REGULATORS EMBRACE ARTIFICIAL INTELLEGENCE-BASED TOOLS FOR AML, AND YOU SHOULD TOO

In recent years, there's been a sea change in the mindset of AML regulators -- moving from mistrust to embrace -- toward use of AI-based technology to enhance KYC/AML processes. This is based on their recognition that KYC/AML program demands have increased to the point where they have the potential not only to create a permanent state of backlogs in alert investigations and due diligence reviews and delays in SAR filings but, more generally, to overwhelm a financial institution’s resources, operating costs, competitive status, and internal controls structure. Human judgment will always play an important role in KYC/AML, but relying on time-consuming and onerous manual processes for research, analysis, and communicating and collecting data is a major problem.

Recent evidence of this attitude shift came in May 2022 when Kevin Greenfield, OCC Deputy Comptroller for Operational Risk Policy, testified before the House Committee on Financial Services’ Task Force on AI. (Yes, there’s a Congressional Task Force on AI – that’s how important it’s become.) Greenfield spoke about the opportunities, benefits and challenges AI presents for banks, noting that AI can provide efficiencies in operations and back office functions and improve a bank’s ability to monitor compliance with AML obligations.

A prime example of the usefulness of modern digital tools in the AML sphere stems from FinCEN’s requirements regarding ultimate beneficial ownership (UBO), which, among other things, present the challenge of looking through multiple, complex layers of legal ownership to understand key hierarchies, associations, and relationships and the risks they pose. No easy task, as ownership may well occur on an indirect basis hidden within a labyrinthine organizational chain. Beneficial ownership data must be assessed globally, and firms must keep pace with an enormous number of changes, including transfers of ownership interests between jurisdictions.

Satisfying UBO mandates requires use of advanced digital solutions to comprehensively scour worldwide public and non-public sources to ensure data quality; quickly and effectively draw out, sift through, and analyze massive amounts of structured and unstructured information to reach meaningful conclusions; and make results available in a user-friendly manner. Also quite useful is graph analytics, a machine learning method whose mapping capability allows an organization to represent its links in graphs, simplifying the process of understanding the relationships among affiliates and related entities. Storing an organizational structure in a graph database allows for deeper quantitative analytics that answer the question, “Are these two (or more) different people or entities interconnected for purposes of determining ownership or control?” This is especially valuable in situations where data is limited, such as offshore jurisdictions with restricted disclosure, recordkeeping requirements, and registries. (Graph analytics can also be used to determine relationships among AML documents – such as share certificates, trust declarations, and registries – allowing organizations to flag anomalies with low levels of false positives.) The bottom line is that graph analytics can be a particularly powerful tool in meeting UBO requirements because an entire network infrastructure and all its links to third parties can be represented in graphs, thus simplifying the process of understanding and tracing complex organizational structures.?

Of course, there’s always the risk of adverse outcomes if banks’ use of AI isn’t properly managed and controlled. One key risk of particular concern to regulators, is ”explainability,” which is the extent to which AI decisioning processes are reasonably understood and staff can justify outcomes. Regulators don’t want black box solutions that are opaque as to their functioning and results.?

Another key risk is data management, analytics, and governance. Understanding data origins, use, and governance when adopting AI is critical, particularly when AI involves dynamic updating or algorithms that identify patterns and correlations in training the data without human context or intervention. Because the AI algorithm is dependent upon the quality of the data used and effectiveness of training, an AI system generally reflects the limitations of that dataset. Regulators worry that AI may perpetuate or even amplify bias or inaccuracies inherent in the data or make incorrect predictions if a data set is incomplete, non-representative, or otherwise flawed.?

Potential adverse outcomes from use of AI that must be managed can arise from poorly designed underlying mathematical models, faulty data, changes in model assumptions over time, inadequate model validation or testing, and limited human oversight, as well as the absence of adequate planning and due diligence in utilizing AI from third parties.?

AML regulators now recognize that transformational advances such as graph analytics are no longer a “nice to have.” Rather, particularly for labor-intensive and rules-based tasks, they must now be considered critical to supplementing manual efforts and making employees more productive. Effective use of automation is now critical to a financial institution maintaining an AML compliance program that is at industry standard and meets regulatory expectations.

#aml #fraud #ai #kyc #sar #ubo #fincen #graphanalytics #graph #datamanagement #analytics #governance #automation #fcc