Something we said? Don’t leave just yet!

For more information about latest events, news and insights, leave us your email address below.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form
Dismiss

How to improve risk assessment: Napier AI’s response to HM Treasury consultation

Summary of Napier AI’s consultation response to HM Treasury on improving customer due diligence, and information sharing between supervisors and public bodies.

Jacob Gloser
June 27, 2024

The UK government’s economic and finance ministry, HM Treasury recently published a consultation on Improving the effectiveness of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the ‘MLRs’), which place requirements onto a range of businesses to identify and prevent money laundering and terrorist financing.  

Napier AI welcomes the intent of HM Treasury to provide financial institutions and regulated businesses with updated guidance on how to meet Customer Due Diligence (CDD) regulations and strengthening system coordination of those involved in the fight against financial crime. Although perhaps in the future more consideration should be given if this is to be so public that criminals can also benefit from it by understanding the defences that are built against them.

While it is correct that customer due diligence (CDD) is an important process in the initial risk assessment and onboarding of a new customer, all too often the triggers for Enhanced Due Diligence (EDD) are subject to binary rules which do not account for the sophistication of financial crime activity. For CDD to match the Risk Based Approach (RBA) rightly mandated in other components of an institution’s Anti Money-Laundering (AML) programme it also needs to be multi-faceted and make use of triggers across a set of vectors from various sources. Having said that conduction CDD or EDD only at onboarding is not enough.  At Napier AI we believe that client risk assessment / CDD / EDD should not just be at on-boarding stage, but be continuous, smart and multi-faceted with the industry aiming for Perpetual Client Risk Assessment (pCRA) processes to provide a truly robust defence against financial crime.  

In our response to HM Treasury we urged two main points:

  • The need for smarter, multi-faceted and dynamic triggers as opposed to fixed thresholds
  • Including more factors/data points in your financial crime risk calculation and moving towards pCRA

Smart, multi-faceted and dynamic triggers:

Set thresholds that are published in legislation or regulatory guidance often make it easy for criminals to pitch their transactions below these values and evade CDD checks without much sophistication at all. .  

The world is a complex place where global events (like the covid pandemic) have disruptive impacts. Where inflexible thresholds and rules get outdated very quickly- means operationally that they often generate large amounts of false positives that need to be processed and subsequently systems to be manually adjusted.

Instead, the use of smart multi-faceted techniques, like dynamic segmentation, would better indicate when the transactional behaviour of a customer is deviating from their segment norm. In other words, customer profiles and transactional behaviour that sit outside of the average risk profile for that segment become obvious and can trigger CDD checks.

Jack is a student, but has suddenly started to exhibit transactional behaviour that is very unusual compared to all the other students and in fact is much closer to how a crypto trader would behave.

These triggers and what is considered ‘normal’ should be based on multiple AI models, that consider tens (or even hundreds) of factors looking for change in the material risk associated with the underlying customer profile even if each individual change in isolation could be considered below any risk thresholds.  

“Simply increasing the amount of transaction one makes is not unusual, but when the time of transactions is added and there is a pattern that is not regular, but money is always sent to the same accounts - The system can then identify, that this is not a case of an increase of household spending through their common account, but in fact high frequency investing through platforms”

In this way, it becomes much harder for criminals to find out how to circumvent the defences (because it's tracking their overall behaviours rather than individual threshold ).

On the flip side, when there are societal shifts or external disruptive events, there is no excessive alerting, because what is considered ‘normal’ changes.

A small family-owned restaurant has suddenly started taking a lot more online payments for different types of products at odd-times of the day. But so have all other small restaurants. So there must be something else happening -> do not raise an alert because this restaurant is within its segment’s norm at the time” (this was typical during covid)

Including more factors/data points in your financial crime risk calculation and moving towards pCRA

One of the most common factors across financial crime activity is that the perpetrators often undertake money-laundering within a very short window after successfully onboarding with a new financial institution or regulated business. Many financial institutions cannot identify that the material risk of a client has shifted outside of the original profile provided at onboarding. The lag between  

  • identifying a pattern of suspicious activity across the client’s own transaction behaviour,
  • matching it with suspicious activity in terms of the client’s account profile, and  
  • comparing this against a customer segment  

creates the latency needed for organised criminals to quickly conduct their activities and then vanish.  

CDD/EDD should not just be a one-off process at onboarding or at periodic intervals. It should be ongoing, including many factors and data points from across the system to constantly re-calculate customer risk and ask the system a simple question:

“ Is there a material risk that I should investigate?”

This is the founding principle of pCRA (perpetual Client Risk Assessment), where the focus is not just on individual alerts or points of time but on shifts in the  overall material risk, which then trigger a human intervention on CDD/EDD.

A new account was just opened up and all due dilligence at on-boarding has passed. The client has immediately started to use the account, but although it is within acceptable thresholds , it is unusual compared to similar account’s activity, who normally take longer to ramp up their usage of new accounts. This matches with a typical AML typology = Material risk = even though on-boarding was finished 30 minutes ago, there is a new CDD/EDD launched immediately.

At Napier AI, we believe that the future of the financial crime compliance industry is pCRA. Because not only is it much smarter at detecting risky/criminal activities, but also limits unwanted noise since it understands ‘materiality’, so that analyst’s can focus on truly suspicious activity.

Read the full text of Napier AI’s answers to specific questions on CDD, source of funds checks, timing of verification of digital identity, information sharing and more:

Photo by Cristiano Firmani on Unsplash

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.