Anti-financial crime: hiring more staff is not a sustainable path to deal with the burden of compliance
New technologies can help banks make compliance more efficient and less costly
The world of financial crime moves at high speed. Attacks are becoming more frequent and sophisticated. Staying compliant is difficult in this environment, but failing at compliance means large fines and dents to a bank’s reputation. There has never been a more important time to create a solid compliance strategy to combat financial crime. So far, most banks have focused on hiring more people to tackle the problem. Many are still relying on older systems to execute compliance tasks. This may work in the short term. But with the world’s leading economies going cashless and new regulations like Instant Payments and PSD2 coming into effect, this approach will soon be unsustainable. How can banks best perform their gatekeeper function? What kind of technologies and improvements can they adopt to make compliance easier and less costly? Let’s explore the current landscape and find out.
Increasing regulation to combat financial crime
In the past 20 years, banks have faced increasing scrutiny from regulatory authorities. The decade following the 2008 financial crisis was particularly turbulent, as governments heightened their fight against fraud, money laundering and terrorist financing. Banks that fail to meet KYC, sanctions and AML requirements face hefty fines.
The United States levied 91% of all global AML, KYC and sanctions-related fines between 2008 and 2018, totaling $23.52 billion. In Europe, regulators issued $1.7 billion in fines between 2008 and 2018. The Dutch government stands out as the highest issuer in the region. In July 2018, Dutch authorities strengthened AML legislation by enabling regulators to impose a turnover-related administrative fine of 20% for significant AML breaches. Fines are a great source of concern, but so is the shortage of compliance staff and the high costs associated with compliance.
A talent gap and high costs
There’s a big gap in the market for compliance talent. Experienced people are especially hard to find. Hundreds of positions go unfilled in the Netherlands alone. NOS reports that ABN Amro increased its compliance staff by 550 people in 2018. ING grew its global compliance departments by 3,000 jobs in 2018, and still has vacancies to fill. What is the operational cost of compliance?
At the moment, most banks have multiple functions and departments involved in anti-financial crime, covering detection, investigation, and reporting. A recent Ovum survey shows that operational expenditure on financial crime activities increased by 9.3% between 2015 and 2019. That increase may seem low, but by some estimates, banks spend around $270 billion per year on compliance and the growth in costs has been sustained.
Inefficient and cumbersome compliance processes also take a toll on customers. Mitek and Consult Hyperion state that banks can lose up to €10 million a year due to complex and burdensome compliance practices that turn customers away. The cumulative lost opportunity could surpass €150 million after five years. Inefficient onboarding has resulted in customer abandonment rates of 56%. At the same time, nobody wants to become a victim of financial crime, and banks are well aware of the long-term damage an incident can cause to their brand’s image. Failing to perform the appropriate checks is not an option. Not only because of the associated costs to banks, but because financial crime has a direct impact on human lives.
The human cost
A 2015 report by the Financial Action Task Force offers insight into how criminal and extremist groups exploit the sheer size and vulnerabilities of the financial sector to carry out their activities. To transfer funds, groups typically use banks, money value transfer systems, and cash - or a combination of these. They also launder money through front companies and NGOS. Even healthcare organisations and health insurance companies may be complicit in terrorist financing. The human cost of these activities is grave. All the while, banks are bracing for more transactions at faster speed, making it even harder to catch illicit activity.
The future: less cash, payment speed
The amount of transactions that will have to be screened by banks will only grow in the future. For starters, societies are going cashless. The drive towards digital payments will increase the complexity of compliance, especially in Europe, where regulations like PSD2 and Instant Payments are entering the picture. PSD2 will make the financial system in Europe more open and digital. Online retailers with a PSD2 license, for instance, will be able to fetch users’ account data from their bank and automatically charge the account for purchases once the user approves. For banks, this opens up a Pandora’s box when it comes to compliance. It’s not just about making sure they are PSD2 ready, by opening up their banking ecosystem. More access also means more transactions and more parties to check.
Similarly, banks are bracing for Instant Payments, where transfers are done within seconds. By the end of 2019, 2,360 PSPs in Europe were reachable with Instant Payments. Increased speed will make it harder to detect criminal activities. Imagine someone just stole €100,000 from an unsuspecting company by sending them a fake invoice. The first thing that the criminal will want to do is make the money untraceable. They will likely split it over multiple bank accounts that they own (through false names), or through money mules. After doing this several times, the money comes back together in one account with small enough transfers to stay unnoticed. Before instant payments, it could take hours or even days before money was deducted from one account and credited to another. There was more time to monitor all the bank accounts and more time for banks to communicate and trace the money. Instant payments will make criminals harder to catch.
Banks will need to be prepared. For one, sanction screening will need to be real-time and not batch based. However, the more effective solution is communication between multiple banks. Dutch banks are ahead of the curve in this regard. So far, five banks in the Netherlands have agreed to work together in order to fight money laundering and terrorist financing. With a central place to see patterns between multiple banks, the chance of catching criminal activity will increase substantially. Besides increasing collaboration, banks are looking to technologies like AI to make compliance more effective, efficient and affordable.
Fighting crime with new technology
Banks are betting on Artificial Intelligence (AI) and Machine Learning (ML) to ease the burden of compliance. Nearly 85% of compliance executives and over 90% of fraud executives in Ovum’s 2019 report stated that their institution is “using or actively planning to use machine learning to tackle fraud.” Many are also expanding the use of AI beyond fraud prevention. FICO, the industry’s leading vendor, can trace its Explainable AI reason reporter for fraud detection back to 1988. The software has since been enhanced with more advanced models, adaptive and predictive analytics. Now dubbed Falcon X, the software is used by 9,000 banks worldwide to detect all kinds of financial crime, including money laundering.
What’s particularly interesting about FICO’s software is that it leverages ML techniques that were developed using data from the FICO Falcon Intelligence Network, “a global consortium of transactions that spans credit and debit cards, P2P transfers, suspicious activity reports (SARs), and real-time payments.” In many ways, FICO’s network aggregates the collective intelligence of the financial sector, helping users reduce false positives while prioritizing high-risk activities.
The technology banks need to optimize compliance is already available, and many leading banks are already leveraging it to improve the effectiveness and efficiency of their compliance efforts. But there are also many organizational puzzles to solve. Perhaps the largest one is the silos that commonly separate different departments, like fraud and financial crime. According to Ovum, only a quarter of retail banks have adopted an integrated approach to financial crime systems, despite collaboration between these functions being the norm.
The good news is, the industry is catching on. More than 70% of banks that are actively looking to integrate fraud and compliance seek to do so within the next three years. With the volume of transactions set to increase, prioritizing and streamlining case management with an integrated approach will become even more important.
Hiring more and more staff will simply not be enough to fulfill anti-financial crime obligations. Banks need to apply a more integrated approach to compliance, bringing AML and fraud prevention under one roof. They will need to rely more on technology to automate screening and get smarter at detection, especially with the introduction of instant payments and PSD2. Moreover, they will need to work together to face up to the growing complexity of crime.