I am about to date myself. When I first started in the world of compliance in the late nineties, anti-money laundering (AML) compliance was compromised of a group of procedures that concerned themselves primarily with cash transactions and wire log requirements. The concept of collecting data to “know your customer” came about in the aftermath of 9/11, as we all struggled to understand and make sense of the criminals potentially hiding in the dark recesses of our financial institutions.
Fast-forward two decades, and the average AML department finds itself awash in customer information collected in an effort “intended to help financial institutions avoid illicit transactions by improving their view of their clients’ identities and business relationships” (Dan Ryan, 2016). This monumental mandate is known by the colloquial industry term Know-Your-Customer, or KYC. AML departments struggle not only with the fast-paced nature of evolving financial crimes but also with the complex issues associated with data management of KYC. Is the information we collect accurate? Does the information flow through the various systems to provide us with an accurate alert on true suspicious activity? The answers to these questions are too often, no
Efforts to decrease customer onboarding times coupled with improper training can result in suspect information being entered into bank records. Worse still are the often jerry-rigged legacy systems that do not push and pull data smoothly and accurately. This results in customer data files that resemble the tangled mess left by your teenage son when asked to put away the Christmas lights. This cacophony is then fed into costly, complex models that churn transactional and customer information to produce a tsunami of potential alerts; most of which end up being false positives.
Each alert must be triaged, decisioned and if judged “not suspicious”, must be documented to the extent necessary to prove to both auditor and examiner alike that the alert on the local nail salon is not indicative of human trafficking or terrorism financing. But, what if you’re wrong? The local nail salon in my small suburb of Charlotte was raided for human trafficking. I did not bank them, but I know the bank that did. The consequences of a BSA consent order coupled with the reputational risk of being THAT bank that provided services to such criminals is enough to keep any honest AML Officer in a state of panic.
Aside from right or wrong, it’s important to consider the operational cost associated with false positives. False positives cost financial institutions hard dollars, and, perhaps most importantly, distract precious compliance resources away from reporting on real illicit activity. How can we fulfill the lofty goal set by FinCEN to “improve our view” and find the bad actors among the thousands of honest customers?
Technology and innovation must show us the way forward to fix what is broken in this modern world of AML Compliance. We must understand and deploy technology such as blockchain to create better onboarding systems that allow customers to easily and safely identify themselves, while at the same time provide assurance to the bank that we “know” the individual on the other end of the transaction. Artificial Intelligence must be used to decrease the cost of false positives and help us achieve our ultimate goal of providing actionable intelligence to law enforcement. Additionally, we must think about the future as we build out our AML teams and prepare the next generation to assume the fight against financial crimes. It’s important to ensure our AML team members have the necessary skill sets to understand and use technology. In our new modern world of cryptocurrencies and FinTech, the world of AML compliance must wield the power of technology to move us all forward.