Change to spare: How technology meets evolving anti-money laundering requirements
The past 10 years have seen an increase in the number and breadth of regulations aimed at the financial services industry, many of which stem from the financial crisis of 2007-’08. For example, requirements for capital adequacy, and restrictions on proprietary trading, have profoundly affected the covered institution.
Yet beyond rules spawned the financial crisis, other rules have seen significant changes, too. The bottom line for the industry is that these changes aren’t about to stop anytime soon, whether in the U.S. or overseas, and technological advances will only increase the expectations of regulators in the years to come. That said, technology offers an advantage for those intent on managing future shifts in the regulatory landscape. Here’s a look at how the evolution has affected the way the banking world does business—and how technology is offering welcome help in the face of ever-increasing demands.
2001: New regs in the wake of 9/11
Major changes can be traced to 2001. In that year, U.S. regulators were tasked with implementing requirements of the Patriot Act in the wake of the 9/11 attacks (and the start of the “war on terror”). The legislation required banks to create CIP (Customer Identification Programs) to increase vigilance regarding potential money-launderers who might seek to use America’s financial system to fund terrorism and other illicit activities. This Act was meant to strengthen the rules of the Bank Secrecy Act of 1970.
The requirement for U.S. banks to continuously monitor customer activity and review beneficial ownership against watch lists—such as those kept by the Office of Financial Asset Control (OFAC) and including Politically Exposed Persons (PEP)—has hiked costs to banks for acquiring new customer relationships, and maintaining existing ones. This cost has led, in part, to the rise of third-party service bureaus over the past few years, meant to aid banks during the onboarding of clients and the Know Your Customer (KYC) process.
2015: The EU goes after money laundering
Never to be outdone by the Americans, the EU passed the AMLD IV (Anti-Money Laundering Directive) in June 2015. When in force by 2017, this directive will cover EU financial institutions and requires a risk-based approach to AML that better aligns regulation with U.S. regional banks and asset managers. It will also create a transformative impact vis-a-vis client onboarding and how ongoing due diligence is performed. Meanwhile, the need will arise to reexamine business processes and the technology used to support these new rules.
2016: Welcome to AML Whack-A-Mole
On August 25, the US Treasury Department’s FinCen unit (Financial Crimes Enforcement) announced it would expand certain AML requirements to banking institutions not regulated by the Federal Reserve, including regional banks and credit unions. This move responds to regulators’ continued efforts to identify and close potential loopholes that might be exploited by money launderers. Alas, it represents the regulatory equivalent of Whack-A-Mole.
Banks and non-banks feeling the fines
The seriousness placed on AML is further witnessed by the number and significance of recent fines leveled to banks and even non-bank institutions. For example, Caesars Palace, a major player in the global gaming industry, was recently fined $9.5 million for lax standards of due diligence relating to AML. Obviously, not just large banks show up on the regulator’s radar.
Regulation 2017: A pain in the tech? Or the next big data thing?
In fact, as technology has advanced, so have regulators’ expectations. Banks now utilize, or at least examine, the viability of various new tech solutions. Big data technologies such as Apache Hadoop, with its enhanced processing power, allow institutions to sift through enormous piles of data. This includes information obtained through social media, which can continuously monitor clients and beneficial owners. Hadoop can provide the backbone of an AML platform by including functionality to facilitate predictive analytics, and which can be used for data collection and preparation, evaluation and investigation. This helps financial institutions stay a step ahead of those wishing to use their banking relationship to further illegal activities.
During client onboarding, financial institutions must perform the Know Your Customer (KYC) or Customer Identification Program (CIP) process. By utilizing these tools, financial institutions can monitor activity and “flag” behavior that falls outside the expected norms. This unusual activity might signal suspicious behavior—or just a change in business operations. Regardless, this would merit a review by a member of a bank’s AML team. Case management solutions can now automate the generation of investigations by AML investigators. The goal: Identify potential issues more consistently and thus reduce omissions and false positives.
RPA saving the day
Another technology, Robotic Process Automation (RPA), utilizes a form of artificial intelligence. It’s now embraced by many major financial institutions as an alternative to using humans for various mundane, repetitive tasks. The major drivers are cost reduction and improved efficiency, as software robots can complete tasks currently performed at offshore locations. Perhaps in tandem with other technologies, RPA can be leveraged to improve efficiency, reduce onboarding costs and maintain the due diligence of an institution’s client activities.
Putting it all together: Utilization meets expectation
Banks will face challenges implementing these technologies. Integration and governance of data sources ranks among the most onerous issues banks face in other regulatory areas, such as Comprehensive Capital Analysis and Review (CCAR). This is because data is often maintained across various platforms and data models. If institutions lack a central utility for onboarding, they must normalize and integrate to derive the most benefit from these new data and analytical tools.
As the past few years attest, the number of new and updated regulations continues to increase. And the burden it places on banks and other financial institutions globally has proven dramatic: It forces these institutions to review their operating models, data and technology. But advances in data processing tools help banks to leverage information, structured and unstructured, from sources as varied as internal applications to social media.
In the end, the costs of these implementations, including RPA, must be considered a necessity and opportunity to improve efficiency in an area that once required teams of analysts and investigators. New technologies can provide the mechanisms—coupled with the implementation of business processes—that best leverage these new capabilities. And that’s good news, because as utilization of these data automation tools continues to grow, expectations of regulators are bound to rise as well.