AI: The New Way of Doing KYC and AML
Money laundering is a massive financial drain on the global economy. The amount worldwide is estimated at up to $2 trillion annually, or about 5% of global gross domestic product.1
In addition to its size, the complexity of fighting money laundering and complying with regulations has escalated. The increasing number of banking channels, digital payment networks and alternative avenues (casinos, virtual currencies, transaction laundering) keeps financial services executives up at night. Meanwhile, regulatory expectations are more demanding than ever.
To counter these problems, banks are making huge investments in know your customer and anti-money laundering technologies. That spending, however, has not prevented an overall increase in AML fines; worldwide, financial institutions paid almost twice the amount of fines in 2019 as they did in 2018.2 With fines as large as $8.9 billion, sanctions can put a significant dent in an institution’s coffers and can massively tarnish a bank’s reputation.3
So why haven’t these investments borne fruit? Generally, most KYC and AML efforts use a rules-based approach that’s slow, manual and mired in bureaucracy.
Customers are onboarded without effective due diligence. Payment screening is slow and lacks robust data. And transactions are monitored without appreciation for different money laundering types, risks or regulations. Further, AML staff spend much of their time working on low-level case management tasks, such as data collection, cleaning and aggregation, when they should be diving deep into connections among various alerts, accounts and rogue beneficiaries. Also, AML reports require significant manual intervention; dynamic visualization based on new data is impossible.
All this taken together leads to far more suspicious activity reports (SARs) being created. Many are low quality and further reduce operational effectiveness. In fact, only 7% of all SARs are considered noteworthy by regulators, even though the number increased by 20% from 2019 to 2020.4, 5
What financial institutions need is a new way of successfully screening and profiling customers while ensuring that the transactions of current customers are lawful. Such a solution would be flexible, adaptable and risk based — pooling bank systems’ data and third-party databases. The ideal system would also utilize real-time insights from news outlets and social media as well as AI to target the right people at the right time. If successful, financial institutions could reduce the number of false positives and prioritize alerts by the amount of money and reputational risk at stake. A workflow framework for this new system can be seen in Figure 1.
Figure 1. New KYC-AML workflow that uses AI and machine learning
|Bank System Data||External Data|
|Customers | LOBs Applications | Transaction | Employees||Government and third-party databases (sanctions / watchlists) | News sites | Social Media|
|KYC and ClientOnboarding||Payment Screening||Transaction Monitoring||Alert and Case Management||Reporting|
||Transaction pre-execution screening to prevent illicit fund transfer and allow only those transactions that comply with the laws||Post-execution transaction monitoring to identify suspicious behavior (e.g., funnel account, high velocity, structuring, round-dollar transactions, activities outside of customer’s expected account profile, etc.)||
|Illustrative AI/Machine Learning Enablement|
Source: Infosys FinCrime Division
In this new paradigm, AI would be used to:
- Perform remote KYC operations and assess customer risk using natural language processing, robotic process automation and cognitive computing.
- Screen customers based on media, sanctions and watchlists using NLP-based linguistic search, fuzzy name matching capabilities and sentiment analytics.
- Intelligently profile and segment customers based on real-time transactions, such as those customers engaged in high-volume online credit transactions in a particular business type and geography.
- Perform sophisticated link analysis to uncover hidden, complex and multilayered relationship networks among entities.
- Continuously analyze and learn from numerous data sources to unearth clues that point toward new, complex money laundering schemes.
- Perform real-time, risk-based transaction monitoring that can deliver a highly refined transaction risk score. These scores should take into account historical SAR data, case management files, data from the U.S. Office of Foreign Assets Control and the Specially Designated Nationals and Blocked Persons List, other sanction databases, and news and social media posts. Further, such intelligence would identify unusual transaction profiles and suspicious transactions related to unknown counterparties, originators and beneficiaries.
- Bolster alert and case management capabilities by learning from past investigations. Further, the solution would enable auto-hibernation of low-risk alerts, providing time to gather more information on customer activity and build a comprehensive case.
- Provide intelligent and dynamic reports, dashboards and visualization tools — including SARs in different formats. AI would also offer intelligent insights into investigation timelines, alert volumes and analyst productivity; support visualization of customer networks and funds movements; and generate case notes using NLP and graph analytics.
The use of AI and machine learning systems for KYC and AML is already showing benefits among financial institutions. AUSTRAC, the Australian financial intelligence agency, has collaborated with academics to use AI to detect suspicious activity, uncover unknown money laundering networks and flag transactions for further investigation.6 HSBC, partnering with Silicon Valley AI startup Ayasdi, is using the technology to automate AML investigations and substantially increase operational efficiency.7 Further, SAS offers an AML solution that reduces false positives by 80%, achieves more than 90% model accuracy and improves the SAR conversion rate fourfold. Its capabilities also support real-time screening and instantaneously detect beneficial owners, sanctioned entities and links between previously unflagged networks. SAS has also leveraged RPA to minimize manual efforts and reduce case review time by as much as 30%.8 , 9
Moving ahead with AI in KYC and AML
However, such methods come with a caveat. To truly reap the benefits from AI in efforts to catch and prevent money laundering, firms must take a measured view of their as-is state, pay attention to the data used in AI models and ensure the models are strengthened through appropriate governance. Figure 2 outlines an implementation framework that can quickly bring large businesses up to speed in their own KYC-AML transformations.
Figure 2. Key considerations when adopting AI in KYC-AML
Source: Infosys FinCrime Division
Approach — Given the nature of black-box AI systems, regulators are currently more comfortable with the old approach to KYC-AML. Implementing AI should therefore be undertaken carefully, using a measured and gradual approach. This entails what is known as a champion-challenger implementation, whereby traditional rules-based methods and AI solutions are run in parallel, with lessons utilized to improve rules-based solutions and optimize models. Once AI has been ingrained in the organization and outcomes proven to the C-suite, a switch to AI models can occur. Following this approach, analysts and investigators can become comfortable with the new systems over time, reducing the amount of friction executives would face from a sudden large-scale implementation.
To implement AI, firms must ensure both data and models have appropriate governance in place
Data aspects — No matter how sophisticated, AI cannot create accurate customer profiles or conduct thorough link analysis if the data itself is suspect. Financial institutions should therefore invest heavily in data management and governance, if the AI models are going to be worth their salt. Internal systems data should be accurate, consistent and complete. Also, financial institutions should consider implementing a data lake infrastructure for various accounts, transactions, case management and other use cases. With this in place, data availability would increase and projects would be at once higher in quality, flexibility and scalability. For external data used to screen customers and perform transaction monitoring, exhaustive data sources — commercial, government and open source — should be used.
Explainability — Many regulators believe that AI is difficult to understand and put the technology under the microscope, given the heightened risk that something might go wrong. To assuage their concerns, firms will have to prove they have adequate governance and that the systems are both transparent and auditable. Financial institutions should focus on strengthening governance and impressing upon regulators that the validation and reporting process is compliant with data security and privacy regulations. A good audit trail is necessary, and model owners should be able to explain clearly, and in simple language, how the models work. Further, explainability requires that the results should be reproducible when using the same inputs.
But AI isn’t a panacea for fraudulent activity
Banks are acutely aware of their responsibility to prevent money laundering. With billion-dollar fines, never has it been more important to ensure that money flowing between entities is aboveboard and that new customers aren’t engaged in illicit activities. More automation, AI and other technologies are needed to quickly understand the growing risks and take measures to mitigate the impact of nefarious customer activity.
Advanced technology can quickly and successfully determine whether a shell company — operating in a tax haven — is ultimately controlled by a sanctioned individual. Then, it can open a case automatically and generate reports based on the amount of money at risk using NLP. However, it should be remembered that AI isn’t a panacea for fraudulent activity. “Technology can help with efficiency and compliance costs, [but] cannot mitigate all risks and cost factors,” says Neil Whiley, director of sanctions at UK Finance, a trade body.10
With billion-dollar fines, never has it been more important to ensure money flowing and customer activity is aboveboard
That said, better and more explainable AI is set to change the nature of KYC, AML and operations, ensuring that the freezing of funds is backed up by solid evidence of wrongdoing while significantly reducing the chance that new customers are embezzling money at their expense. If they get it right, financial institutions can reduce operational expense and build a proactive AML strategy that is compliant and transparent to auditors and the public at large.
- Money Laundering, United Nations Office on Drugs and Crime
- Global money laundering fines double as banks pay up to £6.2 billion ($8.14 billion) in penalties, Nick Till, 21 Jan, 2020, Bdaily News
- Banks adopt AI to manage sanctions and compliance risk, Alice Ross, 30 Jan, 2020, FT
- Augmenting your AML with AI: See the risk signals in the noise, Feedzai
- UK Financial Intelligence Unit: Suspicious Activity Reports, Annual Report 2020, National Crime Agency
- Making a difference: Outcomes of ARC supported research 2016-17, Australian Government/Research Council
- HSBC partners with AI startup to combat money laundering, Anna Irrera, 1 Jun, 2017, Reuters
- Fight Fraud and Financial Crimes With Analytics and Artificial Intelligence, SAS
- AML solution of the year: SAS, 25 Sep, 2020, Risk.net
- See number 3