Digital transformation in the capital markets sector has given rise to a dramatic increase in the volume of transactions and data, particularly in highly liquid markets. This increase coupled with complexities in cross-border and cross-product trading activity and innovations in financial assets (crypto, digital assets) has created a fertile ground for criminal exploitation.
Financial crime is as old as the financial markets. From counterfeiting coins in medieval times through Madoff and his mother of all Ponzi Schemes in 2008, to Changpeng Zhao (CZ) landing a four-month stretch in prison for failing to properly guard against money laundering at Binance. Financial criminals continue to evolve and are quick to take advantage of innovations that focus purely on growth at the cost of adequate controls. Historically, financial criminals and threat actors have always been one step ahead leaving the market and regulators to respond after the fact.
Technology and Operational Challenges
The explosion of data – alongside innovations in cloud computing, artificial intelligence (AI), distributed ledger technology (DLT) and digital assets – creates new threat opportunities that demand robust surveillance systems capable of real-time monitoring and analysis. However, the investment required for such technology is substantial and often hard to justify. Firms typically allocate Governance Risk and Compliance (GRC) resources to address immediate regulatory demands and to prevent recurrence of past incidents. Making a compelling case for investing in technology to prevent something that might happen in the future has proven difficult.
AI and Machine learning (ML) technologies have underpinned compliance solutions for a decade or more but their ability to handle the scale and diversity of data and adapt to the latest regulatory requirements is becoming tested. Many compliance practitioners at industry forums report having to cope with high levels of false positives from legacy surveillance systems and burdensome regulatory reporting demands.
Generative AI (GenAI) and large language models (LLMs) offer the potential to alleviate excessive compliance workloads. These technologies can help improve the efficiency of GRC teams through their ability to analyse huge amounts of structured and unstructured data and generate well-formatted investigative reports, allowing practitioners to focus on more complex, high-impact cases. But these technologies also pose new opportunities for financial criminals. For example, using highly convincing fake identities to gain access to internal systems and sophisticated deepfakes generating false information to manipulate markets.
Regulators are constantly updating their rules. Regulatory intelligence is a developing RegTech use case for GenAI and LLM’s, scanning for changes in published regulations and comparing the firm’s written policies to check for inconsistencies and gaps. The UK Financial Conduct Authority (FCA) and FINRA in the US are making their rules machine-readable to facilitate this capability.
A shortage of AI skills is another frequently cited challenge at industry conferences. This is exacerbated by the competition for talent by pioneering tech giants including Google, Meta and Amazon. Firms must invest in training and awareness programs and develop robust policies based on thorough risk assessments. Regulators have a role to play by making reported incident and threat data transparent and accessible for analysis. The FCA again leads here by also offering advice and information for policy development.
Strategic, Scalable, Integrated Solutions
Implementing financial crime solutions requires a clear definition of the problem, an understanding of the firm’s risk appetite, and a selection of appropriate use-case specific tools. There is no one-size-fits-all solution. This process should follow a lifecycle approach that includes constant monitoring for market and regulatory developments and model recalibration to guard against drift.
Solutions must be scalable to handle the exponential growth in data volumes, and they should enhance rather than detract from the customer experience. The current levels of data volume already present significant challenges. Data must be clean if surveillance tools are to be effective; the age-old adage ‘garbage in, garbage out’ holds particularly true for effective monitoring, reducing excessive false positives and not missing a false negative.
Industry associations that bring together participants, their technology partners and regulators have a significant role to play in combating financial crime. Collective intelligence is a powerful weapon particularly when facing state sponsored adversaries. In the US, this year’s SIFMA AML conference features a keynote address from FinCen director Andrea Gacki. The UK FCA is demonstrating regulatory leadership by setting up tech sprints and development sandboxes where industry participants can pilot their latest innovations in a regulated environment and simulated market conditions.
Screening for Perpetual KYC
Perpetual know your customer (KYC) or continuous due diligence involves switching to an event-driven methodology to ensure compliance with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations. This ongoing approach contrasts with the traditional method where KYC checks are conducted during onboarding followed by annual reviews. Perpetual KYC aims to capture changes in customer circumstances and risk profiles in real time or near real time, thus providing a more dynamic and accurate picture of customer activities and associated risks.
One of the primary challenges in implementing perpetual KYC is identifying beneficial ownership. This process involves determining the natural persons who ultimately own or control a legal entity. This can be obscured through layers of corporate structures, trusts, and other legal entities across multiple jurisdictions. Scanning for changes in beneficial ownership and keeping up to date with frequently changing sanctions lists from various global regulatory bodies requires access disparate data sources.
An additional complication in beneficial ownership scanning is identifying politically exposed persons (PEPs). These individuals who are or have been entrusted with prominent public functions, often creating heightened risks in financial dealings due to their ability and opportunities to influence high-level decisions and potentially engage in or unwittingly exposed to illicit activities such as corruption and bribery. Scanning for PEPs is going to be particularly challenging this year with national elections in more than 60 countries including the US, UK, EU, and India.
GenAI and LLMs offer powerful solutions to these challenges by automating the collection and analysis of vast amounts of unstructured and structured data pulling from multiple databases and sources to continuously update records and provide alerts on changes that might affect a customer’s risk profile.
Combining GenAI and Social Network Analysis (SNA) with transaction data can detect anomalies that suggest changes in business activity potentially linked to money laundering or other illicit activities. Additionally, GenAI can help with data quality issues. By integrating GenAI and SNA into their compliance systems, firms can not only increase their operational efficiency but also improve their ability to mitigate risks and adhere to regulatory requirements, ensuring a robust AML/CTF posture.
Social Network Analysis, or link analysis, is a form of data analysis that focuses on the relationships between nodes in a network, where nodes represent entities like individuals, accounts, or businesses, and links denote the connections between them. This approach helps AML professionals distil complex financial transactions into understandable patterns and identify anomalies that may suggest illicit activities.
Looking Ahead
The future landscape of financial crime prevention appears to be one where AI powered RegTech innovations play pivotal role, not by replacing jobs but by augmenting the capabilities of GRC practitioners. The challenge lies in coordinating these advancements across the global organization and collaboration with other participants and regulators through industry associations like SIFMA.
By tackling these issues in manageable chunks and ensuring that solutions are adaptable and scalable, the capital markets sector can better safeguard itself against and the ingenuity of financial criminals and state sponsored threat actors.
Subscribe to our newsletter
