“AML Solutions Are Still Stuck In The Middle Ages”

AML.

Switch the acronym a bit. Let’s try “LMA”: Here we could say it stands for “Laggard from the Middle Ages.”

The first acronym, AML, stands for “anti-money laundering,” and it’s everywhere — the laundering part, that is.

The “anti” part is what needs to get up to speed, catching up to the bad actors as they act, and before they act. After all, crime is committed not just with guns, but also with currency, with funding from far-flung sources. With the digital age firmly in place, the old muse to “follow the money” is easier said than done.

That’s especially important when the technology in place to “follow the money” is not agile or robust enough to pinpoint suspicious activity. Beyond technology, the fact remains that the age-old way of detecting bad actors — through a rules-based system — is not enough when the regulatory environment is always changing, and malefactors are smart enough to follow the rules … just enough … to slip under the radar.

In an interview with PYMNTS’ Karen Webster, Akli Adjaoute, CEO of Brighterion, pointed to the need for new technology — and intelligent technology, at that — to help keep pace with the dizzying array of tricks in the money-laundering arsenal.

To be sure, AML has been taking up space in the headlines, with the subject front and center following a Senate hearing late last year on modernizing laws. Australia’s parliament, as just one example, approved legislation governing AML. It’s a hot topic, said Adjaoute, because “it touches everything; you are dealing with clients, you are dealing with terrorists” and the costs can be staggering.

The industry paid $321 billion in fines just through the end of last year, estimated Boston Consulting Group. JPMorgan had to pay more than $2 billion in violation of the Bank Secrecy Act, tied in part to the infamous Bernie Madoff scheme.

Moving cash through deposits and withdrawals across unwitting channels is a way for terrorists to get funding, for drug lords to ply their trade and, in the process, destroy economies, he said. “Every one of us pays when [money laundering] happens,” said the CEO.

But even if awareness is high, awareness of just what to do about the problem is less than acute.

Regulation and technology must go hand in hand to combat the bad guys.

Adjaoute noted that banks invest billions around the world to comply with existing rules and regulations — and scramble when the playing field shifts.

“AML is still in the Middle Ages” when it comes to technology, he said, as we still use business rules, which number in the thousands, to set the processes in motion. “These solutions are siloed,” he told Webster, and, at the same time, “there is not a lot of historical data about AML.” Manual processes abound. The end result? Roughly 99 percent of alarms raised are false-positives.

The paths of the launderers themselves are tough to track, of course. Consider an ISIS recruiter who hails from the United Kingdom, but who then heads to Syria or Turkey to join the terrorist organization. They can move money to Turkey … and elsewhere. Step by step, none of this may seem suspicious.

However, taken together, a robust identification system would be able to find anomalies in how money makes its way around the globe. Rule-writing just doesn’t cut it. Adjaoute likened the process to trying to think about — and design for — all the endless varieties of malware. “Money launderers hire PhDs,” he said, to help them ply their dark trade, analyze existing business rules and find ways around them. “They are very patient … they try everything they can to look legitimate.”

With AML, he said, “you are not looking for a needle in a haystack”; rather, “you are looking for a needle in a set of needles … that all look the same.”

Sophisticated criminals need sophisticated defenses. Designing a robust defense can be specific to every customer’s account, branch and bank by detecting anomalies without hard coding.

This would consider each individual customer’s transactional behavior, and thus the ability to make what Adjaoute termed “fine-grained judgement” about data that comes from each of those conduits — across volumes, transaction amounts, identifiers and the like — and whether unrelated parties are transacting across multiple accounts (representing red flags).

“You have to have a 360-degree, smart, artificial intelligence technology” that can get deep into each transaction with “unsupervised learning.” Such technology-powered oversight can reduce rules by over 98 percent, he said.

He cited data that is part and parcel of conducting other types of transactions. For example, with wire transfers, there is the need to have information in place detailing origination parties and destination parties of funds. There’s the need for names and addresses and phone numbers. Any one of these informational tidbits can offer up an “in” for criminals to work their way deep into accounts and the financial system at large, with an eye on theft.

The conversation turned to cryptocurrencies, where, as Webster noted, more data points may emerge that can — and perhaps should — be fed to artificially intelligent platforms to suss out nefarious activities. The whole crypto space, he said, “when you get North Korea involved, and when you get terrorists involved — I do not know how you can call that currency when it is actually used as a target for people who are trying to hide” what they’re doing.

So, it may make sense, he told Webster, that people look for anonymity. But now more than ever, especially when it comes to greater regulatory scrutiny, a preventative mindset is in order, and “you have to start with KYC,” making sure that no one is involved with these crime networks that circle the globe.

“Then you have to move to the detection” stage, he said, with an effort to reduce false-positives. The third level of AML and combatting fraud comes with alerts that are tied to a system which offers up a suspicious activity report, calling out anomalies. “If you combine these … with whatever the banks have,” in terms of legacy systems, “it will not only help the financial institutions reduce false-positives … the most important thing is, you will become compliant” with less effort.

“It’s time today to move to the next generation of AML solutions,” Adjaoute said.