The financial services industry is undergoing a new transformation driven by artificial intelligence (AI) technologies, especially machine learning (ML). Compliance solutions powered by these technologies for anti-money laundering (AML), counter-financing of terrorism (CFT), sanctions screening, and so on as part of customer lifecycle management (CLM) are rapidly enhancing risk detection and mitigation capabilities.
We wanted to find out more about the possibilities and practical applications for these AI-driven solutions. So, we asked a data scientist in the banking sector six key questions about AI’s role in financial crime detection and prevention.
Nuray Yücesoy, MSc, Big Data Analytics and Management at BNP Paribas, talked to Moody’s Industry Practice Lead, Francis Marinier, and Senior Solutions Specialist, Nicolas Pintart, about the different layers of AI, her experiences of importing AI into AML control environments, and her view of the challenges and opportunities for early adopters.
Nuray Yücesoy: The conservative nature of compliance groups within the banking sector can make adoption of new technologies challenging. Fear of new practices resulting from AI and a lack of detailed guidance from regulators pose hurdles. Despite regulators encouraging new technologies, like AI, their stance isn’t fully detailed. Uncertainty in this area poses risks for early adopters who are eager to progress but who may experience uncertain outcomes and approvals related to their innovations.
There is a growing need for compliance officers who are versed in regulatory frameworks and who are also innovative, data-driven, and capable of navigating the nuanced challenges of modern finance. Their expertise will be crucial in fostering an environment where compliance is seen not just as a regulatory requirement but a dynamic component of strategic decision-making and a way to grow the business.
Francis Marinier: AI in financial crime compliance operates at various levels, from data preparation and cleaning to detection and investigation. Traditional methods often use AI as an additional layer on top of rule-based systems, but a more holistic approach is emerging.
Nicolas Pintart: The new approach to anti-financial crime processes starts with AI and ML instead of them being leveraged as an afterthought. It is more efficient this way in detecting new patterns, minimizing false positives, and optimizing operational efficiency. The key is to have a unified view of compliance and an open mind to creating the most efficient and effective approach. This emphasizes the importance of collaboration between solution providers, financial institutions, and regulators.
Thanks to early adopters in financial services, vendors have been able to enhance their AI/ML tools. In return, financial institutions have had the opportunity to customize new tools according to their specific needs, essentially shaping the future of compliance with their vision.
Using open banking for know your customer (KYC) processes or supplier due diligence can offer several advantages to organizations. One key advantage is the ability to access real-time, comprehensive financial data directly from a customer’s or supplier’s bank accounts through secure APIs. This data can provide a more accurate and up-to-date view of individuals' or businesses' financial profiles, enabling organizations to conduct more thorough risk assessments and compliance checks.
By leveraging open banking data, organizations can streamline KYC and due diligence processes, reducing manual paperwork, errors, and delays associated with traditional methods of data collection. Open banking can help enhance the efficiency and effectiveness of risk management by automating data verification, enhancing transparency, and improving the overall quality of decision-making in these areas.
Open banking also promotes greater collaboration and information sharing between financial institutions and third-party providers, enabling a more holistic view of customer or supplier data across different sources.
Using open banking for KYC or supplier due diligence can present risks that organizations need to consider. One of the main risks is the potential exposure of sensitive customer or supplier data through open banking APIs. If not properly secured, this data could be vulnerable to unauthorized access, theft, or misuse by malicious actors.
Relying solely on open banking data for KYC or due diligence may result in incomplete or inaccurate information, as not all individuals or businesses may have their financial data accessible through these channels. This could lead to gaps in risk assessment and compliance efforts, exposing organizations to regulatory penalties and reputational damage.
The dynamic nature of open banking APIs and evolving regulatory requirements pose challenges in ensuring the reliability and consistency of data obtained through these channels for compliance purposes. To mitigate risks, organizations should implement robust security measures, data protection protocols, and validation processes when leveraging open banking data.
Supplementing open banking data with other reliable data sources and conducting ongoing reviews can help enhance the accuracy and effectiveness of KYC risk assessment and compliance.
Insider threats pose a significant risk in the context of open banking, where sensitive customer data is shared among financial institutions and third-party providers. Employees or contractors with access to this data may intentionally or unintentionally misuse it for personal gain, espionage, or fraud.
Intentional insider threats related to open banking could involve employees exploiting vulnerabilities in APIs to access confidential information, manipulate transactions, or compromise security controls.
Inadvertently, an insider may unintentionally expose data through negligent actions such as misconfiguring systems or falling victim to social engineering attacks.
The potential impact of insider threats is substantial, as breaches can result in financial losses, reputational damage, regulatory fines, and loss of customer trust. Organizations must implement robust security measures, access controls, monitoring systems, and employee training to mitigate the risk of insider threats and better safeguard sensitive data in the open banking ecosystem.
Regulations play a critical role in shaping the landscape of open banking, ensuring the security, privacy, and compliance of financial data shared among institutions and third-party providers. The General Data Protection Regulation (GDPR) in the European Union mandates strict guidelines on the processing and protection of personal data, requiring explicit consent from individuals before sharing their information.
The Payment Services Directive 2 (PSD2) requires banks to provide secure access to customer account information through APIs, promoting competition and innovation in the financial sector. Anti-money laundering (AML) and KYC regulations are essential for preventing fraud and ensuring the legitimacy of financial transactions. Compliance with standards such as the Payment Card Industry Data Security Standard (PCI DSS) and the ISO 27001 certification is crucial for safeguarding sensitive financial information against cyber threats.
By adhering to these regulations, organizations can build trust with customers, regulators, and partners while fostering a secure and transparent open banking ecosystem.
To learn more about open banking, there are several resources that can provide valuable insights on this topic. One recommended resource is the Open Banking Implementation Entity (OBIE), which offers detailed guidance, reports, and updates on open banking initiatives in the UK.
Moody’s recent KYC Decoded podcast, featuring Alessio Balduini, CEO and founder of Credit Data Research, and Francis Marinier, ICA, CAMS, former banking compliance officer and now Moody's KYC Industry Practice Lead, also provides useful information on the practical implications and applications of Open Banking. Their podcast formed the backbone and inspiration for this article, so please listen in wherever you get your podcasts.
To discuss your anti-financial crime risk management and compliance processes, please get in touch any time - we would love to hear from you.