Five years since RegTech challenges for Anti Money Laundering (AML) and Transaction Monitoring were first articulated, regulators continue to inch towards policies which would enable firms to cut into the $1.6 trillion[i] which pass through banks undetected. Is the industry ready to take the next step? In this article we recap the challenge for digital asset providers and traditional finance (TradFI) alike, efforts in progress and path forwards in advance of JWG’s AML, Sanctions and Surveillance Seminar on 23 June.
AML and Financial Crime risk management integration
Digital Asset enthusiasts are up in arms over the latest EU rules which set strict money laundering checks for crypto asset transfers by lowering the minimum size of transactions subject to monitoring from €1,000 to zero. If this text is approved, the EU will push the burden of determining more logical risk frameworks to other major financial centres.[ii]
It’s not just the travel rule which will continue to challenge both TradFI and digital asset providers. The Financial Conduct Authority (FCA) published TR 19/4[iii] in 2019 to help the industry better understand the linkage between money laundering and market surveillance. In doing so, it effectively placed AML and trade surveillance risk management integration on the board’s agenda.
This was welcome news at the time from the throngs involved in global AML Financial Crime TechSprints focused on developing new methods.
Fast-forward to a more digital market in 2022. FATF’s proposals [iv], state that future technological developments have the ability to reduce money laundering risk and counter-terrorist funding activities while also being cost-effective for businesses.
The current political climate, which includes sanctions, harsh fines and a full rewrite of AML regimes, has hampered development but could present opportunities to implement RegTech at long last.
Challenges – now and then
In 2017, the Institute of International Finance (IIF) published a report on the deployment of RegTech against financial crime[v] that looked at the key solution areas where technology could assist in AML/KYC compliance. Over the intervening 5 years we continue to see policy makers wrestling with the requisite policy changes to improve the system.
Due diligence is an area where the regulators have identified a flaw in businesses’ present methods. Biometrics and cybersecurity, according to the IIF, would underlie the technological perspective in determining a client’s or counterparty’s identification, including automation of onboarding procedures and client interaction security.
It has been proven that matching a firm’s customer information without exposing the data, thereby safeguarding privacy through Privacy Enhancing Technology (PET).
We can only hope that as part of public registry reforms, common data standards like the legal entity identifier (LEI), trusted validation protocols (e.g., vLEI) and APIs for firms to connect to the registries are specified in a manner which makes them a reality.
Suspicious behaviour / pattern recognition
Artificial intelligence (AI) and machine learning have revolutionised how suspicious behaviour is tracked. It is capable of working through large amounts of data to uncover patterns and non-linear correlations, allowing suspicious activity to be spotted.
To deploy AI for these purposes it is essential for the regulated and regulator to agree on a risk framework which provides clarity on the types of models which can safely be deployed. Large datasets produce large numbers of false positives if the algos are not expert in spotting the right patterns. SWIFT, which carries 45 million messages a day is working to train machine learning models to generate solutions for the entire industry.[vii]
In 2019, teams with names like ‘Catch the Chameleon’ and ‘Neighbourhood watch’ were scored highly by FCA AML and Financial Crime TechSprint judges. In Q421, Fintel Alliance,[viii] an Australian public-private collaboration, noted that it is working on an alerting initiative that intends to uncover financial ties, if any, between two or more suspect accounts across numerous financial industries.
In Q421 the MAS also announced it was co-creating a new “Collaborative Sharing of ML/TF Information & Cases” or COSMIC platform along with six firms to share customer or transaction information securely where they cross material risk thresholds. [ix]
AML/KYC investigation and Utilities
Another area in which technology can be utilised is in the automated execution of economic crime investigations. Through pooled the use of robotics and artificial intelligence, manual tasks can be automated.
The Bank of England’s Client Onboarding Working Group in April 2022[x] recommended industry agree on a set of “core documents” that would form the foundation for KYC requirements. This would include naming conventions, validation timing, precise form and how those documents “fulfil and map to the regulatory requirements perhaps in the form of a data glossary or dictionary.”
Source: Bank of England, Charting the Future of Post Trade: Findings form the Post-Trade Task force, April 2022, p. 36
The group recommends establishing standardised document requirements as a first step to then creating a single platform.
This platform has long been the dream of operations mangers who would communicate sensitive client data across businesses without sacrificing privacy by utilising distributed ledger technology, as recommended by IIF.[xi]
In 2021, the EBA published its draft regulatory technical standards on the creation of a central database for money laundering (EuReCa).[xii] The database will include information on weaknesses inside specific financial institutions, as well as any remediation procedures. Such flaws will have to be reported by competent authorities across the EU.
A Dear CEO letter published by the FCA in 2021[xiii], looked at common control failings they had identified in in AML frameworks, within which they highlight a selection of key areas of common weakness within firms. These included due diligence and issues surrounding privacy where technology could help if given the go-ahead by regulators.
The path forwards
Hard RegTech work over the past 5 years has proven a lot. Through collaboration with new technology the industry has proven that it can move the dial on the intractable $1.6 Trillion.
The bones of new risk frameworks, glossaries and standards to get technology to help move AML and transaction monitoring into the current millennium have been exposed.
The skeleton will not, however, spring to life by itself. There is still too little resolve to architect and scale the solutions by those that sit in senior policy and regulatory chairs.
Without marching orders from policy makers and real commitment from regulators, it is unlikely that any large steps forward will be taken anytime soon.
With important task forces assembled to look at Digital Asset policy around the globe, all eyes are pointed towards important policy updates due this quarter on either side of the Channel.
Join us at our next half-day seminar on 23 June RegTech seminar to learn more from our all-star speakers on the latest rules for sanctions, AML and market abuse in a digital age.
[xii] EBA/RTS/2021/16 – European Banking Authority (EBA) – Final Report on draft regulatory technical standards under Article 9a (1) and (3) of Regulation (EU) No 1093/2010 setting up an AML/CFT central database and specifying the materiality of weaknesses, the type of information collected, the practical implementation of the information collection and the analysis and dissemination of the information contained therein