored to the business’ specific exposure to those risks. Somewhat surprisingly, 70% of our respondents globally indicated that they have a good understanding of their risks.
This result is consistent with respondents also indicating that conducting more frequent business risk assessments is one of the necessary steps to combat the increase in financial crime.
In addition, somewhat consistently with this data, the percentage of firms from the EU, the UK, Singapore and the U.S. who think their compliance program is very effective only ranges between 25% and 30% while the percentage who think that their compliance program is effective ranges between 45% and 50%.
Can Technology Replace People?
There is an argument that the efficiencies introduced by technology will result in unemployment. We believe this is a misconception. The real benefit of technology often resides in increasing people’s value by allowing them to manage their time more efficiently and focusing on more valuable tasks, where they can use their expertise and judgement.
Although it can be argued that certain technology solutions can, in fact, replace individuals, the biggest potential advantage is that they can free up people to focus on what they do best, maximizing the value of human expertise and judgement. For example, where the use of technology allows systems to produce a smaller number of false positive alerts, teams can complete their investigations on the alerts faster, report suspicious activity reports (SARs) in shorter timeframes and provide more accurate information to the authorities, contributing to more focused financial crime prevention. Equally, the employee’s time can be spent on other projects which would benefit the strengthening of the financial crime framework.
Technology is Not a Panacea
Technology is unable to cure a firm’s existing internal weaknesses. Where a firm’s internal processes are generating no results or incorrect results, the use of technology may only enhance it’s existing shortcomings. If internal processes are generating no results or incorrect results, then the initial technology adoption should be one that supports the development of and adherence to effective policy. From there, additional technologies can be layered on. Thus, it is important to consider the flexibility and growth potential of a software platform when making decisions around technology investments.
Integration or application programming interfaces (APIs) between various software and Software-as-a- Service (SaaS) programs can be a cost-effective and time-saving solution if properly executed; however, their application has yet to be attempted by most firms.
Although software providers do offer integrations, for example, know your customer (KYC) and transaction monitoring systems, these are in practice rarely adopted across multiple internal and external systems. Most compliance programs still feature employees using a number of internal and external systems, simultaneously, which may affect efficiency and be prone to mistakes.
Initiatives such as Transaction Monitoring Netherlands (TMNL) and COSMIC are valuable examples of initiatives featuring collaboration among multiple banks. Pooling resources and using advanced algorithms and machine learning (ML) technologies allow organizations to detect patterns and anomalies in transaction data or share with one another information on customers that exhibit multiple red flags. This enables organizations to monitor and analyze transactions across different banks and FIs and spot potential illicit activities.
Data quality underpins AI and machine learning ML. Low-quality data, including inaccurate or out-of-date data, can negate the benefits of data pooling and collaborative analytics, resulting in erroneous analytical outcomes, preventing the proper functioning of the technology itself and, therefore, hindering its effectiveness.
Kroll’s experience in conducting large money laundering remediation projects revealed that the data stored by firms is often inaccurate as it constitutes the outcome of improper KYC and ongoing monitoring historically conducted on customers and transactions. Despite the number of fines issued by regulators, firms persist in investing in technology solutions without prior remediation of the existing data.
If investing in a specific technology solution is not an option, significant results can still be achieved by using a small team of technology experts. Kroll’s experience in the biggest and most complex money laundering investigations and remediations revealed that a few technology experts, who know how to analyze data and how internal systems operate—can help firms achieve significant results by spotting patterns and trends and identifying loopholes, hence, understanding what does and does not work.
Before making a large-scale investment in a particular technology solution and embarking on a large transformation project, firms should test the solution as part of ring-fenced practical exercises using a group of specialists solely focused on achieving a specific goal.
By investing upfront in systems, controls, technology and people, firms can protect themselves against the risk of facilitating money laundering and avoid facing the significantly higher cost of remediating their failings. In the long term, this will translate into major cost savings and will contribute to economic growth and to the fight against financial crime and corruption.
This article was also contributed to by Carolina Attili.