New technologies have the potential to make anti-money laundering (AML) and counter terrorist financing measures (CFT) faster, cheaper and more effective.
Accordingly, the FATF reviewed the opportunities and challenges of new technologies for AML/CFT to raise awareness of relevant progress in innovation and specific digital solutions.
This project included the review and analysis of regulatory technology (RegTech) and supervisory technology (SupTech), both of which can improve the effectiveness of FATF Standards.
Innovative skills, methods, and processes, as well as innovative ways to use established technology-based processes, can help regulators, supervisors and regulated entities overcome many of the identified AML/CFT challenges.
Technology can facilitate data collection, processing and analysis and help actors identify and manage money laundering and terrorist financing (ML/TF) risks more effectively and closer to real time. Faster payments and transactions, more accurate identification systems, monitoring, record keeping and information sharing between competent authorities and regulated entities also offer advantages.
The increased use of digital solutions for AML/CFT based on Artificial Intelligence (AI) and its different subsets (machine learning, natural language processing) can potentially help to better identify risks and respond to, communicate, and monitor suspicious activity.
Difficulties with the explainability and interpretability of digital solutions are another key challenge for both industry and regulators that in part stems from the limited availability of relevant expertise and a lack of awareness of innovative technologies’ potential among AML/CFT professionals, both in industry and government.
When used responsibly and proportionally, innovative AML/CFT technologies can help identify risks and focus compliance efforts on existing and emerging challenges, but manual review and human input remains very important. Combining the efficiency and accuracy of digital solutions with the knowledge and analytical skills of human experts produces more robust systems that can effectively respond to AML/CFT requirements whilst being fully auditable and accountable.
The use of new technologies and innovation can help the public and private sectors improve the effectiveness of their risk-based implementation of the FATF Standards.
New Technologies for AML/CFT
For the purpose of this report, the Financial Action Task Force explains – “new technologies for AML/CFT” refers to:
- innovative skills, methods, and processes that are used to achieve goals relating to the effective implementation of AMLCFT requirements; or
- innovative ways to use established technology-based processes to comply with AML/CFT obligations.
New technologies seek to improve the speed, quality, or efficiency and cost of some AML/CFT measures, as well as the costs of implementing the AML/CFT framework more broadly, compared to the use of traditional methods and processes. The technologies of greatest relevance are cross-cutting and enable new digital ways to collect, process, analyse data.
For example, digital identity solutions can enable non-face-to-face customer identification/verification and updating of information. They can also improve authentication of customers for more secure account access, and strengthen identification and authentication when onboarding and transactions are conducted in-person, promoting financial inclusion and combating money laundering, fraud, terrorist financing and other illicit financing activities.
Likewise, Artificial intelligence (AI) and machine learning (ML) technology-based solutions applied to big data can strengthen ongoing monitoring and reporting of suspicious transactions. These solutions can automatically monitor, process and analyse suspicious transactions and other illicit activity, distinguishing it from normal activity in real time, whilst reducing the need for initial, front-line human review.
Similarly, the adoption of innovative solutions, such as Application Programming Interface (APIs) and Distributed Ledger Technology (DLT), data standardisation, and machine readable regulations can help regulated entities report more efficiently to supervisors and other competent authorities. The technologies also allow alerts, report follow-ups, and other communications from supervisors, law enforcement, or other authorities to regulated entities and their customers, as well as communications among regulated entities, and between them and their customers.
Informed Decision Making
The Financial Action Task Force found one of the main challenges hindering the effective implementation of AML/CFT measures is poor understanding of ML/TF threats and risks. Decision-making, based on inadequate risk assessments is sometimes inaccurate and irrelevant, relying heavily on human input and defensive box-ticking approaches to risk, rather than applying a genuinely risk-based approach.
The inability to adequately identify, assess and mitigate money laundering and terrorist financing risk, including the fundamental elements of risk identification (customer identification/verification and monitoring of transactions) poses an obstacle to effectiveness in AML/CFT. This is where new technologies can provide the most added value.
Moreover, traditional risk assessment tools, based on spreadsheets (such as Excel) or static reporting platforms, do not allow data to be analysed at a large scale, limiting the potential for correlations and analysis to generate a more fine-grained picture of the risks. In addition, the quality of the data obtained by legacy systems varies and may not offer the accuracy and detail required to comply with AML/CFT standards.
In the private sector, poor risk assessment can lead to a defensive box-ticking application of the AML/CFT framework, which is inefficient and burdensome, and more importantly does not reflect the real ML/TF threats to the institutions. Poor risk assessment undermines a genuine risk-based approach to decision-making and protecting the integrity of the financial system.
The use of new technologies in the identification, assessment and management of ML and TF risks allows risk analysis to be more dynamic, provide network analysis, and operate at customer, institutional, jurisdictional and cross-border levels.
Technology can also enable financial inclusion through enhanced digital tools for transaction monitoring. As set out in the guidance on financial inclusion, enhanced ongoing monitoring can be used to manage the ML/TF risks associated with the trustworthiness of customer identification and verification data, so that ML/TF risk management is not so heavily reliant on CDD at the time of customer onboarding. For example, in cases where customers are able to provide only less reliable forms of evidence of identity – and therefore identification and verifications elements are not sufficiently robust – technological solutions, such as behavioural analytics, may support a strengthened and enhanced transaction and business relationship monitoring, thereby enabling customer take-on. These technologies can also give a robust ongoing monitoring process and provide a better understanding of risk.
RegTech was identified by 52% of respondents as the AML/CFT area where the majority of benefits from new technologies may be secured. In particular, respondents confirmed the processing and analysis of large data sets required for risk assessments and analysis, CDD, as well as transaction monitoring, as the areas securing the greatest benefits from new technologies.
Machine Learning is a type (subset) of AI that “trains” computer systems to learn from data, identify patterns and make decisions with minimal human intervention. Machine learning involves designing a sequence of actions to solve a problem automatically through experience and evolving pattern recognition algorithms with limited or no human intervention — i.e., it is a method of data analysis that automates analytical model building.
Transaction monitoring using AI and machine learning tools may allow regulated entities to carry out traditional functions with greater speed, accuracy and efficiency (provided the machine is adequately and accurately trained). These models are useful for filtering the cases that require additional investigation. The use of new technologies for monitoring purposes should, for the most part, continue to be integrated with the broader monitoring systems which include an element of human analysis for specific alerts or areas of higher risk. These systems must also improve their degree of explainability and auditability in order to fully comply with the majority of supervisory requirements.
Application Programming Interfaces (APIs)
An API is a type of software which allows different applications to connect and communicate. APIs are also often used to provide payment services, for instance, in accepting donations over websites. Respondents to the Digital Transformation questionnaire mentioned APIs among the most used and relevant solutions to the identified money laundering and terrorist financing problems.
Their utility for AML/CFT lies in the ability to, for example, connect customer identification software with monitoring tools, or risk and threats identification tools with customer risk profiles in order to generate alerts or alter risk classifications as relevant. APIs allow this integration to happen much more quickly and with much larger datasets. This is particularly relevant as one of the most difficult challenges for many financial institutions is the integration of many different and often incompatible systems, including legacy technologies and specialised tools, created by different developers.
Financial Action Task Force – Regulatory Challenges
The use of new technologies for AML/CFT can only truly become effective if systems are based on standardised data that is easier for technology developers to integrate into their tools, easy to understand and explain to non-experts, and easy to communicate to counterparts and competent authorities when needed.
The interpretability and explainability of new technologies to supervisors is key to securing support for these tools. Regulated entities must be able to explain, and remain responsible for, the principles and technical details of the innovative solutions before deploying these new technologies. Supervisors must be able to understand the models used by AI tools in order to determine their accuracy and their relevance to the identified risks.