Bridging the compliance-information technology gap: Enabling collaboration to strengthen compliance
Compliance with the requirements of Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations is too complex and challenging a job for a single bank department to manage. To be specific: While the reporting and investigation responsibilities reside in the Compliance staff, and legal/regulatory expertise with the legal department, the IT department must create the capacity to collect and house the required data. Yet when it comes to understanding KYC and AML reporting needs and how to satisfy them, Compliance and IT all too often seem to speak different languages.
Fortunately a solution is at hand: artificial intelligence (AI) programs based on knowledge models that bridge the gap because they understand compliance needs and manage relevant data that resides on the bank’s IT systems.
Data Collection and Decision Making: A Disconnect
The disconnect between compliance and IT largely results from the disparate functions of these two departments. For example, in KYC reporting managers solicit the required data from customers, and that data is housed in the bank’s IT systems. However, KYC regulations require a bank to assign a risk score to each customer, which determines how frequently the data must be reviewed. In most IT systems today, the KYC data isn’t recorded in a way that allows Compliance to assess the customer’s business relationship with the bank across all lines of business (LOBs) and assign a risk score without extensive human intervention.
A similar disconnect exists in the area of AML. Typically, a bank’s rules-based transaction monitoring system will generate alerts when it detects potentially unusual activity. To be thorough and avoid major fines, the systems are extremely sensitive and thus generate large numbers of false positives. Even mid-sized banks typically receive thousands of such alerts every day. Compliance must then scrutinize each alert, investigate the activity, and determine whether it is unusual and rises to the level of being reportable via a Suspicious Activity Report (SAR).
Several key factors explain why Compliance and IT teams seem far apart:
- Customer data is housed in separate systems that don’t interact (deposit, mortgage, credit card, commercial lending, etc.), making it difficult to collect data on customers with banking relationships across multiple areas.
- Present systems may also lack a consistent definition of “who is the customer.” This will differ for each bank and even each department. (For example: Should a bank treat a customer who already has a retail account, and then applies for a mortgage, as an existing “customer” or just an applicant?)
- Most systems require human intervention to triangulate data and determine if a pattern exists that indicates suspicious activity for AML purposes.
Current IT systems typically provide a transaction monitoring function and a case management function, but fail to provide an “investigation platform”. Such a platform would optimally provide Compliance with context sensitivity. When an alert on a high value transaction is generated, for example, software can step in to do two things. Either it helps remediate that alert more efficiently or identifies a false positive by aggregating a customer’s business profile and/or identifying frequent transactions among the same counterparties. Often, these important investigative functions are performed manually.
AI can play a valuable role in creating an investigative platform that merges data residing in IT systems with the analysis Compliance requires. Such a platform would need to offer metrics that would permit Compliance to identify common types of AML violations and patterns of suspicious customer behavior, and at the same time maintain an audit trail.
Starting Points for Compliance-IT Collaboration
Banks that wish to bridge the gap between Compliance and IT can take a number of positive steps forward:
- Create a compliance/regulation data warehouse. Bring together data from multiple systems across the bank in a single place to allow all parties to identify the data types needed to satisfy various regulations.
- Build a system that encompasses all required regulatory reporting formats. Each regulator has different reporting formats, and banks must be able to upload their data automatically into the proper format.
- Enable/Build an investigation platform that assembles all relevant data in an actionable manner. Conducting an investigation of potential wrongdoing is time consuming and sensitive. Both Compliance and IT have roles in assembling information behind an alert. Compliance officers may first identify a potential problem and formulate a theory of the apparent violation—but the IT department will have access to relevant data against which the theory is tested. The AI-enabled investigation platform unties the data and analytical tools, and adds context to the data being analyzed.
The AI Solution
AI-based compliance solutions can take the Compliance-IT collaboration to the next level. They give banks the capacity to gather and analyze data on various individual and corporate accounts—spread across disparate systems, in multiple lines of business, and across a range of geographies. To do that, AI can create an intelligent knowledge ecosystem of the banking institution, its various lines of business, the pertinent banking regulations, and legal entities, as well as banking processes. AI systems also can maintain a proper definition of banking-related terms such as “customer” and determine what fields of data are needed for a specific analysis, investigation and report, even though that data may be missing from the customer’s file. Since all data is interactive and context-aware, the AI system can absorb new data easily, handle complexity and discover hidden relationships and patterns, previously a job for staff.
Creating an effective connection and collaboration between Compliance and IT poses a challenge. But a collective understanding of the requirements for a robust Compliance management program can meet that challenge. It boils down to the use of advanced AI solutions that bridge the gap between the data collected by IT and the investigative resources needed by Compliance. With both teams working in concert, the expression “strength in numbers” takes on a whole new meaning.
Mallinath Sengupta is the chief executive of NextAngles. He has more than three decades’ experience in the IT industry including in enterprise management, account management, pre-sales, domain/ practice management, new product development, and delivering high-tech solutions to market.