Small banks can use tech to make their size an advantage in AML compliance
When it comes to detecting suspicious transactions, balancing risk management with operational efficiency and effectiveness through innovation can be daunting for smaller regulated banks.
Midsize and regional financial institutions in particular may have thinner budgets for compliance programs and technology investments compared to global banks. Often, these institutions are already under stress about regulatory compliance resources so the prospect of innovation understandably induces anxiety, conjuring up visions of sophisticated technology that will require significant expense to implement.
But these smaller institutions do not need to be wary of innovation.
In fact, many of these firms may be best positioned to harness innovative solutions to efficiently and effectively enhance financial crime compliance programs. It is also important to note that regulators welcome innovation, but their goal is always to achieve compliance.
In May 2019, the Financial Crimes Enforcement Network announced a program called Fincen Innovation Hours to facilitate discussions with financial institutions, technology providers and other financial services firms on how to enhance anti-money-laundering and counterterrorism finance (CTF) compliance. This is a positive step.
But achieving innovation that truly enhances compliance will require institutions to do more than set an appointment to discuss it. There must be tangible next steps to prove efficiency that will help firms meet their regulatory compliance needs.
First, small and midsize firms must get the data ready to determine what to monitor. This is where smaller institutions have an advantage over larger, global institutions that have amassed vast arrays of data through years of mergers and acquisitions.
Smaller organizations usually have fewer data sources and geographic locations for storage, making it easier to organize and normalize all that information into one data set that is ready to be analyzed.
With a normalized data set, the next step is to review how an institution’s data is housed, saved and tracked in order to enter it into a transaction monitoring system for review. This is where the use of effective and customized algorithms comes into play, parsing only the data the institution considers most relevant and important to review, while ensuring that no information is lost.
Once data has been normalized, the main priority shifts into high gear: monitoring for suspicious transactions and activities. The best compliance programs use a combination of automated algorithms and analytical review to ensure that data is properly analyzed and flags are raised based on set parameters.
Simple, frequent processes such as wire transfers and ACH transactions are prime candidates for automation. Similarly, institutions can automate certain parts of their transaction monitoring, but they still need appropriate benchmarks. Institutions cannot cost-effectively hire their way to better compliance. But they still need human intuition, oversight and experience. Automation provides a bridge to greater efficiency and can make existing resources more effective.
Once the monitoring system flags data for review, for example, an institution needs to have systems that facilitate thorough investigation of suspicious activity.
A mistake many institutions made in the past was to activate a monitoring system with rules so broad that it generated excessive alert volumes. Technology is there to help narrow the scope and point toward potential areas of concern that can then be evaluated and assessed by skilled financial investigators. This type of format should provide an efficient and effective way to investigate transactions, calibrated to the institution’s risks.
Whether a financial institution is using a small number of systems or many, its compliance efforts will bog down if the data architecture does not enable those systems to communicate with one another.
Misalignment can allow things to fall between the cracks and result in inconsistent monitoring, which can have costly consequences. For example, is the system that manages the transaction monitoring program able to see whether another system within the institution has onboarded a politically exposed person as a client? If not, that’s a problem.
Again, smaller institutions often have an advantage here, as the number of systems in use is often more limited, making it less problematic to connect systems and enable communication.
Lately, artificial intelligence is attracting a lot of attention as an innovation tool to handle large volumes of data. In practice, what is thought of as AI actually takes the form of algorithms based on statistical analysis of the risks and exposures specific to each institution. Yet human expertise provides the foundation for effective compliance technologies and ultimately, innovation.
Enhancing AML compliance through innovation does not have to be seen as an insurmountable task for smaller banks and firms so long as time is taken to assess data, prioritize investments in new technologies and incorporate the right professional expertise.