AML Platforms ‘Are Just Not Working’—Is Human Error or Tech the Culprit?

Despite the introduction of machine learning, natural language processing, and the burgeoning field of regtech tools to help firms fight financial crime, banks are still falling victim to—and perpetuating—money laundering, a de facto economy in its own right that amounts to an estimated $800 billion to $2 trillion globally, according to statistics by the United Nations’ Office on Drugs and Crime.

Legal experts and some vendors of these technologies attribute this to a disjointed approach to compliance technology across the board, from the range of third-party vendors available, to a smattering of proprietary systems and legacy technologies, to poor implementations of what could, in theory, be otherwise-working systems for flagging and stopping illegal activity.

“If you look at some of the transaction monitoring systems of most of these larger banks, it’s usually like a bespoke sandwich of proprietary things, third-party things—and it’s kind of a mess,” says Spencer Schulten, US head of financial crimes compliance at Capco. “And when you don’t have your threshold tuned, or you don’t have people properly conducting an investigation with a full knowledge of what they’re doing, you might just have a lot of suspicious activity reports (SARs) that don’t need to be filed.”

SARs are reports filed by financial institutions about suspicious or potentially suspicious activities to the Financial Crimes Enforcement Network, or FinCEN. In September, SARs served as the basis for a massive data leak that has come to be known as the FinCEN Files. The files, published by Buzzfeed News and more than 100 other news outlets around the world, revealed more than $2 trillion in transactions between 1999 and 2017 that were flagged as potential money-laundering schemes, yet often little to no action was taken on the parts of the filing banks or FinCEN after the fact, and just as often, the transactions were facilitated unhindered.

Four days before the files were published, FinCEN sought public comment on how the organization should enhance the effectiveness of its anti-money laundering (AML) programs. Indeed, Schulten wrote in October that the files show systemic failures in the prevention of financial crimes.

Though the liability for such failures ultimately falls on the bank in question, institutions employ platforms and services from a variety of tech vendors to help them manage the deluge of transactions facilitated every day. Some of the more prominent of these vendors include Refinitiv’s World-Check Risk Intelligence business, Fenergo, IHS Markit, Dow Jones Risk and Compliance, LexisNexis, Bureau van Dijk, Verafin, and Ayasdi.

“You hear a lot of rumblings in the marketplace because the single-point solutions, and the solutions that are out there today, are just not working,” says Melissa Townsley-Solis, CEO and co-founder of GIACT, a company that specializes in digital identity, payments verification, and fraud prevention, and which was recently acquired by Refinitiv’s risk business. She believes that banks are looking for a platform that can tie together fraud and risk management, along with AML needs under one roof.

“You’re seeing fraud increase by 15% in some industries. Some industries even higher than that,” she says. “Obviously you look at the US federal government, which has struggled to even pay out stimulus payments to the right people … so it’s now caused people to look at their solutions and say, ‘We have to do something different because [the] status quo doesn’t work anymore.’”

However, that isn’t to say they’re not working outright. The deeper problem may be that they’re not functioning as well as they could, and that is a problem that sits with the client as much as the provider, says James Mirfin, head of digital identity and financial crime at Refinitiv.

“You can take the best technology and implement it badly, and you’re not going to get the outcome that you expect,” Mirfin says. “Unfortunately, [as] you see companies run toward digital and digitization, you can see some bad implementations of either where they put too much control in place and it impacts the consumer experience, [or they don’t put enough control in place]. It’s a balance between friction and protection in many ways, but it is possible to get this right.”

It’s the perennial problem in which technology is created to make some aspect of life easier, but in turn, makes others harder. Such an instance is a growing issue in the world of market data management, where the number of data notifications can be crippling. Without notifications for important events—for instance, price changes—humans can easily miss events all together. Enter the notification system. Enter many more platforms with notification systems. Now there are too many notifications for one human or one team of humans to monitor, and things start to slip through the cracks again.

So, too, goes the story of false positives and false negatives in transaction monitoring, brought into the equation by machine learning and artificial intelligence, because AML and know-your-customer (KYC) processes were historically human- and paper-intensive, highly manual, and onerous. But in 2018, Reuters reported that as many as 95% of system-generated alerts are closed as “false positives” in the first phase of review with about 98% of alerts never culminating in a SAR.

Matthew Banham, a partner who specializes in financial crime and regulatory enforcement investigations at global law firm Dechert, boils down the central challenge to time and value.

“Is there resource and time within the business—whether you’re the big bank or a small investment manager—to do rigorous testing as to who your customer is, why they’re doing that transaction, [and] what it’s about? And if you can be that inquisitive, can you do it in a way that’s not going to offend the client, or cause them to take their business elsewhere?” Banham says.

One might argue that a fundamental job of bankers responsible for moving millions of dollars day in and day out is to ask—and get answers to—those most basic questions, and that a potential customer offended by those questions would be met with the same questions at any other institution. And so, while compliance tech remains inseparable from the conversation, financial firms may see a regulatory overhaul that re-shapes the picture the industry has of its providers today.

“I think there needs to be a triage, really,” Banham says. “Tech is only as good as what you give it.”