While AML and CFT aren’t necessarily simple matters, training on these topics can be made overly complex. Compliance pros Gustavo Fideney and Alvaro Ruiz Ostos offer a more accessible interpretation.
Webinars On AML: Harsh Times
Everyone talks about how important anti-money laundering (AML) and combating the financing of terrorism (CFT) efforts are, but it’s very hard to find a down-to-business approach on what’s required to fight money laundering (ML) and the financing of terrorism (FT)—or further, to find professionals who understand how it’s done, who work in the field and investigate ML/FT, to keep teachings simple and understandable.
The easiest position would be to finger-point the wrongdoing from a moralist view, stick to naming laws, regulations, recommendations and to address financial units across the globe (created to investigate and prosecute), so they can take care of this hard and boring task. The difficult part is transferring knowledge about such a complex workstream.
AML/CFT webinars can be interesting, and some may even leave flashes of relevant and useful information, but that’s a rare occurrence, as these are very complex subjects. Deep down, we all feel like we could do more, both as students and lecturers. We all gather in the same ecosystem to understand how AML/CFT actions take place, yet still feel like there is more to it—a practical point of view, perhaps, that will clearly convey the true world of AML/CFT.
We don’t pretend here to explain all aspects of AML/CFT investigations, but instead present a concise view of how financial institutions protect their reputation and business by having solid defenses against ML/FT and how they are key parties of the circuit in which money launderers transform dirty money—cash from illicit sources—into licit money. Financial institutions need to implement multi-level lines of defense for this stage, called “placement,” to avoid onboarding such customers into our financial system. We’ll discuss these lines of defense in this article.
At first, a lengthy, onerous process for opening a bank account seems ridiculous, but it’s necessary for financial institutions to do their due diligence. As part of the KYC process, these institutions dive deep to ensure their current or potential customers are not part of any money laundering or terrorism finance scheme.
Here, we offer a simple explanation of how financial institutions fight ML/FT and avoid fines. We’ll start from the beginning… the first line of defense.
First Line of Defense: AI Action
Imagine you own a nightclub. To avoid trouble with the police, you do not want any underage persons or criminals to get in. What do you do? The first thing that comes into mind is hiring a “bouncer” to make sure the nightclub is able to select who gets in and who does not. In banking, this is the equivalent of performing due diligence when onboarding a new customer. Additionally, to ensure the people already inside behave, you hire another bouncer to keep an eye on what’s happening in the club. In banking, this is the equivalent of transaction monitoring, in which financial institutions monitor that customers are using their accounts for legitimate purposes.
Here comes the teaser: The first line of defense in financial institutions, the first barrier placed to fight ML and avoid fines from dealing with customers (sanctioned, embargo-tagged and blacklisted entities among them) is artificial intelligence (AI).
AI systems work as a net to catch unwanted onboardings and to detect, investigate and report dubious activity among their customers’ operations and—in case the client is already part of the financial institution—transactions (e.g., wire transfers, cash deposits, withdrawals, debit/credit operations, investments, insurance schemes, national/cross-border transactions). The software is meant to red flag fishy records, sources of funds and transactions.
When correctly performed, due diligence and transaction monitoring help compliance teams increase productivity by reducing false-positive alerts, which would lead to unproductive investigations, decreasing profits. Optimal software—the software provider depends on the bank’s election—will efficiently detect when a client is not fit for the institution’s standards and later spot suspicious transactions to decrease regulatory compliance risks. We see here that AML transaction monitoring is vital to prevent money laundering under AML legal frameworks, but not limited to it, as it is also useful to fight against computer piracy, tax evasion and fraud, among other crimes.
The screening/transaction monitoring process will analyze:
- The customer’s source of wealth and the origin of the funds.
- Whether transactions are consistent with the customer’s characteristics.
- The nature and purpose of the business relationship/intended transaction.
- The customer’s risk profile.
- Whether any atypical transactions detected should be subject to deeper analysis.
Second Line of Defense: The First Human Filter, Analysts
Once the software detects these red flags, compliance analysts will analyze the software reports, verify their accuracy and determine whether there is risk in the onboarding or transaction. Analysts will also discard false positives according to their know-how on the detection process and escalate the findings to the AML Compliance Officer (AMLCO).
In this second stage, the compliance analyst acts as the bouncer in our nightclub. As mentioned previously, since machines review the first part, we need someone with actual knowledge of the institutions’ standards and regulatory parameters to ensure the hits are false positives and that nothing substantial came out of the screening process.
Imagine you are trying to onboard a client whose last name is Swift. During the first line of defense, the software may detect enormous amounts of adverse media involving a certain pop singer; the analyst/bouncer will spot that and classify it as a false positive.
In a more serious scenario, assume you are trying to onboard a customer whose last name is Maduro. In this scenario, the software would automatically raise alerts to indicate the client you’re trying to onboard has been sanctioned by the OFAC, European Union, etc.; however, the analyst should be able to spot a false positive if there is a mismatch pertaining to name, jurisdiction, year of birth, etc.
In the transaction monitoring stage, the software will be on the lookout for suspicious activity not labeled as “expected” when the account was opened. In this regard, paying your taxes may be an acceptable activity, but constant wires to high-risk jurisdictions such as Afghanistan may not. This is where the analyst must apply their knowledge to spot this potential risk.
As mentioned in the previous example, sometimes the software gets it right the first time. If the potential customer derives his wealth from OFAC/EU/U.K.-sanctioned jurisdictions, cannot justify his source of wealth/funds or is targeted in several mainstream media articles, there will probably be a risk too. In this process, called red-flagging, the analyst decides to escalate the matter and bring the case up to the AMLCO.
The third line of defense, the AMLCO, will be discussed in Part 2.