Software Development

 Implementation of technology AML in the financial sector – 5 challenges

February 26, 2024
by
Monika Sianko

Frequent updates on preventing financial institutions from extorting money laundering and improving their AML compliance programs. Resolution, release and implementation of effective user verification methods that are no longer available in the system. Not only because of the complexity of the issues, but also because of the technological progress, which makes it increasingly difficult to prevent security circumvention. Drawing on the knowledge of FINGO engineers, I checked the following:

  • what are the most common challenges related to the implementation of AML guidelines in the company?
  • how can technology-driven AML compliance address these issues?

The complexity of anti-money laundering methods

Under the regulations, financial institutions must prevent financial crime risks: money laundering, financing of terrorism and organized crime or corruption. That is why they conduct credibility checks and risk assessment processes when establishing a relationship with the client.

In practice, this means:

  • Verification of the client’s identity using government-issued documents (national ID card, passport, driving license) – Customer Identification Program (CIP).
  • Collecting additional information about the client, i.e. source of income, business activity and expected transaction patterns – Customer Due Diligence (CDD).
  • Continuously monitoring client activity for suspicious transactions or changes in the risk profile. This may include transaction monitoring, behavioral analysis or periodic reviews of customer information – Ongoing Monitoring.

Therefore, ensuring effective AML depends on the actual implementation of the above-mentioned activities, the validity of the databases in which the data is verified, as well as the speed of the verification process itself.

Multi-level AML verification requires the integration of multiple tools

There are many technology solutions available on the market for verifying identity and collecting additional information. Some of the tools are available for free, others incur a charge. Of course, the difference is in the quality of the returned results – free ones more often show false-positive results, which in turn involves the suspension of the automatic process and the need for a verification analyst to perform manual AML process verification.

Many of these tools enable only one type of verification, e.g. analysis of a facial photo with an ID document. That is why comprehensive KYC solutions such as Umazi have appeared on the market, combining many tools with varying degrees of sensitivity. This makes it possible to simultaneously carry out the AML process on many levels.

Many AML component implementations actually mean integration with third-party solutions. The software architecture should guarantee trouble-free communication with them and resistance to occasional errors that are beyond our control. You also need to develop a well-developed graphical interface. Ensure an accessible path for user actions and clear communication of the validity of the process, as many people are unwilling to share confidential data. This leads to another challenge – the security and auditability of such activities on the system side. Wherever possible, we should avoid processing or collecting such data, and if we must, ensure data protection. – says Jakub Rupik, Head of Engineering at FINGO.

Regulatory challenges - regulatory reporting requirements for AML

Financial institutions are obliged to report all suspicious transactions, e.g. above €15,000, regardless of whether they are carried out in one operation or several, as long as there is a close connection between them. Reporting suspicious activities is difficult because companies need financial regulatory compliance software that enables them to report large volumes of data to supervisory institutions, which connects to their internal databases.

The iON application from FINGO Systems, based on a previously defined ETL process, downloads data on suspicious transactions from the banking system. The person responsible for reporting to financial institutions creates a report. Then the report is validated and automatically sent by the SI*GIIF gateway. This solution is used in Poland, but in the near future it will also be adapted to foreign markets. – Joanna Popowicz, Project Manager at FINGO Systems.

Exchanging information between systems is a well-known operational challenge in the financial services industry. It is also reflected in the report Banking in 2035: global banking survey report. 44% of executives identified improving data sharing between digital payment, fraud protection and anti-money laundering activities[1] as a one of the top three strategies as being most effective for staying ahead or taking advantage of major trends in the banking industry.

The AML checking process is based on verification in many external databases

After adopting the 6AMLD directive, EU Member States were obliged to establish, for example, central registers of beneficial owner information. The purpose of their creation is to provide competent authorities and obligated entities with access to databases with information about "problematic" clients.

In practice, user verification involves a manual or automatic search of databases, e.g.:

  • List of politically exposed persons (PEP) and close associates of PEP – a database of persons holding politically exposed positions.
  • Sanctions lists – a database of persons and entities to which special security measures should be applied, including: Office of Foreign Assets Control (OFAC), the UK, the EU, and the UN.
  • List of high-risk countries – a detailed list of countries and territories where the financial crime risk may be higher.
  • Register of beneficial owners – information from the Central Register of Beneficial Owners, containing information about natural persons exercising direct or indirect control over the company: management board, commercial power of attorney, owners.

It is worth noting that AML regulations may vary between jurisdictions. Therefore, for companies that offer global financial services, i.e. cryptocurrency exchange platforms, tools ensuring comprehensive AML compliance will have to connect to many databases. Such tools help manage cross-border and multi-jurisdictional AML compliance standards.

New technologies AML and verification costs

The more advanced the ALM verification, the higher the costs for the organization. It is estimated that European banks spend over EUR 14 million annually on AML processes, and one of the reasons for this is the dynamically changing law. Hence, some companies use gradual user verification.

For example, at the beginning of the identity establishment process, an internally defined algorithm calculates the risk level of a new user. When the risk level is high, e.g. due to coming from a country considered to support terrorism, its data is checked using more advanced tools.

However, even if the initial risk level is defined as low, typically a new user has limited access to the application. To be able to use all the functions of the application, e.g. to make cross-border transactions for larger amounts, one must complete an advanced know-your-customer (KYC) process.

When implementing KYC and AML solutions in a fintech project, one of the main challenges is achieving cost optimization. On the one hand, we must comply with all regulations imposed by the relevant regulatory authorities, but on the other hand, we must guarantee the profitability of our business. Services responsible for verifying personal and transaction data have different levels of complexity and costs. Therefore, when constructing flow in our application, we must design the process in such a way as to be able to eliminate or postpone those operations that generate the highest costs. If a low-cost operation causes the transaction to decline, there is no need to continue checking further. – Krzysztof Skiba, Software Developer at FINGO.

AML/CFT effectiveness in the era of advanced deepfakes

In February 2024, information about a fraud using AI spread around the world. During a fake video conference, an employee of an international company made 15 transactions, transferring a total amount of HK$200m (£20m) to fraudsters. It is likely that the fraudster had previously downloaded the videos and then used artificial intelligence to generate and overlay a hoax voice over previously recorded videos. [2]

It is predicted that there will be more and more such events. The Identity Fraud Report 2024, prepared by Onfido, warns of a 31-fold increase in deepfakes related to the availability of face generation tools using artificial intelligence in 2023. In turn, iProov points to the growth in crime by using speech and video synthesis tools, while forecasting that the cost of these tools will fall below $100. This means that even low-skilled criminals will be able to conduct advanced deepfake attacks.

Like it or not, companies from the financial sector will have to invest in more advanced tools, also related to AI.

Currently, it is difficult to imagine implementing AML-related processes without the involvement of artificial intelligence. On the one hand, it enables identity verification: the correctness of documents, including the detection of those that are forged or generated using deepfake tools. This verification may include many additional steps, including: checking the video image in real time: the document itself and the person using it.

On the other hand, it is possible to check clients against global watchlists – and verify whether the records potentially found there actually correspond to the one currently being verified.

One of the biggest challenges for the
use of artificial intelligence in AML processes may be its limited interpretability: many AI models do not provide the possibility of justifying their results. Meanwhile, it already exists and legal regulations that require it are still being developed. – Tomasz Gdula, Software Engineer at FINGO.

Implementing anti-money laundering software

Identifying suspicious activities in financial services companies is difficult. The need for multi-faceted user verification forces the continuous combining of data from many sources.

Not surprisingly, digitized financial institutions automate processes using modern AML compliance software solutions. However, their correct implementation requires knowledge of the intricacies of the law and the ability to adapt new technologies AML/CFT to the realities and expectations of companies operating on the highly regulated financial market.

Hence, cooperation with a technological partner such as FINGO, which has domain and technological knowledge, will certainly facilitate the implementation of anti-money laundering guidelines.

Sources:

[1] Economist Impact and SAS, Banking in 2035: global banking survey report, https://www.sas.com/en/whitepapers/banking-in-2035-global-banking-survey-report-113203.html?

[2] https://www.theguardian.com/world/2024/feb/05/hong-kong-company-deepfake-video-conference-call-scam

Do you need regulatory compliance software solutions?

Accelerate your digital evolution in compliance with financial market regulations. Minimize risk, increase security, and meet supervisory requirements.

Do you need bespoke software development?

Create innovative software in accordance with the highest security standards and financial market regulations.

Do you need cloud-powered innovations?

Harness the full potential of the cloud, from migration and optimization to scaling and the development of native applications and SaaS platforms.

Do you need data-driven solutions?

Make smarter decisions based on data, solve key challenges, and increase the competitiveness of your business.

Do you need to create high-performance web app?

Accelerate development, reduce costs and reach your goals faster.