In late March 2022, a committee within the Australian Senate warned that the country’s anti-money laundering (AML) regulations were creating unacceptable risks.
Those risks, The Guardian’s Ben Butler reports, include being put on gray lists of nations whose allegedly lax money laundering laws provide safe haven for Russian oligarchs looking to skirt sanctions.
This may indeed be the case in, say, the real estate sector, which currently is not subject to the same AML regulations as Australia’s banking sector. But for anyone working in Australian finance, AML regulations are anything but lax.
In responding to those regulations, financial institutions are seemingly creating an endless pile of work for AML teams. False positives and unrelenting alert volumes have AML teams stretched to assess and respond to risks. It’s an inefficient way to thwart money laundering, and change is long overdue.
Below, Featurespace SME Sasha Slevec explains what regulatory and technical circumstances have created such a Gordian knot for Australian financial institutions.
Regulatory pressure in Australia
In 2017, the Australian Transactions Reports & Analysis Centre (AUSTRAC) announced civil proceedings against the Commonwealth Bank for insufficient transaction reporting. AUSTRAC claimed that the bank failed to report on more than 50,000 deposits — total value around $8.9 billion — between November 2012 and September 2015.
For anyone working in the Australian banking sector at the time, that news was pivotal. AUSTRAC’s actions were a clear signal that what was then current approaches to AML immediately had become obsolete, and it was a time to expand our risk controls and push our AML systems as far as they could go.
The bank settled for $700 million a year later, the largest such AML case to that point. But by then, AML in Australia had already moved into a new era.
Risk aversion and mounting systemic pressures
Understandably, there is not a single person in Australian finance who wants to be responsible for a $700 million penalty.
And so, the sector has become very conservative about rule management in its AML systems. There are always new rules to add to the AML system. New typologies, new findings, new reviews — these all create new rules.
Here’s the problem: old rules don’t get retired anymore, even when they generate constant false positive alerts. New rules just keep piling on top of old ones, and AML teams are increasingly using more time on scrutinizing the growing number of labor-intensive alerts, whilst struggling to optimize their systems.
Why? Because no one wants to be the person who authorized a rule’s retirement, then have the system miss activity that results in another $700 million penalty. Better to let the rules mount, but with that comes rising pressure too.
And now that pressure has increased so much, that it is bringing everyone to a breaking point because business growth and payments growth are hindered by an inflexible and unscalable approach to AML prevention.
How to alleviate this pressure with a smarter AML platform
New AML risks are continually being identified. This creates a situation in which the growth in AML alerts is larger than the growth in payments.
As a result, the cost of AML operations per payment will just keep going up. At a not-too-distant point on the future growth curve, that per-payment cost becomes a scary number.
I see two immediate steps that AML teams can take to help:
- Introduce explainable risk model scores. This allows teams to keep their rules. They merely supplement them with a score that allows the team to prioritize alerts. This is especially important for AML’s libraries of generic rules. These are rules not based on any specific typology but created by a risk analyst or inherited from the system’s vendor. Those rules create real inefficiencies, and so being able to appropriately manage and prioritize those alerts accurately will save everyone time and energy.
- Introduce risk ratings. In most banks, alerts can pass through multiple hands. It’s only upon manual review that an alert will get escalated to more senior staff. It can take multiple such reviews before the alert lands on the right person’s desk. Assigning a risk rating can cut out that intermediary work and route the alert to the right senior team member immediately.
- Introduce anomaly detection. This is the game changer for risk, this is where banks will be able to surface unknown threats. Not just keeping up with financial crime typologies but keeping ahead of them. Through advanced machine learning, the focus on account side activity facilitates the identification of suspicious activity not addressed by incumbent typologies.
By adopting an AML platform that can monitor transactions and learn from customers’ behaviors, Australian financial institutions can introduce immediate efficiencies to bloated AML workflows. Because the platform focuses on anomalous customer behavior, it can reduce false positives, prioritize alerts, and surface unknown threats as new typologies emerge.
For AML teams that are understandably hesitant to retire any rules, I recommend looking for solutions that machine learning to score and prioritize alerts and risks.
This will flatten the AML-cost-per-transaction curve and give your business the capacity to scale payments.