Money laundering involves taking proceeds obtained via criminal activity and disguising their origin to make them appear to have been derived from a legitimate source. This allows criminals to realize the benefits of their crimes. Money laundering is a type of financial crime; other financial crimes include fraud and terrorism financing. All financial crimes exact substantial costs to individuals and institutions and can have potentially devastating consequences for society.
Money-laundering is the process that disguises illegal profits without compromising the criminals who wish to benefit from the proceeds. United Nations Office on Drugs and Crime
The estimated amount of money laundered globally in one year is 2-5 percent of global GDP, or US$800 billion to US$2 trillion, and that’s a low estimate. Because the US has a relatively safe and sound financial system, it’s the primary destination for money laundering. Recently, however, money laundering has grown rapidly in other parts of the world with less regulated banking systems.
The technique of money laundering basically involves placement, layering and integration – often a complex series of transactions, from depositing funds to moving them into what appears to be legitimate assets. Financial institutions are a primary target of money laundering in the sense that the criminals exploit weaknesses in the global financial system to obfuscate the trail of illicit funds.
Therefore, we have anti-money laundering
Financial institutions in most countries are mandated by law to actively monitor and report suspicious activity that occurs within their institutions. The collective techniques and processes used by financial companies to do this are typically referred to as “anti-money laundering” or AML. Financial institutions combat terrorist financing by similar means, using programs collectively known as “counter-financing of terrorism” or CFT. An essential element for both AML and CFT is using data analysis to detect unusual activity during processing – by monitoring transactions, customers and the network of behaviors.
Fighting Financial Crime Amidst Growing Complexity
Regulatory scrutiny and technology evolution are exposing critical limitations of AML operations. Efficient management of the growing scale and complexities in AML will require intelligent automation.
What’s your financial institution’s role in AML/CFT?
Financial institutions should combat money laundering and terrorist financing because it’s a moral imperative to do so. But they also need to:
- Comply with regulations to monitor customers and transactional activity and to report suspicious activity.
- Protect their brand reputation and shareholder value from being associated with criminal elements such as organized crime; human, drug or arms trafficking; and government corruption.
- Avoid consent orders, as well as civil and criminal penalties, levied because of noncompliance or negligence. These may disrupt business as usual (such as cease and desist orders), putting limits on a bank until resolution is reached.
- Reduce costs in fines and added costs of doing business for illegitimate entities; reduce the amount of capital reserved for risk exposure; and reduce employee and IT costs spent on trying to achieve more accurate detection.
What is government’s role?
Across the world, countries have enacted legislation to criminalize money laundering and related offenses. The international body for enforcement, FATF, encourages and assists countries to create a financial intelligence unit (FIU) responsible for managing the flow of information between institutions and law enforcement agencies.
Government legislation and regulation by each country’s FIU have placed the responsibility on financial institutions to be the first defense against money laundering and terrorist financing. By reporting potential suspicious activity to the government via suspicious transaction reports (STRs) and suspicious activity reports (SARs), banks alert law enforcement to possible criminal activities.
To this end, regulatory bodies have enacted critical legislation that banks must comply with to enforce anti-money laundering:
- US: USA Patriot Act, Bank Secrecy Act.
- Europe: EU Fourth Anti-Money Laundering Directive (4AMLD).
- Canada: Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).
- Australia: Anti-Money Laundering and Counter-Terrorism Financing Act of 2006.
AML/CFT controls, when effectively implemented, mitigate the adverse effects of criminal economic activity and promote integrity and stability in financial markets. International Monetary Fund
The AML/CFT regulatory and compliance landscape
Criminal charges. Big fines. Negative publicity on compliance lapses and penalties. All of these create reputational risks by deflating public perceptions of the integrity of institutions. Numerous financial institutions are dealt fines for lapses in their AML and sanctions programs – especially branches of foreign banks.
AML regulations combine money laundering (source of funds) with terrorism financing (destination of funds). International AML rules and regulations from FATF in 1989 were intended to maintain and promote the ethical and economic advantages of a legally credible and stable financial market.
Monetary authorities from all over the world have increased focus on compliance and globalization, and financial institutions are moving from reacting to regulations to embracing a more risk-based, prescriptive approach in assessing AML/CTF activity. In general, financial institutions are required to perform the following (varying by jurisdiction):
- Customer identification program/know your customer (KYC): Proper identification and verification of customers to insure legitimate identification. Higher risk products and services (e.g., private banking) require more in-depth collection of information such as source of funds, tax returns, letters of incorporation, and the identification of ultimate beneficial owners.
- Large currency transaction reporting: Cash transactions above a certain threshold ($10,000 in the US) by a single customer during a business day require the institution to file a regulatory report. In the US, it’s referred to as a “CTR.”
- SAR/STR monitoring and reporting: Regulatory agencies publish guidelines for types of behavior that should be monitored (e.g., structuring means making numerous cash deposits or withdrawals over several days to avoid a currency reporting threshold.) If an AML analyst/investigator determines the subject’s behavior has no apparent business purpose and exceeds reporting thresholds, then a SAR/STR is filed to the FIU, and the institution’s regulatory obligation is fulfilled.
- Sanctions compliance: Regulatory bodies such as Her Majesty’s Treasury, OSFI, Interpol and the United Nations require financial institutions to check transaction parties against lists of sanctioned individuals, companies, institutions and countries, for example, OFAC specially designated nationals.
The financial services industry has invested billions in IT to monitor illicit activity. These automated systems can also generate mounds of work items if not properly deployed. Even though the industry has invested heavily to combat money laundering, the industry is questioning how effective these efforts have been based upon meager asset forfeitures and convictions relative to the growth in SAR/STR filings. Examination guides and typology reports are well-intended, but when applied generally, may not accurately reflect a firm’s real risks.
According to a PwC study, 12 percent of financial services firms have not conducted AML/CTF risk assessments across their global footprint. Top systems challenges include complexity of upgrading systems and data quality, with many still hampered by legacy monitoring systems that are proving to be burdensome and expensive to tune and maintain.
As technologies like artificial intelligence (AI) and machine learning have become more prevalent, the next generation of technologies is automating manual processes associated with client risk rating, acquisition of third-party data, behavioral monitoring, prioritization and workflow throughout the financial crimes risk management process. More sophisticated firms employ segmentation, scoring and optimization strategies to achieve efficient and effective identification of financial crimes risks.
We see the evolution of the industry moving toward best practices that address three key disciplines:
- Operational processes from detection to regulatory filing.
- Validation processes to satisfy model governance and optimization objectives.
- Human intelligence for complex or special risk investigations often associated with transnational criminal organizations.
Public and private sectors are turning to AI and machine learning to automate many of the processes supporting the functions above. SAS® financial crimes solutions provide embedded machine learning techniques in many areas:
- Alert/case enrichment: Automating the aggregation of historical transaction, KYC and geographic location information to improve time to resolve investigations.
- Alert scoring: Bayesian algorithms designed to relatively score all subjects of investigations.
- Client risk rating: Logistic regression for empirical scoring of money laundering risk exposure for a client.
- Scenario authoring: Automated authoring of detection logic using decision tree methodology as opposed to simple floors and ceilings.
- Peer-based anomaly detection: Applying unsupervised learning to identify abnormal behavior for a subject relative to peers.
- Rare-event detection: Near-neighbor unsupervised clustering to identify similar subjects to a subject of interest, e.g., law enforcement inquiry.
- Image recognition: Application of cognitive computing to identify and classify trade finance documents for automation of detection.
While AI and machine learning provide significant promise to move the industry toward a more efficient and effective paradigm, many institutions recognize that the “single view of customer risk” should be extended across multiple types of risk and consume events from multiple detection and surveillance systems.
Moving toward an integrated financial crimes strategy
Most institutions have dedicated detection, alert management and case management treatment for money laundering, fraud or cyberattacks. However, institutions recognize that criminals are perpetrating a variety of crimes that may go undetected, or may be handled incorrectly when viewed within a silo. Regulatory guidance also suggests that firms can establish a holistic view of financial crimes risk. Progressive institutions are pursuing enterprise strategies for integrating data, analytics and workflow across disparate systems and job responsibilities.
Ideally, investigators should be aware that a subject of an AML investigation is party to a fraud investigation. As data becomes aggregated to a party or network level, the accuracy of prediction significantly increases, and workload is handled more efficiently.
Big data architectures and in-memory processing have reduced the barrier to entry to aggregate larger data sets while deploying more sophisticated machine learning methods. Applying a common reference architecture (depicted above) to mitigate multiple risks allows institutions to amortize their technology investments, gain a holistic view of party risk, and have a more efficient process for continuously learning from case outcomes.
Recommendations for modernization of AML/CFT practices
- Understand your data, appreciate the impact of proper data mapping for detection, and strive for a single view of the customer across products, services and customer types.
- Integrate your monitoring and investigative processes with your KYC/client risk rating processes.
- Adopt behavioral detection techniques using behavioral profiles as opposed to static rule strategies. Perform client segmentation to provide more balanced coverage.
- Automate the generation of link analysis using a combination of transaction data, KYC, and third-party data for special risk investigations.
- Provide a clear audit trail that includes data provisioning, mapping, detection and resolution. Be able to explain and defend your risk management strategies.
- Establish a sandbox environment that has a mirror image of production data for development, testing and validation of machine learning strategies. Run parallel strategies for business-as-usual comparison prior to deploying AI.
- Plan for the cloud. Whether on-premises or through a third party, prepare for the advantages of new computing models that can significantly reduce the cost of compliance.
Across the world, SAS is widely used by AML/CTF compliance departments such as Deutsche Kreditbank AG and Landsbankinn to gain an enterprise view, empower analysts to make faster and more accurate decisions, understand customer subjects and remain transparent to regulators.
To learn more about how SAS can help you with your AML/CFT technology framework, visit sas.com/compliance.
Differentiating elements of SAS’s solution include the significant investment in financial crime risk management that underpins it, and its enterprise approach. SAS’s data aggregation capabilities, combined with analytics and visualization, support a holistic view of financial crime risk management. SAS is a leader for Anti-Money Laundering Solutions Chartis RiskTech Quadrant 2017
How to separate promise from hype
Artificial intelligence and machine learning can make the difference in the fight against financial crimes. This ISMG report explains: the new industry intrigue with AI and machine learning; how these emerging solutions can benefit financial institutions; and the measured SAS approach to adopting new analytics tools.
Converge fraud detection, AML compliance and investigation in a single, intuitive, workspace.
Smaller financial institutions carry a heavy burden keeping pace with anti-fraud and anti-money laundering (AML) regulations. To help with these challenges, SAS and Jack Henry & Associates have partnered to offer a cloud-based solution specifically for smaller enterprises.
Understanding the differences in AML and payments fraud
According to Dan Barta, Principal Financial Crimes Solutions Specialist for SAS Security Intelligence, financial crimes span a broad array of functions – and both AML and payments fraud have a need for and utilize case management and alert management solution capabilities. Both functional areas generate alerts, and each handles them in different ways.
One size never fits all, but a dynamic segmentation strategy does
A typical AML transaction monitoring program has scenarios that monitor the customers and accounts that pose the most risk to the institution; but this one-size-fits-all methodology isn’t very effective. Customers transact differently based on many factors - so how do you incorporate that into your program?
- Article How to improve your AI marketing skillsMarketing teams can use current AI capabilities to enhance their efforts around campaign automation, dynamic pricing based on forecasting models, and by providing more relevant, real-time customer offers.
- Article A lifecycle approach to security analyticsThe January 2017 Ponemon Institute report on security analytics is a call to action to take a more holistic and systematic lifecycle approach to get the results organizations are expecting.
- Article Reduce the hackers' advantageA 30-year national security veteran discusses escalating cyberthreats, why traditional defenses are falling short, and what’s next in security analytics.