A Word About Cost Conscious Compliance
Last week, we had the honour and pleasure to engage in a fruitful conversation with a roomful of Compliance leaders from the financial sector, to share ideas and findings as to practical approaches to reducing compliance overheads.
Regulated financial institutions (banks, insurance companies, payment providers, fin-tech), are obliged to fulfil Financial Crime Compliance requirements mandated by government authorities. The UN estimates that between $800m-$2tn of criminal and terrorist funds are moved through the financial system annually. This figure is in stark contrast to the very high level of ‘false positive’ alerts experienced by the AML industry – an embarrassingly low rate of 1%-5% of alerts are reported to regulators as Suspicious Activity Reports (SAR). The burden of compliance is likely to increase as regulators will demand a higher level of quality from firms. The lack of efficiency of the current regime is the main reason that Financial Crime Compliance is considered a burden on firms. The toughest challenge in front of Chief Compliance Officers today is how to obtain the highest level of compliance, at an acceptable cost to the firm.
In recent years, Compliance leaders have been exposed to various methods to reduce costs of compliance operations: from robotics process automation to outsourcing of staff activities, from process innovation to new analytical technologies like Machine Learning and Artificial Intelligence. The result is a bewildering mix of alternatives, with scarce ‘hard’ data to evidence what would be the best approach for a given organisation.
Compliance Transformation Do’s and Don’ts
Our opening speaker Nitzan Solomon mentioned a staggering figure of £270bn spent every year by banks on Compliance – some 10% of banks operating costs. One estimate predicts compliance costs doubling by 2022. Experience shows a few inhibitors that tend to drag down programs and increase costs:
- Lack of agreement within the organization as to the expected goals
- A mismatch between allocated resources (people and technology) and the desired outcomes
Measuring Success of FinCrime Compliance
Can we measure the success of AML programs? To the earlier point about lack of agreement on the goals, if we can’t measure success how can we achieve it at a reasonable cost (what is reasonable cost if you don’t know what to aim for)? Our next speaker Anton Mosiesenko (research fellow at RUSI, a leading UK Think Tank who runs a prestigious program of research on Financial Crime in the last few years) spoke on this topic. According to him, it is difficult to estimate parameters like the total sum of proceeds of crime, and also ‘softer’ metrics such as the impact on society due to money laundering. Thus, when J. Ferwerda, a leading Dutch researcher performed a ‘cost/benefit’ analysis of AML programs worldwide, the result of his study was that the costs of AML prevention are sometimes up to 10 times higher than the estimated benefits!! But this mind-boggling statistic should be balanced by the fact that those estimates are highly unreliable. Additionally, there is no specific guidance from international bodies like FATF as to ‘what consists an effective AML system’.
AML Optimisation Methodology and Case Study
In view of the situation, whereby there is no easy way to determine ‘how good looks like’, I mentioned a few ways for financial institutions to take some practical steps to reduce compliance costs:
- Reviewing their existing AML program by a ‘fresh pair of eyes’ that will look at all factors, from compliance risks to data quality to model coverage. By undertaking such a review, firms have a good chance to spot missed opportunities, ‘low hanging fruit’ and inefficiencies in all steps of the AML process.
- Machine learning solutions are seen by the industry as a good way to reduce costs. But in order to achieve such reduction, we recommended spending time analysing expected data flows into the solution, reviewing the model logic, and testing it, before deploying such a tool.
- Tuning AML solutions based on business risk, not just statistics. The idea is that the risk classification of the person monitored drives the changes in scores and threshold, and not a purely mathematical drive to optimize a number of alerts or find ‘anomalies’. We have experience in tuning according to this methodology, and the outcomes achieved reflect not only decrease the number of alerts (which is not good in itself, as you may miss true cases if you just try to lower the number of alerts), but also increase of 10x in the number of cases raised against high-risk client types. This is important because it enables better focus on the investigators to look at the right cases which have a higher probability of representing criminal activity. This reduces costs directly (by reducing waste of time on non-risky clients) and indirectly – if the AML solution generates an alert and you haven’t investigated and it turns out to be a ‘true positive’ (a case of money laundering), this can incur regulatory scrutiny, fines and other such unpleasantness. Thus, the reduction of false positives is critical, but not at the cost of removing good alerts from the system.
Read our latest case study on how we helped a UK Tier-1 bank with their legacy TMS which was generating alerts of poor quality; either false positives or low-risk client/activities by optimizing their systems.
Some fascinating topics raised by the attendees
I wish we could cover everything in one short breakfast! The most important part of the event was the open discussion, during which some additional questions were raised:
- Customer Segmentation is a critical factor in obtaining a high-quality AML program. What are best practices for ‘doing it right’? (pretty complex discussion, better taken offline on a case-by-case approach, in a nutshell, we found that a combination of the knowledge already existing within the firm as to its customers, plus a good understanding of the available data and its patters, are key parts of a healthy segmentation approach)
- How are AI systems in Financial Crime coping with concerns over Ethic use of data? (even larger discussion, a dedicated event will do more justice to it…)
- What if we don’t have a lot of data available, can an AI tool be trained to provide good results (in AML, leveraging AI is only part of the equation; some financial crime indicators can be found with less data, whilst a probabilistic engine may take longer to learn the patterns; the answer also depends on the particular technology deployed and the line of business – which determines the anticipated AML risk).
In Summary: as the Financial Sector is looking to constantly improve its service to customers, including providing safety and Compliance, I look forward to many future opportunities to dive into questions for example:
– What are the most severe compliance cost drivers?
– Are there any areas in compliance that are ‘easier’ to fulfil than others?
– To what extent can new technology (for example Machine Learning / AI) help in the short/medium term?
– Successful strategies to tackle the burden of legacy technology in financial services firms
And many more…
Many thanks to all guests, speakers and organisers!