The future of AML is already here, but many companies have been slow to adapt. Current AML systems are slow, outdated and frequently allow financial crime to go unnoticed.
So what does the future look like, and how does it affect your compliance processes?
For those already living the future of AML, regulatory compliance is coordinated across all departments. More importantly, AML programmes are a competitive advantage, and a genuinely effective tool in the fight against financial crime.
Policies and processes have been fine tuned to deliver far beyond compliance. Those in the future know the picture is much bigger than this – that the benefits to be gained from effective AML defences run deep.
Departmental silos are today’s AML challenge
If your organisation is stuck in the past, you will probably know outdated AML practices can quite literally leave your business in the dark.
One of the biggest challenges in AML today is overcoming a siloed approach.
Departmental silos have unintentionally developed following years of largely short-term focused incremental changes to AML programmes.
This has led to AML defences such as transaction monitoring, and client and payment screening being executed by different and unconnected control teams. Teams may be in different counties, speak different languages and even use different technologies and systems.
To make this disconnect even worse, KYC and onboarding have developed to be distinct activities. While the ongoing review of customer behaviours is in no way connected to the initial due diligence.
This is particularly problematic.
Once a client is onboarded, it becomes very difficult to identify and understand behavioural changes. It’s common for criminal activity to easily go unnoticed.
Criminals are exploiting the weaknesses
Money launderers are a step ahead. They’re aware of departmental silos and are exploiting their weaknesses and gaps. Causing as much as $2 trillion US dollars to be laundered globally every year.
Criminals may open bank accounts with fraudulent information. This allows them to be onboarded as low risk – with the hope that their activity won’t be so closely monitored. Alternatively, they may recruit money mules , taking the chance that the bank won’t notice a change in transactional behaviour. Purchasing old or distressed companies that have a verified banking history is another common tactic.
When you consider that in some financial institutions, low risk customer reviews may only be performed once every three years; and once a year for high risk customers. Leaving plenty of time for money laundering to go undetected.
Even some of the most respectable of banks have unwittingly had their fingers burnt following money being laundered by customers with apparently impeccable credentials.
The future of AML revolves around a customer centric approach
At Napier, we believe that for AML controls to be most effective, firms should look at all customer data – continually.
Looking exclusively at transactions, concentrating on KYC data alone or focusing solely on name screening does not give control teams full insight into the customer. In fact, this practice doesn’t provide any sound foundation on which to base decisions.
This is why we have created the Client Activity Review. It combines all customer data, including transactions, payments and screening results (including underlying changes in beneficial ownership and KYC data), into one automated control centre.
We saw that if you were able to automate the review of clients and their accounts, you would be able to complete the task more frequently, faster and have a better chance of spotting suspicious activity before things spiral out of control.
The Client Activity Review allows you to triage all anomalies and behavioural changes in light of a full view of the customer.
What are the key benefits of Client Activity Reviews?
- Firstly, the system is triggered, in almost real-time, by data that is at odds with the customer’s unique expected behaviour. This means you can take action when it really matters.
- By automating client activity reviews, you can complete more suspicious activity checks, more often.
- Crucially, the need for laborious tasks is greatly reduced. Rather than wading through huge amounts of data to determine if any changes in activity have occurred, analysts can focus on reviewing suspicious flagged activities to understand why they’ve occurred. And then determine the urgency of follow-up action.
Teams work smarter and the efficiency and effectiveness of AML efforts is vastly improved.
Of course, the ultimate benefit here is maintaining customer trust through compliance. There’s perhaps nothing more important for any organisation than that.
Regulatory compliance and a customer centric approach
A customer centric approach is an essential part of regulatory compliance.
The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 requires banks to regularly and individually risk assess customers through “ongoing monitoring of its business relationships on a risk-sensitive basis.”
The regulations define this process as “scrutinising transactions to ensure they are consistent with what the firm knows about the customer; and taking steps to ensure that the firm’s knowledge about the business relationship remains current.”
This is where the Client Activity Review comes into itself. Compatible with all current systems, (you just need to feed it the relevant transaction data), the Client Activity Review uses advanced analytics and rulesets to automate the ongoing review of customers and their accounts against expected behaviour. This fulfils regulatory requirements efficiently and with a full audit trail.
What it really means to know your customer
‘Knowing your customer’ is not just the administrative process that’s completed at the beginning of the customer journey.
Knowing your customer, for it to be truly effective, requires continual profiling throughout the customer’s life so you can identify (ideally in real-time) when unexpected changes in behaviour occur. It’s crucial to understand the cause of the change – and more importantly, if it is potentially suspicious.
There may be a legitimate reason why there is an unusual pattern of transactions or the transaction has no apparent economic or legal purpose.
Understanding this reason, however, may require enhanced customer due diligence and a full 360-degree view of the customer. This necessitates the analysis of customer identities, associations, transaction patterns and behaviours.
To gain this insight a compliance officer would typically need to:
- Check the consistency of customer activity against previously collected KYC data
- Identify any anomalous activities or activities outside those expected
- Determine if the new activities are legitimate
- Refresh customer risk-level based on the changes identified in the review
- Where appropriate, get further documentation from the customer to support additional activities
- Approve and update the KYC profile of the customer
- Without the support of correctly implemented and fully coordinated AML technology, this is a very lengthy process.
Money laundering past vs future: a comparison of the differing approaches to AML
Let’s look at a fictitious banking example to see how a traditional approach to AML compares to a new approach that incorporates best practices with the latest technologies:
Customer A is a student and a low-risk banking customer on minimum wage student job, and is receiving £1,000 help from their parents every month. He falls victim to a money mule recruitment campaign on Facebook, signing up to a supposedly lucrative work at home role as a “Money Processing Agent”. He provides his account details and is asked to transfer a £9,999 deposit from his personal bank account into several other accounts.
Since Customer A has a low risk profile, it is not until a routine transactional activity check is made two years later that the transactions are discovered. During that time, the criminal gang behind the operation successfully moved on, continuing to launder hundreds of thousands of ill-gotten gains.
Fast forward to the future (or now for many organisations) and the monitoring of customer activity takes a belt and braces approach by using the Client Activity Review. Thanks to the system’s artificial intelligence (AI) and machine learning, monitoring is a continuous and automated process, regardless of an individuals’ risk profile.
The Client Activity Review immediately informs the bank’s compliance team of the anomalous £9,999 deposit. Using data about the customer’s risk profile and transaction history, a traffic light system signifies with appropriate colour coding that unusual behaviour has occurred, with an accompanying alert level reflecting how risky the transaction is.
The bank’s choice to receive a daily report of flagged transactions enables it to act almost immediately. Because the Client Activity Review conducts all routine account reviews, the compliance team has the capacity to work to understand why the transaction has taken place, and the urgency of any follow up action.
Importantly, the system also goes further than just flagging the transaction. Details of the transaction are fed back into the Risk-Based Scorecard. This checks whether the customer’s risk score is in line with expectations. Any change to the risk score is automatically fed into Dynamic Transaction Monitoring to ensure rules are kept in line with risk.
Unleashing AI’s superpowers
Continuing from the above case, there may have been a legitimate reason for the student to transfer £9,999 in such a manner. He may have inherited or won the money and consequently distributed funds to others who were rightfully entitled to a share.
A diligent client activity reviewer would want more information before consuming valuable time and resources by escalating the transaction for investigation.
AI’s power is that it runs in the background constantly adjusting what is ‘normal’ and looking for abnormal behaviour and patterns without the need to tell it exactly what to look for. It will consider not just the transaction and customer, but also the relationship network of that customer and more. In this case, for example, it might detect the following red flags:
- The transactions were sent at 6am, which is a strange time for not only this customer, but also for other students (who normally send money later in the day or evenings).
- This customer has used either GBP, EUR or sometimes USD… but Pakistani Rupee is new.
- The network pattern of this student has changed with these transactions. Normally this student interacts with a couple of low risk private customers (receives support from his parents), pays reputable providers (mobile, rent, gas) and gets some additional payments from low risk companies (from his supplementary student job). But this recent activity suggests he has sent the £9,999 to private accounts of people and companies he has never had any relationship with before.
With the deep, holistic view provided by AI, the reviewer is more confident that this is indeed strange and deserves additional investigation.
This is where AI really comes into its own. And this is why, for those who are still using older technology, the future of AML holds so much transformative potential for compliance departments. A world where delayed money laundering investigations and a high burden of false positives can be all but eliminated.
Request a demo
If you would like to learn more on how our Client Activity Review can vastly improve your AML compliance processes, please do not hesitate to contact us to speak with an expert or request a demo of our cutting-edge systems.