The strategic role of Technology and AI in the future of financial crime risk management

Introduction

In our Future of Financial Crime (FoFC) series, we have set out a future vision for Financial Crime (FC) risk management that involves a transition to a proactive and intelligence-led model, a digital-first and risk focussed approach to Customer Due Diligence (CDD), and integrated client monitoring across risk domains. This transition will enable the automation and integration of currently manual FC tasks, resulting in smaller teams of highly skilled investigators to focus on priority risks. Additionally we have set out how a proactive Financial Intelligence Unit (FIU) will be critical to manage the receipt and distribution of information, whilst focusing on disrupting the most serious FC risks.

Achieving this future vision requires a fundamental shift in the approach to integrating the latest technology and data capabilities. This article focuses on what this technology-enabled transformation could look like, and how financial institutions can take advantage of advancements in technology, data and AI to achieve better FC outcomes. 

Challenges of an evolving FC landscape

The criminal threat landscape continues to evolve to new levels of sophistication. Criminals are taking advantage of faster digital payment channels (domestically and cross-border) and using new products that obscure activity and ownership. The adoption of Generative AI (GenAI) has further empowered criminals to recruit unsuspecting individuals into becoming money mules¹, to produce convincing deepfakes (videos, audio, or images) capable of impersonating individuals², and to manipulate identification and verification (ID&V) documentary evidence, defraud victims and circumvent controls.

For financial institutions trying to meet ever-evolving regulatory requirements, this means grappling with the increasing cost and complexity of FC, whilst tackling high false-positive alert rates and large quantities of low-value manual tasks. As the pace of change increases, financial institutions will increasingly demand greater flexibility in their FC technology to rapidly adapt their controls, to enhance detection effectiveness, and drive operational efficiency.

However, this adaptation is difficult because many FIs still depend on legacy and siloed technology to support their Know Your Customer (KYC), Fraud, Transaction Monitoring (TM), sanctions screening and cyber controls. These systems are often stand-alone with limited integration resulting in duplicative processes and fragmented information across the organisation. Furthermore, legacy technology may not fully align with risk requirements, is often based on premise, and faces challenges such as poor underlying data quality and a high cost of ownership. These limitations hinder the ability to respond quickly and efficiently to implement change.

Furthermore, the volume of data available to FC teams is increasing exponentially across the customer lifecycle and from external sources. Used in the right way, this additional data can support FC teams in better understanding customer activity and identifying higher-quality indicators or “signals” of FC risk. There is wide support from government and industry to develop domestic (e.g., Fusion³ in the UK) and cross-border (e.g., Article 75 of AMLA in the EU⁴) data sharing initiatives designed to tackle FC more effectively. This will require FIs to have the right technology and data management capabilities to consolidate and leverage this external data and to infer meaningful links, which could be challenging for FIs to support with siloed technology and data infrastructures.

Shifting regulatory attitudes to technology

In addition to data sharing, supervisory and industry bodies across the global regulatory landscape are encouraging FIs to increase their focus on technological innovation. Specifically, regulators are recognising the potential of artificial intelligence (AI), including machine learning (ML) and GenAI, to enhance FC compliance efforts.

Examples of this shift include:

• The Wolfsberg Group: The Group has provided its position on innovation and the adoption of AI and ML⁵ to monitor suspicious activity and risk more dynamically, holistically, and effectively⁶, including using new risk detection methodologies that leverage data-driven approaches.
• The Financial Conduct Authority (FCA) in the UK: The FCA has identified the increased adoption of AI in financial services, recognising that AML and fraud prevention are among the areas that offer the greatest perceived benefits for AI adoption by the industry⁷. The FCA continues to champion technology and AI-enabled innovation through initiatives like its Innovation Hub, regulatory sandboxes, and tech sprints.
• The Bank of England (BoE) and the Prudential Regulation Authority (PRA): Aligning with the FCA, the BoE and PRA have noted the use of AI and ML in financial services to enhance FC risk detection accuracy and precision. They have also highlighted the need for governance and oversight to ensure data and model risks are managed effectively^8,9.
• Asia-Pacific Regulators: In Asia the Hong Kong Monetary Authority (HKMA) has recognised the role of AI in enhancing the effectiveness and efficiency of the monitoring of suspicious activities¹⁰ in money laundering and terrorist financing risks. The Monetary Authority of Singapore (MAS) has focussed on exploring good practice in developing and deploying AI in the fight against money laundering¹¹.

Unsurprisingly, this heightened supervisory focus on technology innovation and its role in FC prevention is being mirrored by leading FIs, which are looking to take advantage of the opportunities presented.

How are FIs adapting to emerging technologies?

Based on our work supporting leading FIs with the development and implementation of their FC strategies, we are seeing a number of key trends emerge, which are set out below. It is worth noting, that whilst these concepts are discussed separately, the greatest opportunity to drive material change is when these are combined to build a dynamic and timely view of the FC risks each customer presents.

1. Holistic data capture, enrichment, and integration: A ‘digital first’ approach, where all data is captured digitally where feasible (including via customer self-service in banking applications and web portals). This is supported by improved data ownership, data quality, data organisation (e.g., data mesh), and the linking of data (e.g., entity resolution). The integration of external open source and third-party data is also being used to enrich, validate, and enhance internal data. This more holistic data approach supports the development of a 360-degree view of the customer, FC risks, counterparties, and corporate structures. As well as directly improving the quality of FC risk decisions, this improved data foundation is essential for more advanced modelling techniques.
2. Actionable intelligence through ML and AI: Progressive FIs are already supplementing, or in some cases, are starting to replace traditional rules-based solutions. Instead, more dynamic and data led ML and AI models are being used. This improves the behavioural analysis of customers and their connections, allows a step change in FC risk detection, and can leverage a wider range of additional signals. Increased detection quality has the additional benefit of significantly reducing the volumes of poor-quality alerts, and in our experience, we have seen firms achieving a 30-40% reduction through their ML deployments.
3. Holistic customer risk scoring: A single FC risk score per customer, that changes in response to client behaviour and brings together all the available data signals in a single measure to understand risk holistically. This is a response to the challenges of trying to ‘join the dots’ across the organisation and to link a variety of disparate sources. Measuring these risk profiles over time allows significant changes in client behaviour to be identified and investigated. We see firms progressing through three phases to integrating their customer risk signals: i) at a case management level, ii) at a data level, and iii) at a single integrated risk score level. Progressing through these phases requires increasing levels of focus and integration to achieve, whilst providing increasing levels of risk visibility and monitoring.
4. Integrated monitoring: To further drive efficiency and effectiveness in detecting FC, FIs are becoming less reliant on individual siloed monitoring functions, with some moving to integrate fraud and TM teams, and others planning TM and Trade Surveillance (TS)¹² integration or bringing KYC and TM closer together. This is partly due to a recognition that combining different internal and external data approaches can improve detection quality and risk management, whilst also reducing duplication and breaking down silos, thus aiding the identification of the most serious cases.
5. The Augmented Investigator: The human element remains crucial in managing the most serious risks, albeit with a lesser number of more skilled analysts to investigate cases. FC teams are innovating and enhancing skills and capabilities by adding data science and advanced analytical skillsets to help deal with the most complex cases. To ensure the effective use of this scarce and expensive resource, we are seeing an increased focus on automating manual activities and providing decision support to the analyst. This has started with automating the manual activities to collect, integrate, assess, and document data. This trend is maturing from earlier Robotic Process Automations (RPA) and basic chat-bots to being replaced by AI co-pilots that drive efficiency and effectiveness by being trained by the best analysts’ previous outcomes.

As the prevalence of AI models increases, so does the need to train and validate increasingly complex models; and investigators will be required to provide more nuanced feedback on what good looks like. This feedback will be used to improve detection models and act as a trigger to more dynamic integrated controls, including limits on customer payments or future customer on-boarding appetite.

It should be noted that the widespread adoption of cloud computing has been instrumental in enabling the trends listed above. Cloud technology facilitates access to a wider range of FC signals, enables secure data sharing, and provides virtually limitless computing power. This has not only facilitated advancements in data management, ML/AI, and holistic risk detection, but has also paved the way for large scale public/private partnerships and potential cross-border data sharing initiatives, that will improve inbound and outbound intelligence capabilities.

Building an effective technology and data strategy

The trends discussed in this article, including the increased pace of technology change and the ongoing technology and data transformations we are already seeing being undertaken by leading FIs, highlight the need for a paradigm shift in FC technology and data transformation strategies. These strategies must deliver an agile and modular FC architecture that enables the seamless addition of new capabilities.

Whilst the sequencing and implementation journey will inevitably vary by FI, it will need to unlock value for the organisation at each stage of the journey. This change cannot be in isolation to the wider organisational journey, so it is key that a North Star is established to represent the unique FC requirements and ensure alignment with the firm’s enterprise technology and data plans. This alignment necessitates buy-in from key stakeholders beyond Financial Crime and Compliance, including the Chief Technology and Chief Data Officers.

We believe a convergence towards an integrated, holistic customer risk model has clear advantages, which is a significant shift from the current siloed view of FC functions. This model is illustrated in the figure below.

The journey to this integrated view will require the creation of cross-functional teams that bring together technology, data, FC operations, process re-engineering and risk teams to design and deliver the end-to-end operating model.

An evolution of organisational structures and skillsets within FC teams will also be necessary. Smaller, highly skilled, and cross-disciplinary teams with access to a 360-degree view of customer information and risks. This will replace siloed functions working on a particular part of the process in isolation and passing information from team to team. This will have a profound impact on process design, which will prioritise supporting analysts with risk evaluation and mitigation, as opposed to the current, disaggregated tick-box approach.

Conclusion

The rapid pace of technology and data advancement necessitates immediate action. By embracing new approaches to technology innovation, FIs can build a safer and more secure future. Transitioning from legacy systems to a sustainable, modular, and integrated FC data architecture, leveraging wider data signals, AI and cloud computing are crucial steps in achieving a holistic view of customer risks and criminal activity.

And none of this can be done in a vacuum. Collaboration with regulators, industry bodies and technology partners will be essential for FIs to adapt to future data requirements and drive greater effectiveness to combat increasingly sophisticated criminal activity.

______________________________________________________________________________

References

1. Money mule recruiters use fake online job adverts to target "Generation Covid? – UK Finance
2. Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ - CNN
3. Ground breaking public private partnership launched to identify criminality using banking data – National Crime Agency (NCA)
4. A new opportunity to fight financial crime more effectively – Deloitte LLP
5. Principles for the Use of Artificial Intelligence and Machine Learning in Financial Crime Compliance – Wolfsburg Group
6. Statement on Effective Monitoring for Suspicious Activity - Wolfsburg Group
7. Artificial intelligence in UK financial services – Financial Conduct Authority (FCA)
8. Artificial intelligence in UK financial services - 2024 - Bank of England (BoE)
9. FS2/23 – Artificial Intelligence and Machine Learning – Prudential Regulatory Authority (PRA)
10. Use of Artificial Intelligence for Monitoring of Suspicious Activities – Hong Kong Monetary Authority (HKMA)
11. MAS to explore the full potential of AI to combat money laundering – Money Authority of Singapore (MAS)
12. Money Laundering through Markets - FCA