NextGen AML: Intelligence-driven change

In the current state of affairs, FI’s feel forced to funnel all their payment traffic through vast, FTE-heavy AML processes. Traditionally, these static, rule-led processes produce lots of individual signals of which many are unlikely to be crime related. Due to a lack of deeper understanding of the key money laundering schemes and risks, FI’s sustain these approaches in a fear to miss out on cases and to prove their ‘technical compliance’.

Sharing more intelligence

Meanwhile, other parties in the ecosystem have potentially useful intelligence. Intelligence following from criminal investigations, for example. FIs can use this information to find and report money laundering transactions— and terminate or limit the criminal’s access to the financial system.

This is already taking place on a modest scale in The Netherlands. For example in the Financial Expertise Centre (FEC), a large group of actors including regulators, ministries and law enforcement align strategies. And in the Fintell Alliance, where specially screened employees from several banks work side by side with the experts of the Financial Intelligence Unit (FIU). FIs outside such initiatives, however, only receive ad-hoc requests in connection with incidents and cases.
In the NextGen AML framework we envisage, the pool of intelligence to be shared will be far richer. All parties continuously share intelligence on a structured basis, preferably coordinated centrally (as detailed in our previous blog). This intelligence can be multifold: detailed modus operandi, actionable typologies, tactical information related to specific networks and schemes, and general intelligence on money laundering patterns. In other words: exchanges that are now happening at small scale or ad hoc, will become the default at large scale. This also means that more legislative room must be made for public-private and private-private information sharing.

Slow and careful thinking

When this flow of intelligence starts picking up, all parties involved need to be ready for it. In the current set-up, there is not always sufficient capability and capacity to handle new intelligence. Both at the public and private side, staffing is focussed at sustaining the usual levels of ‘technical compliance’, leaving limited time and capacity for making more intelligent scenarios and searches. Intelligence can then end up on the shelf. The danger is that if the parties providing the information see no results, they will sense a pushback, become demotivated and give up. Utilizing intelligence calls for orchestration of the ‘AML ecosystem’.

FIs would therefore do well to anticipate this increased flow of intelligence by setting up a sound process (‘intelligence pipeline’) for receiving and assessing it. One that checks the reliability of the source. One that weighs the feasibility of acting on the intelligence against what the organisation itself has to gain or lose from doing so. One that, once the intelligence has been found worthy for follow-up, specifies precisely how to do so. This ‘slow and careful thinking’ will enhance the compliance risk management cycles (in NL: SIRA) that most FI’s have already in place.

Besides adopting more intelligent measures, this will also enable FI’s to do less. Intelligence is about focusing efforts where it matters. This also has the potential to stop efforts in area’s for which no intel signals that it is really worth investigating. Existing controls (such as transaction monitoring) can be sharpened, resulting in less clients that are signalled and require review. And some of the current controls that are lacking precision and are not proven to be effective based on true intelligence from the field can be stopped.

Rapid response and fast thinking

Eventually, this process could progress into a more agile and integrated version, and also be connected to the upgraded version of the National Risk Assessment (NRA) we proposed in our previous blog. The advantage of having a sound process is that when the FI decides to act, a protocol of appropriate actions will already be in place. And since the routine compliance workforce is already overwhelmed, this needs to be tackled by a dedicated team, who will take the intelligence and run with it: rapid response. As said, a few pioneer FIs already have such teams. By performing high-speed checks and analyses, also connecting with like-minded experts elsewhere in the ecosystem, they can quickly find relevant transactions and clients based on intelligence and ensure quick follow-up, also by public parties. A cycle that is much faster then the traditional cycle of FATF recommendations, EU directives and local legislation and guidance. A cycle that stops criminals and money laundering risks as soon as possible.
Of course, technology is key in making the analyses faster and more effective. Typologies can be encoded, for example, and artificial intelligence can help the experts discover patterns and networks. In the ultimate NextGen AML situation we envisage, the entire ecosystem will be working with these technologies and collaborate to innovate these.

This does mean that an FI’s team must include both money laundering experts and data science specialists, or, even better, that rare breed who really understand both: so-called ‘purple people’. People like this will be needed across the ecosystem, to help make the most of technology — and, importantly, to ensure this technology is applied responsibly, taking proper account of security, privacy, and ethics.

Ultimately, this will lead to a more intelligent system in which the static and simple controls of the ‘technical compliance’ version of the AML framework are replaced by more proactive, agile and well informed measures. Rather then doing simple things on a bulk of signals, FI’s will shift gradually to go deep on (combinations of) patterns and networks that are having the largest financial crime impact.

No sitting back

For now, the flow of intelligence from the ecosystem has to gain further momentum, but FIs don’t need to sit back and wait for that to happen. By beefing up their own parallel, intelligence driven compliance processes, FIs can get better results from the information they already have, and detect AML more quickly and effectively. Plus, they can instantly benefit as soon as information sharing in the ecosystem really takes off. This will enable FI’s to generate more relevant outcomes with less people and direct human efforts there where it adds most value. A benefit that will also form a cornerstone to our next blog, on the output driven change of AML.

Click here for an overview of the blog series