When HSBC Holdings Plc thwarted a $500 million central-bank heist, sophisticated computer software didn’t raise the alarm. The funds flowed undetected from Angola’s reserves to a dormant company’s account in London. It was a teller at a suburban bank branch who became suspicious, declined a request to transfer $2 million, and triggered a review that uncovered the scam, according to one account of the episode.
That was two years ago, and the finance industry’s battle to stop the illicit transfer of as much as $2 trillion a year around the globe hasn’t become any easier. At least a half-dozen lenders in Europe have found themselves at the center of fresh allegations of dirty money schemes in the past year. The wave of scandals—at Denmark’s Danske Bank A/S, Deutsche Bank AG, and others—is undermining confidence in the industry well beyond the individual institutions involved.
Financial-services executives have had little choice but to significantly step up regulatory efforts; more than 1 in 10 now spend in excess of 10% of their annual budgets on compliance, according to financial adviser Duff & Phelps LLC. Banks are eager to find ways to bring that spending down—management, employees, and shareholders never want to spend on what are effectively internal cops. Today there’s a sense that growth may be peaking. About two-thirds of institutions considered systemically important on a global level, a leading indicator for the industry, expect the size of their compliance teams to remain unchanged or shrink, according to a Thomson Reuters Regulatory Intelligence report. The largest companies want to adapt their teams to grow or scale back as necessary, the report said.
That’s led to buzz that banks are deploying artificial intelligence to replace surveillance staff. HSBC last year started using AI to screen transactions, and the two biggest Nordic banks have said they’re replacing compliance staff with algorithms. Online banking startups such as Revolut Ltd., which rely on computerized efficiency to compete with established lenders, are finding compliance a challenge they need to address.
So far, machines are confined to simple know-your-customer (KYC) applications and are far from ready to replace humans, says Tom Kirchmaier, a visiting fellow at the London School of Economics’ Centre for Economic Performance. He’s not optimistic that a major advance is afoot, either. “There’s a lot of talk but no action,” he says.
Take ING Groep NV, which last year paid €775 million ($869 million) to settle an investigation by a Dutch prosecutor into alleged money laundering and other corrupt practices. Even though the bank uses machine learning to filter out false alerts on potential bad actors, the lender has had to ramp up the number of individuals handling KYC procedures.
It’s tripled compliance personnel in the Netherlands over eight years; staff dedicated to KYC account for 5% of total employees.
Banks and tech companies need to overcome a number of obstacles for AI to succeed in tackling money laundering. For starters, they need better customer data, which is often neither current nor consistent, especially when a bank spans multiple jurisdictions. Enhancing the quality and frequency of data gathering is a crucial first step.
Banks are also constrained in their ability to detect bad behavior, with or without computers, because competitors and national law enforcement agencies won’t share data. Across Europe, for example, regulation and enforcement are split along national borders. Lenders would benefit from a common European anti-money-laundering regulator, data sharing among banks, and a more open dialogue with bank supervisors, Citigroup Inc. analysts wrote in a note to clients in June.
When banks do share information, it’s often unhelpful. They tend to over-report suspicious activity to the relevant agencies to shed responsibility, but enforcement authorities typically don’t provide their findings to the financial companies. What’s more, banks, wanting to shield bigger clients from unnecessary scrutiny, often under-report activity they should be flagging, according to the LSE’s Kirchmaier. That leads to potentially suspicious transactions being classified as normal. The algorithms learn to replicate those types of decisions.