More than 30 years ago, in response to mounting concern over money laundering, the Financial Action Task Force on Money Laundering (FATF) was established by the G-7 Summit. One decade later, in the wake of the 9/11 event, the regulation associated to the Know Your Customer (KYC) analysis and Due Diligence was accentuated.
On the European side, we clearly see an quick evolution, the first Anti-Money Laundering Directive (1AMLD) was agreed upon in 1991, followed by three more updates of this regulation over the next 14 years. To face the fast(er)-evolving financial transactions landscape and linked anti-money laundering challenges. 4AMLD, 5AMLD, and 6AMLD were all created within the past 5 years.
Today, with a worldwide estimation of the money laundered evaluated at 2 000 billion $ every year and the terrorist threat being considered as the biggest security problem of the 21st century, it is fair to say that a lot has still to be done to further improve the monitoring of customers and transactions and to reinforce the collaboration between the various institutions and counterparties involved in the Financial Transactions landscape.
To make sure all involved parties duly implement the AMLD regulations, we witness more frequent and strengthened controls by the regulatory entities, the so-called preventive inspections. These audits result not only in an increase in the number of fines, but we also witness an increase in the amount of these fines. As well as after every important cases, the default of prevention by the financial institutions are automatically assessed with potential huge fines (Examples: Deutsche Bank faced a 150M$ fines following the Jeffrey Epstein case, ABN Amro recently settled for 480M€, etc.)
How the Regtech could help in the Frame of KYC/AML
In the past, most Financial Institutions have developed in-house tools supporting the customer & account data verifications and the financial transaction monitoring, as these tools needed to be integrated in their (complex) data & software architecture.
The current fast evolving evolutions in new transaction technologies (Crypto currencies, instant payment,..) and the expansion of the inquiring and reporting obligations towards the regulator, have created a fertile soil for the development of new RegTech solutions. In addition, the implementation in the European area of the GDPR regulation, with the possibility for customers to have a say in which data is collected and how it is stored, has put even more complexity to the implantation of the KYC process, pushing all involved entities to look for new (technological) solutions to support their KYC & AML processes and controls.
Furthermore, the above fertile soil for the development RegTech solutions has been supported by the regulatory institutions who have identified the potential of these new RegTechs and launched multiple initiatives to promote them. Some examples amongst many:
Publication by the FinCEN and the FBAs of a “Joint Innovation Statement” encouraging industry to consider, evaluate, and where appropriate, responsibly implement innovative approaches to AML/CFT; Publication of the FATF of “Opportunities and Challenges of New Technologies for AML/CFT”; establishment of Financial Technology Regulatory Sandbox (Sandbox) by Bank Negara Malaysia (BNM) or Hong Kong Monetary Authority…
To help the financial institutions to correctly assess these new technologies to support their KYC/AML processes, the FATF have published a dedicated guide which highlights the various risks linked to these technologies as well as the attention points to ensure the technology comply with the FATF recommendations for the customer due diligence.
The latest technological evolution in Big data, Artificial Intelligence, API, personal identification enable new Technology start-ups or major IT companies to propose easy to install solutions that can quickly evolve with the legislation and that mutualize the development costs. RegTech solutions accelerate and strengthen companies’ processes to meet their AML obligations, as these solutions reduce the workload of companies by automating AML controls and help them manage their risks.
In the continuation of the article, we will document some of the solutions we witness being developed by the RegTech companies to facilitate companies’ KYC & AML compliance processes. Most of them have been developed as SaaS (Software as a Service) with a full suite API (« Application Programming Interface ») to simplify the implementation and integration in the existing ICT landscape as much as possible.
Challenge: Customer Identification
RegTech, often in collaboration with local governments, have developed different technologies to digitize and ease the customer onboarding journey by automating all the processes linked to the customer identification. The main goal is answering “Who are you” with a high degree of certainty without resorting to face-to-face interaction and the exchange of physical documents.
RegTech Solutions – From Physical to Electronic ID
The traditional onboarding process based on paper documents (ID card or passport, driving license, Tax declaration or invoice for address proof,…) is/was very time consuming, inconvenient for the customers and is/was composed of repetitive tasks for the employees with a challenge on the quality of the controls & data input.
In countries where Electronic IDs exist, we witnessed solutions being implemented based on electronic card readers. However, this process has also proven cumbersome for the customers as they need this physical device (card reader), which is often left at home.
RegTech Solutions – From Electronic ID to Digital Identity Wallet
The increasing number of personal data issues reported in relation with the on-line services has motivated the emergence of the concept of a digital, Decentralized Identity. The purpose of this concept is to give back control of identity to consumers using a Digital Identity Wallet in which they collect verified information about themselves from certified issuers (such as the Government). These technologies are based on the storage on a centralized or de-centralized (blockchain) way of encrypted data that are certified by digital certificates.
By controlling which information is shared from the wallet to requesting 3rd parties (e.g., when registering for a new online service), the user can better manage his/her identity online and their privacy – for example, only presenting proof that they’re over 18 without needing to reveal their actual Date of Birth. Furthermore, this wallet is always accessible via app or web without the need of a physical card reader, improving thus the customer journey.
RegTech Solutions – Digital Identity Authentication
With a continuous rise in identity fraud, correctly verifying the identity of an individual is critical to increase (digital) security and reduce crime. To face the issue, new kinds of technology-based ownership and inherence authenticators have been or are being developed and deployed with significant potential to strengthen digital identity authentication processes for AML/CFT compliance purposes.
To increase the level of protection, Three-Factor Authentication introduce different layers of protection by verifying “Something you know” (e.g. passwords), “Something you have” (e.g. Phone or other token) and “Something you are”.
The third Factor introduces the highest level of security by verifying elements about something that the user “is”. Based on new technologies, RegTech are developing many solutions in this area like:
- biophysical biometrics: attributes, such as fingerprints, iris patterns, voiceprints, and facial recognition—all of which are static
- biomechanical biometrics: attributes, such as keystroke mechanics, are the product of unique interactions of an individual’s muscles, skeletal system, and nervous system.
- behavioral biometric patterns: attributes, based on the new computational social science discipline of social physics, consist of an individual’s various patterns of movement and usage in geospatial temporal data streams, and include, e.g., an individual’s email or text message patterns, file access log, mobile phone usage, and geolocation patterns.
Challenge: Customer Data Verification & Risk Scoring
RegTech Solutions – From Manual to Digital Customer Background / Reputational check
One of the most (labor) intensive part of the KYC process is the background search and reputational check. Control with the sanction or PEP lists, adverse media identification, identification of the links between the clients and entities involved in trade-based money laundering…
Despite real progress deployed to optimize this work, there is still significant human intervention in these activities and the challenges remains to decrease the number of false positives and false negatives, correctly screen all the public information available or to keep an audit trail of the screening process.
New RegTech technologies automate and accelerate the capture and the summary of large amounts of data, allowing analysts more time for review of critical information rather than data capture. Companies specialized in Big data and Artificial Intelligence/Machine learning have developed very effective tools that structure meaningful report information collected through international media, websites, social media, official and private watch lists and blacklists, regulatory and legal site in a hundred of languages and across more than two hundred jurisdictions.
These tools are empowered with efficient powerful disambiguation algorithms to reduce false positives/negatives, intelligent prioritization, as well as machine learning algorithm than can to read the news and extract from them evidence of legal entities involved in trade-based money laundering (TBML).
RegTech Solutions – From Static to Dynamic Risk Based Scoring Matrix
As stated by the FAFT: « “The risk-based approach should be the cornerstone of an effective AML/CFT system, and is essential to properly managing risks”.
The traditional approach to assess the client risk are often based on a combination of automated but static analyses of a pre-determined set of risk factors, together with human judgement. They very rarely offer an overview which is adapted in real time with the customer transactional behavior, new public information, or institutional risks. Moreover, traditional risk assessment tools, do not generally allow data to be analyzed at a large scale, limiting the potential for correlations and analysis to generate a more fine-grained picture of the risks.
Based on the latest developments in Big data, Artificial Intelligence/Machine learning and cloud computing, several companies propose solutions that use real time parameters like existing knowledge on financial crime typologies and suspicious activity, entity’s transactional and social links to other entities with suspicious or confirmed adverse characteristics, entity’s abnormal behavior with respect to peer groups of similar characteristics, entity’s abnormal behavior with respect to its own historical behavior.
These solutions are constantly updated with the feedback of their users to ensure a consolidated more accurate and sophisticated assessment of customer risk.
Challenge: Financial Transactions Monitoring
RegTech Solutions – Increased Transactions Monitoring Efficiency
The real-time monitoring of transactions face nowadays more and more challenges with the fast development of technology, Crypto currency, instant payment, multiplication of the on-line actors,…. An efficient way to screen the transactions stakeholders against the various watchlists/blacklists, to identify fraud schemes more and more complex and correctly classify and prioritize the alerts needs to be identified.
Various RegTech companies have developed solutions to improve the transaction screening efficiency with a clever utilization of the last development in Big data, Artificial intelligence and machine learning. These technologies enable a constant optimization of the algorithm based on the user experiences and the more they will be used the more efficient they will be.
We can also mention the launch of initiatives that allow financial institutions participating in a network to pre-screen, in real-time, all parties of a transaction for AML risk, including APP and other forms of fraud. The service computes a joint decision tree between the sender and the recipient bank to identify pre-execution risk and can visualize multiple transactions to expose fraud patterns. No customer information is shared with other banks; only the output risk assessment is made available.
The numbers of actors in the RegTech is currently exponentially growing as well as the investments made. We can also see that the regulators are more and more sensitive to the importance of new technology to improve the fight against money laundering and terrorist financing.
But to facilitate the adoption of these new technologies by the financial institutions, the regulatory institutions should collaborate more with the solution providers to enable a better promotion as well as to provide confidence about the compliance of these tools with the constantly changing regulation.
As the fraud schemes are more and more complex, including various actors across several jurisdictions, solution of transaction monitoring based on the analysis of the data provided by a group of financial institutions should be more promoted by the regulators by defining a legal playing field.
The technology of Artificial intelligence and machine learning having the characteristics to be more efficient the more they are used, the adoption of these new solutions by the biggest financial institution will enable the smaller ones to easily implement very efficient tool that should increase globally the efficient of the AML monitoring.
Authors : Alexandre Franck & Monica Bernal