Calls grow louder for inundated UK regulators to tackle AML fragmentation


Published on:

The UK Treasury’s inquiry into economic crime has identified fragmentation and inconsistency within the current anti-money laundering (AML) regime, while the high volume of suspicious activity reports is proving overwhelming for the regulators. But new technologies could be the light at the end of the tunnel.

By Anna Fedorova


According to HSBC, the UK Financial Intelligence Unit received 634,113 suspicious activity reports (SARs) between October 2015 and March 2017. The current AML regime is not well placed to allow regulators to “draw out the most pertinent risks from this data” and does not support the sharing of strategic priorities between the public and private sector, the bank said.

Visa Europe commented: “We see regulatory fragmentation as a risk in the policy landscape. It is in the interests of regulators, government, industry and consumers to avoid this, and we encourage political and regulatory stakeholders to work together for a harmonised international regulatory environment to tackle these issues.”

One thing banks, academics and campaigners agree on is that new technologies can help UK regulators tackle this problem. For example, it could be done by using big data analytics to collect data from a variety of sources, such as mobile devices, social media and geolocation data, and use this to detect fraudulent activity and hidden connections between accounts.

“Reform should aim to create a framework based on seamless cooperation between public and private-sector bodies, to reduce duplication and inefficiency and ensure that funds and expertise are focused on the highest sources of risk,” HSBC said. “A new model should be underpinned by a co-designed technology platform to manage the end-to-end reporting process.”

Tech investment

The Serious Fraud Office has revealed that some 95% of the data seized during its investigations is electronic, and volumes have increased by more than 1000% over the past five years. Reviewing this data requires huge financial and human resources.

This is an area in which financial institutions are already concentrating efforts. For example, HSBC is developing Intelligence-Led Financial Crime Risk Management (ILFCRM), moving away from a rules-based approach to compliance, and Visa has been developing new security capabilities like the Visa Token Service, a technology that replaces sensitive account information, such as the 16-digit account number.

But companies are now calling for the regulator to use new technologies to make AML regulation a more seamless process and to help bring together the various entities involved.

HSBC praised the government’s efforts to encourage the use of digital identities to help deter and detect criminal activity, but said more needs to be done, such as the use of biometric technology.

The bank said: “The longer term policy goal should focus on increasing levels of assurance to include biometric and ‘behaviometrics’ technology, and broadening the range of attributes held against the identity, eventually to include Know Your Customer information and beneficial ownership. Maximum value will be derived if banks can place reliance on an electronic ID and its attributes for regulatory purposes.”

Right direction

Industry participants agree that although the government needs to make better use of new technologies to tackle financial crime, steps are being made in the right direction.

The SFO is particularly involved with the use of new technologies in this field, focusing on artificial intelligence and machine learning to help investigation teams work more efficiently and cost effectively.

The government entity has been working with its technology partner, RAVN, to create a robot that can assist with the review process to classify and quarantine material that is potentially covered by legal professional privilege. This robot has already enabled the SFO to make a saving of 80% during last year’s Rolls Royce case by drastically cutting down its reliance on independent counsel.

Meanwhile, in April 2018 the SFO announced a significant upgrade to its document analysis capability following the introduction of a new AI-powered document review system.

Suspicious activity

At the same time, a major technological development is being undertaken in relation to the suspicious activity reports (SARs) regime reform programme.

The programme, established in the wake of the government’s 2016 action plan, brings together government agencies, law enforcement and professional services. It aims to improve the quality and quantity of reporting, facilitate mutual feedback between intelligence users and providers, improve user experience, and introduce tiering of SARs to make it easier to identify the most valuable information.

At the heart of all this is the plan to replace the existing IT systems, which has been identified as a strategic priority and is expected to be completed by 2021.


Donald Toon, NCA

Donald Toon, prosperity command at the National Crime Agency (NCA), commented: “In terms of the efficiency and effectiveness of the SARs regime, one of the key issues is replacing the technology that currently supports the regime.

“One of the complexities here is that there are around 56,000 entities spread across the regulated sector. They all have to be able to support reports, so we need technology that is able to do that. We then have all the law enforcement and regulatory agencies in the UK, which need to be able to access the database and use it at the other end.

“We are designing, and there will be built, a system that has to be capable of being used by a very wide range of organisations for a range of different purposes.”

One aspect of this work is ensuring the SARs database is made directly available to a broad range of law enforcement officers through platforms such as money.web, Arena and Discover, and that this forms a core part of the databases used by the NCA itself and other national agencies.

So far, the NCA has already migrated the SARs IT gateway servers to a new data centre and developed new infrastructure for the bulk reporting systems. The next steps will include improvement work and upgrades on back-end components of the core SARs IT systems.

These reforms would help combine public and private-sector reporting in one place, making it easier for regulators to review large amounts of data in a more consistent manner and allowing them to better identify gaps that are currently being overlooked.