Is regulators' green light on AML tech a game changer?
Financial institution executives have long seen artificial intelligence as a way to better and more efficiently combat money laundering, but have faced a challenging in implementing it — skeptical regulators.
That changed this week when federal regulators issued a joint statement encouraging AI's use to comply with the Bank Secrecy Act and other anti-money-laundering rules. Regulators specifically called out AI software and digital identity technologies as worth testing, saying financial institutions can experiment with them without fear of criticism. Regulators suggested banks could use pilot programs with the new tech, saying they would not be penalized if those programs failed or revealed shortcomings in an institution's existing AML compliance regime.
“This is a huge milestone, both in modernizing AML and more broadly in moving the financial world toward adoption of smarter and more efficient regtech,” said Jo Ann Barefoot, a consultant and former deputy comptroller of the currency. "By encouraging innovation in general and pilots specially, the agencies are removing one of the main blockers to innovation, which is uncertainty and fear of regulator criticism. A message like this teaches the whole field network of examiners, too — the people who have to deal on the ground with these fast-moving new technologies."
Fears of regulatory scrutiny
The regulators’ statement could be a game changer for companies offering advanced AML software based on machine learning or AI, including IBM (Watson does AML compliance, among other things), ThetaRay, QuantaVerse, ZestFinance and Merlon Intelligence.
While they’ve had some success in other countries, notably in fintech-friendly jurisdictions like Singapore, they’ve had little traction in the U.S., mainly because U.S. institutions worry about what their regulators will think.
One big concern relates to suspicious activity reports. More intelligent AML software is likely to generate fewer false positives, which in turn means banks and credit unions will file fewer SARs. Institutions worry that regulators will criticize them if they file fewer SARs than other institutions their size.
In their statement released Monday, the regulators didn’t explicitly address this, but observers said they were giving a green light to institutions to take that risk.
“They don’t overtly say if you file fewer SARs it’s OK,” said James Heinzman, executive vice president of ThetaRay. “What they say is that these technologies will bring effectiveness and efficiency to your programs. And if you adopt these new technologies, regulators won’t take action against you. It’s clear that the thrust and focus is on finding the real bad actors and it’s on quality, not quantity.”
Another concern about regulators’ reaction is around “explainability.” Regulators say that banks should not make any decisions in a black box, but always be able to spell out the reasons for each decision. Some institutions fear that AI makes it harder to do so, but vendors insist that's not the case.
“Explainable artificial intelligence and AI bias continue to be top of mind for both banks and examiners,” said Nikhil Aggarwal, director at IBM’s Promontory Financial Group. “We expect banks to choose explainable models and maintain rigorous discipline around model risk management.”
All the vendors said their software provides explainability, and are better at it than traditional AML software.
Another fear that was addressed directly in the regulators’ statement: If a new technology uncovers criminal activity that’s been going on for years undetected, the bank will get in trouble. The agencies said they won’t judge banks’ old systems against the new.
A last concern some financial executives have expressed about using AI to detect money laundering is that innocent people could get caught up in a dragnet. But most of the AI-based solutions present their findings to humans who review the anomalies and the reasons they were flagged.
“We don’t replace human intuition, we enhance the human's ability to understand the meanings of these activities in huge data sets,” Heinzman said.
Kamil Kaluza, chief revenue officer at QuantaVerse, said some of the company’s clients have forwarded him the regulators’ statement with the note, “Happy Holidays.”
“The reaction across the industry has been very positive and almost takes the pressure off the BSA officers who have been agitating for this,” Kaluza said. “Now they can point to this letter and say, 'Look, I told you so.' "
Heinzman also said several banks his company has been talking with have called and written with “almost high-fives — the things they’ve been concerned about they don’t have to be concerned about.”
Stephen Epstein, chief innovation officer at Merlon Intelligence, said most of the major U.S. financial institutions have been launching requests for a proposal over the last six months for artificial intelligence and machine learning projects in the areas of Know Your Customer and anti-money-laundering rules.
“It's great that the regulatory community is recognizing this innovation,” Epstein said. “As they are learning about this technology, the regulators have the opportunity to help educate the banking sector more effectively, sharing what they learn, bringing together industry, technology and regulators to help shape the adoption of how AI is used.”
Why AI makes sense for AML
Despite the attention by regulators to AML, recent fines top institutions have incurred suggest that their current programs aren't working.
In October, the Office of the Comptroller of the Currency fined Capital One Bank $100 million for failing to “adopt and implement a compliance program that adequately covered the required BSA/AML program elements due to an inadequate system of internal controls and ineffective independent testing, and the bank failed to file all necessary suspicious activity reports related to suspicious customer activity.”
In February, U.S. Bank agreed to pay $613 million in penalties to state and federal authorities for violations of the BSA and a faulty anti-money-laundering program. Regulators said the bank had systemic deficiencies in its anti-laundering monitoring systems, which resulted in "a significant amount of unreported suspicious activity."
Some existing transaction monitoring systems that are used to catch money laundering create hundreds of thousands of alerts, many of them false positives (transactions that look suspicious but aren’t). Human compliance officers then have to analyze the alerts and determine which really are suspect.
“Traditional methods like logistic regressions and decision trees tend to perform poorly,” said Douglas Merrill, founder of ZestFinance; previously he was chief information officer at Google. “If they performed well, there would be a lot fewer false positives and fewer alerts. You wouldn’t have as many people chasing down false positives, you would have a much more streamlined program. This space is ripe for machine learning.”
Another shortcoming of many banks’ existing AML programs is they are rules-based, and those rules have been published on the dark web.
“It’s pretty easy for bad guys to know what these 20-year-old systems are doing,” Heinzman said.
With new technologies, unsupervised machine learning identifies unknown patterns and risks.
“There are no rules and no predefined conditions,” Heinzman said. “There’s no playbook for the bad guys to copy and circumvent.”
Editor at Large Penny Crosman welcomes feedback at email@example.com.