Criminals Are Exploiting 4 AML Compliance Program Vulnerabilities in 2023

January 12, 2023 · 5 min read
Criminals-Are-Exploiting-4-AML-Compliance-Program-Vulnerabilities-in-2023

Financial criminals are constantly seeking out vulnerabilities in financial institutions’ (FIs) AML programs and innovating their methods to circumvent AML investigative efforts. What they find dictates which bank, credit union, digital bank, or neobank they will attempt to exploit next. As such, you need to know what the criminals know to stay a step ahead of them in 2023.

Following are four critical compliance program vulnerabilities which money-laundering criminals know how to exploit well today:

Vulnerability #1: Every customer could raise concerns

As WorkFusion AML compliance experts noted in their explanation of how digitizing compliance drives profitability, each new customer has the potential of generating AML screening alerts — whether it is for negative news, political exposure, or sanctions risk. And criminals know that monitoring customer transactions is core to your AML compliance program.

The vulnerability here for most FIs is that they simply do not have the resources to keep pace with the volume of alerts generated by potentially suspicious customer activities. Criminals recognize that a common violation of the Bank Secrecy Act (BSA) occurs when an FI places a cap on its daily/weekly/monthly number of screening alerts. Instead of investing in scalable technology solutions or hiring enough staff to investigate the true volume of suspicious activity, some FIs allow a large volume of alerts to be ‘silenced’ and never investigated.

Vulnerability #2: Not enough experienced compliance experts

Despite the massively growing AML threat vector that has resulted from geopolitical events and thousands more people and entities recently being added to sanctions lists, FIs have not staffed up to meet increased volumes of AML activities that must be investigated. According to the LexisNexis® Risk Solutions 2022 study True Cost of Financial Crime Compliance, the top external compliance cost driver is “Growth in volume of AML activity,” and 87% of all firms surveyed say that more compliance regulations have increased workload volumes for their compliance teams over the past 12 months. Yet, only 1 in 4 FIs increased their hiring of experienced compliance operations staff since 2021.

The gap between needed resources and existing resources is even greater at smaller banks and regional banks. In a recent ACAMS Today article, BSA specialist Kevin Sherwood of People’s Bank NC asks and answers the question, “Why would money launderers even consider using a community bank or small credit union?” His response says it all: “The answer is resources. It is no secret that big banks have the ability to deploy considerably more technology solutions and staffing to detect money laundering and terrorist financing activity than smaller institutions.”

Vulnerability #3: FIs’ focus on customer satisfaction (CSAT)

There’s a battle for customers raging among incumbent banks and digital banks, with customer satisfaction scores determining who will win in the near term. The battle was inevitable, since customers worldwide have fallen in love with the streamlined, low-friction services offered by the faster, more agile digital banks/neobanks.

The result? Compliance teams at all FIs fall under high pressure from revenue-focused teams to speed approvals of new customer accounts in order to raise CSAT scores. No one wants to be the reason for their bank’s revenues to suffer. So, the more alerts there are, the less time compliance teams have to review them. The situation is even more dire when banks handle real-time payments, a growing market with extreme compliance needs. Compliance teams are often urged to make real-time payments (RTP) occur as fast as possible, because the market potential of RTP represents a huge revenue opportunity for banks that handle cross-border transactions. Criminals take advantage of the conundrum FIs face — either investigate all alerts properly and lose RTP customers to faster FIs, or bring in the RTP revenue stream and run afoul of regulators.

Vulnerability #4: Outdated compliance technology

According to PwC, despite increasing regulatory scrutiny and sanctions risk exposure, many FIs are still using outdated technologies to perform their AML sanctions screening. Most rely on rules-based sanctions screening software (transaction monitoring software like FircoSoft) that generates a large volume of alerts. Unfortunately, 98% of those alerts are false-positives. Criminals love this outcome, because it means that AML compliance teams are wasting long hours every day chasing down false-positives rather than pursuing true crimes.

The solution for FIs, of course, is to advance beyond the simplistic, rules-based sanctions screening software in favor of today’s AI-driven intelligent automation software that is purpose-built to filter false-positives down to just the truly suspicious activities. Some FIs have made the technology upgrade, as you can read about here.

However, as the LexisNexis® Risk Solutions 2022 study pointed out, technology spending among FI compliance teams remained flat from 2021 to 2022, even though FIs know that AI/ML tools can make their teams dramatically faster and more efficient when investigating AML alerts. The fact is, criminals know that FIs are slow to adopt new intelligent automation software, and they’re counting on the situation continuing in 2023 in order to keep FIs behind the times of the expanded threat vector.

Confound criminals with AI-driven intelligent automation

Any FI (large or small) can leverage intelligent automation to streamline their sanctions screening processes. It’s simple to progress from a four-eye maker-checker model to one in which automated Digital Workers are the makers, and human experts are checkers who focus on new insights and quality control.

FIs that are winning the AML fight in 2023 have deployed Digital Workers that collaborate side-by-side with their real-world colleagues. WorkFusion’s pre-trained Digital Workers with machine learning (ML) review all alerts for false-positive scenarios and conduct research to justify their decision-making, validating each scenario. When finished, they then document the rationale by writing it in natural language to provide a complete audit trail.

At WorkFusion, we have taken the concepts of automation and digital workers to a higher level. Our AI-enabled Digital Workers are process automation personified. They are valued digital members of your team who reduce manual work, enhance quality, increase speed, save money, support compliance, and expand the overall capacity of your team. They take care of the often mind-numbing and mundane — activities such as data collection, document handling, and false-positive clearing — freeing up their colleagues to work on more strategic and fulfilling projects. And they expedite previously slow and ineffective work that helps to improve customer service.

To see how our Digital Workers can transform your AML operations and strategy, contact us to arrange a demonstration today.

Discover the new face
of Intelligent Automation
Discover the new face
of Intelligent Automation
Ready to put our Digital Workers to work for you?
Let’s talk