Livia Benisty is the Global Head of Business AML at Banking Circle. Previously she was Head of AML, EMEA, for Citi's Trade and Treasury Solutions. Focused on high-risk client types within cash management services, Livia and her team redesigned the due diligence and ongoing monitoring process for correspondent banking, money service businesses and diplomatic missions.
Livia was previously based in New York where she managed AML Risk for digital payments, working to build an effective risk management process for emerging financial technologies. Her career thus far has seen her gain a hands-on experience of the role technology can play in managing and mitigating financial crime risk.
How does illicit money flow around the world?
Opaque financial networks facilitate the flow of illicit funds
Money - both legitimate and illicit - largely flows around the world through a complex and interconnected network of large banks that have clearing access to the major currencies. These organisations hold the accounts for most of the remaining financial institutions that need access to US dollars (or British Pounds or Euro) for their clients to transact in the financial system.
As a result, there exists an opaque web of financial intermediaries, all of whom have different forms of access and connectivity to financial institutions and other third parties.
This complexity restricts visibility, meaning that no one has complete information about the flow of capital. This makes it extremely difficult - even with the best anti-financial crime technology in the world - to monitor a full chain of transactions to identify illicit financial networks.
Lack of robust security and verification allow financial crime to perpetuate
There are increasingly sophisticated ways to mimic and steal individual identities. Whether it be through phishing, data breaches, fake websites, or even USB chargers and public wi-fi, criminals often remain one step ahead of those who are developing the technologies to catch them.
Moreover, a lack of verification across public and private ultimate beneficial ownership (UBO) registries makes it relatively simple for criminals to make it look as though they are doing legitimate business. If we combine these two things together, it becomes nearly impossible to understand everything about an individual or institution.
How effective are current regulations and financial crime fighting frameworks in addressing money laundering?
Regulators aren’t moving quickly enough
Global money laundering statistics highlight our current framework’s ineffectiveness in the fight against financial crime. Global regulators employ measures that they think, or hope will help, but these can often miss the mark and struggle to keep pace with evolving financial crime typologies. As a result, regulation may always be ineffective to some degree.
As an example, anti-money laundering (AML) and know your customer (KYC) regulations require organisations to obtain a copy of an individual’s passport. Aside from showing that there is a person that exists with that name and a certain date of birth, collecting this document (and often having to ensure it is refreshed upon expiry) in many circumstances does very little to prevent money laundering.
What we require of people in the onboarding process can be too basic, and although electronic identity verification (eIDV) and video selfie technology does increase the utility of collecting such documentation, it does little to expose illicit actors and their connections to corporate entities. Instead, regulators need to tackle UBO data verification to give these identification processes more substantial value.
Digital asset regulation
The world of digital assets is another example of where regulators have fallen behind on regulating emerging technology. Cryptocurrency presents distinct AML risks, many of which materialise in the surrounding ecosystem of issuers, such as wallets and exchanges that support customer access to Distributed Ledger Technology (DLT).
Money laundering using cryptocurrencies has been rising exponentially since the asset class gained popularity among retail investors in 2015-16. According to a Chainalysis report, cybercriminals laundered $8.6bn through crypto in 2021, marking a 30% increase on the year before and a near three-fold rise from 2019.
However, supervisory orders and enforcement fines have been slow to take effect. KYC verification, for example, was only made mandatory for cryptocurrency issuers through the 5AMLD which was adopted in Europe in early 2020. The leading global cryptocurrency exchange, Binance, subsequently introduced mandatory identity verification for new users in August of 2021, and it was made compulsory for existing users even later, in early February of 2022.
Too often, this failure of regulators to keep pace with innovations such as digital assets puts us on the back foot in the fight against financial crime.
Data privacy prevents us from getting the whole picture
A second factor preventing regulatory efforts from being truly effective is incomplete data. Data privacy regulations prevent sharing information across borders, between companies, and with various individuals. This is for good reasons, of course, but it hinders firms’ ability to request further detail on the participants to a transaction where required.
Most AML investigations involve monitoring certain behaviours and pattern matching those against what would be considered as normal. However, many of these transactions appear benign in isolation, so it is only possible to expose these networks by zooming out to connect a chain of events. Unless we look at the bigger picture by sharing information between institutions or through public/private partnerships, we will always miss vital signs of criminality.
How can regulators improve their approach to financial crime?
Better provisions and incentives for information sharing
It is important to note that provisions do exist for data sharing for the purpose of financial crime prevention, such as Section 314(b) of the US Patriot Act. However, voluntary programs such as these often achieve low participation rates (12.3% in this case).
For many financial institutions, mandatory requirements of Bank Secrecy Act/AML programmes place a strain on internal resources. Regulatory obligations require firms to perform risk assessments, management of policies, procedures and controls, and suspicious activity reporting.
Voluntary data sharing programmes are not always commercially or practically viable. This is particularly true if firms are not criticised for choosing not to participate. Regulators should consider how they can better incentivise financial institutions through better articulating the benefits of cross-border information sharing.
Adapt regulatory guidance around technology
Regulators occasionally voice their openness to innovative technologies and different ways of doing things, however, this does not always resonate with organisations. There remains a reticence amongst AML officers to introduce new forms of technology and move away from traditional compliance operations.
Financial institutions are hesitant to implement ‘smaller’ RegTechs, especially those at earlier stages in their growth and funding, as they worry the regulator will penalise them for not selecting a larger incumbent technology provider. With so much to contend with on a daily basis, institutions do not want to take part in an annual or three yearly examinations to explain why they have chosen a vendor that doesn’t necessarily have a proven track record in the market.
Although this reticence is waning in the financial crime sphere as the RegTech market matures, it remains a global issue. This reluctance to purchase certain third-party solutions implies that regulators are not truly technology agnostic. To improve, regulators should take more opportunities to publicly acknowledge that there are more innovative ways of conducting compliance processes.
It’s also important for regulators to educate themselves on emerging technology trends so they can better assess institutions’ use of innovative vendors. If institutions can share the appropriate information, controls, and procedures, then there should be no criticism of vendor selection.
What role can technology play in supporting financial crime teams?
Reducing operational workload
There is a great deal of manual work that needs to be done before financial crime teams can even begin risk analysis. Financial institutions employ incredibly talented teams to monitor transactions and investigate financial crime. However, these individuals can spend upwards of 70% of their time collecting and cleaning data, which becomes a huge burden on the individuals from a job satisfaction perspective and on the organisation's bottom line.
Technology can automate most of these iterative tasks, reducing the time spent on manual work, thereby freeing employees to focus on the investigatory aspect of their role.
Reducing false positives
AI and ML-based anomaly detection allow firms to automate outlier detection and to make it more effective, particularly with large datasets. From a financial crime perspective, these technologies dramatically reduce the number of false positives flagged by transaction monitoring systems.
Limiting the number of false positives isn’t only essential for ensuring business continuity and profitability, but means that financial crime team efforts can become more focused on those instances that really require human investigation, improving the overall effectiveness of financial crime teams.
What do you think the future of AML will look like?
More reliance on data
Considering the benefits of technology, we will naturally see a progression toward a more automated and data-driven AML approach. In particular, the KYC space should see further automation from both a document collection and data input perspective, through to data analysis across multiple data sources such as public registries, watchlists, and PEPs and sanctions data.
Moreover, advancements in AI and deep learning will see machines increasingly making decisions about the risk level of transactions and eliminating the need for as much human intervention. Deep learning neural networks (DNNs) can use training data to identify patterns in transactions that are indicative of fraud.
This training data may include patterns in real, historical money laundering situations, as opposed to historical customer behavioural data which is used to feed current machine learning models. The result will likely be more accurate, efficient, and effective money-laundering detection.
To effectively identify compliance challenges, articulate them, and realise the benefits of software implementation, it’s important to have the right talent on board. In an increasingly data and tech-driven financial sector, embracing innovation and programming is key to building more efficient and effective financial crime compliance. Both incumbent financial institutions and FinTech providers are increasingly looking for people who can code or, at a minimum, speak to engineers in their technical language and understand how to work with them.
Understanding technology, having an interest in it, and being excited or open to using it have become desirable attributes for financial crime professionals. This has completely evolved over the past 15 years and the job of an AML officer is vastly different now from what it was back then.
Improve your compliance processes with an award-winning solution