The climate of tightening regulations, the increasing difficulty of preventing fraud, and the digitisation of operations amid COVID mean it’s time that firms rethink KYC AML as part of their wider digital transformation strategies. This article explains how they can, using intelligent automation.
For firms offering financial services, legacy KYC solutions are simply no longer good enough to meet today’s challenges.
The cunning stratagems of fraudsters and money launderers have seen firms’ KYC processes increasingly struggle in the sinking sand of financial crime.
All the while, regulators are asking firms to do more. Anti-money laundering (AML) regulations are constantly being strengthened and tweaked. And the fines keep coming. The first half of 2020 alone saw global regulators hand out 60% more in AML fines than in the whole of 2019, according to a survey by Duff & Phelps, published in the FT. The same survey also found that customer due diligence was the most common failure to result in sanction.
Financial service firms clearly can’t afford to cut corners with KYC and AML. But these days, compliance is far from cheap. The 2008 crisis saw financial service firms increase their compliance headcount—for example, American bank Citigroup, which upped its compliance staff from 4% of its total number of employees in 2008 to 15% in 2018.
Nonetheless, as the global business world heads further into the economic unknown, this is a moment that calls for operational efficiency.
It also calls for investing in compliance in new ways.
One new way is to invest in AI and automation. And one area of AML compliance that could be particularly well set to benefit is KYC.
The digitisation of compliance
The current downturn has no precedent. We’ve started 2021 with many financial services teams dispersed around the UK, working from their homes. Like every corner of business, the work of compliance is having to adapt.
But there’s another reason this downturn has no precedent: never before have financial service providers been so digitally capable, underpinned by a market for digital compliance technology that has advanced significantly in the last decade. There are now far more possible solutions to compliance problems than there were in 2008.
Undoubtedly, in their efforts to make KYC faster, simpler and cheaper, many financial service providers will turn to machine learning—they’ll use a “data-up” approach, with their machines finding patterns in data, then using those patterns to make high-volumes of decisions about customers.
However, this can lead to machines making biased decisions, algorithms that overfit for past patterns and are blind to contemporary issues and staff having a lack of oversight over the total client lifecycle. It can also leave firms unable to explain automated decisions.
Using machine learning would mean firms relying on closed databases that don’t easily allow for ongoing integrations with other platforms—a common problem other financial service providers experience, according to the Bank of England’s survey.
It would also mean relying on data that is likely anachronistic to current regulations, like the EU’s AML directive, which is updated every year. This is important because, since the effectuation of AMLD5 in 2018, firms have been required to monitor their customers continuously—not just at the onboarding stage. This puts pressure on organisations to ensure the data on which their algorithm is based will retain its utility when regulations change.
To truly achieve operational efficiency in compliance, a new paradigm for KYC AML processes is needed. One that situates KYC AML within wider digital transformation plans, rather than in new, bolt-on machine learning approaches.
Intelligent automation can support digital transformation (in ways that machine learning can’t)
“[D]igital transformation should be guided by the broader business strategy.”
— Behnam Tabrizi et al., Harvard Business Review.
For financial service providers, one of the top business strategy objectives when embarking on, or continuing with, digital transformation is to improve customer experience.
That means any automation technology used as part of that transformation must be sustainable, in the sense that it is able to mitigate unnecessary risks (whether they be reputational, financial or otherwise) and is future-proofed as far as possible. It can’t be at risk of being made redundant by yet-to-be-defined regulatory updates, for instance, relating to explainability.
The oft-cited reputational debacle that engulfed Apple and Goldman Sachs after it turned out that their credit card product’s algorithm discriminated against women, exemplifies approaches to avoid. But intelligent automation could have removed the possibility of bias, thus dampening the reputational and financial risks.
Intelligent automation could, also, have gone even further, offering both firms the means of explaining how decisions had been reached to customers. Considering the Department of Financial Services is investigating the incident, the perks of intelligent automation would have helped with regulators, too.
If and when regulatory changes do come along, that doesn’t mean a whole new algorithm. Updates to the logic can easily be made and up and running in a matter of days, hours, or even minutes. Why? Because intelligent automation is based on human logic, and that human logic can be easily represented (and codified) in a knowledge map.
Over and above machine learning, intelligent automation can more flexibly handle the issue of integrating with legacy platforms. No doubt, many firms would love to get the opportunity to completely redesign their tech stack, but it would appear not so straightforward in KYC and AML, much in the same way as it’s not that straightforward to replace a water dam.
For instance, it may be that governance requirements prevent firms from removing certain integrations in fraud prevention. Crucially, intelligent automation can sit at the core of any KYC process, without replacing integrations that are still critical to AML.
Intelligent automation not only poses far fewer long-term risks, then. It can even make up for poorly performing, clunky legacy systems without replacing them. It all starts with a rethink.