The Hard Truth? Banks’ Lousy Data Management Enables Criminals

Executive Summary

• Many financial institutions have invested heavily in risk management protocols and advanced technology to spot and deflect criminal activity.
• Rigorous AML processes and sophisticated technology can function well if they are supported by consistent and high-quality data from all parts of the organization.
• Unfortunately, many organizations continue to be plagued by data that lacks consistency and context, or is inaccurate, incomplete or compromised.

The nearly $4 billion in fines paid by TD Bank and Block Inc over an apparent lack of vigilance over money laundering activities are timely reminders that financial institutions must be constantly on their toes regarding evolving risks – and would benefit from rethinking compliance approaches in the digital economy.

Financial institutions face a challenging combination of a rising tide of financial crime combined with increasingly complex transactions and greater scrutiny from regulators.

A great deal of debate has centered on ways to build “effective” risk management regimes and on giving compliance teams the “right” technology tools. However, one key element is still often overlooked: the quality of the data relied on by those teams and IT systems.

Compliance that meets these challenges demands a consistent and reliable flow of good-quality transaction data. All too often, however, banks and financial services firms lack the means to obtain data of sufficient quality or the capabilities to utilize it.

The big question today is how to reach a more consistent level of access and visibility into transaction data quality that is accurate and you can trust?

Quality and Trust Threshold

A growing wave of financial crime saw $3.1 trillion in illicit funds flow through systems in 2023, according to Nasdaq. The shift to digital payments and cryptocurrencies are heavy contributing factors. The growing volume and complexity of these transactions has added fuel, with real-time payments becoming decentralized and passing through different stakeholders and regulatory regimes. The situation has been further exacerbated by criminal use of AI, with systems being breached using fraudulent identities, voice cloning and deep fakes.

While the times might be changing, the purpose behind AML remains the same: To shield companies from risk and detect, prevent and report illegal activity. Compliance teams and the IT systems they use must help companies track and report suspicious activities to prevent or report money laundering. And they should be able to achieve this quickly and accurately for day-to-day regulatory requirements and for the changing needs of audits and inspections.

The response from regulators has been twofold. First, as we’ve seen with TD Bank and Block, heavy fines are being levied. However, the authorities are also raising the stakes: Wrapping money laundering into their pursuit of a range of other illegal activities that include wire fraud, tax evasion and avoidance of sanctions. There’s a growing focus on the part cryptocurrency is playing in the money laundering process as well.

Additionally, lawmakers are trying to modernize anti-money-laundering (AML) rules. In recent years we saw evolutions to the Corporate Transparency Act under President Biden with the US Treasury considering its own proposals to combat money laundering.

The good news is that, while regulations are evolving and transactions are growing in volume and complexity, they share a common characteristic that can be exploited. Digital transactions are rich in data – information about their provenance, destination, ownership, instructions and so on.

The data needed to support AML activities successfully requires a steady flow of trusted, high-quality data. The essential characteristics have been defined in an international survey of compliance experts as data that’s “complete, consistent, relevant, timely and accurate.” Only data of this caliber can ensure AML systems are capable of spotting patterns and tracking anomalies. It also feeds into essential reporting, enforcement and auditing processes.

But passing the quality threshold is a formidable challenge. Many mid-sized and large institutions have data management environments that make it hard to achieve the required quality and levels of trust. Much of the data flowing through these companies is “dark” – it’s dirty and lacks consistency and context. In other words, it’s out-of-date, inaccurate, incomplete or compromised. Typically, these environments have evolved thanks to decades of growth, mergers and acquisitions. They are defined by three common features:

Fragmentation: Companies run a mix of new and legacy platforms populated by a variety of structured, unstructured, static and streaming data. This makes it difficult to find data and develop the clear view of transactions required for detection, analysis and action.

Bottlenecks: The combination of faster transactions and banks’ increasingly distributed technology infrastructure – new and legacy – makes it difficult to process data at the speed needed for AML systems to deliver accurate or timely transaction analysis.

Wasted resources: AML relies on data fabrics operated in whole or part using manual, repetitive processes to build and operate data pipelines and manage the data’s lifecycle. This inefficiency hinders the availability of new data and introduces scope for mistakes. Further, manual and partially automated enforcement add to costs – labour is ranked as the highest cost in spending on compliance against financial crime in a report here.

Quality Blueprint

Modern AML must empower compliance teams by helping them monitor transactions reliably while supporting informed decisions and action the moment they are required.

Achieving the quality of data to realize this means reassessing the way transactional data is discovered and how it is integrated and processed by the systems feeding compliance frameworks. It takes a data-management environment built for the scale and complexity of transactions flowing through the financial infrastructure, that’s capable of presenting a complete and accurate view of transactions for analysis and action by compliance teams.

Achieving this environment is a three-step process:

Invest in data discovery and integration: AML systems must act as a trusted source of action but their authority is challenged by the speed, volume and complexity of transactions. Banks need an environment that streamlines the process of onboarding and transforming data to ensure the information AML consumes is complete, relevant and timely. They can achieve this in two ways. One, employ tools for rapid discovery, classification and ingestion of data. Second, eliminate data transformation lags by moving from a manual-code to a low-code environment: use templates and tools that speed up building, changing and managing data pipelines that plug into AML.

Enhance data quality: The volume and disparate types of data flowing through the transaction process make it difficult for AML systems to identify anomalies and spot patterns. Data consistency is therefore critical, and a key step towards achieving that is to standardize data – for example, setting criteria for the way data is described and for datasets used in AML. Standardization improves detection and accuracy – as part of this, banks can use tools to label data consistently and automatically at source. Ensure tools employ a taxonomy that’s not just consistent but that is familiar and recognizable. Also, implement data management tools capable of detecting and correcting errors.

Adopt AI-driven automation: AI is incredibly useful for creating the scalable data systems needed by AML to identify risks and ensure compliance. It can achieve this in two ways. First is AI’s ability to rapidly process large volumes of data, to identify transactions worthy of investigation and propose action. This speeds up detection and reduces potential for mistakes. Second is automation of the processes and procedures involved in managing data for AML. For example, rules on regulation and compliance and policies to process and manage data can be written and implemented as code and enacted without human intervention. Automation can be applied to areas like data discovery, onboarding and security.