Smarter financial crime compliance

  • Share

For banks, the cost of meeting their KYC and AML requirements with human resources is spiraling out of control. New digital technologies offer banks a lifeline, with the potential to realise sizeable cost savings quickly without the need for significant investment.

Stricter KYC and AML requirements

In response to ever more digitally sophisticated financial crime threats, regulators around the world are raising the bar on banks’ KYC and AML requirements – and handing down record fines for lapses.

An extraordinary level of human effort is required to meet these demands. In addition to the KYC platform requirements, transaction monitoring can generate more than 1,000 alerts every day for a large bank. If each one of these alerts takes an hour to investigate, a bank will need 133 employees working full-time just to cover this aspect of compliance alone.

The cost is staggering.

In 2016, global expenditures on financial crime compliance by top-tier banking and capital markets firms reached a record breaking US$32b – a figure currently projected to rise to US$36.8b by 2018.

This is not just expensive — it’s incredibly inefficient. Of the alerts reviewed each day, around 80% are typically quickly found to be benign. The remaining 20% go to the next level of investigation, which takes more time. Of these, another 15–19% are not suspicious.

In an EY survey of financial institutions in Singapore and Hong Kong last year, 87% of respondents said their AML operations were not cost efficient.

Data analytics and robotics offer clear opportunities to get costs under control

The two most common solutions for improving AML cost efficiency our banking clients are working on are:

  • Data analytics. Compliance teams can use advanced data analytics to automatically monitor watch-lists, transactional activity and adverse media screening, enabling firms to proactively identify risks and opportunities. Analytical tools and visualisation software give stakeholders fast insight into what’s really going on with a particular account.
  • Robotics process automation (RPA). RPA can pull information from multiple bank systems, automating the vast majority of tasks required for initial investigations of transaction monitoring alerts. In addition, RPA is based on a step-by-step process flow that obtains internal and external publicly available documentation to complete a KYC file, thereby reducing onboarding and periodic review times while enhancing customer experience.

Harnessing analytics for alert triage

By applying advanced analytics to its transaction alert output, for example, a large US institution substantially reduced false positives.

The new system analysed Level 1 alerts for correlations against established true positives, and then escalated any matches. This also cut costs, since the volume of cases escalated for human review and investigation decreased by 46%.

In a proof-of-value exercise for a global bank interested in name screening alert triage, we identified the potential for false positives reductions of more than 80% across sanctions and politically exposed persons (PEP) alerts – along with the reduced risk of missed true matches.

We calculated that the bank could save up to US$120m over three years, enabling around 800 operational staff to be deployed to higher-value tasks.

Using RPA in screening investigations and KYC

RPA can be easily applied to automate repetitive, clerical processes within a screening function based on the decision rules defined by business and operation. Banks can also robotically preprocess negative news searches and collect customer information from external systems to screen individuals and organisations. The software then creates dockets in a standardised format for analysts to review easily and quickly.

We have worked with a top-tier bank to implement RPA in the information gathering stage of transaction monitoring alerts, leading to reduction of 70% in the time to process a Level 1 alerts.

RPA can significantly reduce the time it takes to complete a KYC review, while improving cost- effectiveness.

When we helped an international financial institution to remediate a backlog of 9,000 enhanced due diligence cases, our client estimated the remediation required an average of 22 hours per case. The total effort to clear the backlog was around 200,000 hours. Automating just 11 of the 16 process steps with RPA enabled the client to cut the cycle time in half.


Banks need to harness data analytics and RPA in numerous processes within the financial crime control framework, including:

  • KYC due diligence and client on-/off-boarding
  • AML transaction monitoring alert investigations
  • Name screening for sanctions and PEP investigations
  • Adverse press investigations
  • Payment screening for sanctions investigations
  • Source of wealth reviews
  • Linking accounts across the institution inclusive of all markets and segments to create a one-client view

The only question is whether they should start with a blend of small incremental steps or large-scale initiatives. Either way, the days of trying to manage AML and KYC compliance efforts with purely human resources are over.