If you’ve ever worked in AML or Compliance you’ve probably at some point have felt an utter feeling of powerlessness. You use all of your expertise, put in tons of extra hours and still financial crime is flowing through. You know what you detect (but too late to stop it; the money’s already moved) but are scared to even think of what you didn’t detect. There are tens of thousands of payments flowing through your bank everyday. Are you really making a difference? Will you ever be able to keep up or get ahead?
Well, you’re not alone in thinking this. Over the years I’ve worked in crime fighting I’ve felt it many times over. The exhaustion, the helplessness. But as a born optimist and professional crime-fighter I consider myself to be, I have never completely lost hope. On the contrary over the years it has actually given me an even bigger drive to find better and smarter ways to fight the bad guys.
I’ve learned loads from those financial criminals I’ve been working to stop for well over a decade. Most financial crime is professionally orchestrated. There are teams, organizations, goals, strategies, employees and contractors. Their job is financial crime, and given the enormous sums that move, they’re actually pretty good at it! There’s lot’s that AML and compliance teams — those fighting financial crime — can do to level the playing field and beat criminals at their own game.
Here’s a short list:
1. Leverage the latest technology
Criminals today use the latest technology. They are the first adopters. They were one of the first to adapt to online banking. The dark web is full of them. And when bitcoin launched, they were there immediately. Criminals chose it because — until recently — it was far less regulated and easier to operate on than other platforms.
In compliance, on the other hand, it’s normal for people to trust in their tried and true technologies. It’s been running for years in our business or all the other banks seem to be using it, so it must be good, right? Maybe, but why have we seen all of the AML scandals recently? What role has the technology played in letting this happen?
Banking is undergoing an incredible transformation. The products, customers and KYC are totally different. The criminals are different too; far more organized and adaptive. Not to mention regulations, which are being added faster than banks can implement them.
So, to beat criminals going forward, we need to leverage the latest technology that makes change easy - because there’s going to be a lot of it.
2. Constantly test and iterate
Let’s imagine there was a criminal who wanted to diversify his business portfolio. He wanted to steal gold from an African country. He’d never done that before, so he decided on a method and tested it. Sure, the guys died in the process, but he’d paid them well for it. So he tried another way. And another. And another. Until they finally got through. He kept testing and iterating until he found a way that worked.
In AML and Compliance more generally, how much are we testing? Do we make improvements to our scenarios once a week or more like once a year? When a talented AML specialist excitedly discovers the hints of a new criminal pattern, how fast do you confirm it and automate it? Or have they mostly given up on trying to find the new patterns and have resigned themselves to ticking boxes. And on the flip side — how many poorly performing rules — the ones that are only throwing up roadblocks for your genuinely good customers — have been removed?
If we contrast how the criminals operate and how compliance teams (often) operate, there’s no doubt who comes out on top. Because I have always been a numbers guy, I’ve always been obsessed about the formula and the end results. Which meant I was hyper focused on testing to see which of my data models worked to catch the most crime. Funny enough, that’s also how criminals operate. They try 10 things to find out what works. We have to be the same. We have to try something, see if it works, and then adjust from there.
3. Prioritise speed
Onboarding and transactions are moving at lightning speed. Digital onboarding, faster payments initiatives and an incredible number of other developments have all contributed. This rapid development is incredible for customers and criminals alike.
Criminals know that if they can find a way to get things done fast, there’s way less time for them to be stuck in a system that might find them.
Banks and even some fintechs often don’t prioritise speed. They prioritise process and thoroughness. Given the regulatory complexity, that’s not a terrible approach. But it won’t help you win the battle with financial criminals who have no regulators to answer to.
AML, compliance and wider organisation need to get far faster at adapting as organizations. Are the AML systems ready from day one when the bank or fintech launches a new product, a new market or a new customer segment? Can the AML team take all of its learnings and implement new rules, scenarios and dashboards themselves? Or are there layers of bureaucracy and such long delays that becomes pointless by the time it’s done.
4. Band together the industry knowledge
You’ve probably heard the phrase “if you scratch my back, i’ll scratch yours.” Criminals are super smart. There’s a reason that criminal patterns spread. One criminal finds a hole and he tells his friend who also jumps in and exploits that hole. Criminals know that, to get ahead, they have to help each other.
During this very hour there will probably be at least 10 banks investigating the same shell company. 10 separate investigations on the same possibly shady business. This is so strange in this day of common knowledge sharing like wikipedia. Why would we do the same job over and over again if others are doing it, too? In fact, data privacy laws today even say that, with the right technical and process implementation, we could share a whole lot more data between financial institutions to help stop crime. But we don’t.
Last summer, at the FCA’s hackathon (1), Salv built a proof of concept for a cryptographically secure system that our industry could use to share data. We’re building towards a day where banks and fintechs can share information about how to stop criminals as the criminals do today finding which bank to exploit next.
5. Stay laser focused on your end goal
What does a criminal want to do? Launder their money. That’s their primary, secondary, and tertiary goal. Well, that and not get caught.
But what is an AML or compliance team’s goal these days? I’ve talked to many of them, and it’s hard to get a clear answer. They have so many priorities. Regulations, team, costs, audits, reports, communications, processes, technology, change management. The list is endless. Where in the list of priorities is, you know, stopping as much financial crime as possible?
Many institutions, unfortunately, haven’t put enough focus on crime fighting. 2019 was a record year for both AML fines and AML scandals. Every one of the institutions fined was compliant with the regulations. Just being compliant isn’t nearly enough to keep a bank safe from scandal. They actually need to combat crime. As simple and obvious as that sounds, we know how incredibly hard it is to do.
Hope for the future
Shifting the balance in institutions — to use the latest technology, prioritise speed and stay focused on crime — won’t be easy. It may look impossible.
But I couldn’t be more hopeful. The recent uptick in AML scandals has highlighted just how important this problem is. All financial institutions, regulators, and media are all actively working as hard as they can to find solutions. Finally, the opinions of talented AML teams, who’ve been saying the same things I’ve said above for years, are being seriously considered. And there’s tons of new technology emerging, from Salv and others, that can give financial institutions of all sizes a shot like never before, of beating criminals at their own game.