As with all areas of technology, the regulatory space continues to evolve and look at ways to use tech to make things more efficient.

RegTech is a general term for the use of technological applications and systems to help manage, whilst ensuring compliance with, regulatory demands and responsibility. Historically, such systems have been used to help simplify large manual tasks, particularly in relation to anti-money laundering and the detection of suspicious transactions. However, with the recent developments in AI, RegTech has started to realise and discover the enhancements it can bring to their products.

So will it be that RegTech continues to utilise the advances in AI or will AI eventually take over RegTech? Similarly firms need to consider their workforce and how AI will enhance it.

What are businesses doing about it?

The vast majority of businesses are thinking about AI, talking about AI, and researching AI to understand how it can work for them, across many areas of their business. Compliance and AML is undoubtedly a big focus within this.

For instance, BCB Group, a leader in payment services for crypto exchanges, is actively exploring ways to embed AI into its compliance framework, demonstrating a commitment to innovation while prioritising customer experience and safety.

Businesses such as BCB want AI tools to:

● Automate manual processes
● Drive efficiencies
● Improve processing times
● Unlock new potential

As an example, many processes in Anti Money Laundering (AML) & Terrorist Financing (TF) require analysing large volumes of data, identifying anomalies, and making decisions as to what should happen next. AI tools, such as those considered by forward-thinking companies, can significantly improve time and efficiency in these areas, as they can sift through larger volumes of data more quickly.

If AI tools were used for this type of work, they could allow businesses to be more agile, lean, and efficient, with less use of AML professionals' time on manual and process-oriented work. This is something BCB is keen to progress on, as it allows its AML professionals more time to concentrate on in-depth investigations, latest learning, framework development and enhancement as well as personal career focus and development.

And this isn't the only way that AI can impact compliance and AML teams; it can also help dismantle barriers by providing cost-efficient ways to help the firm's growth. For example, AI translation tools can be very powerful in assisting with communications between teams around the world, whether they are in-house or outsourced. This could mean that businesses can be more cost-effective and able to grow their global reach, without compromising on the safety or quality that can be impacted by breakdowns in communication due to language and time zone barriers.

But there is a health warning!

Whilst there are many ways in which AI can impact businesses in a positive way, as highlighted above – this should also be viewed alongside a number of concerns and warnings about AI, some of which are detailed below.

1. One of the most important factors to remember is that AI tools learn from the data which is inputted into them. If that data is inaccurate, then the tool will also be inaccurate.
2. Businesses implementing such tools would need to 'train' these systems to ensure that they are producing the correct results – and this training can take many months.
3. Regulators recognise this fact, so they want businesses to make sure AI tools are consistently quality assured and that professionals still have oversight on decisions made using information from AI tools.
4. Privacy concerns! Anyone inputting KYC/KYB information into AI that you don't host or have full control over must ensure they have strong safeguards in place to make certain they are protected against potential data breaches and so forth.
5. There are/could be AI impact on careers and jobs

Before making any decisions on whether AI is something your firm is ready to embrace alongside a skilled workforce who are able to utilise the opportunities to grow your firm, and your own career do consider the below points when wondering if and how AI might impact your firm or role:

● AI isn't going anywhere so embrace it, if you don't someone else will! Think of AI as a tool that you can use to help you work smarter.
● AI isn't always accurate, so professionals will always be required to ensure the best outcomes. This means it's important to continually develop your own skills and keep them agile and up to date.
● Keep reviewing your own skill set, your value-add, and your impact on the business, and whether this is sustainable as AI evolves. Learn about AI's value-add as well, and instead of trying to replicate it, think about how you can use it to elevate your own position.
● The importance of soft skills cannot be under-estimated so keep focusing on this. They will become even more important in the future. Keep having conversations, network, and learn from peers. In an era where home and remote working has become prevalent, it's important to retain your communication skills by ensuring you're interacting with others often.

Conclusion

 Conversations about AI and RegTech will continue, and AI will keep evolving and even enhancing RegTech. Businesses should leverage the opportunities that AI can bring whilst exercising caution and continuing to hire and retain professionals with agile skill sets, who can ensure AI is used successfully and safely.

Whilst BCB and Twenty84 agree that advancements in AI will aid in AML investigations, we believe it cannot replace the human expertise and knowledge of high quality AML and Compliance professionals; they remain as important as ever. AML and Compliance professionals can and will only benefit from learning about AI, keeping up to date with its development, and embracing its use. By doing this, they can assure their own position as well as helping their firm to thrive.

***************************************************************************

This blog has been written in collaboration with Kym Routledge, Head of Financial Crime at BCB Group.

 Kym joined BCB in August 2022 as Head of Financial Crime, after holding the same position at an authorised UK lending platform which she left to expand her experience into DeFi. Having over 20 years experience in financial services in TradFi, including 13 years spent at HSBC group and time at BOS, as well as working for a UK FinTech, Kym is a forward thinker, who has a proven track record of assembling and managing Financial Crime teams of multiple sizes across different jurisdictions, whilst driving efficiencies and safeguarding firms against money laundering (ML) and terrorist financing (TF) threats. Kym is responsible for leading a team of Financial Crime SME's and Analysts to develop and operate the firm's ML and TF control framework.

AML is not without its accomplishments. The UK has been instrumental in establishing the Financial Action Task Force. Money laundering has been criminalised and covers the proceeds of all crimes. Europol has established itself in the fight against money laundering. The Egmont Group of financial intelligence units has been set up. The UK and 14 EU member states (plus the European Commission) are full FATF members and the remaining 13 are members of Moneyval. Governments evaluate each others' AML performance every so often. The term "money laundering" is now in common parlance.

However, the amount of proceeds of crime recovered as a result of successful money laundering prosecutions, as against the amount thought to be available to be laundered, is around 0.1-1.1 percent at best. Commission of the underlying predicate offences remains rife, and increasing, particularly in relation to emerging and disturbing criminality, such as the exponential growth of green crime and cybercrime.

Brexit has thrown in more challenges:

• Title X of the Brexit Withdrawal Agreement advocates supporting international AML/CFT efforts, the need to cooperate and to share information, but this is much looser than previous arrangements. That part of the agreement relating to AML is a mere 2 ½ pages, of which 2 pages are focused on Ultimate Beneficial Ownership
• The UK no longer has access to the Schengen Information System and related crime fighting databases. There is liaison through British embassies locally, but it is very much a "dialled down" relationship
• Although the UK has implemented EU MLD 5, "implementation" of MLD 6 and copycat steps of future EU regulation remain to be seen. In many areas new UK regulation is being prepared which will diverge from the EU, making decisions of equivalence, and thus cross border trade and action against international organised crime, far more difficult
• At a practical level, UK firms will have to follow local rules when dealing with EU based clients, and vice versa. This impacts cost, speed, effectiveness and profit
• Criminal organisations will exploit areas of confusion uncertainty and bureaucracy around Brexit, and new scams are expected

Increasing AML Effectiveness: Three focal points

At the same time, the EU Task Force on Improving AML Effectiveness around Europe has just released its report (https://www.fmli.co.uk/aml-in-europe-time-to-get-serious/). In it, the major AML issues in Europe are divided into three pillars: governance, risk management and capability. Some feel improving effectiveness is a simple question of reforming the European AML supervisory architecture with a new EU AML supervisor, but the answer is much more complex and nuanced than that. Such a step needs to be matched with action, commitment and improvements in capability to fight money laundering.

Pillar One: Governance

There are many fault lines across Europe in relation to AML governance. Brexit only adds to them:

• Both Europe and the UK lack a clear objective for what the AML regime is meant to accomplish. Without clarity of vision, mission and modus operandi, it is difficult to see how progress can be achieved. Most governments seem to focus on fining gatekeepers rather than convicting the perpetrators of predicate offences. AML compliance has become an end in itself. This is ineffective in reducing the scourge of drug, people, wildlife and firearms trafficking across Europe, etc.
• Only 15 EU nations are FATF members of FATF. 19 of the 28 EU member-states are members of the Eurozone. These fault lines cause dislocations across Europe.
• There is no EU coordinating body for AML policy except for the European Commission, with certain monitoring and supervisory functions carried out by the European Central Bank and European Banking Authority, and some loose information-sharing arrangements between national authorities. The report recommends creation of a new EU AML body, but with caveats
• The enforcement of criminal laws is reserved for individual member-states. True, there is some coordination of investigations through Europol, and instruments such as the European Arrest Warrant have been created, but usage of such tools varies wildly across the bloc.
• There is a real bottleneck in the FIUs. However, care must be taken that removing this does not just shift the problem to law enforcement and judiciary

Governance is not just about architecture, however. It's also about "battle rhythm":

• The gestation periods of legal and policy measures are far too long. For MLD 4, "flash to bang" time (from FATF policy development to implementation of law) was well over a decade. This is far too long. Such lag times undercut efforts to respond to the explosive growth of green crime, cybercrime and other issues.
• The mutual evaluation cycle is also around a decade long. Businesses are subject to annual reports, examinations and monitoring. Why should this concept not also apply to AML deterrence at governmental level? There is currently no annual assessment of country performance against FATF recommendations.

Pillar Two: Risk Management

No key performance indicators (KPIs) have been set by FATF, and countries are not even collecting data on underlying offences in a scientific manner, yet this is vital for effective policy development. How can policies be effective if you don't know the numbers? FATF has developed some indicators ("Immediate Outcomes"), but these are not the same as KPIs directly tied to predicate offences. An assessment of what really needs to be measured is urgently required to develop the correct tools, fund the most effective action and reduce the ever-growing scourge of underlying crimes. Greater government commitment is necessary. The report recommends better use of OKRs and KPIs at national and institution level.

Risk-based deterrence has been introduced to reduce compliance burdens and increase effectiveness. Although highly attractive conceptually, it has stumbled in practice, largely because the regulator decides what the risk is, rather than allowing firms to carry out their own risk function, with regulators verifying that the risk process works and firms honing their risk-assessment skills.

In assessing how deterrence should work, many have latched on to the three-lines-of-defence principle. This follows the old concept of castle building—the outer wall is the first line of defence, the inner wall the second, and the keep the final line. While fine for mediaeval strongholds, the only organisation building castles these days is Walt Disney.

For financial institutions this concept has customer-facing staff as front line, compliance as second line and audit in the castle keep. As a fortification against money laundering, the principle is outmoded and ineffective. It encourages the wrong mentality. Better a system of integrated active defence, where all AML assets are designed to work together in a manner similar to Integrated Air Defence Systems or Carrier Battle Groups.

Pillar Three: Capability

Training of law enforcement in how financial markets work is generally below what it could be. Virtually all law enforcement officers are given financial investigation training, but this is not the same as instruction in the operation of financial markets. Specialist financial police are needed, properly trained and supported. Commitment currently ranges from FIUs of just one officer, to specialist police like the Guardia di Finanza with around 70,000 persons.

Huge fines are levied on banks, yet governments appear unwilling to fund even small law enforcement projects to upgrade creaking IT systems. They even talk of special levies. Transparency over fines money is needed.

AML compliance has become an end in itself, with the real objectives lost in organisational data kleptomania. Digitisation of business has given rise to a search for an automated AML nirvana, reducing human input to a bare minimum. Yet AML is a human issue and programming errors can increase costs dramatically, as battles to reduce false positives have shown. Certain banks employ more staff on false positives than their national police force has in fighting money laundering. This needs rethinking.

Compliance is often seen as all cost with little or no benefit. Do some CEOs prefer to run the risk of fines to ensuring their business models and compliance functions are properly aligned, effective and efficient?

The Way Forward

So where does the solution lie? The following steps and options are recommended:

Governance:

• Develop clarity of vision and mission. Processes need to impact the underlying crimes, or there is no point introducing them.
• Develop a new AML body within Europe but be careful on governance. Sort out FIU.net.
• Ensure coordination between EU member states, and third countries, at all levels.
• Improve cross border cooperation at all levels, including data collection, intelligence generation, policymaking, investigation, information exchange, prosecution, etc.

Risk Management:

• Adopt OKRs and KPIs that relate to AML objective and underlying crimes. Measure what matters. Use the right metrics. Improve databases.
• Allow firms to develop and use risk-based systems properly.
• Carry out effective benefit-cost analysis of new laws and procedures.
• Adopt aggressive, coordinated defences.

Capability:

• Encourage training and spending on specialised financial police.
• Increase funding and support of law enforcement, enabling following the money trail.
• Improve training standards, including the courts process, policy makers, investigators and intelligence analysts.

The Future

We cannot go on as we are. Money laundering, like climate change and the threats to the natural world, is a truly international issue and needs a truly international response. We need a new agenda aligned to climate change and biodiversity steps the world needs to take urgently for its own survival. We must not be found wanting.

This is a guest blog post by Richard Parlour. Richard is a co-rapporteur for the EU Task Force on Increasing AML Effectiveness Across Europe. His focus is on all aspects of AML from policy to due diligence, investigations and training.