Transforming BSA/AML and KYC with Process Intelligence Technologies

The U.S. Bank Secrecy Act (BSA) of 1970 was one of the first Anti-Money Laundering (AML) and Know Your Customer (KYC) laws. It required companies and financial institutions to establish and report on internal controls and other measures put in place to prevent the facilitation of financial crimes. Other similar laws exist in countries around the world, creating a complex web of potential compliance issues for financial services companies.

Between 2008 and 2018, financial institutions worldwide have paid an estimated US$26 billion in fines and penalties as a result of violations to these regulations. That’s an average of $2.6 billion per year. However, government scrutiny of money laundering is now at an all-time high. Financial Institutions were fined US$5.6 billion in the first half of 2020 alone for non-compliance with AML, KYC, and related regulations. If the trend continues, it would represent a 430% increase over the previous ten-year average.

It is increasingly clear that compliance with these regulations is critical to the sustainability of every financial institution. Unfortunately, the traditional means of transforming your BSA/AML processes are woefully inadequate. But there are new technologies helping accelerate and increase the success of BSA/AML transformation.

Does Your AML/KYC Process Add Risk?

While it is the responsibility of all employees, partners, and suppliers to prevent an organization from facilitating financial crimes, Client Lifecycle Management (CLM) and Compliance are the two departments playing key roles in defining and implementing the required internal controls. CLM is the first line of defense within any organization. Compliance acts as the second line of defense, responsible for policy making, escalation, and resolution, as well as performing independent risk management. Auditors, the third line of defense, ensure any risk governance framework complies with regulatory guidance.

Three Lines of Defense Model

Before taking on a new client, a due diligence process is generally conducted to evaluate the client’s risk rating. It begins with a basic understanding of the client’s identity, the risk involved, and an understanding of their financial habits. Onboarding high-risk customers and politically-exposed persons requires enhanced due diligence with additional assessments of the client’s geographic location, source of funds, and purpose of the transaction, and may require ongoing monitoring.

This is an important task that typically happens as follows:

  1. Pre-onboarding checks are conducted by working with Sales, Risk Management, Legal, Compliance, and others to collect and review relevant client data, product information, and documents as mandated by the regulatory authorities.
  2. Teams then update multiple systems of record to ensure a client’s readiness to transact.
  3. Post-onboarding processes then include on-going client reviews and continuous monitoring, managing client and counterparty data and records, and potentially, client off-boarding.

This process can quickly become complex, especially at global organizations spanning multiple geographies with various policy interpretations, competing rules and regulations, and related data housed in multiple and disconnected software applications. That last point adds risk, especially when data is not integrated, thereby forcing considerable amounts of manual, repetitive, error-prone work. The result is increased operational, reputational, and financial risk.

Additional risks arise from policy interpretations and potentially incorrect execution of processes, which both depend on the experience of KYC analysts. It is indeed demanding for analysts to make critical decisions that require focused thinking while concurrently performing important yet mundane manual data-entry tasks.

Add it all up and your AML/KYC process is exposing you to more risk, which is exactly the opposite of what it is supposed to do!

Transforming BSA/AML with Success

Transforming any enterprise process can be daunting, for good reason. A study by McKinsey & Company indicates that a staggering 70% of large transformation projects fail to deliver expected results. Reasons may include unclear objectives, lack of leadership, and lack of commitment. But looking deeper, transformation projects are frequently derailed when teams underestimate process complexity. It’s a huge undertaking to identify the appropriate processes, perform detailed current state assessments, develop business requirements, and keep an eye on budgets. Then, for any transformed process, adequate training is required, and even minimal employee turnover can add to the challenges.

When focused on AML/KYC processes, the need for a successful transformation can be critical to your organization’s survival.

But help is available from point solutions such as Microsoft Power Automate, which uses Robotics and artificial intelligence (AI) to help organizations streamline, standardize, and automate routine tasks. Many financial institutions are also leveraging cognitive natural language processing (NLP), with focused solutions such as DDIQ by Exiger, to accelerate adverse media and sanctions screening processes related to clients.

AML/KYC platform providers can help streamline end-to-end processes. But successful implementation of these types of platforms largely depends on the quality of the business requirements and clearly defined compliance policies. It’s also dependent on the prevailing regulatory rules, final user acceptance testing and training. In reality, it takes many months for organizations to fully understand and effectively leverage these platforms, which adds further delays to already complex transformation projects.

FortressIQ is playing a key role in a successful AML/KYC transformation by converting a process problem into a big data problem. FortressIQ performs detailed current state assessments to provide near real-time process intelligence. It then provides the insights to make data-driven decisions.

Using computer vision, NLP, OCR, and deep learning algorithms, FortressIQ will:

  • Capture tasks at the most granular level, with no bias or blind spots;
  • Provide faster time to value by generating detailed, enterprise-wide process insights in just 2-4 weeks and without consuming worker time; and
  • Cost much less than human consultants, including eliminating documentation errors and the related rework.

Insights provided by FortressIQ can be leveraged by functional and transformation teams to collaborate on areas that matter: process enhancement, automation, and training.

Effectively managing your AML/KYC risk is critical to the success and reputation of your organization. Process intelligence and emerging technologies can help mitigate these risks, speed up the transformation journey, and enhance the customer and employee experience. It could also prevent a AML/KYC violation, which is becoming an increasingly expensive prospect.