We’re doing analog AML to try and catch digital criminals

My good friend Lisa Moyle sums up the unsatisfactory nature of the current situation with Customer Due Diligence (CDD) quite well, writing that the current rules are neither effectively preventing nor capturing crime. Instead, she says, they risk making financial institutions so overly cautious that they only serve to exacerbate the problem of the un- or under-banked and create barriers for honest customers. She is spot on.

Her comments remind me of those of Rob Wainwright, then Director of Europol, when talking about the great success of the continent’s $20 billion per annum anti-money laundering regime. He said that “professional money launderers are running billions of illegal drug and other criminal profits through the banking system with a 99 percent success rate”. Although we are only intercepting 1% of the dirty money, the costs that the CDD regime impose on the finance sector are enormous. The costs of the Money Laundering/Terrorist Financing (ML/TF) regime is, according to the Journal of Financial Crime 25(2), “almost completely ineffective in disrupting illicit finances and serious crime”. 

But as Lisa has pointed out, not only does the regime we have now do little to hamper terrorists, money launderers, drug dealers, corrupt politicians or mafia treasurers, it does massively inconvenience law-abiding citizens going about their daily business. According to another piece in the Journal of Money Laundering Control 17(3), the Financial Action Task Force (FATF) identification principles, guidance and practices have resulted in “largely bureaucratic” processes that do not ensure that identity fraud is effectively prevented. Were strict identification requirements to be imposed everywhere and in all circumstances, though, there would be an even more negative impact on financial inclusion because of the barriers that Lisa referred to.

Surely it’s time for a rethink.

We erect (expensive) KYC barriers and then force institutions to conduct (expensive) AML operations, using computers and laser beams to emulate handwritten index cards and suspicious transaction reports (STRs). But as I have suggested before, suppose the KYC barriers were a lot lower so that more transactions entered the financial system. And suppose the transaction data was fed, perhaps in a pseudonymised form, to a central AML factory, where AI and big data, rather than clerks and STR forms, formed the front line rather than the (duplicated) ranks of footsoldiers in every institution. In this approach, the more data fed in then the more effective the factory would be at learning and spotting the bad boys at work. Network analysis, pattern analysis and other techniques would be very effective because of analysis of transactions occurring over time and involving a set of (not obviously) related real-world entities.

I think we need to plan for a new form of CDD for the digital age. We all know that COVID-19 is accelerating the evolution of digital onboarding, and that’s great. But we need to move to the next level. I call this Digital Due Diligence (DDD) and now that we live in a world where digital identity is becoming a thing (both for people and for organisations) it’s time to plan for a faster, more cost-effective and more transparent approach that is based on the world we are actually living in.