Ferreneik Betton Profile Picture

Ferreneik Betton

How AI and machine learning can help build better AML programs

How AI and machine learning can help build better AML programs

As financial institutions move towards FATF-recommended risk-based AML programs, artificial intelligence (AI) and machine learning can help them be more effective and efficient in the fight against financial crime.  The global framework for fighting financial crime white paper by The Institute of International Finance and Deloitte LLP highlights that: There is growing consensus that the current global framework for fighting financial crime is not as effective as it could be and that more needs to be done at the international, regional and national levels to help identify and stem the flow of illicit finance – an activity which supports some of the worst problems confronting society today, including terrorism, sexual exploitation, modern slavery, wildlife poaching and drug smuggling. The impact has rippling effects; AML professionals, governments and regulator bodies globally are discussing better approaches to preventing and reducing money laundering from entering financial systems. The most critical area of address is the AML programs institutions must implement within their systems to be compliant.  However, it is challenging for institutions to reform their AML programs. The Money Laundering Bulletin points out that “some of the key problems, and therein some of the most promising solutions, lie with the technology used by companies to underpin their AML programmes. Most of the systems used today originate from the 2000s and were never built for the scale of data or demand we see now.”  In the fight to improve their approaches to identify and reduce money laundering, regulatory bodies and industry leaders acknowledge and encourage the use of Artificial Intelligence (AI) and machine learning to comply with AML regulations. AI and machine learning are proving helpful to implement within anti-money laundering programs to be more effective and meet ever-evolving compliance obligations. In this article, we will take a look at how AI and machine learning can increase both the efficiency and effectiveness of Anti-money laundering programs.   Why AI and machine learning is important in AML programs AML programs require compliance teams to gather intensive amounts of customer data as part of the first line of defence during customer due diligence (CDD) processes and ongoing transaction monitoring. This process was previously a manual and repetitive task to analyse if customers present a potential risk.  Here is how AI and machine learning can be applied in different stages of the CDD and ongoing transaction monitoring processes.    AI and machine learning can assist during client onboarding  For AML compliance teams to be compliant, they must carry out Know Your Customer (KYC) processes. They are required to analyse large amounts of data from a range of external sources: adverse information, media, Politically Exposed Persons (PEP), sanctions, and watchlists. To effectively screen an individual, they must gather quality data to assess and know the customers are who they say they are.  Building a better assessment and profile of customers involves being able to match that individual to their identity. It is just as essential to reduce the risk of identity fraud, particularly synthetic identity theft, which is one of the most prominent threats institutions face and is one of the most difficult financial crimes to detect. Furthermore, Information experts Thomson Reuters explains, “financial institutions often struggle with synthetic identity fraud as well. That’s because fraudsters often open accounts with synthetic IDs to establish credit and behave as stellar customers for months or even years before they use those accounts to defraud financial institutions.”  AI and machine learning can help AML compliance teams verify the identity of an individual in real-time. With biometric face matching, the customer’s identity is scanned and compared with a selfie against a photograph of the customer’s ID. Together both the selfie and ID are assessed in real-time to detect liveness and potential alterations that lead to signs of a fraudulent document.   Ultimately, AI and machine learning aid by speeding up the onboarding experience with a more streamlined onboarding process and provides a more robust first layer in KYC processes to show you have done your CDD checks.    AI and machine learning aids in ongoing transaction monitoring Money launderers aim to move illicit funds through financial systems as quickly as possible in order to go undetected. These programs are required to conduct continuous monitoring of customers’ transactions to spot potential suspicious behaviour that needs further investigation.  AI can improve the way traditional programs and compliance teams review and source data to build risk profiles on individual customers and improve the recognition of if a customer presents a risk. It scans large data sets at scale, provides categorised breakdowns of profiles, and connects to real-time databases, so compliance officers are alerted as soon as there’s any update in risk status.  In our previous article, regulatory expectations are evolving: how robust is your AML program discussing the challenges slowing progress, we looked at the challenge false positives present. Older programs are known to typically produce false positives that are costly and time-consuming to investigate.  AI can assess while learning from customer data to detect and recognise suspicious behaviour. The ability to better spot any potential risk a customer may present helps AML compliance teams create a more in-depth risk profile. Using machine learning within the transaction monitoring process can increase the scale at which AML compliance teams screen customers’ behaviour and detect risk. The technologies can analyse large quantities of data and further aid compliance officers in ongoing transaction monitoring by more accurately indicating risk. Additionally, AI has the capability to spot known risks about an individual and make the research process more efficient by improving the time taken. According to the Money Laundering Bulletin, “applying AI to the creation of AML risk data can prevent compliance breaches by spotting previously unknown risks, updating entities faster, identifying remote linkages between entities and enhancing existing profiles with more information (sic) to help make better decisions more rapidly.” AI and machine learning speed up the process with an analysis of larger sizes of data sets and improved categorised breakdowns of results. AML compliance teams are able to spot suspicious activity quickly, assess the level of threat based on accurate data, review comprehensive customer risk profiles and effectively investigate.   Improve the power of AML professionals decision making AI and machine learning are not only improving a once static system that struggled to effectively and efficiently screen, onboard and monitor customers. These technologies are helping institutions provide a better customer experience by streamlining the onboarding process and accurately identifying high risk.  With the added benefit of better data, AML compliance teams can make better decisions. They can build a robust risk-based AML program by combining their human expertise with AI and machine learning in the battle of preventing their financial systems from being used for money laundering. If you would like to learn about how we make compliance simpler, head over to our Identity Verification solution. 

6 min read
Regulatory expectations are evolving: How robust is your AML program?

Regulatory expectations are evolving: How robust is your AML program?

Managing financial crime is very complex and presents several challenges for financial institutions to develop robust anti-money laundering (AML) programs and meet compliance requirements. AML compliance officers understand the importance of keeping one step ahead of criminals trying to find weak points in their financial systems to exploit. Continuous discussions by industry leaders at the forefront of combating financial crimes agree that more needs to be done sooner to detect and prevent money launderers from misusing systems. Thought leader Kevin Buehler from McKinsey wisely points out that “the stakes in this fight have never been higher for financial institutions. Money launderers are using increasingly sophisticated methods to avoid detection, and regulators are pressing for improved efficacy in anti-money laundering (AML) programs.”  However, it is proving a more significant challenge to keep up with the new inventive ways criminals are testing their AML systems while ensuring they comply with AML regulations. In this article, we’ll examine the challenges anti-money laundering professionals face when making a more robust AML program to combat the increase in financial crime.    What challenges are slowing the progress of more effective and efficient AML programs?  It is widely known that financial institutions are undergoing vast digital transformations to remain competitive and innovative with the types of financial services provided to customers. Legacy systems are one aspect slowing their progress to adopt innovations and digitalise internal processes. Inherently, legacy systems affect AML programs’ potential to detect and identify the source of money laundering or the ability to prevent it.  Legacy systems are one of the several major challenges slowing the prioritisation of an effective and efficient AML program. Here are four of the significant difficulties further slowing change.  1. Regulatory pressures and the cost of compliance   Anti-money laundering professionals all believe in the need for regulations to help prevent the misuse of their financial institution’s services. It is challenging to ensure that AML programs sufficiently meet the increasing volume and complexity of regulations. In addition, institutions are estimated to spend billions each year in combatting financial crime. A survey commissioned by Refinitiv, one of the world’s largest financial markets data and infrastructure providers, reported that 3.1 per cent of annual turnover is spent combating financial crime, representing a sum of $1.28 trillion for organisations surveyed from 19 countries.  Conversely, failure to comply can result in hefty fines. According to Global Investigations Review, enforcement actions and penalties for non-compliance with AML regulations continue to increase. They state that globally, there were 58 AML penalties in 2019 at a total of US$8.14 billion, compared to 29 penalties totalling US$4.27 billion in 2018. In 2020, global AML fines for financial institutions increased again to more than US$10.3 billion. As this shift occurs, financial institutions are further challenged to meet stringent regulatory and compliance requirements while remaining fiercely competitive and providing a trusted service.    2. Expensive false positives not detecting authentic illicit activities Financial institutions must have many layers of defence for their AML programs to detect potential illicit activities. Customer Due Diligence (CDD) is at the centre of an effective AML program. Magazine ACAMS Today highlights that, “banks need to conduct due diligence on business operations, industries, customer characteristics and regions, in order to obtain adequate, complete and truthful customer information as the basis of analyses.”  The second is continued monitoring and screening of those customers and their transaction habits to identify any illicit transactions. Despite institutions setting these measures in their systems, the current controls in place to monitor customer behaviour are not evolved enough and, in some cases, are too sensitive in their detection of potential illicit activity.  This leads to innocent customers incorrectly being flagged as performing suspicious activities. As a result, institutions face costly false positives yearly and struggle to reduce those. Reportedly on average, 55 per cent of ‘false positives’ and inefficiencies can be eradicated by the most modern systems, accounting for 42 per cent of institutions’ AML costs. That equates to £2.7bn.   3. Inability to detect certain criminal activities   In 2020, the EU expanded their AML regulations to include more offences that fall under money laundering. The EU sixth anti-money laundering directive (6AMLD) now requires institutions to acquire data to meet new transaction monitoring that can better spot money gained from human trafficking.  This presents a challenge for AML compliance officers who, according to BusinessWire, admitted to having to report and investigate criminal financial activity linked to human trafficking. Almost three-quarters (75 per cent) aren’t confident in their ability to identify human trafficking signs amongst transactions. It is becoming hard for institutions to keep up with newer criminal methods and the use of technology to go undetected. Criminals continue to take advantage of the loopholes in regulations and AML programs.    4. Institutions left vulnerable to crime during the pandemic  During the most challenging moments of the pandemic, many industries, particularly financial institutions, had to close their physical stores and rapidly adapt their systems to deal with the increased use of digital services. Unsurprisingly, there was an increase in fraud and cybercrimes. The Financial Action Task Force (FATF)  COVID-19-related Money Laundering and Terrorist Financing report state that, “the increase in COVID-19-related crimes, such as fraud, cybercrime, misdirection or exploitation of government funds or international financial assistance, is creating new sources of proceeds for illicit actors.”   Institutions challenged to improve older AML programs are faced with an increase in smarter criminal activity and advanced attacks.    AI and machine learning improving AML programs Regulators are encouraging financial institutions to move towards a risk-based approach faster and encourage the use of AI and machine learning.  For instance, in 2020, on the gathering of experts from the Spanish and European banking sector, Global Head of Supervisors, Regulation & Compliance at BBVA, Eduardo Arbizu pinpointed that technical challenges facing institutions must improve in the fight against money laundering. Arbizu explained, “[w]e must leverage technology, especially artificial intelligence and big data, in our anti-money laundering efforts. There is a long way to go; there are still legal hurdles we need to overcome, but, undoubtedly, we have to rely on technological solutions that help us improve”.  As we lean more towards the ever-increasing use of data, conventional AML programs cannot keep up with criminals using even more sophisticated methods. To allow AML compliance officers to effectively and efficiently future proof their institutions, artificial intelligence (AI) and machine learning can help in the fight against financial crime.   If you would like to learn more about how AI and machine learning can help build better AML programs, you can read more about it on our blog.

6 min read
A closer look at the ever-changing anti-money laundering landscape

A closer look at the ever-changing anti-money laundering landscape

In the fight against financial crime, the anti-money laundering landscape is ever-changing.   The global battle against financial crime is a challenging one fought by governments, regulatory bodies, and industries. Every financial institution and organisation that provide financial services must better equip themselves against the growing threat of money laundering.  Financial institutions are the most significantly impacted by money laundering and terrorism financing year on year. The United Nations Office on Drugs and Crime estimates that the amount of money laundered globally is between 2 – 5 per cent each year, which in USD is between $800 billion – $2 trillion.  In the ongoing battle to combat money laundering, law enforcement, governments, and regulatory bodies are building stricter anti-money laundering (AML) regulatory frameworks.   Anti-Money Laundering regulations are laws and legal controls aimed at preventing criminals from using financial systems to hide illegally gained funds. As financial institutions are the most impacted, they face the most pressure to be compliant. In accordance, institutions have to create effective processes that detect, report, and ultimately prevent dirty money from entering their financial systems.  Money laundering has many economic, socio-economic, and business consequences if AML regulations are not developed and enforced. This article will discuss the AML regulatory landscape and how financial institutions must comply with AML regulations.    What are the three stages of anti-money laundering? Money laundering is the process of exchanging illicit funds gained through organised crime into legal currency. To hide the source of such large amounts of money illegally gained, laundered money follows three key stages: placement, layering and integration. Each individual money laundering stage can be extremely complex due to the criminal activity involved.  Placement stage  In the first stage, criminals move their illicit funds into legitimate financial systems.    Layering stage The second stage is for criminals to hide the illegal source of the funds and make it hard to detect. The illegal source is hidden within a complex network of multiple bank transfers.    Integration Stage Once the illegal source is hidden, this stage involves blending the illicit funds into the financial system through investment into legitimate businesses. Criminal law firm St Pauls Chambers explains, “[t]he ‘dirty’ money is now absorbed into the economy, for instance via real estate. Once the ‘dirty’ money has been placed and layered, the funds will be integrated back into the legitimate financial system as ‘legal’ tender.”   The money is then returned to the criminal as having come from a legal source. Consequently, financial crimes are becoming ever more sophisticated as technology advances, and the stages are ever more complex as criminals find newer methods to stop their activities from being detected. It is increasingly difficult for regulators and institutions to identify or prevent laundered money from entering financial systems.      The anti-money laundering regulatory landscape  The nature of AML regulations had evolved over the decades since 1970 when the US became one of the first countries to introduce the anti-money laundering legislation, The Bank Secrecy Act (BSA). Since then, numerous AML regulatory bodies worldwide are dedicated to fighting money laundering and terrorism financing. To name a few, AML organisations include the Financial Crimes Enforcement Network (FinCEN) from the US, the Financial Conduct Authority (FCA) in the UK, the French Financial Markets Regulator (AMF), The Financial Consumer Agency of Canada (FCAC) in Canada. Including the development of the Financial Action Task Force on money laundering (FATF), established by the G-7 Summit in Paris in 1989 to develop a coordinated international response.  Changes set out by the FATF set the global AML standards for nations, as seen with the FAFT advising the banking sector to take a risk-based approach to identify money laundering.  Improving the effectiveness of detecting and sharing information on money laundering is a national concern and an international priority. Regulatory bodies are also following guidance from the FATF to set more stringent regulations to combat the risks. In the US, the new Anti-Money Laundering Act Of 2020 (AMLA) demands institutions take a better risk-based approach to their AML programs. In their AML program effectiveness, Deloitte explains that the AML Act lays the foundation for a more risk-based, innovative and outcomes-oriented approach to combat financial crime and safeguard national security in the US.   In addition, cybercriminals are finding more sophisticated methods to launder money, leaving many more sectors exposed to financial crimes. Recently the UK implemented the fifth AML directive (5MLD), an amendment to the existing Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). Changes to the regulations now extend to organisations such as letting agents and art market participants, such as galleries, dealers and auctioneers, as well as businesses active in the crypto asset market. You can read more about tackling money laundering in the art world on our blog.  The pandemic placed immense pressure on financial services, which led to revision at the end of 2020 of EU AML regulations producing the EU sixth anti-money laundering directive (6AMLD).  Bobsguide explains: [s]upercharged by the pandemic, there has been an increasing push for digitalisation in financial services. While an excellent move overall, it does create opportunities for cybercriminals to evolve and expand their financial crime methods. 6AMLD was quickly pushed through to address these growing threats. Following these shifts in AML regulations and the recommendation of a risk-based approach, financial institutions must comply to ensure they do more to reduce financial crime risk.    The essentials of an AML program  Keeping up with AML regulations has meant that institutions have had to continually shift their priorities and tighten their AML systems to be compliant. They must develop more effective AML programs to record and efficiently report potential risks to their financial systems.  According to guidance from the UK HM Revenue and Customs, an effective AML program must include the following:  Customer Due Diligence (CDD) procedures   An appointed AML compliance officer Internal operations and ongoing transaction monitoring processes Processing policies: record keeping, risk assessments, AML policy   Detection and Reporting suspicious activities  Carrying out customer due diligence (CDD) is an essential first step in a risk-based AML program. In order to demonstrate CDD has taken place, AML programs must include Know your customer (KYC) procedures. KYC ensures an institution has effectively identified and verified its customers’ identities.  Nice Actimize describes the importance of CDD as “the control procedure that financial services organisations (FSOs) apply to understand and conduct risk assessments of their customers, allowing them to identify and mitigate potential customer risks. CDD is the first line of defence in stopping bad actors from gaining access to global financial services, so there is a lot at stake for getting it wrong.” Traditionally, financial institutions carried out static reviews of their customers. In the anti-money laundering challenges discussion with FinanicerWorldWide, financial director Shorrock states, “CDD is at the heart of the risk-based approach. Old style KYC measures, where institutions simply established the identity of the customer, are no longer sufficient.”  The second important line of defence is continued monitoring and screening of customer transactions in order to identify any illicit activity. With the new risk-based approach, financial institutions are now challenged to be more proactive in their detection and reporting. A risk-based approach brings with it changes to allow for more real-time monitoring, as the magazine ACAMS Today noted of its importance as ultimately ushering in an era of revolutionary change in the international AML arena.   This presents new challenges for institutions to update their AML programs appropriately and adds to the ongoing difficulties they face to ensure their AML compliance processes are effective and efficient in preventing money laundering.     Tougher regulations mean a more effective AML program Inevitably, criminals will continuously develop more sophisticated techniques to go undetected in AML programs, as regulators and governments will have to develop countermeasures.   Read more on our article regulatory expectations are evolving: how robust is your AML program, where we discuss the challenges institutions face to update their AML programs.

7 min read
How AvantiGas reduced their contract signing cycle by 75% with Yoti

How AvantiGas reduced their contract signing cycle by 75% with Yoti

“For our requirements, Yoti delivered exactly the same functionality as the market leaders, but for a fraction of the cost. The staff at Yoti have been helpful and accommodating all the way through. They communicate with us on a regular basis to make sure the product is appropriately adopted and as well as informing us about the latest improvements.”   Simon Ashton Project Manager at AvantiGas   AvantiGas is one of the UK’s leading suppliers of versatile, renewable and safe off-grid LPG (Liquefied petroleum gas) energy solutions. We helped them:  Reduce their contract signing process by 75 per cent Provide their customers with an easier way to return contracts online Decrease cost, speed up their contract management and signing processes   Solution: eSignatures Industry: Utilities Read the case study

1 min read
A guide to the European Commission’s proposed legal framework for regulating high-risk AI systems

A guide to the European Commission’s proposed legal framework for regulating high-risk AI systems

On 21 April 2021, not long after a leaked portion had caused a stir, the European Commission published its proposed legal framework for the regulation of artificial intelligence (“AI”). Whilst only a first draft, therefore subject to the push and pull of the amendment (or ‘trilogue’) process over the coming months, it marks an important milestone in the European Commission’s journey to engender a culture of ‘trustworthy’ artificial intelligence across the European Union. The proposal has important implications for the developers of biometric systems, like Yoti. Although it will undergo a number of revisions before the final framework is published, it is worth taking stock of the proposal as it stands now.   The Framework’s Scope The draft legal framework intends to provide harmonised rules for the use of AI systems. The European Commission acknowledges the many benefits that can be brought about through the deployment of AI and has attempted to build a framework that is “human-centric” – engendering trust, safety and respect for human rights into AI systems. Currently, the framework places less emphasis on the training of AI, per se, although the training stage is one of the most important stages. Instead, the framework focuses on the use of AI systems. That said, there are many rules in the framework that concern the design of AI. For example, an ‘ex-ante conformity assessment’ (that’s ‘checking something does what it’s supposed to do before you deploy it, to you and me) will lead to some consideration of what happens in the period before an AI system has been deployed.  In addition, the proposal sets out broad parameters for training, validation and testing datasets: they must be relevant, representative, free of errors and complete, and have appropriate statistical properties in relation to the people who will be subject to the AI system. This means that statistical bias must be mitigated. Yoti is transparent about statistical bias in the age estimation software and has publicly described how it has mitigated it. The framework takes a risk-based approach, differentiating between uses of AI that create an unacceptable risk, a high risk, and a low or minimal risk. A number of the much-talked-about provisions in the legal framework are those which arise in relation to high-risk AI systems. Certain types of biometric technology are one of the few particular uses of AI that the European Commission decided to give special attention to.  Because of the need to test innovative AI systems, like biometric technologies, the proposed framework pushes EU Member States to develop regulatory sandboxes. This feature will be welcomed by tech companies because it lets us develop innovative solutions that pay respect to individuals’ rights and are in line with our core values. In that same vein, the European Commission suggests that processing special category data for the purposes of bias monitoring, detection and correction in high-risk AI systems is a matter of substantial public interest. Therefore, as long as the processing is strictly necessary for one of those purposes, it will be permitted under the GDPR.   High-Risk Biometric Technologies Annex III of the proposal lists the use cases that fall into high-risk AI. Biometric identification systems are potentially high-risk, depending on if they are intended to be used for the ‘real-time’ and ‘post’ remote biometric identification of natural persons. Although the definition leaves something to be desired in terms of clarity, it appears from the European Commission’s discussion of real-time remote biometric identification that they are primarily concerned with what is often known as one-to-many matching. For example, when the police scan the faces of members of the public to check against a watch list, they are conducting one-to-many matching. Therefore, it would be categorised as high-risk. In contrast, where a bank uses an embedded identity verification system to onboard new customers, that probably would not count as high-risk because there would be no checking against a gallery of existing faces or biometric templates.  Based on the above, Yoti’s identity verification and age verification services should be unaffected. Nonetheless, further clarification of the scope of high-risk biometric identification would be welcomed. Ex-ante conformity assessments are one of the mandatory provisions imposed on high-risk systems. It’s particularly noteworthy that a conformity assessment extends to the examination of source code, a point that has been contentious in the past due to potential business confidentiality ramifications.  In addition to conformity assessments, high-risk AI systems have to be built in such a way that they can be effectively overseen by humans while the system is in use. This will force some AI systems to be fitted with mechanisms allowing human intervention, as well as allowing humans to interpret the methodology behind the AI system’s output. Given how notoriously difficult it can be to understand how an AI system has come to a conclusion, particularly where machine learning models are relied on, this is a radical proposal. It will have practical, as well as financial, implications for the developers of high-risk biometric systems. Finally, it’s worth drawing attention to the record keeping requirements in the European Commission’s proposal. High-risk biometric systems are expected to be built with the capacity to log data such as input data leading to a match, as well as the identification that occurred as a result of the biometric match taking place. It is not clear how this intersects with the data minimisation and storage limitation principles under the General Data Protection Regulation (“GDPR”) because responsible biometric system providers will want to delete all input data immediately after it has been processed.   Non-high Risk Biometric Technologies Because of the emphasis on ‘remote’ identification, many day-to-day uses of biometric technologies will not be considered high-risk. For example, in-person authentication or biometric analysis wouldn’t currently be considered high-risk. This means that the use of tools such as Yoti’s age estimation in a retail environment or on an online platform should be unaffected. Although non-high-risk biometric systems might not have to adhere to the stricter rules in the proposal, there are still relevant parts of the proposal that will have an impact on such systems. For example, there are transparency obligations, although as currently drafted it is unclear whether the transparency obligations do anything but restate existing requirements under the GDPR.  In addition to the transparency obligations, it will be interesting to see how the requirement to develop codes of conduct governing the use of non-high-risk AI is amended over time. Given that some companies and conglomerates have attempted to develop structures that aid self-regulation of biometric technologies, mandatory codes of conduct might not be a large step for the industry.  Yoti has developed an ethical framework in order to ensure that we always do right by our users – and wider society. Codes of conduct could help ensure that the rest of the biometric technology market embeds similar responsible business practices.   Next steps for the framework The Commission’s proposed framework has already generated a huge amount of discussion. No doubt, this will continue as refinements occur during the trilogue process. Given that the GDPR trilogue took 4 years, it could be some time before a final AI regulatory framework is published. Until then, we will continue to keep a close eye on developments as they occur.

7 min read
Automated age checks for StrongPoint

Automated age checks for StrongPoint

We’ve teamed up with StrongPoint to deliver automated age checks in their self-checkouts, Click & Collect lockers and Vensafe dispensing machines. Customers can simply look into the camera on the device and have their age anonymously estimated in seconds. If they look under the configured age threshold, they can prove their age with the Yoti app. Products: Facial Age Estimation, Digital ID Read more about transforming your shopping experience

1 min read