De-Risking: The Next Chapter

Compliance once drove banks to end relationships. With technology-powered client vetting, they no longer have to.

Before the World Trade Center attack, correspondent banking was a matter of personal relationships and trust that could be developed over lunch or on the golf course.

But the US Patriot Act of 2001 placed more-stringent know-your-customer (KYC) and anti-money laundering (AML) requirements on banks.

In the 20 years since then, the fight against financial crime has grown into a multibillion-dollar industry that will cost financial institutions an eye-watering $213.9 billion in 2021, as projected by the LexisNexis True Cost of Financial Crime Compliance Global Report released in June. And one of the unintended consequences of heightened KYC and AML compliance has been erosion of the implicit trust that once existed between banks and their correspondent banking partners.

With regulators issuing billion-dollar fines a for noncompliance, many banks decided it was easier just to de-risk—withdraw correspondent banking services in tricky emerging and developing economies such as Africa, parts of Asia, the Caribbean, Africa, Eastern Europe and the Middle East—markets where transaction volumes did not justify the growing cost of compliance.

But such de-risking limits participation in the global financial system, making it difficult to access international wires and conduct cross-border payments and money transfers. Could the de-risking trend be reversed by breakthroughs in technology? A slew of new tools relying on biometrics, blockchain and big data analytics promise to make compliance less costly.

Regtech vendors purport not only to detect suspicious activity but also to reduce false positives. David McLaughlin, CEO and founder of QuantaVerse, which uses artificial intelligence (AI), machine learning and data analytics to help identify financial crime, claims his company’s technology can reduce by 80% the number of false positives AML teams get from their transaction monitoring systems. That means those tasked with investigating those alerts can focus on the real threats.

“It’s attacking the problem with a scalpel rather than a sledgehammer,” he says. “We look at unstructured data down to the pseudoclient or entity level to find if there is any negative media coverage that could potentially flag suspicious activity. We can also validate if there is variance in their value and volume of transactions.”

Banks don’t explicitly use QuantaVerse’s solution to reduce de-risking, according to McLaughlin: “They want to get more comfortable with customers and correspondent banking pseudocustomers, but they are still wary of what the regulators are going to do.”

Fighting financial crime is not a false-positive problem; it is a risk-fidelity problem, counters Simon Moss, CEO at Symphony Ayasdi AI, a machine-learning software company. Symphony Ayasdi’s AI offering uses unsupervised machine learning, used in biological and drug research, to identify new risks. Users do not tell the system where to find risks. Instead, the platform analyses the data for nuances and new behavioral indicators, which the firm dubs “biomarkers,” to reveal complex attacks that have lain hidden. The system finds 15% to 20% additional risks with 90% accuracy, according to Moss.

“Banks have been fighting financial crime with 20-year-old technology,” he says. “They’re outgunned. Now there’s a new generation of weaponry.” The problem, he argues, is that AI offers too many promises when 85% of machine-learning projects fail, according to Gartner. That breeds an “understandable cynicism,” he notes, “despite the incredible potential and success of projects done right.”

AI has surely proved useful in financial compliance. “Some companies have been able to eliminate 70% to 80% of false positives using AI,” notes David Schwartz, president and CEO of the Florida International Bankers Association (FIBA), but notes it will not get to a 100% decrease in false positives. Furthermore, “it is the elimination of false negatives that is more important. These are the things you’re not catching,” he adds. “This is still a nascent industry, and these technologies haven’t been around for very long.”

Fixing AML: Can New Technology Help Address the De-risking Dilemma, a 2018 report by the Center for Global Development (CGD), assesses six technologies—biometrics, KYC utilities, machine learning, big data, blockchain and legal entity identifiers—and their potential to solve the de-risking problem. The report’s authors conclude that more regulatory guidance and experimentation with machine learning is needed, and that solutions such as legal entity identifiers and biometrics need to scale internationally or into developing countries before they can make a real difference.

“In many cases, AI is far more robust and accurate than what has gone before,” says Vijaya Ramachandran, one of the report’s authors and a nonresident fellow at CGD. “It has enormous potential to identify patterns related to human and drug trafficking.”

The challenge, according to Ramachandran, is that AML regulation is exceedingly based on things like suspicious activity reports (SARs). “It doesn’t yet support the kinds of technologies we’re seeing emerge, much to the frustration of the tech companies developing them.”

In 2019, financial services firms filed more than 2.3 million SARs—an average of 6,305 per day—according to the US Treasury’s Financial Crimes Enforcement Network (FinCEN). Law enforcement officials and regulators are overwhelmed by SARs.

Here too, AI and machine learning could provide a remedy. QuantaVerse’s McLaughlin says AI makes it easier to distinguish between what he calls “true SARs,” where there is a high probability of actual suspicious activity, and “defensive SARs,” which are filed in order to protect reporting officers against possible fines from the regulator. The FIBA’s Schwartz favors using blockchain technology to share SAR information in encrypted form with FinCEN, but there are issues with data privacy.

AI, machine-learning and blockchain solutions may reduce the manual workload and potentially help detect new threats, but are they helping banks get any more comfortable with their correspondent banking relationships? “We’re not arrogant enough to say our solution can change de-risking,” says Symphony Ayasdi AI’s Moss. “But we can offer an alternative that helps banks be more considered in their approach.”

“Banks want to get more comfortable with customers and correspondent banking, but they are still wary about what the regulators are going to do,” adds McLaughlin.

QuantaVerse’s and Symphony Ayasdi AI’s offerings are typically deployed by larger tier 1 banks; but in the Caribbean, one of the regions most impacted by the de-risking trend, local and regional banks are still using manual processes to screen for AML and KYC, says Schwartz. “Some of our institutions try to implement AI and machine learning, but they’re struggling because of a lack of resources.”

Robert Simmons, global services manager in the Caribbean for law firm Dentons, says everyone is waiting for global banks to partner with fintechs or become fintechs themselves. “Once that happens, you’ll see this trickle-down effect to regional banks in the Caribbean.”

Other emerging technologies in digital identity management could also minimize some of the challenges banks face in addressing the “identification gap” in many developing countries. “Biometric IDs in India improved financial inclusion by proving credible banking transactions,” says CGD’s Ramachandran. “It’s a success story that has lessons for other countries.” However, most biometric systems still exist only at the national level, which limits their use in international payments.

De-risking is one of the primary issues that decentralized and self-sovereign identity solutions are intended to help solve, says Stephen Ritter, CTO at digital-identity verification specialist Mitek.

“Implementing a decentralized identity system shifts the burden of verifying a customer’s identity from the individual bank to the larger decentralized network, removing the need for banks to manage AML or KYC compliance on their own,” he explains. “Instead, a customer’s credentials are verified against the network to confirm proof of identity, and that proof is shared with the bank to proceed with the requested transaction.”

Technology, on its own, is unlikely to eliminate de-risking altogether, and AML regulations and financial crime both continue to evolve. The hope is that by deploying these techniques, banks will not only be better prepared, but will become better at distinguishing the bad actors from the good ones.