Resourcing a modern AML compliance function

Modern AML compliance

With digitalisation playing a significant part in our lives, it’s no different for modern AML compliance. However, regulatory technology (RegTech) cannot work best alone. Human ingenuity still plays its role in solving the problems that permeate financial services regarding money laundering, terrorist financing and other crimes; it’s calculated that around 99.8% of laundered money is still untraced, while laundering activity accounts for up to 5% of global GDP.

AML compliance must stay ahead of cunning financial criminals. And now that AML has been an industry for over twenty years, regulators expect teams to be professionalised and able to juggle the cost of compliance, even while rules get stricter. The task for the entire AML function is to take full advantage of developments in compliance-related talent, next-level platforms and data science expertise, which could hold the key to navigating the hurdles in today’s regulatory landscape.

Why do firms struggle with AML compliance?

It’s not that financial firms aren’t aware of the importance of AML and know your customer (KYC) protocols or that they’re not actively investing in the digital fight against financial crime. Swift changes in regulation mean that more is expected of firms that aren’t adapting to requirements in a timely fashion.

Different rules, different AML

One main challenge in understanding necessary compliance standards is the fact that disparate rules exist in local jurisdictions. The 6th Anti-Money Laundering Directive (6AMLD) was introduced in Europe in 2021 to determine a harmonised definition of a money laundering offence and a comprehensive AML/CFT rulebook. However, member states are still required to implement compliance measures under scrutiny from the European Banking Authority. Despite the efforts of established watchdogs on all continents – including the Security and Exchange Commission’s Bank Secrecy Act in the US and the Monetary Authority of Singapore (MAS) in the Asia Pacific region – good AML practice still lacks consistency.

The Financial Action Task Force (FATF) does well to inspire collaboration between financial institutions worldwide against fincrime through its comprehensively documented recommendations. Yet some countries still lack sufficient AML functions that open various doors to increased fincrime. Introducing progressive new frameworks may not guarantee a reduction in criminal activity either. The US still needs more adequate functions, even though its banks spend around $23.5bn yearly on AML compliance. 

FATF and the International Monetary Fund hope to use their status as macroeconomic institutions to unite governments, international compliance bodies and civil authorities to boost the understanding and adoption of better AML practices. The future may count on better cross-collaboration worldwide in sharing data, expertise, and tried-and-tested AML compliance functions.

Striking the balance between tech and people

Elsewhere, the makeup of AML teams has shifted. Traditionally, those from legal or accounting backgrounds (experienced in manually vetting documents) handled compliance checks. This is far from scalable, and strict rules call for hiring compliance professionals to closely understand and follow AML/KYC regulations. Many firms don’t appoint personnel correctly nor have invested in automation technology that has, in tandem, grown in sophistication to become a necessity in compliance.

The AML compliance function – ideally a hybrid of human and technological processes – aims to make previously impossible automated tasks a reality. Not only that, but regulators now see advanced AML compliance technology as a cornerstone for any financial institution of any size. The truth is that 95% of applications should be automated, with only exceptional complex cases handled with human intervention. Many firms still rely on inefficient rules-based legacy systems that are inflexible to changing regulations, expensive to maintain, and prone to disparate data and the risk of false positives.

The key ingredients of a modern AML compliance function

AML functions should consist of a mix of people and platforms, with the capabilities required of both having increased in complexity just to keep pace with regulatory change.

Cultivating an AML culture

Adhering to recommendations from the aforementioned global watchdogs (FATF), down to localised AML legislation, is a stringent task that’s no longer a routine box-ticking exercise. Appointing a Money Laundering Reporting Officer (MLRO) or Chief Compliance Officer to understand current laws, document sufficient procedures, and conduct staff training is necessary, as well as utilising investigative skills that can be aided by computational forensics. 

Making data go further

Innovative RegTech can assist compliance step by step, from KYC to ongoing transaction monitoring, screening, and compiling client risk assessments (CRA), tweaking operations to combine disparate systems that enable better data matching and fewer false positives. 

Luckily, the ability to process vast sums of data is far simpler and more efficient with the introduction of AI-powered tools. With great speed and accuracy, AI automatically scans historical transactional data to uncover hidden patterns, detect anomalies, and flag any suspicious or high-risk behaviours. Initial verification can map onboarded entities against the most recent pertinent lists of sanctioned or politically exposed persons, all in record time that is impossible to complete by human analysts.

The growing role of AI specialists

An even more effective modern AML function counts on expert intervention to maximise AI’s most impactful benefits to AML. Where legal aids were initially tasked with handling compliance, system architects, data scientists, and law enforcement specialists have taken the mantle, best suited to leverage the more complex capabilities of AI and machine learning (ML). 

AI’s ability to lower false positives during transaction monitoring relies on training a model on existing datasets to identify historical behaviour patterns. Models can also unsupervised self-learn to detect anomalous behaviour from historical data. By signalling alerts that cross user-set risk thresholds, detecting potential spurious transactions requires much less manual work. At the same time, data scientists can improve the AI’s detection ability and accuracy over time.

Generative AI (GenAI), behind ChatGPT processes human prompts to craft a desired outcome. Now commonplace, it is being adopted by financial service companies to inspire data-backed strategic decisions behind risk assessments. Through its advanced data-crunching methods, GenAI is the underlying trick for summarising identity documents or contextualising unstructured datasets, and with further implementation in expert hands, GenAI could provide between $200 billion and $340 billion in value.

Futureproofing the AML function

While firms may have started investing in AML, a modern end-to-end platform allows for simple integration with existing AML systems and eliminates the challenge of overhauling a compliance function from scratch. This is necessary to quickly get a function up to date while money laundering techniques evolve continuously. There are also rapid developments in digital assets that require knowledge of modern RegTech solutions and the compliance teams running them.

AI and ML are just one trend for compliance specialists, posing ethical challenges besides operational advantages (including biases that can falsely represent customer data). Additionally, the rise of blockchain and cryptocurrencies across the last decade has developed sophisticated financial criminality to tough-to-trace digital realms. Global governments are giving extra attention to establishing frameworks and licensing regarding virtual payments (particularly since the downfall of fraudulent crypto exchange FTX). Still, it’s also becoming a requirement of RegTech solutions to boost AML for the crypto markets. Risk assessments for providers and users are becoming mandatory as digital coins have grown from an internet fad to a widespread asset. 

The past few years have also seen a growing intersection between AML and cybersecurity. Fraudsters can mask laundering or hacking by fooling legacy systems through deepfake technology or exploiting vulnerabilities in other outdated frameworks. In light of this, fintechs to larger financial institutions need to increase collaboration between their AML compliance and fraud departments with RegTech partners to combat these new typologies through a modern system. When departments are less siloed, sharing data consistently screened and monitored by a modern AML system, the risk of falling foul to attacks is lessened.

Adapt to stay ahead

With regulators exhibiting their best efforts to combat financial crime, firms shouldn’t be playing catch up. The resources are there for financial companies to fully implement an AML function from start to finish, upskilling their workforce and partnering with technology experts that can revolutionise AML capabilities no matter how soon new regulatory change will shift. This combination could prove vital to a safer financial world in the modern age.

Chat with our expert team to learn how RelyComply’s smart, AI-driven platform can automate your AML and KYC compliance processes. 

More news and resources

Monitoring and Compliance: How to ensure regulatory compliance and streamline operations

South African startup RelyComply honoured in prestigious RegTech100 list of most innovative companies for 2024

Our RegTech100 inclusion, and the crucial need for evolving regulatory technology