Banking: Regtech promises better and cheaper AML and KYC compliance

COPYING AND DISTRIBUTING ARE PROHIBITED WITHOUT PERMISSION OF THE PUBLISHER: CHUNT@EUROMONEY.COM

By:
Peter Lee
Published on:

Rather than moaning about the time and money spent chasing false-positive alerts of criminal or terrorist financing, banks ought to be sharpening up their own anti-money laundering (AML) and know-your-customer (KYC) systems or renting in better ones.

keyboard fingerprint-600

Bankers have long groused to Euromoney about the multi-billion dollar annual costs of complying with AML and KYC regulations, and bewail the time and effort lost in chasing up endless false-positive reports on any financial transaction that looks like it might possibly relate to suspicious activity.

Last week, the world’s largest commercial banks broke cover with a new lobbying campaign to evade this burden, making their case through the Clearing House Association (TCH), a trade body owned by banks including US giants – JPMorgan, Citigroup, Bank of America, Wells Fargo and others – as well as foreign banks such as Deutsche Bank and HSBC.

Their report argues that banks have been to all intents and purposes deputized to do the work of law enforcement agencies, such as the FBI and the bureau of alcohol tobacco, firearms and explosives (ATF), for them.

The banks are required to prevent, identify, investigate and report criminal activity, including terrorist financing, money laundering and tax evasion, but the process of doing so is ill-defined, costly and ineffective.

The banks quote a study by PwC suggesting that banks will spend $8 billion on AML compliance this year. That dwarfs the annual budget of the ATF. 


There are not many issues further up the agenda of the large banks than managing their AML exposure 

- Charlie Delingpole, ComplyAdvantage

Banks argue that this huge effort delivers little of actual law enforcement or national security benefit. This is partly because law enforcement agencies play no role in prioritizing banks’ investigations, while unqualified bank examiners audit compliance simply on the basis of the sheer volume of filing of suspicious activity reports, irrespective of whether these provide any useful leads to law enforcement.

The banks say the entire process has poorly defined objectives and urgently needs review. They want the laws on information sharing changed so banks can dump the raw data to law enforcement agencies and let them trawl through it for signs of criminal activity.

Greg Baer, president of the TCH, says: “[This] report reflects a remarkable consensus on how to substantially increase the effectiveness of the AML/CFT regime. Those participating in the effort come from a wide range of disciplines and reflect a variety of interests, but have reached a common diagnosis of the problems with the current regime and in their prescription for reform.”

Named contributors comprise mainly lawyers, former treasury officials, former directors of financial crime investigating bodies and regulators, as well as senior fellows of think tanks, rather than senior bankers.

The timing of the TCH report clearly pitches this plea to a new Republican administration whose instinct is to deregulate the US economy in general and in particular to lighten any burden on banks that might stop them lending to good people with nice businesses.

Four points

However, before they get their hopes up, the banks should bear in mind four points.

First, the political appetite might not be great, at a time of heightened travel restrictions and security paranoia, to reduce requirements on banks to monitor signs of terrorist financing.

Second, before the old rules can be rolled back, new rules are still coming in on this. The European Union’s fourth AML directive, for example, comes into force at the end of June, bringing with it new requirements to maintain a registry of beneficial owners rather than just account names, a new focus on risk assessments and new rules over banking politically exposed persons.

Third, complying might be costly, but failure to comply is really expensive.

Deutsche Bank, a member-owner of the TCH, probably feels lucky that its shareholders had to pay out only $628 million to the UK Financial Conduct Authority and the New York State Department of Financial Services regarding $6 billion in mirror trades in Russia between 2011 and 2015.

These should have raised obvious suspicions over customers using simultaneous back-to-back buy and sell orders, executed through Deutsche Bank in London and DB Moscow, to convert roubles into dollars and covertly transfer funds out of Russia. Such patterns of activity are highly suggestive of financial crime.

It comes to something when a leading bank celebrates in the announcement of a half-billion-dollar settlement that regulators found it to have been “exceptionally cooperative”, through the investigation.

Deutsche apparently saw no need to remind its shareholders that as well as paying the settlement they are also paying for the increased resources regulators have insisted the bank should now devote to AML.

It’s not helpful timing for the TCH that regulators on both sides of the Atlantic should have settled such glaringly poor efforts at AML compliance at a prominent member just a fortnight before the launch of the lobbying campaign.

And it will be many years before members of congress forget the extraordinary reluctance of some bankers at HSBC, another member of the TCH, to close the bank accounts of Mexican drug dealers that earned the bank so much revenue.

Fourthly, if the costs of complying are too high and if too much time is spent following up false positives – even while suspicious activity still slips through the net – then instead of complaining about the rules maybe banks should be reviewing their own AML IT infrastructure, processes and systems.

Don’t moan: do a better job.

Charlie_Delingpole-web-600
Charlie Delingpole, chief executive of ComplyAdvantage

Charlie Delingpole, chief executive of ComplyAdvantage – a provider of AML data and technology solutions – tells Euromoney: “There are not many issues further up the agenda of the large banks than managing their AML exposure.

“A lot of the rules around this were brought in after 9/11 and the first providers of services to manage AML risk were essentially news aggregators whose systems have grown through acquisition and now rest on outdated technology that is not good at delivering reliable data from multiple systems.”

The big providers include Thomson Reuters, Dow Jones and Equifax.

Delingpole says: “Some banks face millions of dollars in annual overhead just on analysts that seek to integrate these different providers’ data. The constant complaint is about false positives. All this needs a fresh approach with better technology instead of more analysts. Ultimately automation will bring down the cost of compliance.”

ComplyAdvantage was founded in 2014 to address this. It announced $8.2 million of series A venture capital funding in October to build out a new, comprehensive global data set of individuals and companies that represent a potential AML threat and then use the latest artificial intelligence and machine-learning tools for banks to manage their compliance burdens with sharper focus and at lower cost.

“We have more data, better data and can use it more intelligently than the incumbents thanks to technology that has only become available in the last couple of years,” says Delingpole. “If there are seven billion people on the planet, you cannot track your potential AML risk just by putting more analysts to work on poor data and old technology.

“Our data is drawn from thousands of sources, with broad geographic coverage, it is more accurate, it is updated more frequently and our systems capture the meta data that allows users to structure the data and filter their exposures by the age, job title, location and risk type of the millions of individuals identified as potential threats.”

He adds: “Banks can tell the system: ‘Look, I’m concerned about possible exposure to money-launderers in Chad in 2010 – don’t bother me about fraudsters in Turkey in 2012.’”

That ComplyAdvantage already had 200 customers at the time of its series A funding round shows the hunger for regtech that promises a low-cost way to reduce financial crime risk and take the pain out of regulatory compliance.

Could banks do the same with KYC requirements, perhaps even outsourcing those cumbersome checks?

For years banks have complained at this cost too, but shuddered at the potential exposure of outsourcing the on-boarding of customers to a third-party provider and the liability if a provider fails to meet a service level agreement. Banks have kept the work in-house, working on their own stores of data from attempted frauds.

Husayn-Kassai-160

Husayn Kassai,
Onfido

Husayn Kassai is co-founder and chief executive of Onfido, which has developed a proprietary identity and documentation verification system that Kassai believes will bring customer on-boarding into the digital age.

Kassai tells Euromoney: “People still walk down to their nearest bank branch with their passports and utility bills to open accounts. It’s time-consuming, expensive for banks to process and off-putting for large groups of potential customers.

“The banks didn’t worry about high fall-out rates of potential customers – up to 30% – in the past, but the competition has intensified recently from new online banks and the incumbents are more worried than ever about losing potential revenues.”

No household bank has yet gone live with a fully digital customer on-boarding process, but the time could be approaching.

Kassai says: “We have built a system which, if new customers hold up their passport or drivers’ licence to their computer camera, can first verify the document, then check that the face of the person holding it up matches the photo ID, and finally run a location check to verify that the person is registered living at that address.

“You need huge data sets of presented photo IDs to be able to verify in this way, but now that we have those the machine learning makes our systems much better at verifying, much more quickly and accurately than the human eye, and much better at spotting fraudulent IDs with fewer false positives.”

Customers include many of the new-age banks, peer-to-peer lenders, robo-advisers and investing platforms, such as Nutmeg, LendInvest, Pockit, Crowdcube and JustGiving.

Intriguingly, given the big banks’ historic reluctance to outsource such sensitive core processes, Kassai says: “We have two global retail banks testing our service in pilots for new account opening, though we are unlikely to be able to say more about this before the middle of the year.

“But the advantages to banks of remote on-boarding are several. It improves the customer experience at a time of heightened competition for new revenue. It massively reduces expenses. If it costs £30 to on-board a customer in the branch, that might fall to just £2 or £3 online. It allows for improved initial and ongoing security checks through multi-factor biometric screening.”

Senior bankers coming back from the Davos meetings in January have been quietly rejoicing to Euromoney over studies presented there by the big consultants – always so credible when telling worried customers what they want to hear ­– that robotic process automation might cull 50,000 compliance jobs across the industry.

What they should really be focusing on is not that regtech might radically cut their costs but rather it might help banks do a much better job of fulfilling their legal, moral and societal obligations to enable family members to pass money around the world to each other while at the same time cutting the flows of funds that enable terrorism and crime.