One of the hot topics at our Capital Markets Conference this year was how RegTech could help institutions with their Know Your Client (KYC) obligations. With an expert panel from a range of backgrounds presenting fascinating perspectives on this current issue, a issues were given fresh attention ranging from artificial intelligence (AI), blockchain, data architecture and barriers to implementation.
The industry is in the midst of a paradigm shift towards overhauling legacy systems, focusing on innovation in the industry, harnessing the power of new technologies. This is particularly evident in the KYC space with tools such as block chain, AI, natural language processing (NLP), anomaly detection tools and even, in a less tech-centric space, the harnessing of collaboration. What was clear from the conference is that the industry is in a state of getting to grips with all these innovations, becoming more confident and though challenges still remain, momentum is certainly building.
What was equally clear is that regulators are becoming more and more interested in RegTech solutions, signalling their support but also wariness of innovative approaches in the form of papers, such as the ESA’s opinion on using innovative solutions in the KYC space, sandboxes like the FCA’s Tech Sprint and numerous distributed ledger technology (DLT) sandboxes around the globe, and also the regulation itself such as in the case of the RegTech section in 5AMLD. These are positive signals to the industry to explore and embrace innovation in a responsible way, alongside careful risk management and controls. Another example here is the EBA’s recently published FinTech roadmap which focuses on innovation addressing client due diligence and also emphasises the important of risk controls.
One of the challenges however is that of legacy data, and the subsequent effort of digitalisation. Many firms struggle to answer important questions about their data such as it’s location, how to access and to delete it. Not in the least due to the General Data Protection Regulation (GDPR), this is of top priority. There are other issues related to this, if automated solutions for KYC are formed of algorithms that learn based on a firm’s pool of data, it must be possible to unpick this data from the details of the client and delete it without the algorithm unlearning. This is a key issue in the formation of technological solutions in this space, requiring the anonymisation of data prior to it’s joining the pool and becoming data for algorithmic learning. In a similar vein, the risk of bias within algorithmic client decision making is currently in focus and an issue that needs addressing for successful implementation. This all requires understanding across the tech-compliance divide.
AI is an area that poses both great reward as well as risk. It has advantages such as reducing false positives and other operational efficiencies. However, the key is responsible innovation, needing to understand the challenge and risks, and this is where we once again face the traditional tech and compliance divide. Regardless of those issues, there are difficulties in testing something which is constantly learning. Whilst checking on day one whether it matches an existing rule system results is easy, three years down the line when the algorithm has learnt like a naughty child how does that get discovered? Perhaps the next move forward is one of a hybrid world, in which rules are auto resolved by AI, rather than a complete removal of the human element from the process.
This technology is already in use however, in the world of organised crime, and therefore it’s essential that banks are employing it too. Is AI clever enough to outsmart transaction monitoring? It has an advantage over rule-based systems that cannot cope because by the time it’s been picked up the strategy has been dropped. FinTech solutions to KYC are picking up impressive breaches in their reviews based on inconsistencies that could not have been picked up by humans. A cultural shift towards celebration of this increase in capturing KYC issues needs to occur alongside an embrace of this technology. Despite the great power of RegTech solutions here, it will be essential to still have a human component, so a future of coexistence seems likely.
Identity verification is another interesting area of innovation within the AML space. Using social media verifications to move with the digital/online world shift and also for risk profiling clients. There are many challenges with this, however, as it is something that is easy to manipulate, creating a false network of trust, with a privacy issue of banks knowing too much about their clients and the fact that it is possible for high wealth individuals to completely erase their presence from the internet. However, one could envision it becoming a secondary source of identification, rather than a replacement, alongside other forward-thinking identity verification innovations such as video ID.
One of the most discussed areas of innovation at the conference was, unsurprisingly, blockchain. For the purposes of KYC/AML compliance, it could be used in bank for verification as they share data via sovereign blockchain held by the client, helping to validate the verification of fellow banks and speeding up the process, as well as giving the client full control over their data. It provides the customer with a better experience and could help satisfy GDPR requirements as the customer can remove their previous banks’ access to their data. It could be useful for avoiding account impersonation and takeover. However, it doesn’t come without its challenges, as it requires the initial verification to catch issues; there would be some difficulty perhaps with banks retaining the data they need for their records. For more information of this much discussed topic see our previous articles here and here.
Overall, KYC technology solutions seem to be retaining their industry spotlight as regulators, banks and vendors try to have responsible discussions around their use in compliance. It is essential to move with the innovation and take advantage of the opportunities for operational and risk management gains, whilst remembering that innovation must be responsible and leaps forward must be tempered with suitable controls, planning and understanding.
With such complexity and varied priorities it there will likely never be a perfect time to invest in the RegTech which can help the industry to regain control. As we have said before though, It is clear that the earlier the leap to new technological methods is made, the more quickly the industry will be able to regain control.
The topics discussed at the conference will continue to be addressed as part of the RegTech Council. Want to get involved? Please contact regtechcouncil@jwg-it.eu