Compliance of the future: Tech war on fraud
Artificial intelligence and machine learning will change the face and shape of compliance and risk management departments within a decade, slashing their costs and massively boosting their detection rates, writes Joël Winteregg.
Banks and financial service providers today are struggling to support ever larger, more costly compliance and risk management departments as they strive to keep up with the never-ending barrage of new regulation. But it will not always be thus. Within 10 years, they will be efficient cogs in the banking wheel, all part of the great machine delivering excellent customer service keeping fraud down and customer trust high.
That might be hard to believe given compliance problems suffered by the sector in recent years. Between 2009 and 2015, the 10 biggest banks in the US and Europe paid out an astonishing $150bn in fines for incidents ranging from rigging foreign-exchange rates to money laundering and mis-selling, according to Corlytics, a firm of analysts.
The banks’ response has been to scale up the number of compliance staff. HSBC took on 9,000 new people following a record $1.9bn fine in 2012 for money laundering, while the Bank of England estimated that regulation would generate 70,000 new jobs in Europe over the coming few years. While that might be great for employment figures, it’s bad news for banks’ costs and won’t necessarily solve the problem. What is needed is a new model – the technological model.
To an extent, this is already starting to happen. As banks digitize, we are seeing technology used more and more to automate compliance tasks currently undertaken manually. For example, risk management staff often have to manually fill in Excel spreadsheets for compliance purposes. Soon the relevant data will instead be gathered automatically and analyzed in real time. But this is just the beginning.
The growing regulatory burden means that even when some tasks are automated, banks must still expect to increase headcount to sift false alerts from the positive and give meaning to the complex data collected. Recruiting more people is the only way they can currently scale up to meet the increasing workload. Even then, the sheer volume of transactions and data means that, in many cases, banks can only sample check. Artificial intelligence and machine learning will change all that.
We are currently laying the foundations for the compliance departments of the future. By introducing technology, analyzing data and behavior, we are putting the first bricks down for an artificial intelligence-driven compliance and risk management department.
These bricks will shape the controls for stopping internal and external fraud before it happens. Data will be automatically extracted and labelled, advanced analytics will trigger meaningful alerts and single-view dashboards will offer real-time feeds on all the organization's activity. Controls such as alerts for shared passwords, suspicious transactions or failure to take holidays will be included to
stop internal fraud, which at 70 per cent of the total is estimated to have cost banks $47bn in 2014, according to the Association of Certified Fraud Examiners.
In time, external controls and AI-enabled systems will develop a 360-degree view of every customer, look at every transaction and replace sampling with 100 per cent surveillance. They will spot suspicious behavior and analyze the full circumstances by using social media activity such as Facebook, LinkedIn and Twitter to give a comprehensive view of recent behavior. This will give meaningful context to the transaction – and allow the system to decide in real time whether to allow it or block it. Within 10 years, the systems will be so smart that I believe the false alert rate will be minimal.
It is this reduction in the rate of false positives – generated and investigated in real time before completion – that will have the biggest effect. No longer will compliance and risk management need vast armies of officers following up alerts to see whether there is a genuine problem. Whereas today each compliance officer might start the day with 50 events, by 2027, they might be looking at perhaps three.
But the compliance department of the future has another significant advantage.
Constant surveillance significantly reduces the success rate of non-compliant or fraudulent incidents, minimizing the likelihood of fines.
Without a doubt, technology will bring down the size and cost of compliance and risk management departments and increase their efficacy. That’s good news for customers, for the bank and the bank’s shareholders.