In the pre-digital age of financial services, AML/KYC was a very slow process. The government would put out their lists of sanctioned entities – hostile governments, drug kingpins, organized crime organizations and affiliates, etc. – and compliance teams would manually check onboarding customers to make sure their records were clear.
The system has always had its flaws, noted Alain Meier, CEO of Cognito – but in a pre-digital banking world where onboarding was a multi-day process, it wasn’t completely out of step with modern practices. That is no longer the case today. The entire world has gone digital – particularly when it comes to commerce and financial services. The manually based processes of the past simply don’t work in an era when consumers expect onboarding to be instant and friction-free.
“Wiping out the manual process and handling compliance in an automated fashion can propel companies forward,” Meier said.
But that automation is a starting point in a journey toward adopting compliance best practices that aren’t codified so much as passed down through the industry. Most of the focus in the past has been on locking bad guys out, and not enough on making sure the right people can get through. “The products the future needs don’t do one or the other better,” Meier said, so much as they make both happen.
Coming in the Door Prepared
Financial services is often a learning process for FinTech operators who may come in with a lot more inspiration than knowledge, Meier noted.
“Very few young companies get it immediately, even though when it comes to compliance, it is important to have these things built correctly from day one,” he explained. “As it turns out, it is possible to get pretty darn big and still not really know anything, and have pretty bad compliance and risk procedures.”
Or at least it is possible until it isn’t – and then something bad inevitably happens. And with incomplete or insufficiently robust tools to screen for and continuously monitor compliance, a bad thing is bound to happen. As young firms start becoming mature firms, they realize they “have to step up their game and be more responsible,” Meier said.
Part of that effort means realizing that AML/KYC is not a one-and-done exercise. Government watchlists are constantly in flux, and an actor’s status may change. A client who passed through compliance checks on day one might not be compliant on day 500, for example. That means FinTechs need systems that are primed to continuously scan their customer lists against those watchlists, and ensure that any new hits are investigated.
The good news, Meier noted, is that entities partnering with firms like Cognito aren’t starting from scratch every time.
But the bigger change that is coming, Meier said, will likely affect the data sources FinTechs are using to train their scanning algorithms. In reality, those government lists have a long, proud tradition of being incomplete or inaccurate, he noted.
“I think what will become much bigger will be supplementing those lists, because governments traditionally haven’t done a great job,” he said. “I think we will see people start building out much more competent versions of those watchlists that are more helpful for compliance needs.”
Financial services providers can’t control that, Meier noted. But in the future, he believes they will be able to access better data streams to better control for it, so fewer bad actors slip by and more good actors can move unmolested through the system – and better automation technology can automatically true up all of the data sources.
Letting the Right People Through
The entire global system of compliance regulation has a pretty straightforward goal, Meier noted, hindering the ability of bad actors to leverage the financial system while making sure good actors can. The first part of the equation rightly gets a lot of attention, because doing business with the wrong entity can be extremely costly for an organization. On the minimal end, there are fines – often steep ones – and on the maximum end, there is a possibility of criminal charges.
Automation – particularly powered by AI and machine learning – can do a better job of looking at incomplete or inconclusive information and making an instant distinction between a good customer transaction and one that might need more work. And, Meier noted, it can do that while providing an onboarding and authentication experience as a more rolling process, so that it requests information only as it encounters flags in the system and doesn’t introduce more friction once it has the data it needs.
Because that second goal – letting the right customers through – is just as important as the first, and just as easy to get wrong with improperly calibrated compliance machinery.
False positives that bounce good customers mistaken for bad ones, Meier noted, is a big problem, pushing the .8 percent to 1 percent range. One percent may not sound like a lot, but when considering cryptocurrency platforms like Coinbase and the large numbers in play, he said, the problem is pretty clear.
“Coinbase had more customers signing up during the height of the crypto bubble in 2017 than Bank of America signed up in a year,” he pointed out. “When we are talking about signing up 11 million or so people in a short window of time, a false hit rate of .8 percent means a lot of slow, manual review. There are going to be about 90,000 people who are suddenly not excited about doing business with you.”
No business wants to lock out 90,000 good customers if it doesn’t have to – and building out a more data-rich and better automated compliance system can prevent that, Meier noted. No two systems will be exactly alike or make the same decisions. The AI’s screening rules will be determined by the organization’s tolerance for risk.
“There is no one-size-fits-all definition of what should be a match and what should not be a match, in terms of authenticating,” Meier said.
But across the board, there could be systems that are working more accurately, and more in line with the goals of the financial institutions they serve.