Anna Back, Data Consultant, DTSQUARED
We’ve all heard the horror stories. Cashiers accepting bin bags full of cash without asking any questions. Data leaks highlighting widespread due diligence failures of high street names. In reality, the situation is less Hollywood and more part of the everyday. From development, to implementation, to management, there is a continued stream of work behind the scenes to support anti-money laundering (AML) controls and protect economies from “dirty money”.
But clearly, something is still broken. According to Kroll’s 2022 Global Enforcement Review, the FCA fined financial institutions a total of $441 million in 2021 for AML compliance failings. That equates to more than $1.2m each day.
Failings don’t just bring crippling fines either. In 2021, the UK saw its first criminal prosecution by the regulator for these kinds of failings. Global sanctions create a criminal responsibility for banks and financial institutions to have the right controls set up to comply with AML regulations.
If the question is what is broken, the answer is the data. Financial institutions of all shapes and sizes often sink money into some of the ‘best-in-class’ AI systems but will never achieve their desired results as they don’t have the right data governance in place.
Too many red flags
Firms need to walk before they can run. There is a tendency for businesses to undervalue the importance of having a system in place which ensures the accuracy of data from the outset. Often, the actual ‘inputting’ of information into systems is unregulated leading to incorrectly inputted personal information.
For example, there may be a spike in the number of people with ‘Astronaut’ as their occupation due to its high position in the drop-down list. If there is an unusual number of customers with a certain profession being onboarded, this will skew any ‘normal state’ in the bank’s AML system.
Furthermore, in larger financial institutions, siloed systems and data sources which do not share and intepret data between them can create serious issues down the line. As an example, a customer may have a current account and a savings account with the same bank. Both accounts are accessible through the same app, but the two account systems are siloed. Since the systems are not linked, they will not recognise that the two accounts belong to the same customer, despite the accounts having the same details. Therefore, as the customer transfers money to themselves, especially via automated transactions, it will raise a flag for a potential suspicious activity as the system sees the two “isolated” accounts as having a ‘suspicious’ relationship.
Both scenarios above raise a huge number of suspicious activity alerts within AML systems, which can overload the teams responsible for processing and investigating these activities. There simply isn’t the capacity to check all alerts, meaning real instances of money laundering and other illicit activity can go unchecked.
On the other side of the coin, a significant issue can be a lack of suspicious activity alerts being raised. If a bank’s flagging system isn’t properly set up, it may miss certain suspicious words within transactions. As an example, if a suspicious word is intentionally misspelt, the system often won’t recognise this and the transaction will go under the radar.
Banks must accept a certain level of risk with this. Too high, and any word too close to a suspicious keyword will raise false alerts; too low and cases will be missed. By continuously reviewing this risk and harnessing available data to make informed assessments, institutions can accurately assess what the risk associated with each word is and update their systems accordingly.
Investing in success
Challenger banks are in a much better place to harness their data and quickly adapt their systems than the larger siloed incumbents. If the larger banks fail to evolve with the changing expectations of regulators and their customers, they risk losing credibility and custom in the market, as well as falling foul to a multitude of hefty fines for continued non-compliance.
By educating staff on the consequences of inaccuracies and implementing the right training to support data entry can help reduce any errors before the information is entered into the system.
Furthermore, there are technologies available to help clean an institution’s data. ‘Fuzzy Matching’ and Master Data Management (MDM) tools can consolidate data from multiple sources to reduce the challenges which arise from siloed systems, while also helping businesses to harness vast data sources to their full potential and driving better business decisions down the line.
It’s all about empowering the business with the right training, structures, and tools to use its data to the full potential. By having a clear system in place with the right technology to support, banks can make an important shift to ensure compliance with current and evolving requirements.
