In September, a huge cache of documents leaked from the US financial crimes authority revealed banks continue to unwittingly move trillions of dollars in dirty money around the globe. The FinCEN leaks — reported by more 100 global media outlets — put the spotlight firmly back on the failure of banks to keep pace with billions of alerts annually and the perennial challenge of fixing legacy compliance systems.
Few high-profile global banks were exempt from the leaks. Barclays, BNY Mellon, Deutsche Bank, HSBC, JPMorgan, Standard Chartered among many others were all named. Most insisted that the leaked suspicious activity reports (SARs) reflected the proactive action they have taken to flag suspect transactions, putting a positive spin on a story that garnered no shortage of damning headlines.
Critics say the issue of know your customer (KYC) and anti-money laundering (AML) challenges is a deeply rooted one, yet the reputational risk for banks of bad practice is growing. Two months on from the leak, pressure is mounting for banks and their IT and innovation leaders to do more to deliver real, lasting change across compliance. Macroeconomic headwinds and margin pressure are driving the need to cut costs, yet regulators are sharpening their knives.
The banks say they are investing heavily to fix the problem.
A Standard Chartered spokesperson told Tech Monitor that it has “nearly 2,000 staff worldwide dedicated to preventing, detecting and reporting suspicious transactions”. Adding: “In 2019 we monitored more than 1.2 billion transactions for potential suspicious activity and screened more than 157 million for sanctions compliance.”
A spokesperson for Barclays added investigations don’t start and end with SARs, noting that “financial crime is, by its nature, complex and difficult to detect. We analyse information about our clients and their activities over time. Criminal activity which may seem obvious with hindsight is often only uncovered as a result of careful evidence gathering after the event in question has occurred or after a SAR has been filed”.
Yet, for many, the costs of those large teams is itself a problem. Automating the problem away sounds like a compelling option, but the reality of ageing back-end infrastructure makes this a challenging proposition for many.
Why is anti-money laundering so hard?
Francesco Fulcoli, chief compliance officer at UK fintech TransferGo, says that legacy core banking systems and databases make the challenge intractable.
“Existing systems are monolithic, unstable and built to run specific scripts that are at least twenty years out of date,” he says. “Banks and financial institutions need to completely revamp their compliance process from both a technical and cultural standpoint. They must realise that compliance is not a single, siloed operation, but a ubiquitous function that stretches from technology teams to product management.
He adds: “These outdated systems cannot operate in real time, so financial institutions are forced to monitor transactions manually, after they’ve taken place, depending on the risk. Not only is this slow and often incompliant, but the screening process against sanctions and adverse media are dependent upon how the systems are built.”
The risk, he emphasises, is this approach “wishfully” requires employees to have knowledge of specific systems built decades ago.
Most existing compliance technology pre-dates the iPhone and relies on predictable rules-based systems that fail to catch out criminals, agrees Gudmundur Kristjansson, founder and CEO of anti-money laundering (AML) start-up Lucinity.
“We need to rethink our entire approach to AML, moving away from using outdated, traditionally rule-based systems and towards a modern, AI-enabled, behavioural approach,” he says, adding that “while money launderers have learnt how to evade rule-based systems… the advancement of AI algorithms, especially in the field of deep learning, provide an opportunity for banks to detect more complex and evasive money laundering networks. Banks need anti-money laundering systems that optimise risk-based workflows and provide insights into bad actors rather than singular transactions, and use AI technologies to find complex networks in an explainable way”.
Vendors can be expected to tout their offerings — many have genuine coal-face experience of the challenges and genuinely interesting propositions to help tackle the problem — yet the challenges, ultimately, go deeper than a quick technical fix. Deeply established mechanisms for moving money around the world anonymously through networks of entirely legal shell companies render it hugely challenging for banks to get a clear fix on the source of moneys, let alone cut them off.
The UK is deeply implicated
One of the countries implicated heavily by the leak was the UK. It is home to the most companies named in the FinCEN Files of any jurisdiction and is among the top five countries by transaction value for sending and receiving dirty money.
The ease of setting up obscure new companies, called limited liability partnerships (LLPs) and limited partnerships (LPs), is what makes the UK a hotbed of money laundering. While thousands of legitimate businesses use them, they are also the perfect vehicle for criminals to move money anonymously as they leave little in the way of a paper trail. Since 2004, the number of LP and LLP filings each year has increased fivefold, ballooning to more than 100,000 in recent years.
Despite recent updates to regulation, the UK still has chronic weakness in its anti-money laundering systems (AML), says Jane Jee, CEO of regtech platform Kompli-Global.
“Companies House is still a very weak link in our AML defences as there are practically no checks carried out on the information filed,” she says. “There are proposals to reform, but we don’t know when they will come into force.”
Some of the blame for this must fall on the Treasury and the Bank of England which have failed to consolidate the UK’s 25 AML supervisory bodies, says Jee, while also attributing some fault to the wider financial ecosystem.
“The files show failures by banks and, by implication, law firms and accountants who are often characterised as ‘enablers’,” she says. “One way to improve the situation would be for a panel of AML experts to be created who can assess where technology can help reduce the abuse of the financial system by criminals.”
The Financial Conduct Authority (which declined to comment when invited by Tech Monitor) says it has outlined its position in a letter to the Chairman of the Treasury Select Committee, saying it is doing its bit to make the UK a “hostile environment” for money launderers, and expresses a hope for technology-driven improvements.
“Emerging technologies such as artificial intelligence and machine learning have the potential to help firms monitor and identify suspicious transactions more effectively and efficiently. Increased information sharing between banks and public agencies can help the detection and prevention of crime. This is why the Economic Crime plan contains specific actions in relation to improving information sharing. The FCA is participating in the workstreams that will deliver these actions,” it notes.
Ultimately, Jee argues, regulators must force banks to adopt the necessary technology, as there is no incentive for them to do it themselves. They will find no shortage of emerging new options that may well help reduce compliance opex and reduce the need for manual alert sifts.
Amy Borrett was the resident data journalist at Tech Monitor.