AML-KYC – balancing effectiveness with operational sustainability

The year-on-year increase of AML-KYC workload sometimes feels as much of a certainty as death and taxes. Institutions must manage screening obligations that become more expansive and complex, with fewer exceptions for simplified processes. At the same time, the cost of a compliance failure becomes greater, in terms of societal impact, regulatory fines, remediation efforts, and the damage to reputation. In response, the scale, cost, and complexity of institutions’ countermeasures and controls have increased exponentially. An unintended consequence of stretching resources to meet compliance obligations is that an organisation becomes less well-placed to focus on customers and business goals. Simply reducing AML-KYC budgets or down-sizing teams is not a viable option because of the increased risk of an unacceptable gap emerging between compliance obligation and operational capacity. The traditional approach of adding large numbers of compliance FTEs might offer a short-term fix but is unsustainable over the long-term. Finding the middle ground between compliance effectiveness and operational sustainability now depends on technology innovation. 

External pressures not diminishing 

In recent years, compliance operational capacity has scaled significantly in response to new regulatory requirements. The consequential sustained increase in compliance budgets is well-documented, affecting all tiers of institution, in every region. At the same time, regulators’ expectations of the standard of compliance effectiveness have risen at a faster rate. An addressable and relatively immediate response to meeting these expectations has been to hire more compliance staff. However, continuing this approach is not just economically unsustainable, it creates large, complex control frameworks that are more prone to systemic failure. Meanwhile, customers are faced with an increasingly high rate of compliance friction – at a time when fintech challengers can provide a more seamless experience. The demands of continuously improving compliance excellence and customer satisfaction cannot be mutually exclusive. New ways of addressing these dynamics are needed. 

Automation is just the first step 

Large financial institutions can employ, directly or indirectly, thousands of compliance analysts. Even if these organisations are largely outsourced or offshored, operational costs are still significant. The combination of internal op-ex pressures and regulators seeking higher levels of effectiveness – that go beyond mere technical compliance – has inevitably led to the wider use of automation technology. The repetitive actions of a compliance process are typically very suitable tasks that can be transferred from humans to Robotic Process Automation or AI-led machine learning technologies. When applied to tasks such as investigating alerts, false positive reduction rates of 60-80% is a common outcome, particularly in retail banking. Such outcomes typically yield a massive cost-saving, without introducing significant new risks. However, whilst automation is delivering big operational efficiencies in many institutions, the opportunity to improve compliance effectiveness is often not realised fully. If restricted to making existing processes quicker and cheaper, the compliance up-side of automation is limited. Yes, there are benefits in that staff can be re-deployed to focus on more qualitative tasks. But a bigger impact will be made if new technology is utilised more fully to provide smarter processes using risk analytics.  For projects to be successful, technology must deliver more than operational agility and high speed-to-compliance. Full transparency must also be delivered to enable every automated decision to be contextualised and understood. 

Mind the gap  

Compliance technology strategies are often a series of tactical reactions to short-term objectives. Whilst the velocity, scale, and complexity of AML-CFT requirements are unlikely to diminish, attempting to manage these challenges by adding more people is not sustainable. Similarly, a failure to realise the full potential of technology innovation will not improve compliance effectiveness. 

No institution can afford a gap to develop between regulatory obligation and operational capacity. Finding the right balance needs risk analytics technology that can deliver both massive efficiencies through automation and improved compliance effectiveness from more insightful customer intelligence.