The unquenched longing for a transformed KYC and AML solution
As per the United Nations Office on Drugs and Crime (UNODC) estimate, each year, across the globe, the value of money that is laundered equate to 2 – 5% of the global GDP. In absolute term, this amounts to USD 800 billion – USD 2 trillion. Unsurprisingly then, governments and policy makers across the globe have been concerned with the rampant menace of money laundering. Over the years, financial institutions (FIs) too on their part, have made massive investments in strengthening their Know Your Customer (KYC)/Anti-Money Laundering (AML) processes and technology solutions. Further, this investment by FIs continue to rise with each passing year. As per the estimates from WealthInsight, globally, the spending on AML compliance is expected to cross USD 8 billion in 2017 (CAGR of ~9%). Today, many large multi-national banks spend over USD 500 million on their KYC/AML programs.
Alas, in spite of such heavy investments, FIs have been unable to optimally counter the growing peril of money laundering. Regulatory fines on FIs for KYC/AML related violations continue to rise. For example, as per the Boston Consulting Group Global Risk 2017 report, globally, since 2008 and until 2016 end, banks have paid over USD 321 billion in fines for regulatory non-compliances – including those related to money laundering, terrorist financing and market manipulation.
Following are some of the key challenges that FIs face vis-a-vis their current KYC/AML processes and technology solutions.
1) Operational shortcomings: Most KYC/AML processes – such as client onboarding, customer due diligence (CDD), sanction and transaction screening, alert investigation, case management and reporting – require significant level of manual intervention. FIs’ staff, for example, have to spend massive labor-intensive efforts in screening the clients against various watchlists, identifying the ultimate beneficial owners (UBOs), scavenging through information on multiple systems for alert investigation, and going back-and-forth across multiple screens for case management. Unsurprisingly then, FIs have been forced to maintain large KYC/AML team size – and which significantly increase their cost burden. Today, good number of FIs spend over 50% of their KYC/AML budget on fulfilling staffing needs alone. High level of manual intervention also result in subjectivity and inconsistency in decision making. Further, the laborious KYC/AML processes make for very slow execution. For example, many FIs take weeks to onboard new clients. This sluggish execution negatively impacts customer experience and creates large service backlogs.
Another key operational challenge pertains to the inherent characteristic of AML. Typically, money laundering seldom manifests as an activity associated with a single account, transaction, person or business. As a result, for AML detection, FIs are required to conduct long-drawn-out analysis of customers’ financial behavior. These analyses span vast array of transactions and plethora of non-obvious but related real-world entities. The need to take such an expansive approach makes it difficult for FIs to investigate all of the AML cases in a timely manner. Further, the increasing sophistication of money launderers and the rapidly evolving money laundering methods have been adding to the FIs’ woes. New forms of money laundering – such as transaction laundering or digital currency based laundering (via digital currency exchanger service) – keep originating.
The multitude of constantly evolving international and country specific KYC/AML regulations that FIs – especially the large global ones – have to comply with further compound the challenges. Many of these regulations are complex and vary widely across jurisdictions. The raised service expectations from today’s digital savvy customers don’t help the FIs’ cause either. These customers have been spoilt for choices with high-speed and hitherto unmatched services from the new-age banks such as Hello bank!, Atom Bank, N26 and Monese. Customers have, for example, been exposed to the instant account creation (in less than 5 minutes), or immediate payment or loan authorization services from these alternative digital financial service providers. Naturally then, these digital savvy customers can’t fathom why their traditional FIs would take days (or even weeks in many cases) to open an account. Alas, manual and laborious KYC/ CDD processes are major contributors to the slow services of traditional FIs.
2) Sub-optimal systems: FIs are beset with a labyrinth of disparate legacy KYC/AML and the interfacing core banking, CRM and other systems. These systems are inefficient, and lack optimal integration and workflow capabilities. As a result, FIs’ staff don’t reap the desired benefits from these systems. For example, FIs’ name screening systems – used for screening customer names against the government/regulator/third-party-issued watchlists – are error prone. These systems generate excessive alerts thereby leading to poor customer experience. For example, customer payments get unnecessarily held up. Also, these systems lack intelligent customer identity matching capabilities. For example, the systems are unable to decipher regional variations in name spelling or minor changes in names. Launderers have therefore been successfully dodging the screening process by making marginal changes – for example, by adjusting the first name. Further, many FIs’ screening solution entails periodic ingestion of ‘flat file’ of an AML data provider’s database. Third-party solution is then used for querying this data repository. Unfortunately, due to the lack of frequent ingestion of ‘flat file’ by FIs, this data repository is not always up-to-date. This adversely impacts the FIs’ screening process. Further, owing to their lack in trust on a single third-party AML data provider, many FIs ingest data from multiple providers. This leads to the creation of duplicate profiles and which further increases the ‘noise’.
Another crucial shortcoming is that most FIs’ existing KYC/AML systems are based on extensive list of rules. These rigid rules-based systems lack adaptability, have narrow data focus, enforce hard customer segmentation, are unable to provide holistic view of transactions, need frequent updates, and require high level of manual interventions. Further, these systems are unable to detect complex transaction patterns, and are incapable of providing advanced adaptive analytics, real-time transaction monitoring and dynamic predictive capabilities. Their AML detection capability rely on static profiles of the customers’ transactions history. Sophisticated money launderers are able to quickly unearth these systems’ rigid and static rules and modify their methods to circumvent detection.
Adding to the challenge is the fact that, over the years, owing to the unending evolution of existing and addition of new KYC/AML regulations, FIs’ rules-based systems have become extremely complex. This is because, FIs need to constantly add new rules to keep pace with the regulatory changes. As an example, today many of the FIs’ systems have hundreds of rules defined for KYC and for Suspicious Activity Report (SAR) filing. Further, FIs’ rigid rules-based systems annually create millions of false positives. Consequently, a large number of bank staff are required for reviewing the flagged transactions and weeding out false positives. As per research from AML technology expertsFortytwo Data, banks today waste GBP 2.7 billion per year on analyzing false positives. The surfeit of false positives also make it challenging for FIs to timely and effectively investigate the true money laundering cases.
3) Data deficiencies: A key data challenge for FIs is that, unlike fraud management, in which large data stores of established fraudulent behaviors are already available; in the case of AML, there is limited availability of historical insights. So while for fraud management, FIs are able to build well-defined classification model (through automated learning from historical behavioral patterns); this is not possible for AML.
Another major data challenge relates to the existing systems’ inability to effectively process the humongous amount of KYC/AML related data. Today, large global FIs typically have over 100 million customer accounts to deal with. FIs, however, lack the required data ingestion, aggregation, storage, processing, enrichment, quality assurance, dynamic reporting and data visualization capabilities. Owing to the large volume of indefinable data sets and the paucity of labeled data, FIs staff have to spend massive amount of manual effort in gleaning through and analyzing the data. For example, good number of FIs’ KYC/AML staff spend significant amount of their time in scavenging and searching through the external (for example, watchlists, OFAC, PEP and credit reports) and internal (for example, payments, trade finance, cash management and deposits) data stores. Also, most FIs’ internal data reside within numerous disparate systems and in myriad forms. There is lack of a central data pool. Such siloed data architecture prevents FIs’ staff from accessing all of the relevant internal information in one place so as to gain a holistic view. Staff face difficulty in connecting all of the required information on a customer – across his multiple accounts, network and transactions that are buried within plethora of internal systems and data stores. The data silos also prevent FIs from enabling real-time AML transaction monitoring, and blending of holistic historical data to enable sound judgment on suspicious activity report (SAR) filing.
The data challenge for FIs get further compounded by the fact that money laundering insights are usually contained – apart from inside the conventional structured databases – within the vast arrays of unstructured internal and external data sources (such as social media, news sites and other public data sources). Further, these unstructured data are in a constant state of flux and keep evolving on a daily basis. FIs’ existing systems lack the required capability to effectively process such massive volume of dynamic unstructured data. The systems lack linguistic capabilities, and are unable to optimally support name matching, screening or monitoring of the data that span multiple languages or scripts. Similarly, the lack of unstructured data capability prevent the systems from supporting thorough and effective link analysis during the customer onboarding process. Having robust link analysis capability is crucial for identifying the network of related entities and accounts, and flagging questionable connections. The lack of optimal support for unstructured data also impacts monitoring of staff communication – which is crucial for unearthing the internal money laundering related collusion by staff.