12/14/18 – Promontory Currents: Accelerating the Innovation Agenda for AML Compliance
Home > News & Insights > Insights & Publications

12/14/18 – Promontory Currents: Accelerating the Innovation Agenda for AML Compliance

By Christopher Sidler and Nikhil Aggarwal

On Dec. 3, the U.S. Treasury Department’s Financial Crimes Enforcement Network and the federal banking agencies issued a joint statement encouraging innovative industry approaches to Bank Secrecy Act/anti-money-laundering compliance. Regulated institutions and regulatory-technology providers alike should welcome the news and interpret it as a signal of support for experimentation in a field that has garnered increasing attention in the industry, as firms grapple with the rising costs of compliance and risks associated with compliance lapses.

U.S. regulators have long recognized the role — and risks — of technology in combating money laundering. For example, the Office of the Comptroller of the Currency stated in its “Fiscal Year 2018 Bank Supervision Operating Plan” that it would focus on banks’

programs and controls to address continued risks from, among others, “evolving vulnerabilities resulting from the rapid pace of technological change.”  There are signs that the regulatory stance is becoming increasingly supportive. Regulators are now beginning to pronounce more publicly their support for the pilots and proofs of concept that firms use to experiment with new approaches and technologies. And they are putting in place structures to engage with regulated institutions, such as through FinCEN’s Bank Secrecy Act Advisory Group. 

The agencies’ joint statement provides cover for firms in at least two areas.

First, regulated firms have looked to apply new technologies and approaches throughout their BSA/AML programs — seeking enhanced ways to evaluate risk; identify potentially suspicious behavior; and reduce costs through, for example, eliminating false positives in legacy transaction-monitoring and screening applications. However, regulated institutions have been concerned that their experiments may uncover previously unidentified risks, which in turn may subject the firms’ programs to supervisory criticism.

What’s more, these firms may end up rejecting a piloted risk-identification technology or approach — on the grounds of expense, impracticality, or unsuitability — even though it succeeded at uncovering risks previously overlooked by traditional approaches. This potential quandary has dissuaded some firms from experimenting at all. The agencies’ Dec. 3 joint statement, however, provides firms space to experiment, without bringing firms under scrutiny based on the pilots’ outcomes. As the agencies say: 

While the Agencies may provide feedback, pilot programs in and of themselves should not subject banks to supervisory criticism even if the pilot programs ultimately prove unsuccessful. Likewise, pilot programs that expose gaps in a BSA/AML compliance program will not necessarily result in supervisory action with respect to that program.

Second, for those firms concerned the pendulum of support might have swung toward an implicit requirement that they experiment with new technology, the agencies provide ample protection.

They acknowledge the option of not pursuing innovative approaches, so long as firms’ BSA/AML programs remain effective. This will come as particularly reassuring for smaller financial institutions whose BSA/AML programs might not be large enough to provide sufficient efficiency gains associated with innovative technology, as well as for financial institutions that remain more apt to adopt technologies once they’ve matured in the market.

This statement should be welcomed by both current and potential adopters of cognitive technology and artificial intelligence, as it validates their innovation agenda. In fact, it underscores the need to build out a comprehensive BSA/AML program with sound policy and procedures and a robust control framework underpinned by good data and analytics. In particular, smaller and midsize banks with limited budgets and resources are keen to experiment to better identify ways to mitigate money-laundering and terrorist-financing risk.

Further, this statement will accelerate the development and adoption of end-to-end AML solutions that simultaneously improve risk identification and augment operational investigative processes. The use of machine learning will enable firms to discover new risk patterns and typologies. Ensemble models (which aggregate multiple layers of analytics) can zero in on risk vectors and help minimize false positives. With these new learning capabilities and data insights, investigative processes will become more comprehensive and efficient.

Financial institutions will benefit by focusing on four areas:

Regulatory Engagement. Innovation in AML compliance is centered on the effectiveness and efficiency of monitoring and screening systems. Whether pursuing improvements in risk coverage, the generation of augmented intelligence, or the adoption of machine learning for investigative processes — financial institutions must engage with regulators early and often. Both the design of pilots in the short term and the implementation and embedding of models in the medium term must be thoughtfully articulated to regulators.

Incremental benefits and newly acquired knowledge, tradeoffs and risks, insights that inform risk strategy, and operational processes must be understood and explained. This proactive information exchange will result in increased assurance, as well as a feedback loop that will benefit the broader financial services industry over time. The agencies’ joint statement supports such a stance: “As banks pursue innovative change, early engagement can promote a better understanding of these approaches by the Agencies, as well as provide a means to discuss expectations regarding compliance and risk management.”

Explainability. Although the joint statement notes that “the Agencies will not advocate a particular method or technology for banks to comply with BSA/AML requirements,” explainable artificial intelligence (commonly known as XAI) and AI bias remain top of mind for both financial institutions and examiners. Previous Federal Reserve Board guidance laid out a framework for model risk management and emphasized “evaluation of conceptual soundness, ongoing monitoring and outcomes analysis.” Examiners will continue to focus on financial institutions’ ability to trace data lineage, maintain ETL (extract, transform, and load) processes, articulate rationales for model types, and link model outputs to risk-based decisions. Although black-box models might well result in new discoveries, banks will likely choose explainable models and maintain rigorous discipline around model risk management — rather than opt for models that are difficult to train, explain, and govern.

Data strategy. The development of a detailed data strategy is a precursor to innovation efforts. Emphasis on data hygiene and quality, using more data sources, and expanding industry data repositories will present opportunities to build on early gains. Private-public collaborative efforts to generate data standards will go a long way toward augmenting models and informing risk policy and decisions. We welcome guidance from the agencies in these areas.

Working with Regtech Providers. The core challenge in regtech, from the solution providers’ perspective, is bridging the gap between risk managers/business leaders and technologists. Oftentimes, the value proposition and sales cycle lead firms toward predefined technology products that may not capture a broader set of evolving risks. As a result, a proposed solution may meet technology goals, but fail to address underlying regulatory, compliance, and operational risks. Financial institutions must share their contextual knowledge (i.e., their risk footprint, customer segments, and product set) and interpretation of regulations with regtech providers. Similarly, providers must explain their solutions and answer the fundamental questions on how core risk issues are being addressed. This dialogue needs to reach a granular level at which data elements and the technology stack are reviewed and thoroughly understood. There is a need to enhance flexibility in solution design to allow evolving regulatory expectations to be factored in during subsequent release cycles.

The lesson for financial institutions is clear: Developing and constantly refining the AML innovation program are the new normal. With the continued emergence of new risk threats and networks, financial institutions must serve as a catalyst in defining and expanding their partnerships with financial-technology and regtech firms and the regulatory agencies. Collaboration between financial institutions, fintech and regtech providers, and regulators will further protect the financial system against money laundering and illicit financial activity.

Authors

Christopher Sidler is a managing director in Promontory’s Washington office, and Nikhil Aggarwal is a director in Promontory’s New York office.


FOOTNOTES

1. “Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing,” Federal Reserve Board, Federal Deposit Insurance Corp., Financial Crimes Enforcement Network, National Credit Union Administration, and Office of the Comptroller of the Currency (Dec. 3, 2018).

2. “Fiscal Year 2018 Bank Supervision Operating Plan,” OCC (Sept. 28, 2017).

3. “See SR 11-7: Guidance on Model Risk Management,” Federal Reserve (April 4, 2011).