Anti-money laundering

Many see KYC and AML compliance as a box-ticking exercise and a colossal waste of time that does very little to stop financial crime at its source. Liz Lumley investigates.

Last month, a two-month long Interpol operation codenamed ‘First Light 2022’ saw 76 countries take part in an international campaign to expose the organised crime groups behind telecommunications and social engineering scams, particularly telephone deception, romance scams, e-mail deception and connected financial crime.

Although results were still being published at time of press, around 1770 locations that have been raided worldwide, with 3000 suspects having been identified; 2000 operators, fraudsters and money launderers have been arrested; 4000 bank accounts frozen; and $50m worth of illicit funds intercepted.

The estimated amount of money laundered globally in one year is between 2% and 5% of global gross domestic product, or between $800bn and $2tn. Due to the clandestine nature of money-laundering, it is difficult to estimate the total amount of money that goes through the laundering cycle, according to the UN Office on Drugs and Crime.

Age-old problem 

As long as there have been banks, there have been bank robbers. Nefarious characters, from petty scammers to international terrorist organisations, have sought to infiltrate and extract money from the existing banking rails to fund their activities in increasingly sophisticated ways. Financial crime and money laundering are both extremely broad terms, and could cover anything from tax evasion and insider dealing through to bribery, corruption and terrorist financing. What they have in common is the illegal transfer of funds.

Fraud prevention and trade surveillance technology company Nice Actimize notes in its 2022 Fraud Insights Report that “banking fraud continues to rise, with an 41% increase in attempted fraud over the last year”. The report showed that as the use of mobile devices in banking and payment transactions have increased, so too has fraud, with 61% of attempted fraud attacks through mobile apps account takeovers. According to the recent Global Fraud and Risk Report from corporate investigation and risk consulting firm Kroll, the banking sector was the second hardest hit by fraud, illicit activity and corruption, with 84% of organisations having conducted an internal investigation in the last three years.

Given that banks are often at the centre of fraud and crime involving money and payments, longstanding know your customer (KYC) and anti-money laundering (AML) procedures are in place at most banks. With the recent war in Ukraine, scrutiny around sanctions screening has also intensified.

Even with recent successful operations such as First Light 2022, many within the banking and financial services sector see KYC and AML compliance, at best, as a box-ticking exercise and, at worse, a colossal waste of time and money that does very little to stop financial crime at its source or look at the widespread global issues fuelling fraud in any systematic way. 

Little progress

According to research from Thomson Reuters, completing the KYC process usually costs banks more than $60m annually. This is crucial step in the compliance process that is meant to lessen the threat of money laundering activities; however, financial institutions were hit with $10.4bn in fines for AML violations in 2020, with Capital One, the largest US bank fined, ordered to pay out $390m by the Financial Crimes Enforcement Network for AML violations under the Bank Secrecy Act.

As early as 2018, Rob Wainwright, the then outgoing boss at Europol, the EU agency for law enforcement co-operation, sounded the alarm over inadequate processes to trace and stop financial crime. Commenting at the time, he said: “Professional money launderers … are running billions of illegal drugs and other criminal profits through the banking system with a 99% success rate … the banks are spending $20bn a year to run the compliance regime ... and we are seizing 1% of criminal assets every year in Europe.”

Four years later, many look at the international efforts to stem the flow of financial crime and see little change. 

“There was an assumption for a long time that the way that you solve financial crime was to do more than banks because banks were lazy,” says Shane Riedel, founder and CEO at Elucidate, a financial crime risk management company that supports financial institutions to benchmark and price new financial crime risk. 

However, he adds that he has seen many banks drastically increase the number of people working in compliance to tackle these issues, reaching as much as 15% of overall staff. “Over the past two years, we’ve seen an extreme increase in financial crime, so despite all that investment, we’re still getting poor outputs,” he adds. “Throwing good money after bad is not the solution to this problem.”

New regulations

Mr Riedel urges global regulators to give banks space to try new options to tackle financial crime, most notably to view it as a risk and not simply as a compliance issue. “We encourage the banks with whom we work to look at financial crime as a spectrum — how much risk are you prepared to take? [Banks need to] monitor that risk the same way they monitor credit, audit, actuarial and market risk,” he says. “Risk management is built into the DNA of bankers, but we’ve sacrificed that in order to make regulators happy.”

There have been several regulatory upgrades and enhancements to AML, as well as combating the financing of terrorism frameworks over the past year. The EU released its ‘Sixth AML Directive’ at the end of 2020, which aims to harmonise the definition of predicate offences against money laundering, which now also include cyber crime and environmental crime, by all member states.

In Nigeria, President Muhammadu Buhari signed into law three separate AML/CFT acts this spring. These included the Money Laundering (Prevention and Prohibition) Act, the Terrorism (Prevention and Prohibition) Act and the Proceeds of Crime (Recovery and Management) Act. The Money Laundering Act will have the most far-reaching consequences for financial services firms, as it replaces earlier legislation first published in 2011.

In Sweden, the Swedish AML Intelligence Task Force-initiative — a collaboration between Danske Bank, Handelsbanken, Nordea, SEB, Swedbank and the Swedish Policy Authority — was launched as a pilot project in June 2020 to explore ways to improve co-operation in the fight against money laundering, organised crime and terrorist financing. 

Pulling together

Despite global efforts to improve AML, one of the main barriers to tackling financial crime is that every bank does KYC and AML “slightly differently”, and feel their methods of fighting fraud and crime is a competitive issue, according to Paul Thomalla, global head of payments, Finastra.

“I would argue fraud is a battleground, not a competitive story,” he says. “If you do sanctions checking at the bank, there’s literally a person that updates the records — it’s antiquated,” he says. “My argument would be that all of that should be [connected to a utility] and shared, so that you can fight [the criminals] with the combined might and intellect of all the banks.” 

Todd Raque, financial crimes compliance and AML executive at fraud and financial crime management firm, Featurespace, echoes this sentiment. “The hard truth is we will never be effective in the fight against financial crime until we become more effective working together and building real actionable intelligence for both law enforcement and banks to use simultaneously,” he says.

The preconditions for banks to collaborate are difficult to meet, but not impossible, according to Theresa Bercich, vice-president of product at AML software provider Lucinity. Secure and innovative ways for banks to collaborate can be fostered through a central compliance hub, where pseudo-anonymised data can be used to complete the bank’s picture of the customer, without knowing where it is coming from, she adds. 

That said, rolling out digital identities (IDs) could have a huge impact in the compliance world and would make commotion financial crimes even harder, says Ms Bercich.

“Digital ID is slowly being adopted by regulators and governments, but is not generally available and universally accepted, making it an additional pain rather than universal standard for financial crime fighters,” she adds. “Digital IDs need to gain more traction in the population, more regulatory certainty and a wider user base.”

According to Naomi Palmer, senior consultant for fraud, authentication and anti-financial crime in Europe, the Middle East and Africa at data analytics company Fico, a major part of fraud prevention is public awareness, as “unfortunately the victim is often the weakest link in the chain”.

She says that banks have limited resources available to share financial crime intelligence, but many “are doing the best they can with the tools available to them”. 

Ms Palmer notes that there are organisations that provide consolidated intelligence to banks, but much of this is information which already exists in the public domain, such as public and commercial sanctions lists, and enriched data about politically exposed and sanctioned persons. However, “sharing of internal intelligence between banks is uncommon and generally limited to joint ventures, common business or market collaborations, or other similar agreements,” she adds. 

Because banks need to take extreme care with confidentiality and protection of customer data, any data supporting KYC processes is highly confidential and cannot easily be shared due to regulatory restrictions, says Ms Palmer. “Another obstacle for many banks is that although they may have modern tools in place to automate case-loads, they are generally not designed to facilitate the onward sharing of data. With ever-increasing workloads, many compliance teams are focused upon the task-in-hand of completing quality investigations, and have limited resources available to improve the processes behind sharing of internal intelligence.” 

In addition to technological limitations, many KYC and AML procedures remain manual at banks. “All KYC/AML cases — even if they were raised in an automated manner — must be investigated and information manually gathered for any suspicious activity report,” says Ms Palmer. “These manual elements become increasingly juxtaposed with, and hinder, the digital-first momentum of banks’ business strategies and consumer expectations.”

She agrees that regulatory scrutiny does limit banks’ scope to address issues around financial crime in a creative or innovative way. However, Fico sees “huge opportunities in the compliance machine learning space to auto-discount obvious false-positives in KYC/AML case reviews, and enable the digital-first transformation of KYC and AML workflows,” she adds. 

AI as a solution

Players across the financial industry are experimenting with artificial intelligence (AI) to tackle the thorny issue of financial crime. HSBC started developing its Dynamic Risk Assessment (DRA) programme in 2018, later partnering with Google, to improve its financial crime risk management by moving away from the traditional rule-based approach, which is not particularly effective in detecting financial crime. Instead, DRA uses machine learning and advanced analytics to better detect financial crime, and does so quicker and “with less customer friction”, says Jennifer Calvery, group head of financial crime at HSBC.

 “We are moving away from the industry’s standard approach of using a binary rules assessment to identify potential financial crime on a transaction-by-transaction basis and towards harnessing the power of the cloud, HSBC’s data and machine learning and AI techniques. A more contextual approach, leveraging a broader set of data, will enable us to build a better picture of our customers’ behaviour and activity,” she adds.

DRA brought together HSBC’s unique data assets with AI and cloud technologies to achieve financial crime insights that were previously hidden. “All three of these capabilities existed prior to the programme, but the ability to contextualise all our customer, account and transaction data at scale, and then to identify new patterns or behaviours, was only realised when these three capabilities came together,” Ms Calvery says.

The system is providing a step change in the industry’s risk detection capabilities and still has room to grow for future development. “Up until now, the financial industry has been largely reactive to emerging financial crime risks. With DRA, we are now able to harness at scale the type of data-driven insights that we could normally only expect from a relative handful of our best investigators,” she adds.

Despite his criticism of the current state of tackling financial crime, Mr Riedel at Elucidate remains optimistic about the future. “I think that there’s a future where data is used to manage financial crime risk better, to predict it more effectively, but also to improve customer experience and to lower costs for customers,” he says. 

PLEASE ENTER YOUR DETAILS TO WATCH THIS VIDEO

All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker



For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Join our community

The Banker on Twitter