The Future of Financial Crime Compliance - A Compelling Use of Innovation in a Converging Digital and Physical World - Deloitte
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
The Future of Financial Crime Compliance A Compelling Use of Innovation in a Converging Digital and Physical World Volume 2
The Future of Financial Crime Compliance | Section title goes here
Contents Glossary of Terms
AI – Artificial Intelligence
Glossary 03
AML – Anti-Money Laundering
Foreword 04 AMLS – Anti-Money Laundering Suite
CFT – Counter Terrorist Financing
Introduction 06
FCC – Financial Crime Compliance
Chapter 1: A closer look at key trends in financial crime compliance 08 FEAT – Promote Fairness, Ethics,
Accountability and Transparency
Chapter 2: Toward a new financial crime compliance paradigm 12 FINTECH – Financial Technology
GDPR – General Data Protection Regulation
Chapter 3: UOB’s journey: Today’s Edge, Tomorrow’s Advantage 20
GFIN – Global Financial Innovation Network
Chapter 4: Getting ready for the new world 32 KYC – Know Your Customer
MAS – Monetary Authority of Singapore
End notes 35
ML – Machine Learning
Contact us 36 NLP – Natural Language Processing
PSD2 – Payment Services Directive
POC – Proof of Concept
PPP – Public-private Partnerships
REGTECH – Regulatory Technology
RPA – Robotics Processing Automation
SAR – Suspicious Activity Report
STR – Suspicious Transaction Report
UOB – United Overseas Bank
02 03
The Future of Financial Crime Compliance | Foreword The Future of Financial Crime Compliance | Foreword
Foreword
This whitepaper It sets out the paramount need for In the previous whitepaper1 (Volume 1)
Cheng Pui Yuen “ Technology is changing the way companies operate. With convergence
CEO, Deloitte
co-developed by Deloitte the banking industry to enhance their entitled “The case for artificial intelligence
Singapore
and the blurring of lines between physical and digital products
compliance capabilities against the
and United Overseas Bank changing landscape of delivery of
in combating money laundering and and services in the financial services sector, interesting questions are
terrorist financing”, Deloitte and UOB
(“UOB”) examines how services and consumer behavior. The started a journey to examine and share
being raised about the future of compliance. What kind of operational
financial services sector has to tackle collective perspectives on the use of framework and culture needs to be set, and what investments need to
technological disruptions the compliance conundrum - manage innovation to make financial crime be made? How can the industry leverage innovative technologies to
have transformed financial profitability while keeping compliance compliance more effective. The use
address the issue of financial crime better? All of this presents an
top of mind. Increased competition from of Artificial Intelligence (“AI”), Machine
crime compliance. new entrants has also dialed up the need Learning (“ML”) and Robotics Process opportunity to explore new dimensions and ways of doing things. This
for financial institutions to accelerate Automation (“RPA”) was analysed, taking whitepaper paints a picture of what is to come, and Singapore, on its
innovation with new products and services. reference from UOB’s collaboration
Smart Nation journey, will benefit from industry collaboration and
with a Regulatory Technology (RegTech)
Capturing and retaining customers remains solutions provider to develop a proof-
co-creation that can bring broader confidence when navigating the
a constant. Yet the evolving nature of of-concept (POC) for its Anti-Money future.“
banking competition and the onslaught Laundering systems and test it in a
of the fourth industry revolution that sandbox environment within the Bank. The
demands more innovative business pilot was a success. It resulted in greater
models, together continue to push the accuracy in identifying suspicious accounts
boundaries of the future of financial crime and transactions. The solution’s ability to
compliance. reduce false positive alerts enabled UOB
compliance officers to streamline their
Much thought is warranted on whether investigations of suspicious cases and use “In an increasingly complex regulatory landscape, banks must continue Victor Ngo
compliance capabilities need to be the time saved on higher-value work.
reshaped since financial crime is a major to ensure a strong compliance culture to safeguard customers' Head of Group
Compliance, UOB
risk for financial institutions. To continue to One year on, this second volume examines interest and to maintain the trust that stakeholders place in us. It
defend against financial crime, innovation the continued journey of UOB to shift the is important to remain constantly vigilant to ensure that we stay
by financial institutions to sharpen their
capabilities remains key.
dial in financial crime compliance.
ahead of new risks that are emerging every day, especially in an
UOB is using next-generation technologies increasingly digital world. The digital age also offers opportunities
This whitepaper will first describe the in the area of financial crime compliance for technological innovation that enables financial institutions to
criticality of the financial services sector’s
role in fighting financial crime. It would
to develop innovative solutions that meet enhance our preventive, detective and enforcement measures and
business and regulatory needs. We will
then list the manifold opportunities and delve into the Bank’s strategy in ensuring
to sharpen our risk management model. This whitepaper reflects our
considerations of using technology within financial crime compliance in this paper. learnings and experiences as we developed a compliance strategy
financial crime compliance.
that taps new technologies to enhance our risk management practices
and to defend against financial crimes today and in the future.“
04 05The Future of Financial Crime Compliance | Introduction The Future of Financial Crime Compliance | Introduction
“Innovation in financial crime compliance to
Introduction deploy the use of AI, ML and RPA is, today,
a basic need for financial institutions to
monitor risks and threats in a sharp and
A disrupted new world judicious manner. As next steps, we believe
that innovation has to move a few notches up
in financial services to monitor and assess financial crime from a
holistic perspective for an enhanced view of
material risks – both internal and external.
While the financial services sector faces focus on what matters most, and still As the following imminent step, we call for a
an array of risks today, there is perhaps continues to generate too many false
none as disconcerting as the impact of positives.
public private partnership to create industry
financial crime risk. level utilities to undertake surveillance on
New risk complexities contributed to transactions, typologies and threats in a more
The trillion-dollar threat has far-reaching by shifts in the business landscape
consequences and combating it is an and regulatory expectations require a
seamless fashion powered by innovative
unenviable task for every participant in refreshed approach of uplifting standards, technological capabilities. Silo view of risks
the global financial economy. Notably, surveillance capabilities, controls, internal through the infrastructure of a single financial
the issue of financial crime is a common policies and procedures. In essence, the
institution may not provide the outcome
challenge faced by both large and small changing landscape not just necessitates
financial institutions. Substantial regulatory business transformation but also required in this fast changing environment,
fines, ballooning compliance costs, and compliance transformation. be it the emerging business landscape or
reputational impact are high-stakes across financial crime sophistication. The burden
all financial institutions. Success will be driven by the seamless
integration of business strategy, regulatory
placed on financial institutions has to tip to a
While the existing financial crime compliance, risk management, technology, more rationalised balance with the sharing of
compliance model driven by rules-based and operations. responsibility by numerous stakeholders.“
algorithms is still relevant today, there is
an urgent call to respond to the shifting Financial institutions should reexamine Radish Singh
expectations that regulators place on their risk management function, including Southeast Asia Financial Crime Compliance Leader and AML Partner,
financial institutions to prevent, detect, the ownership roles and key responsibilities Deloitte Financial Advisory, Forensic, Deloitte
and predict illicit money flows. The issue of the first two lines of defense.
is exacerbated when legacy methods,
disjointed operational frameworks and While there is no silver bullet to fighting
financial crime controls remain unchanged financial crime, new and better compliance
despite criminal sophistication. Traditional frameworks and controls will enable
monitoring technology, even when financial institutions to stay ahead of
optimised, falls short – it cannot always criminals and money launderers.
06 07The Future of Financial Crime Compliance | Chapter 1: A closer look at key trends in financial crime compliance The Future of Financial Crime Compliance | Chapter 1: A closer look at key trends in financial crime compliance
Chapter 1:
A closer look at key In 2018, financial institutions globally
planned to invest US$9.7 billion in
enhancing their digital banking capabilities
In Asia, digital banking is not new either.
The arrival of such virtual licenses in Asia to
disrupt brick-and-mortar banking started
transfers that causes more complex
transaction monitoring for financial
institutions and authorities.
trends in financial
in the front office.2 While financial in the early 2000s with Japan, China, and
institutions race to remain competitive South Korea. In 2019, Hong Kong has also Also, technological innovations by
by investing in digital technologies that granted virtual banking licenses to eight traditional banks will require appropriate
enhance services and solutions for the companies. regulations to supervise and monitor
crime compliance
customer, equal attention needs to be the new business models that bring
given to mitigate multi-faceted financial More recently, Singapore has joined the opportunities but also new risks when
crime risks. foray, offering five new digital bank licenses there are regulatory gaps and loopholes.
that will drive intensified competition
This chapter examines the latest trends in between banks and non-bank companies Given the shift towards digital
the digital revolution and their potential Marking this move as the “next chapter in transformation, the vulnerabilities for
Perspectives on how the financial crime risks. Singapore’s banking liberalisation journey”,
the Monetary Authority of Singapore
financial crime continue to manifest
in cross-border transactions and the
digital revolution is reshaping
First, the arrival of digital and virtual (“MAS”) has enlarged the banking and interconnectivity between multiple
banks and non-traditional platforms. finance sector to “ensure a competitive economies that are governed by a varied
In Europe, digital banking has become and growing centre for finance in Asia and spectrum of lax to stringent regulatory
financial services mainstream, propelled by customer
demands, and subsequently governed by
the revised Payment Services Directive
globally”.5
Digital banks have brought about new
requirements.
Whatever the case, the baseline
(PSD2). This key regulatory initiative of customer experiences. The shift from expectations of the regulators is that
the European Union aims to facilitate brick-and-mortar bank branches to online financial institutions must ensure that
innovation and competition by creating a and omni-channel banking services has there is market integrity, effective customer
level playing field for financial institutions, also brought about faster go-to-market and due diligence processes and on-going
emerging Financial Technologies delivery of financial services. monitoring, specifically with regard to AML
(“FinTechs”) and other third parties.3 and CFT risks.
To date, European regulators continue With the rapid change pressing in on them,
to pioneer in this space via the Global brick-and-mortar banks are now also As a consequence, in a digital or virtual
Financial Innovation Network (“GFIN”). making swift changes toward digitising their banking model, the financial crime
GFIN is a global innovation sandbox delivery platforms and channels. While compliance dimension is on the cusp of
set up in early 2018 for FinTech firms improving customer experience, digital transformation.
seeking regulatory insight to test and banks have also introduced additional
scale products and services in a regulated financial crime dimensions. Digital banks
environment and is supported by 35 are typically branch-less, with easier
financial services regulators.4 handling and anonymous cross-border
08 09The Future of Financial Crime Compliance | Chapter 1: A closer look at key trends in financial crime compliance The Future of Financial Crime Compliance | Chapter 1: A closer look at key trends in financial crime compliance
Regardless of the delivery channel, financial For example, cryptocurrencies and their Further, enabled by technology
crime risk has to be managed and must be potential abuse as a means to finance innovations, moving money at high speed
done in a manner commensurate with the terrorism is a significant threat, especially and across borders has become much
business model, product vulnerabilities when its anonymous nature and lack of easier. This has also introduced new
and services to risks. regulatory supervision could be exploited. pressures and expectations on AML and
CFT compliance.
Traditional Know-Your- Customer (“KYC”) The point is clear: As much as financial
processes will have to be reimagined and institutions and financial technologies With current models of AML compliance,
accelerated. This is because customers ("FinTechs") are experimenting with new delaying transactions to ensure proper
are receiving round-the-clock digital models to offer faster "time to market”, review and KYC checks will directly affect
services bypassing human interaction to and cost efficient products and services, these sought after efficiencies that are
the extent possible. These advances bring bad actors are finding smarter ways to expected by customers. Faster payments
benefits but also next complexity. While launder ill-gotten gains. At the same time, gives little time for monitoring and could
faster onboarding is to be expected from boundaries will be pushed to ensure that invoke considerable pain points within a
branchless banking, AML/CFT background
checks and underlying customer due
more effective systems emerge constantly
to combat financial crime.
financial institution’s front and middle office
operations and capabilities.
“Banking goes beyond
diligence still require particular attention in technology; FinTech
assessing potential risks. In Singapore, the Payment Services Bill that
was recently passed brings all payments
Financial institutions keen to be part of
the digital arms race will find that the
firms must ensure
Financial crime compliance must continue services under a single legislation to take early establishment of best practices and that they have all
to be placed at the fore. For example,
UOB’s first mobile-only bank - TMRW - is
into account new developments and the
various risks they pose to AML and Counter
compliance risk management is crucial.
the elements and
seeking not merely to offer a differentiated Terrorism Financing ("CFT").7 responsibilities of risk
customer experience to millennials, but
to protect the customer's interest and Singapore is one of the first countries in the
management and
mitigate risks to the banking system. world to introduce a new licensing regime regulatory compliance
TMRW was launched in its first ASEAN
that finely balances the promotion of digital
payment innovations with the mitigation of
in place to offer
market - Thailand - in March 2019.6 risks. With the Bill, payment providers and banking services.“
exchanges will have to consider AML and
To support the business model for its CFT risk, though this will be imposed within Dennis Khoo
digital bank without compromising its appropriate levels, to avoid onerous or Regional Head of
robust compliance controls, UOB first stifling regulatory burden. TMRW Digital Group, UOB
identified the portfolio of risks for TMRW. The Business Times, 08 May 2019
The Bank then determined how to ensure In any case, the introduction of a new
financial crime compliance for the digital regulatory framework for digital payment
bank. services is a positive response to the latest
innovation and business models in the
Second, the arrival of non-banks and industry.
payment providers (FinTechs) that
offer more accessible and convenient Third, faster payments. As previously
payment alternatives. Growth in the mentioned, the banking industry continues
payments space are driven largely by a to be transformed by rising consumer
renewed focus on customer centricity, expectations to manage and move
offering a plethora of payment options money with greater flexibility and speed.
including digital wallets, mobile wallets, Modernising payments yields growth
crossborder payments, cryptocurrencies benefits for businesses such as those
(token and exchanges) that reduce in the areas of money remittance and
payment friction and support transactions. e-commerce since it ultimately improves
These payment methods bring forth new customer experience and helps accelerate
financial crime risks that could mean new business transactions.
regulations may be required to address
them.
10 11The Future of Financial Crime Compliance | Chapter 2: Toward a new financial crime compliance paradigm The Future of Financial Crime Compliance | Chapter 2: Toward a new financial crime compliance paradigm
Chapter 2: Traditional Approach
Toward a new
The traditional framework (See Figure 1) for financial crime processes include KYC, Know Your Customer’s Customer, enhanced
compliance is a labyrinth of policies, procedures and processes. due diligence, ongoing monitoring, name screening, transaction
This may have been of sound design and effectiveness prior to the monitoring, assurance, risk assessments and reporting.
change in landscape previously mentioned. However, to ensure
financial crime
that financial institutions remain effective against increasingly There are three phases of compliance programmes in our view:
complex financial crime, there is a need to review legacy processes.
• The first phase as explained is the traditional model;
Such reviews could mean re-engineering legacy processes
compliance paradigm
and design principles that typically operate in silo and contain • The second phase is the next-generation compliance framework
cumbersome architecture. It could also mean revamping manual where financial institutions innovate to connect AI/ML and RPA
processes laden with associated challenges that include human into key processes or technologies to become more effective in
error, lack of agility, and complex operating models. managing financial crime; and
Perspectives on mixing smart
Accordingly, a new approach that maps out the customer journey • The third phase is moving a step further into a futuristic approach
and the compliance processes is required to break siloes and by undertaking holistic surveillance and analysing financial crime
to ensure that the necessary safeguards are in place across the threats. This is yet to be tested.
technology in a converging business' portfolio of products and services. These compliance
digital and physical world Figure 1: Traditional Approach to Financial Crime Compliance
ONGOING MONITORING RISK REPORTING
CUSTOMER PROGRAMME ASSESSMENTS
MANAGEMENT
Customer Transaction Controls testing Dashboards
Onboarding (KYC) monitoring
Customer risk Suspicious
Name screening Trigger events rating Transaction
Reporting
Risk rating Red flags, alert Due diligence
criteria Management
KYC Utility Periodic review Reporting
Policies and
Customer Investigations procedures Governance
Offboarding
12 13The Future of Financial Crime Compliance | Chapter 2: Toward a new financial crime compliance paradigm The Future of Financial Crime Compliance | Chapter 2: Toward a new financial crime compliance paradigm
A New Approach
To execute this new approach, business
As with most transformation
units (first line of defence) and compliance
projects, the inner workings within
functions (second line of defence) should
agree upon the key threats that require
operational frameworks anchor its
monitoring, their representative controls, outcomes and successes.
as well as risk owners. In the United States,
the Federal Reserve Board’s guidance
sets the tone for business leads to be
Using technologies across The journey requires a closer look into
technological design and implementation.
accountable to risk owners. Similarly in the customer lifecycle This includes addressing key aspects
such as:
Singapore, MAS has provided guidance on
the necessity of the Board and business Key opportunities for innovation and the
leads to proactively manage money use of technology and analytics to curb Data quality and data mining in
Figure 2: Deloitte view of new generation compliance framework where financial
laundering and terrorist financing risk.8
Consequently, implementation of controls
financial crime in every step institutions innovate to interlace AI/ML and RPA into key processes a new era of data privacy from
the implemented EU General
has to be driven by the business with
Data Protection Regulation
advice from compliance.
DIGITAL ELECTRONIC ARTIFICIAL INTELLIGENCE BEHAVIOURAL ANALYTICS: Use (“GDPR”) and Singapore’s
ONBOARDING: VERIFICATION: Use MyInfo FOR TMS OPTIMIZATION: advanced data analytics techniques principles to Promote Fairness,
In line with this guidance, a robust and Digitally collect, to confirm and validate the Use machine learning to to predict behaviour based on Ethics, Accountability and
comprehensive roadmap to deploy the identify and check identity of the customer improve effectiveness and historical transactions. This is also
gital customer life cycle large volumes of reduce false positives in Transparency (“FEAT”)
initiative must be formulated. This means part of holistic surveillance.
the first line of defense will have to play a data without the use transaction monitoring
h possible solutions
critical role in understanding regulatory
of manual forms
ANALYTICS
Integrating multi-source data
obligations and work closely with • Network Analysis/
and data security
opportunities
compliancefor innovation
to ensure proper risk mitigating TRANSACTION Entity Resolution
MONITORING
the use of technology
measures with the rightand
controls are in • Behavioural
place. • False-positive Analytics
ytics to curb financial crime management • Analytics
Governance of complex
technologies such as AI and ML
ery stepWith financial crime compliance seen as a • Rules Techniques:
REPORTING
Board Agenda, collaboration between the Customisation Machine Learning
• Visualisation
two lines of defense should set a strong Dashboards Hybrid workforce: Human
compliance culture and ensure that the • Real-time talent, machines and skills of the
interest of financial institutions and their INFORMATION INVESTIGATIONS future
• Accessibility
customers is safeguarded and sustained GATHERING
• Alert Case
over time. • Utilise KYC tools Management
Customer
for data • Audit trails Every aspect is required to manage
Across the financial crime risk management collection,
verification, risk • SAR Filing and deploy technologies against
framework, there are many areas in (Use of RPA to
rating and compliance requirements and
the value-chain where technological approval file STR)
innovations such as data analytics, AI, ML,
the desired business outcomes.
workflow
RPA, Natural Language Processing (“Natural Compliance, data scientists and IT
• KYC and CDD
Language Processing”) and cognitive data integration
teams play a critical role in assessing
intelligence can be applied. • Adverse Media,
ROBOTIC PROCESS TRANSACTION ACTIVITY RELATIONSHIP ANALYSIS: and organising the approach to
AUTOMATION FOR TREND ANALYSIS: Make associations between
Social Media NAME SCREENING:
attain the required objectives.
Use of machine learning suspicious entities or
No two financial institutions will data integration Robot will trawl the web to to spot patterns of individuals through
adopt technologies in the same for screening check for adverse news to suspicious activity and flag relationship mapping and
purposes screen against PEP and alerts when similar
manner. Such endeavours are largely network analysis. This is also
• Customer risk sanctions lists patterns are detected part of holistic surveillance.
dependent on the firm’s vision, assessment
short, medium and long-term goals,
limitations, and risk appetite for
digital transformation.
14 15The Future of Financial Crime Compliance | Chapter 2: Toward a new financial crime compliance paradigm Theof
The Future Future of Financial
Financial Crime Compliance
Crime Compliance | 2: Toward a new financial crime compliance paradigm
| Chapter
Singapore’s Push to be a Smart Financial Centre Transitioning to a foreseeable Future State
of Financial Crime Compliance
In January 2019, the Singapore Government Furthermore, regulators may also have
released a guide entitled “The Model AI a greater level of expectation in the The design of the future state, we believe, must include the following considerations:
Governance Framework”, for organisations production and adoption of AI models.
to practically address key ethical and Greater focus is required to first develop
governance issues when deploying AI a sound and structured approach before
technologies.9 the testing of these models. Existing risks
reside in:
Specifically, it looks at four key priority
• data privacy and protection regulations
areas: 1. Public-private partnership and 2. Onboarding customers based on 3. Screening and monitoring
breaches (e.g. GDPR, PDPA, FEAT),
sharing information. For example, their profile and susceptibility transactions with the use of AI
I. Internal AI governance structures and
• defensibility of outcomes, KYC utilities at the national level could to financial crime threat rather and ML models to assess real
measures;
evaluate data and intel from various than making broad-stroke threats rather than using rigid
• unclear or conflicting regulations,
II. Risk management in autonomous sources to profile a customer including guesses at customer risk based on rules that result a large volume of
decision-making; • lack of standards and regulations, using entity resolution to understand straightjacketed indicia. The latter false positives. This process should
any linkages to risk rate customers. is losing its charm in the world of be embedded with an automated
III. Operations management; and • lack of audit trail and traceability.
The manner in which periodic review increased complexity that demands assurance functionality built into
IV. Customer Relationship Management is undertaken must be innovated with cogent evidence based information. the framework through the use of
In line with the authorities’ views, the
cutting-edge technology capabilities. technology. We anticipate that such an
transition to a comprehensive future
This would be more meaningful than endeavour will result in providing a view
financial crime compliance model in the
Singapore’s laser focus on mid to long term should aim to feature a
the collection of a myriad of documents around the defensiveness of the models
AI governance has provided that damages the experience of the being used and an overall effectiveness
holistic, continuous and intelligent view
genuine customer. and efficiency. The ultimate goal
much needed guidance that of a financial institution’s entire financial
should be for industry level untilities to
has provided clarification crime risk landscape. To do so, there must
undertake transaction surveillance;
be the proficient use and analysis of data
to financial institutions and
sources from multiple channels and the
compliance practitioners pinpointing of financial crime risks with
to consider the governing greater confidence through the combined
principles when it comes to expertise of financial crime compliance
the promises of using AI. experts and next generation technologies.
This will include analysing both internal and 4. Use of digital platform to conduct 5. Use of RPA and digitisation across all
external threats that can pose a risk to the first, second and third line reporting demands that includes both
As with all broad adoption exercises, financial institution. assurance, risk assessments and internal and external reports, thereby
concerns around governance, threat based analysis of risks from the minimising manual work involved in
documentation, relevant talents and By doing so, we aspire for this to also data made available from all sources. producing myriad of reports. The use of
resources to handle complex enterprise provide financial institutions with enhanced The calculation of inherent risk should RPA should also bring ease in drawing
technologies emerge. capabilities for early detection, taking take into account data relating to the out potential linkages and themes
preventative measures and reporting real financial crime threats posed to which could be easily missed in manual
anomalies and suspicious activities in a the financial institution. This should reporting.
timely and swift manner. inform the focus of first and second
line assurance programme. Risk and
controls effectiveness should be viewed
from a single assurance platform by
understanding the weaknesses found
across the organisation via various
assurance programmes and analysis
undertaken for products and services,
risk assessments, KYC, screening and
monitoring with AI / ML, etc.
16 17The Future of Financial Crime Compliance | Chapter 2: Toward a new financial crime compliance paradigm The Future of Financial Crime Compliance | Chapter 2: Toward a new financial crime compliance paradigm
Challenges of the Holistic
Surveillance Approach
The use of cutting-edge innovation and
6. Undertaking holistic surveillance to treading into unchartered territory
close the loop in ensuring that no CLIENT EXPERIENCE
requires management commitment.
material risks go unnoticed. INTEGRATED CONTROLS BUSINESS-RISK ALIGNMENT
Accordingly, key challenges are:
Figure 3 is a simplified illustration of a
GROUP HORIZONTAL SUPERVISION STRATEGY
Deloitte holistic surveillance model and Seeking internal “buy-in”. This is
blueprint. Retail Commercial Wealth/Private Banking Investment Banking LoB X LoB Z not easy when dealing with what
seems like a blue-sky concept
In our view, holistic surveillance with no tangible credentials and
mechanism should use data from all data points;
relevant sources within the financial NICATION TR
MMU S IG
institution to transform the visualisation CO G
ER
LS T I C S URVEILL
A Sandboxing and incubating
of financial crime risks. It is our A LIS NC
HO E new ideas to create the test
S
N
expectation that holistic surveillance
G
SI
environment. Working towards
will allow financial institutions to System A System B
the target state requires
monitor and focus on key risks. It will
sponsorship, time and resources;
provide early warning signs for taking System E System C
preventative measures, a picture of
where risks are concentrated within Ensuring that the incubation
the organisation and sharpen focus DATA ILLUSTRATIVE SURVEILLANCE results in a metamorphosis
System D AML
on material threats posed to the AGGREGATORS FUNCTIONAL AND ALERTS of deployable results. The
AREAS pressure to succeed has to be
organisation based on all data sources.
balanced with good governance,
CAS
ICS
News Sanctions
In designing this, we are looking into planning, reasonable timelines,
YT
E M
the use of AI and ML models to learn troubleshooting issues due to
AL
Trade
AN
Fraud
AN
and assess threats, data analytics to Surveillance data and legacy systems. Testing
AG
EM
TR
T
A
visualise risks and contextualise data for EN A and assurance will also require a
IG
D G
S
relevance to financial crime risks. AL T S
ER defensible approach that can be
operationalised, explained and
N
IG S
We intend to report on the outcome of able to withstand challenges;
this approach in the near future.
Selecting the right partners
OVERSIGHT & SURVEILLANCE through a robust selection
process; and
POLICIES, PROCEDURES & PRODUCTS
The lack of an eco-system
Figure 3: Deloitte’s blueprint for a holistic surveillance model. Note that this is the intellectual
makes the journey even more
property of Deloitte Touche Tohmatsu Services, Inc. and should not be copied or reproduced
without prior written consent or permission from Deloitte. precarious and vulnerable from a
sustainability perspective.
18 19The Future of Financial Crime Compliance | Chapter 3: UOB’s Journey: Today’s Edge, Tomorrow’s Advantage The Future of Financial Crime Compliance | Chapter 3: UOB’s Journey: Today’s Edge, Tomorrow’s Advantage
UOB’s Financial Crime Compliance Approach
As part of its strong focus on maintaining a customers. The Bank is also building ML name screening - to test new innovations.
risk-focused organisational culture, UOB is models in parallel to its existing rules- UOB will then implement successful
partnering with technology innovators and based AML systems. The aspiration is innovations that align with its compliance
industry leaders to enhance its compliance to shift beyond rules-based systems to strategy across the Bank. The adoption of
capabilities to stay ahead of emerging risks. achieve higher performance with ML the ‘Triple-A approach’ and the promising
In the area of financial crime compliance, models and other disciplines of AI. results in triaging, classifying and ultimately
UOB has created an ‘AML/CFT Technology focusing on what is material will be
Roadmap’ to harness next-generation AI The ways in which financial crimes are discussed in the rest of this chapter.
and ML driven technologies to combat being committed continue to change and a
money laundering and terrorist financing. holistic view of risks and the threat-scape In particular:
Chapter 3:
is important. UOB's ‘Triple-A approach’
Several factors were considered in the (see Figure 4) taps AI, Automation and Inside UOB’s AI Journey: Realising
1
implementation of this roadmap. The Bank Analytics to enable the Bank to stay ahead
UOB’s Journey:
the vision to implement AI
reviewed the plethora of RegTech solutions of financial crime and to make sharper,
which could be suitable for the Bank's smarter and swifter detection of high-risk 2 A winning mix of Automation and
needs based on their agility and scalability, activities. The Bank also expanded its team human resources
their interoperability with existing IT of experts with skills and experience in
Today’s Edge,
infrastructure to implement AML, CFT data and AI. Deloitte worked alongside the 3 Pushing the boundaries of insight
and Sanctions controls. In addition, the Bank as a knowledge partner across their with Analytics
selection of best-fit technologies had AI and Automation processes.
to meet investment returns objectives,
Tomorrow’s Advantage
tangible benefits and outcomes, and most To evaluate suitable RegTech that could
importantly, drive business performance drive the Bank's compliance objectives,
and enable the Bank's business units UOB identified two areas in financial crime
to enhance the way in which they serve compliance - transaction monitoring and
United Overseas Bank Limited (UOB or the Bank) is Figure 4: UOB's 'Triple-A approach' for transaction monitoring
upholding its commitment to be a Bank with a strong risk-
focused culture using next-generation technologies to stay
Artificial
Intelligence Automation
vigilant in an ever-changing financial crime landscape.
30% 30%
Faster Faster
Analytics
30% 30%
Faster Faster
20 21The Future of Financial Crime Compliance | Chapter 3: UOB’s Journey: Today’s Edge, Tomorrow’s Advantage The Future of Financial Crime Compliance | Chapter 3: UOB’s Journey: Today’s Edge, Tomorrow’s Advantage
1
Inside UOB’s AI Journey:
Realising the vision to implement AI
The pilot of ML models to combat against money launderers and terrorist “We are excited to be one of the Today, the Bank is actively working with Deloitte
very few RegTech companies and Tookitaki to prepare for its pre-production and
financing is in full swing with the Bank moving towards production.
globally to operationalise a production environment to launch the ML models.
In 2018, UOB teamed up with Tookitaki, a Singapore-based RegTech startup to use ML as part of its anti-money laundering programme. machine learning-powered
Tookitaki's Anti-Money Laundering Suite (“AMLS”) is an end-to-end transaction monitoring and name screening system. It combines anti-money laundering (AML) Tangible benefits observed using ML models for
solution within a bank's existing AML compliance:
supervised and unsupervised ML techniques that seeks to detect suspicious activities and identify high-risk clients quicker and more
accurately. In the 2018 pilot, Deloitte performed an independent model validation, conducting reviews and validation techniques to assess infrastructure. Tookitaki's Anti-
the conceptual soundness of the Bank's ML models. The results are detailed in a case study entitled ‘UOB, Tookitaki and Deloitte readies Money Laundering Suite (AMLS)
machine learning pilot to accelerate the fight against money laundering’ found in Volume 1 of a joint whitepaper between UOB and Deloitte. Increased effectiveness in identifying
uses a combination of distributed
suspicious activities
data-parallel architecture and
The results of the 2018 pilot and the subsequent ML models are illustrated in the diagrams below:
machine learning to ensure
The subsequent ML models were tested with a unique data set, yet The successful results gave UOB the confidence to begin its next
scalability across a bank's Sharper focus on data anomalies rather
they achieved a 50 percent drop in false positives for transaction phase - moving the ML models to production. However, prior to multiple business lines and than depending on threshold triggering
monitoring processes compared to the 2018 pilot that was 40 this, the Bank will go through another round of model validation to complex layers of existing
percent. Similarly, for name screening processes, the subsequent ascertain the robustness of the models. technologies and systems.
ML models fared positively with a 70 percent reduction in false Easier customisation of data features to
positives for individual names and 60 percent reduction in false High model accuracy, continuous target specific risks accurately
positives for corporate names. learning, detailed explanation of
outputs and easy integration with
a bank's upstream and Enable longer look-back periods to detect
PILOT DONE IN 2018: downstream systems make complex scenarios
TR ANSAC TION MONITORING
SUBSEQUENT ML MODELS: AMLS an optimal choice for any
sustainable AML compliance
TR ANSAC TION MONITORING
programme designed to scale.
5% 40%
Nevertheless, the successful
Tookitaki
deployment in production
5% 50%
increase in reduction in
true positives false positives environment lies in a coordinated
effort between the software
NAME SCREENING
vendor and the bank's • AMLS solution received the
‘AI in Banking’ Excellence
technology, AML compliance, Award from the Singapore
60% 50% increase in reduction in internal audit and model Business Review10
true positives false positives validation teams.“
• AMLS solution selected as
Mr Abhishek Chatterjee one of the World Economic
reduction in false reduction in false NAME SCREENING
positives for positives for Founder & CEO, Tookitaki Forum’s ‘Technoloy Pioneer
individual names corporate names
Cohort 2019'11
• AMLS solution wins the
70% 60% 2019 SG:D Techblazer
Award (silver) in the most
promising innovation
category
reduction in false positives reduction in false positives
for individual names for corporate names
22 23The Future of Financial Crime Compliance | Chapter 3: UOB’s Journey: Today’s Edge, Tomorrow’s Advantage The Future of Financial Crime Compliance | Chapter 3: UOB’s Journey: Today’s Edge, Tomorrow’s Advantage
Pre-production Preparations
In this step, the considerations amplify as new risk factors arise. These issues have to be
resolved before the models can be scaled across the Bank’s multiple business lines and
complex layers of infrastructure and systems.
Operationalise Governance
To operationalise the AMLS, additional The Bank is working with Tookitaki to management systems, so that compliance In the area of supervision and governance, Continuous review of the receptiveness of of the first productionised ML models is
assurance and testing for model address these outlined considerations officers can easily access alerts and the Bank has also adopted principles from these ML models through a well-structured currently slated for the first half of 2020.
confidence on real-data sets are being pursuant to the validation exercise prioritise investigations. (See Figure 5). Singapore’s AI Model Framework when feedback loop is an imperative. Ultimately,
done to ensure it can integrate with undertaken by Deloitte. In terms of The advantage of having this approach charting out practical steps to deploy AI at determination of threats and risks to the These ML models will be layered onto
the Bank’s current infrastructure well. the integration of AMLS with existing meant that compliance teams were already scale in financial crime compliance. UOB Bank depend on sound judgement of the UOB's existing AML systems to monitor
Considerations such as data management, technologies and systems in the Bank, familiar with the workflow for alerts and Deloitte collaborated to develop a human analyst. The latter is the collective transactions and conduct name screening.
privacy and data issues, and the need for key steps were planned to ensure that management and minimal retraining is resilient governance ‘AI Model Management aspiration of UOB and Deloitte and the This means that even as the Bank deploy its
the right sets of skillsets and capabilities to the additional layer of the AMLS has no needed. The Bank is working toward a Framework’ (see Figure 6) in financial crime aim is to involve a wider eco-system AI and ML platform, it will also continue to
supervise models are also part and parcel disruptions to normal business processes governance review and assurance process compliance. This formed the initial guiding of participants that include regulators, optimise the existing rules-based systems.
of what it means to put the ML models into and activities. With the introduction of to ensure that low value alerts receive approach for implementation of ML models RegTechs and the financial services sector.
production. AMLS, the output files from alerts are adequate attention. This is also in line with that include model risk management,
built to be compatible with existing case UOB's robust risk management approach. managing biases, explainability of the Presently, the Bank is in the preparatory
models, application of data privacy and stages for production, reviewing
FEAT principles, data management, operationalisation and governance design
assurance and testing of the models and in order to fine-tune and scale the models
incident resolution. with a structured approach. The launch
Figure 5: Figure 6: AI Model Management Framework
ORGANISATION
AND GOVERNANCE
EXISTING SYSTEMS
CASE MANAGEMENT
SUPPORTING MODEL
TECHNOLOGIES LIFECYCLE
AND PROCESSES MANAGEMENT
Transaction
Monitoring and Transactions
Name Screening AMLS
Alerts Review
AI MODEL
Customer Accounts Seamless interaction of MANAGEMENT
AMLS to the existing front FRAMEWORK
Better
and back office systems visualisation
of risks
RELATIONSHIP MODEL RISK
MANAGEMENT MANAGEMENT
COMPLIANCE
OFFICER
DATA
MANAGEMENT
24 25The Future of Financial Crime Compliance | Chapter 3: UOB’s Journey: Today’s Edge, Tomorrow’s Advantage The Future of Financial Crime Compliance | Chapter 3: UOB’s Journey: Today’s Edge, Tomorrow’s Advantage
Associated governance
challenges when using
ML models:
• Human biases that will affect ML models and algorithms. To the
extent possible, human biases must be excluded for models. A
delicate balance and due care is required to ensure that the removal
of biases does not eliminate the typologies and red flag based
monitoring that is an imperative in financial crime compliance.
• Transparency concerns and “black box” design. Regulators will not
accept black boxes. All necessary effort must be dedicated to ensure
explainability of models.
“As a values-based bank, ensuring that we stand by our
• Misunderstood uses and technology with the needs to customers and do right by them is at the core of all that
demonstrate clearly the benefits of innovation in creating greater we do. UOB’s compliance function work closely with the
effectiveness in managing financial crime risks. Bank’s technology and operations teams and business
segments to maintain our robust compliance controls
• Misunderstood governance, ethical challenges and applications. and to keep pace with the changing industry landscape.
Regulators expect that the Board and Senior management remain on Together we ensure a strong risk culture within the
top of the innovation deployed in a financial institution. In addition,
model risk management that challenges processes in order to
Bank that complements our innovation drive to design
provide assurance is necessary. solutions and services that matter to our customers.“
Victor Ngo
• Controls over supervised and unsupervised learning. Head of Group Compliance, UOB
IBF Distinguished Fellow (2019)
26 27The Future of Financial Crime Compliance | Chapter 3: UOB’s Journey: Today’s Edge, Tomorrow’s Advantage The Future of Financial Crime Compliance | Chapter 3: UOB’s Journey: Today’s Edge, Tomorrow’s Advantage
2 Maintaining regulatory compliance can For example, the traditional approach As part of UOB’s automation efforts, Other realised benefits include: In light of the aforementioned benefits,
A winning
be an uphill task; and is exacerbated for name screening in KYC remediation Deloitte assisted with the implementation the Bank’s team of analysts can afford far
• reduction in error rates due to
where organisations continue to deploy is highly manual, repetitive and resource of RPA to help improve a number of greater attention on suspicious alerts,
automation of manual activities,
fragmented and manual processes when heavy. With RPA, scale and value is selected processes within the Bank’s maximising their investigative expertise
mix of conducting financial crime compliance
activities. Given the numerous data
achievable with greater assurance, lower
cost and higher speed of execution.
transaction-monitoring framework. These
include alert review tracking, alerts review,
• improved compliance and increased
auditability of activities,
and unique value judgement in detecting
and preventing financial crime.
Automation
points, extraction and synchronisation The use of such robots are growing with alerts allocation, and STR upload and
• reduced manual hours performed by
of files, reports and workflows, using RPA considerable interests as tangible benefits listing. Over time, the value attained is a stronger
analyst teams with valuable time savings
serves as an effective and useful tool to are observed, particularly in terms of: risk management framework and the
placed in higher value work,
and human
improve regulatory compliance. Specifically, These select processes were the starting synergies from humans and machines
• Productivity: Robots can operate
automation opportunities abound point and test bed for the efficacy of use • standardisation of transaction monitoring working in tandem with each other.
24/7/365
such as name screening, transaction when it comes to RPA. processes across the Bank, Following the Bank's proven success in
resources monitoring alert clearance, and SAR/
STR reporting. These processes are
repeatable and/or routine, rules-based,
• Efficiency, Quality and Accuracy: Humans
are prone to manual errors especially
with voluminous alerts that are routine
Through its implementation, the Bank
was able to reduce manpower hours
• a value-chain of “robots” where data
collected through RPA can also be used in
using RPA within transaction monitoring,
UOB will look at implementing RPA in
other areas of its compliance operational
other downstream processes.
and can be performed with minimal human and onerous. by 30 percent, which demonstrated the framework.
interference and best suited for RPA. advantages of deploying automation for
• Time and Cost Saving: Robots can be While the Bank welcomes the efficiency
repeatable and manual processes. With the use of RPA, the ‘Triple-A approach’
scaled to meet peak demands and gained, the best outcome from RPA resides
seeks to create continuity in the process
takeover rules-based administrative tasks in its ability to improve oversight and
of name screening and transactions
operations.
monitoring. For instance, once the process
of triaging alerts become more effective
through the use of ML, the ensuing process
to dispose or investigate high risk alerts is
readily optimised by deploying RPA.
Figure 7: The use of RPA in UOB's 'Triple-A approach'.
“ It is a continual journey for us. Our priority is to ensure
that all investments have a tangible outcome and can be
scaled across the Bank after the proof of concept. As a
result, we would rather spend a longer time thinking Reduced manual
effort of human
through the business case and working with the right analysts
partners to help us focus on what’s possible within the
context of UOB rather than open experimentation. At the 30% 30%
end of day, we want something that is best suited to the Faster Reduced
needs of our bank and sustainable for the long term.“
Victor Ngo
Head of Group Compliance, UOB
IBF Distinguished Fellow (2019)
28 29The Future of Financial Crime Compliance | Chapter 3: UOB’s Journey: Today’s Edge, Tomorrow’s Advantage The Future of Financial Crime Compliance | Chapter 3: UOB’s Journey: Today’s Edge, Tomorrow’s Advantage
3
Pushing the boundaries
of insight with Analytics
In our hyper-connected world dominated by numerous channels, systems and For instance, to tackle shell companies With technological advancement and
infrastructure, organisations faced with petabytes of information and data points need and ultimate ownership, UOB used link the increased opportunities for global
to adopt an intelligent approach towards combatting financial crime. At the heart of it, analysis to evaluate and pinpoint direct commerce, organised crime syndicates
the Bank’s ‘Triple-A approach’ combines various technologies such as advanced analytics and indirect relationships and trace the continue to adapt and to evolve their
to safeguard against financial crime challenges and provides a better response. Through flow of illicit funds that carry shell company techniques to exploit gaps in the global
an in-house developed network analysis approach, the Bank is committed to enhance characteristics. Combining data from financial economy and the ubiquity
its capability to analyse flow of funds to discover hidden links and anomalies, advanced multiple sources (e.g transactional data, of cross-border transactions. It is of
schemes of layered and hidden relationships. customer profile data, common contact paramount importance for banks to retain
details, and counterparty data) enabled the ability to trace the flow of funds and
the Bank to evaluate with greater accuracy identify companies set up to mask the
high-risk and suspicious behaviour. true sources of funds and wealth. UOB’s
use of network analytics (See Figure 9)
Using traditional methods that review has enabled the Bank to identify circular,
Figure 8: An illustration of Client Link Analysis: (2)MULTIPLE POSTAL CODES ID-A isolated accounts could mean months of looping fund flows.
Common Contacts and Address – Entity A
analysis to deduce incoherent relationships
or unusual payments and transactions.
With network link analysis, the Bank had
the ability to narrow down and investigate
PERSON A PERSON B
CONTACT
networked relationships that carry AML
NUMBER 1
and CFT risks within a few days.
ENTITY A
Counterparty A Counterparty B Counterparty C Counterparty D Counterparty E Counterparty F Counterparty G Counterparty H Counterparty I Counterparty J
Outcomes
Entity M Entity L Entity D Entity K Entity J Entity P Entity C Entity B
(2)MULTIPLE CORPORATE PARTIES With network link analysis,
TO OPP PARTY ID-C
the Bank was able to conduct
faster reviews and gain more
(5)MULTIPLE CORPORATE PARTIES
(3)MULTIPLE CORPORATE PARTIES TO OPP PARTY ID-A efficiencies.
TO OPP PARTY ID-A Entity O Entity E Entity N Entity F Entity I Entity G Entity Q
Entity H
(14)MULTIPLE CORPORATE PARTIES
TO OPP PARTY ID-A
This meant a reduced amount
(2)MULTIPLE CORPORATE PARTIES
TO OPP PARTY ID-B of time taken to investigate
(2)MULTIPLE CORPORATE PARTIES
networked relationships from
1. Ownership – BO (Person A) is a foreigner and non-domicile in Singapore
LEGEND
TO OPP PARTY ID-A
months to a few days.
2. KYC – Entity A is a registered address and BO address (Person A) revealed address
SG Director of a corporate secretary company (Person B)
Focus Entity (within cluster group)
Further, the Bank was able
3. KYC – Shared contact details (e.g. phone, email) between Entity A BO (Person A) and
Person B (corporate secretary) to ascertain some of these
Entity (outside cluster group)
4. Payments info – Company address provided by Entity A for remittances/TT instruc- suspicious activities, resulting
Remittances
tions also bear the same address as the corporate secretary in the exit of more than 50
Common contact (email, phone) relationships.
Common address
30 31The Future of Financial Crime Compliance | Chapter 4: Getting ready for the new world The Future
Theof
Future
Financial
of Financial
Crime Compliance
Crime Compliance
| Chapter
| 4: Getting ready for the new world
Deciding which technologies to leverage In order to achieve this, there is a greater Banks should take a fresh
and matching it to serve various business need today for public private partnerships approach to talent management
purposes and meeting regulatory to share data and insights without being to prepare for the future of work.
compliance expectations is a herculean hindered by the fallacy that compliance and Automation, the gig economy,
task. However, for a bank to remain data usurp competitive advantage. crowdsourcing, demographic
competitive and resilient, it is important shifts all impact how work is
to employ new approaches to tackle an Today, such sharing can give rise to benefits done in the future. In the future,
evolving financial crime problem. in the form of harmonised standards and it is far more important to create
analysis of threats that will not only be value by problem-solving and
Industry players (not just financial effective in sharpening the capability of creativity. Problem-solving skills
institutions) will need to invest in building monitoring risk, but also provide longer need to command creativity,
the capacities of talent, creating sufficient term gains of efficiencies. judgment, persuasion and
players and users of AI, ML, RPA and empathy in a machine-dominated
cognitive technologies in financial crime As greater progress is made into the use world. There needs to be
compliance, and the infrastructure of technology to ensure financial crime accelerated learning, as with the
architecture of the future. compliance, we will provide additional passing on of such knowledge
learning from UOB on their deployment of must be a priority.
The future of financial crime compliance is ML models, how we see the creation of the
certainly here, though few have stepped eco-system developing and the outcome of Talent: With the future of work near,
Chapter 4: out with a bold proposition. The potential
future-state of financial crime compliance
the holistic surveillance approach. We will
also complement the information with our
learning how to learn could be crucial,
p13, 2019 Banking and Capital Markets
Getting ready for
that use of AI, ML, RPA and NLP across all views which we hope by then, would be the Outlook, Deloitte
processes that goes beyond transactions target state of the future of financial crime
monitoring and name screening is being compliance.
designed.
the new world
The objective is to bring about
greater effectiveness and
soundness in the design of The key areas that require immediate
financial crime compliance attention for investments into are:
operating model. Skills and expertise - as new technologies and innovation
transform the nature of work, compliance officers within financial
A better approach to monitoring in our institutions will increasingly need to supervise and oversee
view has to be threat based rather than technologies within financial crime compliance.
atrophying resources into monitoring
everything, thereby losing focus and Creation of an eco-system – with no ready eco-system for the
momentum. Bank to tap into today, we believe that the deliberate “creation” of
the eco-system is needed. This is to ensure sustainability of what
An ultimate model is the rise of is starting to become an answer to the myriad of issues faced in
compliance utilities at an industry level combating financial crime. There is a need to carefully maneuver
for KYC, customer due diligence and through this to avoid a “one time success wonder.”
transactions surveillance. As such, these
same compliance utilities ought to be The sharing of success stories is not only essential but critical to
technologically enabled by next-generation push the envelope and entice other players to embark on the same
technologies. In this same vein, there are journey. With an eco-system, it will spur activity, strengthen
compelling reasons for financial institutions capabilities, create value, and enable innovation to thrive,
to start their own innovation journey to thereby creating a strong and evolved supply and demand
fashion their readiness for plugging into of participants that will benefit the entire industry. UOB has
these utilities as they move into the future. taken progressive steps towards contributing to the creation of the
eco-system.
32 33You can also read
