A panel at the recent ACAMS conference discussed how artificial intelligence can be used to greatly improve firms' enhanced due diligence compliance
At financial institutions, routine background checks on new customers, referred to as customer due diligence, are required as part of the industry鈥檚 standard know-your-customer protocols.
However, when assessing individuals or organizations who are deemed 鈥渉igh risk,鈥 a more intense level of scrutiny 鈥 known as (EDD) 鈥 is required.
As the name implies, EDD involves a much more thorough investigation of an organization or individual鈥檚 financial universe. And when institutions conduct EDD, software powered by machine learning and artificial intelligence (AI) is often used to search for evidence of criminal activity, money laundering, or other indicators of business malfeasance.
At this year鈥檚 ACAMS) annual conference, held virtually last week, a panel of experts from across the compliance landscape discussed AI鈥檚 impact on EDD and how financial institutions are incorporating advanced information-gathering tools and techniques into their risk-assessment frameworks for Bank Secrecy Act and anti-money laundering (AML) compliance.
Risk vs. reward
In theory, AI-enhanced EDD provides a much more comprehensive and holistic view of a new customer鈥檚 business associations and financial activities, which allows financial institutions to make more informed decisions about who they choose to do business with. In practice, however, all that additional customer data can complicate customer relations and introduce new variables into the risk-assessment process, reinforcing the need for prudent human judgment.
鈥淓DD is not a one-size-fits all approach,鈥 said panelist a VP and Senior Compliance Manager at KeyBank. 鈥淎ll institutions, regardless of asset size, should be developing an EDD program that is consistent with their risk appetite and risk profile,鈥 she said, adding that individual institutions also must decide for themselves how much risk they are comfortable taking on.
When it comes to assessing so-called 鈥渉igh-risk鈥 clients, Johnson said the challenge is balancing the institution鈥檚 risk appetite against the potential rewards 鈥 or ramifications 鈥 of doing business with such clients. For example, it is mandatory to consider some clients 鈥渉igh risk鈥 simply because of the business they are in, whether it鈥檚 a money-service business that could be used for money-laundering purposes or a cannabis-related business that deals primarily in cash, she explained. In most cases, politically exposed persons (e.g., politicians, government officials, heads of state) are also considered high-risk clients because their positions can be abused for money-laundering purposes. Still other entities may or may not be considered high risk, she added, depending on other factors such as geographical jurisdiction or whether they operate in countries where sanctions are being enforced.
However, according to panelist Hue Dang, VP and Head of Global Business Development and New Ventures for ACAMS, the water gets much murkier when dealing with clients that don鈥檛 check the obvious high-risk boxes. 鈥淭he challenge for institutions is determining what you don鈥檛 typically see as high risk 鈥 but is 鈥 and how do you recognize that it should be?鈥 Dang said.
In such cases, an EDD process that incorporates AI technology is helpful because 鈥渢he technology helps us identify linkages to see where the risks are 鈥 to identify where the money flows and what connections an entity might have,鈥 she noted. 鈥淲ithout data analytics, you can鈥檛 really see the connectivity.鈥
Gradients of risk
Indeed, today鈥檚 advanced investigative search tools pull information from a variety of sources 鈥 such as bank records, public databases (e.g., court filings, DMV records, land title registries, collection/repossession data), news sources, proprietary databases (e.g., insurance, professional licensing, business bureaus), and other sources 鈥 to create sophisticated neural maps of the business and financial activity of an organization or individual, including their connections to other people and business entities.
鈥淓DD is not a one-size-fits all approach. All institutions, regardless of asset size, should be developing an EDD program that is consistent with their risk appetite and risk profile.鈥
And according to another panelist, , Chief of AML and Advanced Analytics at Oracle, information this granular allows AML compliance officers to judge 鈥渘uances鈥 and 鈥済radients of risk鈥 that were unavailable using previous research methods. 鈥淭here are ways with technology now that we can view risk not just as 鈥榖ad鈥 or 鈥榞ood,鈥 but to understand what the actual risk is on a spectrum,鈥 Somrak said. For example, he noted, many institutions are beginning to use more advanced techniques, such as temporal analytics, which allows institutions to track and compare a customer鈥檚 activities over time, automatically flagging potentially suspicious changes in business behavior, transaction patterns, or other discrepancies.
AI technologies are continuously evolving, of course, so investigative procedures that were once fairly routine are now more dynamic and fluid as more information on customers and their associations becomes available. In fact, this increasing dynamism should be pushing institutions away from a 鈥渓inear鈥 model of due diligence to a more 鈥渃ircular鈥 model wherein high-risk customers are regularly re-evaluated as new information about their activities and associations is accumulated, said ACAMS鈥 Dang.
However, if technology is going to be driving the evolution of best practices in the industry, its reliability needs to be unquestionable, added Johnson of KeyBank. 鈥淲e need to make sure that the technologies we utilize are accurate,鈥 she said. 鈥淛ust as institutions are re-assessing their customer base and high-risk customers, we need to also make sure that we are continually staying abreast of our technologies to ensure that they are providing us with the most accurate results, so that we can maintain compliance with our regulators.鈥
Better decisions, less risk
Keeping up with technology can be a challenge, especially in the rapidly developing area of AI and machine-learning, the panel noted. 鈥淎s an industry, we are just at the starting line when it comes to using AI, particularly around our transaction-monitoring software,鈥 said panelist , a senior Risk, Compliance & Audit 聽manager for AML at U.S. Bank.
For compliance officers, AI-enabled software does help weed out unhelpful or irrelevant information, but it also picks up new information that may or may not be relevant, and machine-learning systems need to get 鈥渟marter鈥 at differentiating between the two, Frantz explained. Improvements in AI are inevitable, he added鈥攐nly the timeline is in question. 鈥淚 don鈥檛 think anyone knows what the full capacity of AI will look like in five years,鈥 Frantz said, 鈥渂ut right now we want to use it to get the best work we possibly can to our human counterparts.鈥
Johnson agreed, saying she is confident that broader adoption of AI tools will benefit the industry significantly. 鈥淭he banking industry is utilizing these technologies to increase efficiencies in our processes, identify risk, and make better risk decisions,鈥 she added. 鈥淭he more we develop and utilize these technologies, the more our AML compliance programs across the organization can do nothing but continue to be better and better developed.鈥
