Balancing act: Data-driven strategies for FinCrime prevention and compliance

Senior leaders from across the financial services industry gathered in central London to explore the challenges and opportunities for firms as they face growing pressure to combat financial crime

Financial institutions in 2023 are facing increasing sophistication from criminals, while also having to stay on top of a dizzying array of regulatory requirements such as the EU Anti-Money Laundering Directives and Bank Secrecy Act in the US. These issues will only become more pronounced in the coming years, with a data-driven approach to tackling FinCrime emerging as the best solution for financial services.

At a roundtable event hosted by FStech and SmartSearch, industry peers explored the dynamic landscape of financial crime detection and compliance whilst examining the pivotal distinction between digitalisation and innovation.

Attendees also discussed the role of AI, the cloud and Open Banking, while considering wider cultural factors such as cross-border risk-based decision-making, corporate buy-in, and local vs. global approaches to preventing and combatting FinCrime.

Zowie Lees-Howell, vice president of enterprise sales at SmartSearch opened the roundtable with some initial thoughts. “So, as we’ve all seen, the landscape is changing and has done over many years,” she said. “Recently the fraudulent activity has become a lot more sophisticated.” She continued: “We’d probably all agree that a lot more transactions take place online. I, like probably most people in this room, very rarely carry a purse with me anymore, everything is on my phone. So, that opens an avenue for people to be a bit more sophisticated in terms of their activity around financial crime.” Lees-Howell talked about how there has been a move from a rules-based approach when it comes to tackling financial crime, towards a “data-driven approach”. “Lots of organisations such as yourselves and across many different industries require more and more data,” continued Lees-Howell. “That creates a whole heap of challenges in itself.” She said that there are many large organisations that have access to and sit on databases of millions of transactional and customer data. Lees-Howell concluded: “What the issue is though, is them getting to the data that they need to make the right decisions. As well as this, they need to mitigate any risk and ensure that the digital journey for customers is as frictionless as possible".

Challenges

Senior leaders from across the financial industry began the discussion by focussing on the most significant challenges for firms in combating financial crime and exploring how data-driven approaches can address these issues.

One head of KYC transformation from a large bank highlighted the cost of compliance as a top challenge for their organisation. Another industry peer specialising in banking risk advisory and governance at a bank said the organisation’s main issue is around data. Similarly, the head of KYC reviews at an investment bank agreed that the availability of data is a key consideration for their firm. Meanwhile, one head of compliance working for a private wealth business said that the most pressing challenge in combating financial crime is access to good quality resources and people. The head of conduct risk at a challenger bank said that “getting a balance between integration and constant reiteration of controls, and customer experience” were the top challenges for their organisation. One senior leader said that the evolution of new technology has made addressing financial crime more difficult.

Jade Kirk, enterprise business development manager at SmartSearch said focussing on both customer risk and the journey they take them on can be a difficult balancing act for firms. One head of financial crime working for a bank talked about the retention of staff as a challenge. “They stay six months to get the experience, then they’re given £2 extra a month,” they said. “So, do you invest in staff or not?”. They continued: “And the quality of data – we rely on info from companies house – now they say they rely on banks for the information.” Another senior leader working on the regulatory reporting side of things said that cybersecurity is top of the list for their firm. “The sophistication of how financial crime is done is developing – they’re using AI to impact your firm,” they explained. “Tech is a risk but at the same time you need technology to deal with the risk.” A senior anti-financial crime leader working for a small bank talked about how challenging it has been joining the company from a larger institution. “It’s key to have a proper workflow tool,” they said, adding that the firm has experienced lots of duplication of efforts. They added that a fit-for-purpose transaction monitoring (TM) system is necessary to adjust the rules.

Digitalisation

Next, the group looked at how digitalisation can improve efficiency and reduce operational costs in FinCrime detection and prevention.

One head of perpetual KYC transformation talked about how the bank they work for is using external data to change how reviews are conducted. “The work that we’ve done at the organisation has been completely in that space,” they said. “So, using external data to change the way in which reviews are conducted, automating data sourcing, automating the assessment of data, providing up pre-processed profiles to analysts to the manual components.” They continued: “All of those types of things have been initiatives where we’ve been able to deliver some decent sort of operational saves. The monitoring and control environment we’ve got in place has also been quite a useful tool and we’ve got our big one which is essentially using monitoring of data, internal transactional and external data, and using that as the basis to move clients to what we call our events-based model, which is using that data to trigger the reviews rather than laps around the sun.” One head of conduct risk and compliance from a small bank said that their company started out with perpetual KYC. “So, whether that kind of foresaw the problems everyone else was encountering is a question but we kind of felt like, why would you just look at one set point in time? Customers change, right?” they told the group. “You respond to that change and you use the data to inform trigger reviews throughout the course of the life cycle – any opportunity you have to learn more about the customer you consider as a result.” The head of risk advisory and governance at an international bank said that one of the challenges their organisation fixes relates to doing business with clients in several jurisdictions that have complex in-country KYC requirements for the same type of clients. “We have instances where one client is doing business with 15 different booking locations and sometimes 20 different booking locations,” they said. “And we’re kind of looking at what the individual country requirements are and what the common denominator is. And then we look at the additional requirements.” They continued: “When it comes to implementing a form of perpetual KYC, the challenge we’ve got is that – certainly in the correspondent banking space – we cover 1300 clients globally across 45 different markets. Almost 45 percent of the portfolio is DNE rated clients from a CD risk rating perspective. And so, by the time you’ve finished one review, you have to get the next review, and then you’ve got to top up these additional requirements and it just feels like you’re constantly chasing your tail.” One senior leader said that it would be useful to have a solution that is not just local to each country and instead have a system that is international and globally linked. “It would be nice to search a company and if they have any dealings in the different countries it actually pulls it all together so you can see and you’re able to actually access Companies House in developing countries as well,” they said. “That is one of the key things that needs to be sorted out.” The head of KYC at a large bank said that one thing that is often overlooked in the digital data journey is around monitoring the client base and having control of it. “So, we’ve been able to unlock a number of savings in the past year through both digital and bottom-up Kaizen based approaches,” they explained. “Controlling the database of customers through dormancy logic, not only for your traditional dormant clients that aren’t making transactions anymore, but for the different countries and jurisdictions being able to pinpoint where the traders are no longer booking into and then suggesting during the periodic cycle, ‘hey, we noticed in the past two years you haven’t transacted with Korea – can I kill that because that’s killing you with what I’m asking you in terms of requirements’.” They concluded: “So that kind of data-driven approach has unlocked a lot of benefit.” One senior anti-financial crime leader working for a small bank said that in their previous position working for a larger institution, the company shifted its central repository to change to one with machine learning capabilities. “I think it was really useful because the more we used it – first and second line – it eventually learned some of our responses and a lot of times you’d get a referral for the second line from the first line that could be easily addressed without any need to escalate to the second line,” they explained.

How AI, ML and data analytics has evolved

Attendees then moved on to look at how the role of AI, machine learning, and data analytics has evolved in enhancing financial crime detection and explored some of the emerging trends in this space. “They kind both offer slightly different ways of getting to the same answer,” the head of conduct risk and compliance at a small bank explained. “And so, I think machine learning has got opportunities to massively reduce your false positive rate in a way that the static rules don’t. And I think that’s the real opportunity.” They continued: “But you do need a massive amount of data, so you’ve got to have the data, you’ve got to kind of know how to work it, and you’ve got to have oversight as well because it’s not like you just press the button and let the machine do its job. You’ve got to have oversight and governance and supervision.” They talked about how the organisation is lucky enough to have a chief scientist that understands financial crime, explaining that the personal relationship between the organisation and data science team is important because it gives everyone confidence that the company knows what it is doing.

SmartSearch’s Zowie Lees-Howell responded by pointing out that this mention of a relationship between different teams related to challenges highlighted earlier in the discussion about being able to secure the right resources and expertise.

AI use cases

One senior leader asked the group how they are currently using AI because, they said, while the technology is being used a lot in the industry to get rid of false positives during screening, that appears to be the bulk of the use cases.

The head of risk advisory and governance at a bank talked about an AI tool the organisation is currently using. “So, essentially it reduces false positives on transaction monitoring, building in an in-built machine learning to learn from itself and then progressively reduce the total number of false positives,” they explained. They were then asked about how the company avoids model bias. “There’s a lot of back testing and additional testing and validation that goes on in terms of identifying the false positives that were discounted and then validating whether those discounts were correct,” they continued. “And if not correct, then deciding what further amendments can be made into the programme to make sure that those false positives are more fine-tuned.” The head of conduct risk and compliance at a small bank said that the organisation they work for is looking at a particular proof of concept. “We’re using an organisation that uses AI to pose a series of questions at the onboarding stage to help filter and triage higher risk clients so that those customers representing a higher risk require a kind of manual review,” they said. “There are opportunities there again to reduce that manual labour head and make sure that highly skilled analysts – while they’re great at what they do, like everyone we don’t have enough of them – are being used on cases where they will have the most value.” They continued: “I don’t want to see their time wasted on kind of low-risk stuff where there’s very little to go with.” One head of perpetual KYC at a large bank said that the organisation’s executive team are obsessed with anything generative AI-related and how the natural language processing capability can be used. “So, we’re looking at some pilot pieces around data capture for certain types of forms and that sort of thing where you plug in a GenAI assistant to help with questions or queries to help the client answer it in a way that takes it away from an analyst or a client manager’s to do list,” they said.

One head of financial risk analytics at a large bank said that the challenge is that the industry is moving from deep learning towards generative AI and more specifically large language models. “The large language model can hallucinate, this is where they can create your false positive,” they warned. “The positive aspect of it is that you don’t necessarily need to train them, but you can fine tune them – and that typically requires less computing power, but much more subject matter and expertise.” They continued: “This can be highly valuable because you can effectively dedicate a specific model to a specific task.” They also warned about executive impersonation when it comes to GenAI. “The more public you are the more exposed to the threat you are,” they continued. “So, with all the people publishing their photo on social media, they become a target of fraudsters using their identity to generate false documents with genAI.” One senior anti-financial crime leader said that their organisation is currently shifting to a new TM system. “Beyond the real time detection and reducing false positives, one of the reasons why we selected this tool is because of its behaviour intelligence capabilities,” they added. The discussion ended with some final words from Zowie Lees-Howell from SmartSearch. “When it comes to AI and machine learning, having somebody to sometimes interpret the results of that is really important,” she said. “To put emphasis or transfer to a more automated kind of fashion, always comes with some kind of reluctance or potential reservation because you will always want to check that it’s going to work.” She added: “So, it’s interesting to see how that will adapt. I always compare it to when Open Banking was launched. Everyone said it’s never going to work; you’ve been told all these years never to give your user ID and Password out and all of a sudden now you’re asking consent to access transactional data, and that’s evolved over time."

Discover more by visiting SmartSearch.com