As the world continues the shift to digital, getting to grips with the threat of financial crime looms large in the minds of banks. But data could be the key solution.
During an expert panel at the recent Virtual Global RegTech Summit, four key financial industry players discussed how banks and companies can better protect themselves and their clients from money laundering and other financially focused criminal activities.
Taking part were Standard Chartered Bank head of financial crime and surveillance operations Eleanor Gordon, Lloyds of London financial crime and compliance head Emma Hardaker, Quantifind CEO and co-founder Ari Tuchman and Hummingbird co-founder and CEO Matthew Van Buskirk. Wells Fargo global financial crimes intelligence manager Lester Joseph chaired the event.
Data to tackle crime
The proliferation of data availability across the world is leading many companies to fast-track their path to growth. On this same line, Van Buskirk identified the ability to break down data silos and enabling companies to subsequently collaborate and learn from each other through differing technologies as a key way to piggyback this growth.
Van Buskirk said, “Anti-money laundering criminals are agile and are using cutting edge technology – we really can’t fight them with the spreadsheets and 20-year-old tech financial institutions are often using. Therefore, data privacy is a big issue, but recent developments in privacy enhancing technology and open-source solutions are starting to offer the promise of laying the foundation for us being able to break down some of these walls.”
The ability to innovate through new and developing technologies is something primarily being taken advantage of by nimble FinTechs. According to Van Buskirk, it is in this area where large banks face a problem.
He said, “Large banks face a significant challenge here as almost all of the innovation going on is in startups. However, none of them are robust enough to offer a comprehensive solution that a bank can adopt. Therefore, if you’re a bank, you’re faced with the prospect of using older solutions that can help you tick all the boxes, or assuming the engineering burden of piecing together multiple different technology providers into your own technology stack.”
He cited companies such as Stripe and Square as examples of FinTechs who have teams of engineers that are dedicated to building such stacks out, and often have upwards of ten to 20 different vendors plugging in as data feeds.
Van Buskirk continued, “A bank really can’t do that. It doesn’t have a compliance team and rarely has engineering resources handy to be able to achieve that result. Therefore, we need the large banks to be able to harden themselves and be able to adopt this cutting-edge technology more easily.
“I think the only way that can be achieved is by focusing on interoperability and open data standards. If you can imagine an ecosystem of vendors where we’re all mapped to common protocols, a bank could then pick and choose from a whole population of companies that are interoperable with each other and put together their dream team solution.”
In order for banks to take on such a project, they would need to integrate and plug into existing systems, according to Quantifind’s Tuchman. He stated it would be ‘unpractical’ for banks to start from scratch on such a task and would not even work. Standard Chartered Bank’a Gordon echoed this, saying a major rollout of a base platform by a bank could take ‘multiple years’.
With the wide range of different stakeholders interacting in the financial industries on a daily basis, this undoubtedly creates a mass amount of data. To Hardaker, this spells opportunity.
She commented, “I think one of the most important things to realise is that within the actual financial services industry, there’s a huge pool of data. There isn’t a point where all the information from all the different financial services institutions ends up in one place so that every part of the financial services industry sees only its own discrete section.
“If you’re a bank, you’ll see a payment from Person A to Company B. If you’re an insurer, you’ll see Company B by its D&O policy, for example. So, there’s a huge chain and there’s a huge amount of value that could be got from analysing the data across the whole of the financial services industry.
“By joining the dots and really making sure that that what you’re looking at is actually a financial crime, it is actually carrying in a sufficient number of indicators to make people suspicious and then thereby reducing the false positive rate.”
Balancing innovation with compliance
Another key issue in the financial crime space is trying to ensure a company can meet regulatory challenges relating to financial crime while also ensuring they have an effective way of fighting the issue.
According to Gordon, while banks produce millions of alerts and cases every year, a lot of them aren’t actually financial crime and are just false positives.
She cited the Wolfsburg Forum and the Financial Action Task Force (FATF) as examples of how organisations are triangulating this issue. The former – a group of banks that work together with regulators and bodies to define financial crime practices – are aiming to monitor transaction monitoring effectiveness as a key strategic goal. Meanwhile, the FATF has begun moving away from simply checking regulatory boxes and are focusing on boosting effectiveness.
To Gordon, it is ‘absolutely key’ a company ensures it can demonstrate its overall system framework meets regulatory requirements. Similarly, Hardaker believes it is hugely important to think about how a new piece of kit can run in a company’s environment – referencing that it is ‘tempting’ to forget in the excitement of designing and developing a new system that you will still need people to be able to operate it and have people who are there.
She used the example of the Financial Conduct Authority’s Regulatory Sandbox – a piece of technology that allows companies to their platform or service in a safe environment without a regulator coming after them because the technology doesn’t work – as an example of how companies can foolproof themselves against potential missteps.
Can banks screen all of their customers?
Another way of effectively dealing with financial crime is ensuring all of an organisation’s customers are screened as efficiently but as successfully as possible. To Tuchman, when asked whether banks can achieve daily screening of its whole customer base, he believed it could.
“The false positive rate of what that [daily screening] would generate even two or three years ago wouldn’t be realistic for a bank. However, now there is good enough machine learning technology to be able to screen every single person and bringing in the right type of data from adverse media and from a long tail of data to be able to appropriately screen every single person every single day to the tune of around 40 to 50 million customers, using only around five or six people who need to screen.”
This opinion wasn’t equally shared among the panel, however. According to Gordon, while this may be technically feasible for some companies, it’s still not possible for large global banks.
She cited the level of financial false positives in the system would swamp banks and they would never find anything. Despite this, she described that getting to the level of screening a whole customer base daily ‘is certainly where we want to get to’.
To reach that level of screening all customers on a daily basis, Van Buskirk remarked large banks should take a look at the biggest global FinTech firms, who he claims are doing real-time screening on a daily basis – and have seen a reduction of false positives by over 90% compared to their sub-original approach, while also doubling or tripling SAR (Suspicious Activity Report) filing volume.
He said, “That means that the people are looking at spending their time looking at the cases that are actually the bad activity, because it leads to a decision that a SAR should be filed. It moves to an approach where it’s the human helping to decide the edge cases, and then that is captured and is used to train the automated screening models to understand that most of the reduction in false positives is saying ‘we understand it behaviour – therefore it can be shut down immediately’ or its going to be approved’”
The panel can be viewed here.
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst