The Problems With Legacy AML Technology

The Ministers of the Financial Action Task Force (FATF) met for their biannual meeting in Washington D.C on the 18 April 2024, ultimately reaffirming their commitment to fighting global financial crime.

Despite significant progress being made, FATF acknowledged there were still “gaps in the effective implementation of the FATF Standards".

The report published following the meeting is explicit in referring to the use of innovative technology, naming it as “critical” in closing this gap.

Legacy Technology Presents Challenges

The problem is that even though the task of financial crime detection and compliance becomes more complex, financial institutions are increasingly burdened with legacy technology in this space.

Some of the problems this creates include:

• Rule Based Transaction Monitoring - Many in house and SaaS systems rely solely on rules to detect suspicious transaction activity. Legacy systems are unable to identify behavioral transactional changes and therefore lack contextual risk identification and decisioning which leaves clients exposed to the threat of financial crime;
• Access to Real Time Data - It is not uncommon that compliance teams rely on batch systems to update over a 24 hour period (or longer). On the 18th April 2024 OFAC added new Iranian and Terrorist Designations to the US Sanction program yet many financial institutions will have to wait 24 hours to get sight of these additions due to legacy batch system updates. In perpetual KYC we need to also consider the importance of real time notification of changes to corporate structures, company officers and locations as soon as the data is published on the associated company registry;
• Data Quality and Customer Data Sources - Every company will suffer from data quality issues these internal data challenges for example duplicated records are well documented. There is an abundance of client data available beyond that provided at the initial onboarding stage for example name,address and date of birth or that supplied by an AML or Corporate data source. This includes real time access to device, geolocational and behavioral data for example deviations in the time and pattern in which a money transfer app is both accessed and used. Legacy systems were not designed to consider how behavioral data can help identify risks and fight financial crime;
• Real time Compliance BI Reporting - Most systems have some degree of reporting/dashboard capability or at least the minimum functionality to export data. What compliance officers really need though is access to real time reporting across multiple systems to identify risk trends and allocate resources and skills meaningfully. Being able to identify trends that are the culmination of data intelligence between multiple vendor AML, KYC, TM platforms and internal systems is crucial in evolving a risk based approach program and saving hours of spreadsheet work;
• False Positives - Legacy systems use legacy algorithms to detect risk, one of the most common being the ‘Levenshtein distance’ algorithm designed by the Soviets in 1965 but still commonly used in screening 59 years later from inception. Such algorithms fuel false positives and were never designed with the intention of screening complex naming conventions let alone those which often trigger reviews in both Spanish or Arabic languages. Teams continue to spend too much time clicking through hundreds of false positives alerts each day;
• Manual Investigations and Research - Compliance analysts dedicate hours each day to querying search portals (pep/sanctions/company registries/web searches) before collating screen shots and documenting pdf reports. Once a suspicious activity or a new client risk has been identified a number of manual steps are triggered as part of the ‘case’ review. This may include reviewing documentation supplied at account opening, details contained within email trails, crm systems or liaising with relationship managers. These types of manual steps are difficult to both manage and govern and are open to human error or variation from analyst to analyst.

Compliance teams have to balance the adoption of new technology with the overall customer experience and appear to be operating seamlessly in the background, importantly not disrupting genuine transactions or customer sales.

AI And NLP Finds It's Way Into RegTech

What is interesting to note is that as early as 2017 the FCA published that the most highly regarded AML technologies were indeed those "related to data analytics, machine learning and natural language processing" .

It has taken time, but over the last year or so we have started to see financial institutions and more technology vendors experiment with innovative large language models and AI to detect risk, assist in decision making and reduce the amount of manual data work compliance analysts face on a daily basis.

AI is now creating a new wave of ‘regtech’ technologies, with the FCA estimating there are now 1000 firms globally with a market worth a total of $55bn by 2025.

Changing Skills

As new innovative technologies begin to take center stage we also see the demand for highly desirable technical compliance skill sets including experience in delivering AML Compliance projects that integrate advanced analytics, machine learning and AI capabilities.

Risk Officers are now important stakeholders in data and analytics projects, and they are increasingly expected to understand the benefits AI can bring to their business unit as well as the threats it can present when harnessed by criminal networks.

Very few compliance officers have a comprehensive understanding of what the benefits AI can bring and even fewer with the noticeable exception of large financial institutions have been able to access any formal training on this topic. Lack of understanding is just one barrier to adopting AI. Data silos, globally distributed teams, legacy technology, cloud adoption and access to expert resources are important consideration points.

How We Help

We help financial crime teams and risk officers understand how AI and machine learning enhance their overall compliance programmes.

This includes identifying the specific use cases that will deliver tangible and cost effective benefits, and then the technology and data strategies which need to be put into place to help them identify more situations of interest whilst reducing false positives.

Our value is in helping businessess evolve their technology to meet the demands of both new regulations and the changing threats of financial criminals. We do this without wholesale replacement of existing transaction monitoring systems, instead augmenting them with advanced analytics that close gaps which are hard to detect with traditional vendor and SaaS systems.

Join Our Webinar To Learn More

If you would like to learn more about how AI can potentially be applied to combat financial crime, please sign up to our webinar on May 11th at 11pm BST where we will explain how Advanced Analytics and Machine Leaerning can be used for financial crime detection and compliance: