As AML compliance fines get stiffer, AML tech stagnates

New rules and regulations mean that authorities are doing more than ever before to catch money launderers.

In the latest of a growing number of penalties being meted out to financial institutions, Morgan Stanley was fined $10 million for failing to monitor customer accounts properly, while UBS was fined $15 million for anti-money-laundering “malpractices,” including allowing customers to pass hundreds of millions of dollars in foreign currency wires to and from countries known to be at high risk for money laundering. The investigation of Danske Bank, mired in what will likely be the biggest money-laundering scandal ever, is ongoing and will likely result in billions in fines against the bank.

Governments are tightening their efforts against offenders, which means that more investigations, more prosecutions and more fines are almost a given in 2019. Institutions are going have to be more vigilant than ever if they want to avoid getting caught up in an investigation.

JOHN MCCONNICO/BLOOMBERG NEWS

But even as the spotlight is being focused on institutions, studies indicate that the methods being used to prevent money laundering are increasingly ineffective. According to a Bloomberg report, as much as $2 trillion a year in funds acquired illegally is passing through institutions around the world. As regulations are being tightened, the problem is getting worse. If institutions want to protect themselves from being victims of money launderers, and the subjects of investigations that could cost them dearly, they need to improve their game significantly.

Even as regulations are getting tougher, criminals are getting more sophisticated and creative. In the latest money-laundering twist, thieves are using stolen credit card data to buy virtual currency in the wildly popular online game Fortnite and then selling them to players at deep discounts, getting clean funds from players. Indeed, Fortnite seems to be a major locus for a variety of scams, and the game's owners seem hesitant and slow to react.

Under AML rules, not only could Epic Games, Fortnight's publisher, be held responsible for the illegal activity; the credit card companies that process the purchase of the ill-gotten Vbucks (Fortnite’s currency) could also be liable. Under the tougher AML rules, it's up to institutions to be proactive in preventing criminals from using them as tools for money-laundering activities.

Money launderers are constantly innovating. What about institutions? The traditional methods used to detect activities are increasingly ineffective, according to many experts. Realizing this, government agencies, in a recent guidance document, are encouraging institutions “to consider, evaluate, and where appropriate, responsibly implement innovative approaches” to AML.

The document, issued by the Office of the Comptroller of the Currency, the board of governors of the Federal Reserve System, the Federal Deposit Insurance Corp., the Financial Crimes Enforcement Network and the National Credit Union Administration, “recognizes that private sector innovation, including new ways of using existing tools and adopting new technologies, can help identify suspicious activity and combat money laundering and terrorist financing.” OCC Director Joseph Otting said that the agency “is committed to encouraging innovation through our supervisory approach and engagement with banks and thrifts, fintech companies, and others interested in innovation to ensure the safe, sound, and fair operation of the federal banking system.”

The document does not specify what institutions should do or what innovative technologies they should adopt, but makes it clear that the agencies “are committed to continued engagement with the private sector to modernize and innovate in their BSA/AML compliance programs.” That means that the door is open to basically any tech innovation that works.

If that's the case, then in order to pick the most effective, institutions should evaluate the characteristics of the solutions they are considering and try to determine if those characteristics have what it takes to protect them. Here are some things institutions should consider when considering solutions:

Robustness. Large institutions can conduct billions of transactions a day and any solution they choose to deal with money laundering needs to be robust enough to handle that kind of workload. “Robust” in this context means being able to parse data quickly and in a wide range of databases and storage areas, picking up transactions almost as they happen.

Intelligence. One reason it's hard to catch money launderers is because they often operate very subtly; if you don't know what you're looking for, you won't find it. Thanks to machine learning, intelligent analysis systems are today capable of examining deep relations between objects, events, transactions, people, locations, social media and many other factors. A fine-tuned system that includes rules that can identify anomalies surrounding accounts, customers, or any other aspect of a transaction — and can use the data it gathers to further hone its understanding of what an illegal transaction looks like — is a necessary feature in any system institutions choose.

Automation. Because there are so many transactions to check, and so many methods money launderers can use to carry out their activities, the robust intelligence system needs to be able to work on its own, checking transactions as they come in against its database and evaluating those transactions against the models of good or bad activities. If it detected something bad, the system would send out an alert to administrators, who could take a closer look at what is going on, nipping money launderers in the bud before they can do damage.

As far as the agencies are concerned, what counts are the results; if an institution chooses to continue working without technology, the agencies “will not penalize banks” as long as they “maintain effective anti-money laundering programs,” even though “they choose not to pursue innovative approaches.” But that's exactly what institutions have been doing, and it's been a losing battle. It's clear that implementing technology is the next step in shoring up AML efforts, and institutions need to carefully consider their AML tech choices.