AI and humans needed to combat financial crime

19 July 2021

By Nic Swingler, Head of Financial Crime

The state of a country’s financial sector is a key factor in determining its stability and sustainability. During the height of the pandemic, financial institutions had no choice but to remain resilient, whilst contributing to national relief efforts and accommodating customer payment holidays. An additional element to maintaining and protecting this vital system is accurately identifying and mitigating risks; including money laundering, which can be detrimental to both society and economies.

The Financial Intelligence Centre (FIC) defines money laundering as "the processing of criminal proceeds to disguise their illegal origin." This can range from drug trafficking and smuggling to illegal arms sales and prostitution rings. In fact, according to the FIC's latest annual report, the number of suspicious transaction reports increased from 288 000 in 2018, to 300 000 in 2019. Artificial Intelligence (AI), in the form of algorithms and models, has made great strides in flagging suspicious activities, however, expert skills and human discernment cannot be discounted when it comes to effectively addressing ongoing and constantly evolving threats.

Combining intelligence

There are a number of aspects to money laundering. Criminals need to place illicit money in the system through property or other assets, distance themselves from it (often through what’s known as "fronting") and then integrate the funds back into the formal economy, usually through banking channels. Not surprisingly, this modus operandi is deployed across the spectrum of illicit activity - from sanctioned countries such as North Korea to illegal wildlife traffickers to recipients looking to conceal the proceeds from corrupt activities.

All banks are required to detect and report unusual or suspicious transactions and activities to the FIC who then collates a financial intelligence report and if necessary, consults with relevant authorities for further investigation. Financial crime cannot be addressed if all touchpoints of the value chain don’t cooperate - this comprises the private sector such as banks and other accountable institutions, FIC, law enforcement, prosecuting authorities and government bodies. All of these need to be fully capacitated and have an aligned view of priorities in order to become truly effective. South Africa took a very positive step in this regard by creating SAMLIT (South African Anti-Money Laundering Integrated Task Force) in 2020. This is a public-private partnership across the banks, industry representatives, FIC and the Prudential Authority to share resources and information to drive early detection of criminality and to ensure that the banking system is not abused for financial crime.

Regulatory frameworks dictate that banks need to know exactly who their customers are, how they are behaving and the extent of their financial transactions and activities. All relevant SA institutions are now required to utilise a risk-based approach, which requires institutions to also know the financial crime threats and risks being faced and to develop appropriate responses to manage and mitigate those threats. While AI is useful in identifying ongoing patterns, solutions need to be tailored to incorporate all business units and enhance accuracy, so that resources are prioritised based on risk and do not spend disproportionate time on insignificant items and 'false alarms'. Interestingly, deployment of AI techniques can also be very effective at reducing the level of 'false alarms'. Systems that integrate sophisticated data analysis, automation, and behavioural risk models are also essential to a robust risk management strategy. Technology assists with the high volumes of activity that need to be assessed every day, however, there remains a decree of subjectivity and decision making for which human intelligence and expertise are still required to evaluate the nature of the transactions and determine if they are associated with illicit activity.

Catch and release

Of course, employee screening comes with the territory, including background checks and regular account and activity monitoring. However, establishing a risk and compliance culture within, and across the organisation can go a long way in shifting behaviours and attitudes, as can continuous training and capacity building. Embedding core governance principles at the centre of all functions also enables comprehensive surveillance of all transactions, connections, and networks, from the moment the client opens the account through to ongoing monitoring. It goes without saying that organisations must continuously review threats, risks, protocols, policies, systems etc. to ensure that they are always up to date and relevant. Sourcing the appropriate talent, equipped to keep abreast of changing threats and risks, legislation, international standards, and best practice, is non-negotiable.

The reality is, closing a client account or exiting a customer relationship is not taken lightly. Due process needs to be followed and it’s no good catching a 'fish' and throwing it straight back into other parts of the system. Appropriate, collaborative, and swift action across the private and public sector (by both technology and humans) needs to be taken, with follow through from the legal system and other sector players. Guess we’ll have to wait for the robot takeover - for now.