By Sachin Kumar, Vice President and Pradeep Bhaganna, Senior Principal Consultant – Banking & Financial Services, ITC Infotech
The area of financial crime management at banks is vast with scope encompassing customer due diligence, sanctions & screening, fraud prevention and AML compliance. Over the years the combination of technology & operations supporting this area has become mature and internal service provided include effective prediction and prevention of the movement of proceeds of crime besides managing the entire process from alert creation right till case resolution that includes associated customer, account, and compliance actions.
Challenges
We see financial institutions at different levels of technology maturity and with varied success rates where it comes to ascertaining risk and taking preventive measures in time to mitigate losses – both financial and reputational. With cost of frauds now increasing at a much faster pace than the investments being made in this area and with banking being the leading industry facing this challenge, there is a need for enhanced focus. As per LexisNexis Risk Solutions, the projected total cost of financial crime compliance across all financial institutions reached $213.9 billion in 2021, surpassing the $180.9 billion recorded in 2020. On the investment side, most of the effort is going towards augmenting operational resources besides optimizing technology that includes modifying scenarios and changing thresholds for transactions based alert monitoring systems, enhancing customer risk-rating models, improving reporting, enabling data via data marts for consumption and automating data feeds across systems.
One of the initiatives in this space that banks have been trying to implement includes perfecting the art of real time fraud & anomaly detection especially considering that most have limited real time decisioning tools as well as nascent AI/ ML capabilities that drive the alert monitoring systems. Moreover, the existing fraud prediction models that include behavioral analytics require significant rigor around model development and redevelopment, another area that still needs enhanced focus even in large banks. The advancements in this area need to tread the fine balance of superior anomaly prediction & decisioning capability without compromising on the end customer experience that can very easily change for the worse in case genuine transactions are denied for execution.
Further the ask of rapid adherence to constant updating AML compliance and reporting needs across the enterprise can be challenging and complex. The expectation is to analyze KYC data to assess customer risk, then detect customer and account behavior patterns which may indicate suspicious activity, alert internal investigators followed by enabling seamless investigation, tracking, and filing compliance reports. This is besides actioning on the investigating outcome all of which may involve further internal transactions as well as liaison with service providers, bank community and most importantly regulators.
Data Driven Intelligence Automation
Operations supporting the above processes typically requires an ability to extract insights from internal data across various divisions as well as third-party information content. Since most organizations still have disparate systems that house relevant data, consistency of data remains a challenge, and some are in the journey of data transformation or cloud adoption – hence building out a robust single risk view, one that can be used to harness data and compare with trusted external sources to mitigate financial crime risks is no mean task. However, the same needs to be done.
There are many low hanging opportunities seen consistently across banks where it comes to application of intelligent automation in financial crime (refer to Fig 1.0). The overall automation business case adds up considering the losses on account of fraudulent transactions, increase in the number of digital transactions, existing manual and repeatable steps and the high cost of AML non-compliance. Moreover, considering the existing legacy technology and detailed SOP’s to be adhered to as part of enterprise shared service operations, the possibility for automation driven impact can be significant. Moreover, high number of alerts to be investigated within challenging predefined SLA’s of which more than 90% eventually turn out to be false positives, significant internal & external collaboration still via emails or phone calls and the need to access multiple systems as part of investigations and closure makes automation relevant and critical. Banks as part of their automation CoE’s are using leading RPA tools to implement & support the identified use cases besides continuously building & updating supervised and unsupervised machine learning models to achieve their efficiency, effectiveness, and experience goals. Additional focus is towards bringing in explainability around model recommendations and transparency in the overall case progression journey. As these enablement gets implemented, institutions can begin to see a marked improvement in predefined metrics and reduction in overall structural costs by removal of non-value add steps.
Figure 1.0 | Source: ITC Infotech
While banks have been on a journey over the years to move fast in this complex and dynamic space, we see compliance officers at banks continuing to invest in the key technology layers of experience, intelligent automation and enabling capabilities driven by a superior underlying architecture (Fig 2.0).
Figure 2.0 | Source: ITC Infotech
Conclusion
In the era of open & embedded banking and where banks are pushing towards cloud adoption and tightening security controls, we see a great opportunity for technology savvy banks to not only keep compliance costs under control & outcome predictable but also to offer financial crime component as a service. New operating models are being created and collaboration between financial services players, service providers, fintech innovators and regulators are gaining ground. This will eventually facilitate creation of service components such as KYC & customer due diligence, fraud detection, false positive recommendations, compliance reporting etc. and for the same to be embedded and consumed by other financial service players. There is a good fitment for the offered service components to be consumer by the neo & challenger banks that might be better off leveraging traditional bank’s services for this capability rather than duplicating efforts in this direction. Moreover, best practices from banking including customer due diligence & fraud risk mitigation etc. could also be adopted by those in other industries such as utility majors, retail & hospitality chains, payment service providers etc. that need to onboard customer and perform financial transaction on a regular basis.