Artificial intelligence (AI) in FinTech is often associated with Big Data and analysis of customers’ behavior. In reality, it can be used in a wider range. Anti-money laundering (AML) AI is used to fight financial crime and secure apps’ reputation. After all, financial technology is all about trust. How is it done and what conclusions can you draw for yourself?
Criminals are getting more sophisticated with each passing year. In the world of financial regulations, the term “bad actors” is reserved for individuals or companies that abuse applications’ privileges. FinTech companies have to deal with them, growing amounts of complex user data and connections between these information.
Especially, if the product is complicated, has many different services, or the app itself functions in a larger ecosystem on the market (exchanging data between companies, etc.). A few things can fall into cracks, causing legal and marketing problems. The AML AI is used to fight money laundering with highly specialized algorithms.
How to fight money laundering?
These algorithms analyse big pools of data and raise a red flag if something suspicious comes up. Automated processes like customer due diligence (CDD), transaction monitoring inputs, and sanctions screening help applications’ owners spot suspicious activities.
Machine learning can help even more. With vast amounts of data to learn from, the AML AI can make an “educated guess” about whether a particular behavior represents a money laundering incident. If a financial crime technology detects an occurrence that differs from the norm, it can send a suspicious activity to report (SAR) to the authorities. This way, officials can be notified about transactions that seem not ordinary, may be interpreted as a precursor to a crime, or even be viewed as a factor threatening public safety. SAR is required when transactions reach a certain level of value, international money transfers are over a certain level, or when there are unusual transactions or account activity.
It’s important to implement a know-your-customer (KYC) solution. It’s a dance between daily business activities, customer experience, and the regulatory landscape. On one hand, applications need access to customer data. On the other hand, they need to be equipped with some form of safety mechanisms, to not abuse the trust of people who do not abuse the application itself. In other words – the AML AI software needs to be reactive, not intrusive.
Fighting financial crime with processes
Nothing happens by itself, nor it’s given a chance. Not in the world of FinTech software development. Processes mentioned below will utilize the power of financial crime technology.
Customer due diligence is about assessing your customer’s background to establish their identity and assess the risk they possess to the app or its reputation. You can do it by obtaining personal information, like name, a photograph from some kind of ID, address, etc. Then, it’s about beneficial ownership and business relationships. The first is required when you’re making a B2B application and you want to understand the control structure of the company. The second – when it’s hard to know whether getting into bed with this company is good or not.
There’s also a question of enhanced due diligence (EDD). You can do it when there’s a doubt about the source of funds of the user’s wealth. Also, when you have questions about the nature of the business intentions or purpose of the specific transaction on the account.
Transaction monitoring can involve things like sanctions screening (explained further on), customer profiling, and blacklist screening. It’s about identifying suspicious behavior, increasing automation to minimize human oversight, increasing effectiveness with AML technology solutions, and boosting the confidence of regulators and business partners alike.
Sanctions screening is important to keep up with changes. It’s very demanding, since the list of sanctions towards money launderers, arms dealers, narcotics traffickers, human rights violators, and terrorists changes daily. Plus, the nature of law has changed. Back in the day, sanctions were aimed to impede states or organizations. Today, they are focused more on specific economic sectors or even individuals. On top of that, the list of sanctioning bodies is growing. From the United Nations (UN) to European Union (EU). From Switzerland’s banking systems to Interpol. From Consolidated Canadian Autonomous Sanctions to… you get the idea.
If you’re struggling to keep up, we can help you a bit. Check the list below for guidance:
- EU consolidated list of sanctions UN consolidated sanctions list
- UK’s HM Treasury sanctions list
- U.S. Department of treasury’s sanctions list
Unstructured data – the natural enemy of AI AML compliance
The problem with big pools of data is their size itself. The problem of unstructured data goes even beyond the size, though. It’s like walking the street and finding a house keychain every few steps. Without correct information about the addresses, all these keys are useless. That’s why it’s very important to have proper asset management software in place. Data-driven decision-making is not the future – it’s today’s necessity. AI AML compliance solutions are good, but the plan to use them is even better.
The law behind AML AI software and business consequences
The obligation to report suspicious transactions is mandated in the Financial Action Task Force’s (FATF) recommendations document. It may not be the law per se but it’s a good starter from a global money laundering and terrorist financing watchdog.
The actual law is stated in these:
- General Data Protection Regulation (GDPR). Established by the European Union, the law protects data and privacy in the EU and European Economic Area (EEA). Companies that store and process the data have to take technical and organizational measures to meet these new standards.
- The 5th anti-money laundering Directive. Another EU-based law. It was established to enhance transparency, limit the anonymity related to virtual currencies and providers of virtual wallets, and pre-paid cards.
- FinCEN Final Rule (CDD). It is the United States’ law that aims to establish customer due diligence among all appropriate market players.
- Over-the-counter (OTC) derivative rules (Dodd-Frank, MiFID II, EMIR). These types of contracts are always custom and privately negotiated. They include credit default swap and interest rates swap.
- Tax compliance (FATCA, CRS, 871m).
It’s a lot to swallow and implement. Not all companies swim in these muddy waters. Let’s just say, that:
- Since 2008, European-headquartered banks have been fined a total of $18 billion. That’s by U.S. regulators, for AML and KYC alone.
- Europe accounts for 7% of global AML fines levied in the past 10 years, totaling over $1.7 billion across 83 separate fines.
- In the past 10 years, institutions headquartered in the APAC region have been fined a total of $1.3 billion by US regulators.
The cost of doing business in the FinTech sector is real, and you can’t afford to miss it. IBM, in their report on the fight against money laundering provides an interesting survey result. The risk has to be managed, no question about it. The problem occurs, when:
- Investigations take too long (45% responders).
- There are incompatible tools for the security and compliance audit (42%).
- There is a high number of false-positive or unsubstantiated alerts (staggering 40%).
What to do to avoid these? Think about software architecture. The TSB research shows that four in five people are tricked by fraudulent bank messages. The study by Digital Shadows says that the darknet is full of stolen credentials, allowing it to take over 15 billion accounts. The study from the Association of Compliance Officers in Ireland tells us that remote work increases the risk of becoming a victim of financial crime. What does all of this have to do with your application?
Unfortunately, everything. The report by pymnts.com shows that 80% of experts point out that utilizing the AI reduces payments fraud. Almost 64% of financial institutions say AI is vital to stopping ongoing fraud. AML AI can help you in the fight against money laundering but it can only be efficient if the application itself is done well. The back-end really matters.
As Jacek Kościesza, our Principal Software Engineer says:
There are a lot of technical problems to solve when building AI based AML systems. Examplary challenges are: data fragmentation, scalability, performance/latency (especially with online, real-time fraud detection), preparing a lot of quality data to train ML models, building accurate models where you minimise false positives and negatives. That’s why good technology choices and architecture matter a lot. You can solve many of those problems by using a modern. event-driven, cloud-native, serverless approach with Amazon Web Services (AWS).
You can avoid data fragmentation by breaking down data siloses with data lake on Amazon S3. Data preparation can be achieved using AWS Glue, Amazon EMR. Choosing the right database with single-digit milliseconds latency, like Amazon DynamoDB, or building a fraud graph with Amazon Neptune can have a huge impact on performance. Finally, using services like Amazon SageMaker makes it very easy to tackle many aspects of machine learning workflow, from analytics to verification of the trained models.
As Piotr Szołucha, our Head of Project Management says:
When building a software product, it’s never just the case of matching the direct functionality. It’s much more than that, especially in case of FinTech products. It’s easy to forget that we are dealing with financial assets. It is a part of our responsibility towards our Customers, to help them understand that we have to do more than just writing the code. We have to make the product secure and compliant with legal and financial standards.
Sometimes, it requires just a bit of education, but more often detailed risk analysis, careful consideration of non functional requirements and architectural designs. It all starts from setting a proper perspective and taking responsibility for the product in a wider sense.
A seasoned partner can add spice to your app and secure compliance
IT and software development consulting are the key to smooth sailing. A trusted partner should be able to help you with development and fragmented data but also with refactoring, quality assurance, and even UX/UI design. In fact, all of that can help you overcome compliance issues. The AML, machine learning and other topics related to fighting financial crime (like problems the InsurTech industry is facing) can be complicated. With the right assistance, everything is possible, though. Mainly – a stable revenue increase in secure legal and software environments.