Data protection is great for society, but it can hinder a bank’s ability to detect and prevent money laundering, according to Markus Schulz, global head of Financial Crime Compliance Controls at Standard Charted Bank.
The global financial market seems fraught with AML fines and at times it feels like a new bank is being hit with one each week. All financial institutions are seeking ways they can better prepare themselves, but incidents are still occurring. The most notorious case of recent history was the €200bn Danske Bank scandal, where the bank’s Estonian branch had allowed tainted money flow from Russia and other ex-soviet states. Danske Bank is not the only financial institution to have recent AML issues, with JPMorgan, HSBC and Deutsche Bank making headlines for compliance breaches.
Solving this problem is not as simple as just throwing money at it. Since 2014, companies building AML solutions have received a total of $2.8bn, making it the second most funded sector of RegTech, according to RegTech Analyst data. Despite this, financial institutions are still at ends tackling the problem.
An aspect which could be hindering the market in detecting money laundering is the strict laws which prevent sharing of data across jurisdiction or even peer-to-peer within a country, according to Markus Schulz. The best way to identify a suspicious player or potentially fraudulent activity is by monitoring as much data as possible. The challenge comes in gaining access to as much of this as possible.
Sharing information on suspicious activity or malicious individuals will boost a bank’s ability to root out criminals. If a bank uncovers financial crime with a client in one country, they can share this information with their head office, and they can take necessary action. However, the information cannot be shared with other financial institutions to improve their ability to find a criminal. Even more troublesome is that it is not much less difficult to move the information internally across borders within the franchise. To do this, they would need to suspect a client of being suspicious. How can a firm do this for complex cases, if they do not see the whole picture?
Schulz added, “To do this, it requires you already have a suspicion on that individual or the party within a country. If I can detect the suspicion in one country, that’s great, I can share that intelligence with the group and head office can do something about it. However, the bigger problem is there’s a lot of things that potentially go undetected because I cannot connect the data points across jurisdictions. So, if I can only share it when something is suspicious, I need to be right with that suspicion in the first place. My bigger issue is the thing that would lead to suspicion if I could connect the raw data.”
Data protection has become one of the big motions around the world, but particularly in Europe with the likes of GDPR. Even though GDPR is the same regulation across all 27 member states, exchanging data has not become easier. Restrictions of the regulation have made barriers but so has the fact countries do not want data leaving their countries. He said, “The real holy grail in detecting and preventing financial crime is to work closer together within a country with other banks and then across jurisdictions, maybe across Europe or even global.”
He continued, “No fraudster will keep all their money with one bank. Only the amateurs will. The more sophisticated money launderers will not leave all the money in one country because they’re afraid that if it gets detected and seized in one country, they would lose everything. So, they have their illicit money spread across multiple countries and banks.
“I only see a fraction of their activities and these illegal transactions. If I could combine transactional data with other players, I would have a much better chance to detect money laundering more frequently, deter it, prevent it and give to law enforcement to take action. Those richer and more meaningful cases, would also allow law enforcement to target their limited resources to higher risk cases. But we can’t. We don’t have the legal framework. I can’t even share data within the UK, between bank A and bank B.”
Countries becoming overly sensitive with their data is only natural. All countries want to ensure their people are safe and their information is not being extorted or used for ill-means. Scandals such as Facebook and Cambridge Analytics have only added fuel to the fire that data protection should be a major priority. This was clearly echoed down through to the regulators and they have put more strict rules in place.
Schulz worked with the European Commission to craft the AML4 and when it was being formalised GDPR was also being developed at the same time. Collaboration between the two bodies tried to find the best balance of fighting money laundering through data whilst protecting the data, he said. A rule he would have liked implemented in GDPR was an allowance and safeguards for fighting financial crime where under a very selective basis and through an extremely controlled manner, data could be exchanged. Unfortunately, this was not the case. He said, “It’s an issue between creating privacy and protecting consumers and companies’ verses fighting financial crime.”
Data privacy may have been a little higher on the priority list, or regulators may have feared this sharing of data could be exploited for marketing parameters, but it’s not clear why a system like this is not in place. But it is in the best interests of governments to improve pursuits of money laundering as they are the ones most impacted.
This is not to say that countries and regulators are not taking money laundering seriously or trying to improve action. It is quite the opposite; action is being made. The European Union recently revealed it was even looking at strengthening bank supervision around AML and will potentially give the European Banking Authority new powers in supervising. However, the action that should be made is sharing of data.
An example of it in effect is the US, where financial institutions can exchange data in a controlled manner between fellow institutions if it can prevent financial crime. Regulators are taking note, with the UK reviewing their regime to see if something similar is possible and then so are countries like Australia, Hong Kong and Singapore, he said.
“I think every country and jurisdiction should have a very robust data privacy regime. At the same time, however, you should carve out exceptions to prevent fraud, fraudulent activities, financial crime, bribery, corruption and money laundering in particular. It should not be one or the other. I think they need to marry them both up to something that works on both sides.”
This will not be a simple thing to implement, if it was, it would already be in the market. Worries are paramount around how the system could be safeguarded from non-financial crime manners, or in areas of conflict where a person’s privacy needs to be compromised to prevent money laundering. On top of that, what if there was no money laundering and privacy was broken for no reason. These are challenges that need to be addressed and overcome, which Schulz believes will in the next five to ten years in many countries across the globe, because appetite is there.
Accessing clean data is key
There is more data available to companies than ever before and the benefits of leveraging it are also on the rise. Technology like AI and within that especially machine learning are able to generate deeper insights than a human could across large datasets. Schulz even stated that “data, data, data, are maybe the three most important things in the fight against financial crime.”
RegTechs are building an array of solutions and tools all utilising machine learning or natural language processing technology to generate new-fangled ways of boosting compliance or automating processes, and more. The common denominator of all these systems is that they need clean, accessible and connected data.
When traditional financial institutions have grown over the decades through mergers or acquisitions, it has left systems and datasets in legacy and less connected systems. This makes it harder for them to access all the information they have. Even if this information is put into a ‘data lake’, the information is not automatically connected nor easy to use. Schulz described it as a potential “data swamp.” Unless the dots can connect and can be turned into insights, it is rather useless. But if a company can help connect all the data and help to make it ‘clean’, it will be a large success. A company specialising in this will have a bright future Schulz believes.
He said, “there are some tools out there that can help you to cleans data. But I don’t think there’s enough effort and enough science put on addressing that problem. Why? Because it’s not sexy. But any of the advanced analytics tools only will ever be as good as the underlying data.”
The trouble with a lot of current RegTech AI solutions is they have been built for a scenario when data is clean and accessible, which just is not there. The platforms are not designed for the low-quality data which is plaguing financial institutions in many legacy areas. “It is like having a race car, but you don’t give me an engine. I get all these shiny toys, all these shiny tools, and it’s all terrific guys, but I only can use you in a very small area and very small dimension. I can’t derive the full value of these platforms because I don’t have the data, the quality that we need, the accessibility of the data and the connectivity of the data to the extent I want and the shiny tools require.”
Copyright © 2018 RegTech Analyst
