In our Future of Financial Crime (FoFC) series, we have set out a future vision for Financial Crime (FC) risk management that involves a transition to a proactive and intelligence-led model, a digital-first and risk focussed approach to Customer Due Diligence (CDD), and integrated client monitoring across risk domains. This transition will enable the automation and integration of currently manual FC tasks, resulting in smaller teams of highly skilled investigators to focus on priority risks. Additionally we have set out how a proactive Financial Intelligence Unit (FIU) will be critical to manage the receipt and distribution of information, whilst focusing on disrupting the most serious FC risks.
Achieving this future vision requires a fundamental shift in the approach to integrating the latest technology and data capabilities. This article focuses on what this technology-enabled transformation could look like, and how financial institutions can take advantage of advancements in technology, data and AI to achieve better FC outcomes.
The criminal threat landscape continues to evolve to new levels of sophistication. Criminals are taking advantage of faster digital payment channels (domestically and cross-border) and using new products that obscure activity and ownership. The adoption of Generative AI (GenAI) has further empowered criminals to recruit unsuspecting individuals into becoming money mules1, to produce convincing deepfakes (videos, audio, or images) capable of impersonating individuals2, and to manipulate identification and verification (ID&V) documentary evidence, defraud victims and circumvent controls.
For financial institutions trying to meet ever-evolving regulatory requirements, this means grappling with the increasing cost and complexity of FC, whilst tackling high false-positive alert rates and large quantities of low-value manual tasks. As the pace of change increases, financial institutions will increasingly demand greater flexibility in their FC technology to rapidly adapt their controls, to enhance detection effectiveness, and drive operational efficiency.
However, this adaptation is difficult because many FIs still depend on legacy and siloed technology to support their Know Your Customer (KYC), Fraud, Transaction Monitoring (TM), sanctions screening and cyber controls. These systems are often stand-alone with limited integration resulting in duplicative processes and fragmented information across the organisation. Furthermore, legacy technology may not fully align with risk requirements, is often based on premise, and faces challenges such as poor underlying data quality and a high cost of ownership. These limitations hinder the ability to respond quickly and efficiently to implement change.
Furthermore, the volume of data available to FC teams is increasing exponentially across the customer lifecycle and from external sources. Used in the right way, this additional data can support FC teams in better understanding customer activity and identifying higher-quality indicators or “signals” of FC risk. There is wide support from government and industry to develop domestic (e.g., Fusion3 in the UK) and cross-border (e.g., Article 75 of AMLA in the EU4) data sharing initiatives designed to tackle FC more effectively. This will require FIs to have the right technology and data management capabilities to consolidate and leverage this external data and to infer meaningful links, which could be challenging for FIs to support with siloed technology and data infrastructures.
In addition to data sharing, supervisory and industry bodies across the global regulatory landscape are encouraging FIs to increase their focus on technological innovation. Specifically, regulators are recognising the potential of artificial intelligence (AI), including machine learning (ML) and GenAI, to enhance FC compliance efforts.
Examples of this shift include:
Unsurprisingly, this heightened supervisory focus on technology innovation and its role in FC prevention is being mirrored by leading FIs, which are looking to take advantage of the opportunities presented.
Based on our work supporting leading FIs with the development and implementation of their FC strategies, we are seeing a number of key trends emerge, which are set out below. It is worth noting, that whilst these concepts are discussed separately, the greatest opportunity to drive material change is when these are combined to build a dynamic and timely view of the FC risks each customer presents.
As the prevalence of AI models increases, so does the need to train and validate increasingly complex models; and investigators will be required to provide more nuanced feedback on what good looks like. This feedback will be used to improve detection models and act as a trigger to more dynamic integrated controls, including limits on customer payments or future customer on-boarding appetite.
It should be noted that the widespread adoption of cloud computing has been instrumental in enabling the trends listed above. Cloud technology facilitates access to a wider range of FC signals, enables secure data sharing, and provides virtually limitless computing power. This has not only facilitated advancements in data management, ML/AI, and holistic risk detection, but has also paved the way for large scale public/private partnerships and potential cross-border data sharing initiatives, that will improve inbound and outbound intelligence capabilities.
The trends discussed in this article, including the increased pace of technology change and the ongoing technology and data transformations we are already seeing being undertaken by leading FIs, highlight the need for a paradigm shift in FC technology and data transformation strategies. These strategies must deliver an agile and modular FC architecture that enables the seamless addition of new capabilities.
Whilst the sequencing and implementation journey will inevitably vary by FI, it will need to unlock value for the organisation at each stage of the journey. This change cannot be in isolation to the wider organisational journey, so it is key that a North Star is established to represent the unique FC requirements and ensure alignment with the firm’s enterprise technology and data plans. This alignment necessitates buy-in from key stakeholders beyond Financial Crime and Compliance, including the Chief Technology and Chief Data Officers.
We believe a convergence towards an integrated, holistic customer risk model has clear advantages, which is a significant shift from the current siloed view of FC functions. This model is illustrated in the figure below.
The journey to this integrated view will require the creation of cross-functional teams that bring together technology, data, FC operations, process re-engineering and risk teams to design and deliver the end-to-end operating model.
An evolution of organisational structures and skillsets within FC teams will also be necessary. Smaller, highly skilled, and cross-disciplinary teams with access to a 360-degree view of customer information and risks. This will replace siloed functions working on a particular part of the process in isolation and passing information from team to team. This will have a profound impact on process design, which will prioritise supporting analysts with risk evaluation and mitigation, as opposed to the current, disaggregated tick-box approach.
The rapid pace of technology and data advancement necessitates immediate action. By embracing new approaches to technology innovation, FIs can build a safer and more secure future. Transitioning from legacy systems to a sustainable, modular, and integrated FC data architecture, leveraging wider data signals, AI and cloud computing are crucial steps in achieving a holistic view of customer risks and criminal activity.
And none of this can be done in a vacuum. Collaboration with regulators, industry bodies and technology partners will be essential for FIs to adapt to future data requirements and drive greater effectiveness to combat increasingly sophisticated criminal activity.
______________________________________________________________________________
References
1. Money mule recruiters use fake online job adverts to target "Generation Covid? – UK Finance
2. Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ - CNN
3. Ground breaking public private partnership launched to identify criminality using banking data – National Crime Agency (NCA)
4. A new opportunity to fight financial crime more effectively – Deloitte LLP
5. Principles for the Use of Artificial Intelligence and Machine Learning in Financial Crime Compliance – Wolfsburg Group
6. Statement on Effective Monitoring for Suspicious Activity - Wolfsburg Group
7. Artificial intelligence in UK financial services – Financial Conduct Authority (FCA)
8. Artificial intelligence in UK financial services - 2024 - Bank of England (BoE)
9. FS2/23 – Artificial Intelligence and Machine Learning – Prudential Regulatory Authority (PRA)
10. Use of Artificial Intelligence for Monitoring of Suspicious Activities – Hong Kong Monetary Authority (HKMA)
11. MAS to explore the full potential of AI to combat money laundering – Money Authority of Singapore (MAS)
12. Money Laundering through Markets - FCA