Fixing The KYC And AML ‘Horse-and-Buggy’ Model


Only 1 percent of proceeds from financial crimes are intercepted, which means the bad guys are getting away with hundreds of billions of dollars, even trillions. Trulioo General Manager Zac Cohen tells Karen Webster that AML and KYC efforts can be enhanced if FIs think of compliance as a revenue generator, and seek partnerships with tech-nimble firms in a sandbox environment.

When it comes to financial crime, it seems, the bad guys are getting away with financial murder.

Consider the fact that, as noted in the most recent AML/KYC Tracker produced as a collaboration between PYMNTS and Trulioo, money laundering is estimated by the United Nations Office on Drugs and Crime to be an $800 million to $2 trillion-per-year problem, equivalent to 2 percent to 5 percent of the global GDP.

In other statistics cited by Karen Webster in a recent podcast with Trulioo General Manager Zac Cohen, the share of intercepted proceeds from financial crimes is paltry, at about 1 percent, and as many as 50 percent of firms are compromised by fraudsters.

The implication, then, is that financial institutions are not doing what they could or should do to detect and prevent financial crimes. And what these firms are doing doesn’t seem to be working.

Amid the ineffectiveness, headlines are rife with sanctions and financial penalties. In recent weeks and months, seven banks were penalized by the Reserve Bank of India for regulatory noncompliance. Separately, 23 countries were blacklisted by the European Commission for their AML and CTF (counter terrorist financing) framework deficiencies.

Cohen described the numbers tied to ill-gotten gains as “eye-opening and [likely to] raise flags for the regulators. Clearly, the rules themselves are either not being implemented effectively or are somewhat flawed in and of themselves … but this means a big wake-up call.”

The Crypto Factor

One microcosm of fraud and regulatory scrutiny is cryptocurrencies. As Webster noted, about two thirds of money laundering in this space has been conducted through deposit and trading activity across the exchanges themselves. Said Cohen: “Uncertainty is probably the word of the hour for the crypto environment, because cryptocurrency and crypto exchanges are still relatively nascent. The regulatory environment is equally so. If we look internationally, there’s the variance and different levels of maturity and level of acceptance.”

But the practices of KYC and AML should be no different with cryptocurrencies than might be seen elsewhere in the financial arena, he said. The goals remain the same: to identify, examine and monitor account openings, holders and their activities. The evolution of regulatory oversight in cryptos, Cohen noted, will come amid increasing consumer adoption – and for now, it’s a “wait-and-see approach.”

The Larger Landscape: Horses and Buggies

As they stand now, Cohen said, the software and tech solutions leveraged by FIs – and the mindset behind their deployment in general – are equivalent to the horse and buggy.

And for those financial and risk professionals who stick to the horse-and-buggy approach, he told Webster, “One option is to just add on more horses … and everything winds up getting overly complex and ineffective. What we really need is to move to the car – a sports car or luxury car, in a sense that we have to rethink how these [technologies] are being deployed and redesign the architecture.”

How to Change

The move toward a redesign, Cohen added, whether focused on a process or a system, can be best leveraged through what he called “a trial-and-error approach” that can come through a “sandbox-type environment.” Companies can experiment with test cases as they consider a complete or piecemeal overhaul of what is currently in place.

“This allows for proving out a solution before fully committing to it,” he said, “as [FIs] take advantage of that private program mentality. This hopefully allows you to improve and catch and capture a lot higher than [that aforementioned] 1 percent.”

Simply stated, it all comes down to using new tools to catch the bad guys, Cohen said. Against the larger backdrop of the European Commission blacklist, he said such moves reflect the proper actions, given the “tools the EC has at its disposal,” but may stymie broader efforts to promote financial inclusion in the digital age, which of course enhances economic development.

As Cohen and Webster discussed during the podcast, a cohesive framework spanning nations is most desirable and efficient. “At the end of the day, with the right technology, it is possible to correct any and all of the AML or CTF deficiencies in a cost-effective and user-friendly way that would solve a lot of these problems and help [governments] move forward together in alignment,” Cohen noted.

But beyond such frameworks, he continued, just because standards may exist and evolve, firms should strive to do more with their AML and CTF efforts – a lot more, in fact. “We [at Trulioo] are big proponents of doing what is best for your business to the highest degree possible, because that increases the safety of the system,” Cohen said, adding that “it’s almost like a mind shift. You need to be the best in this area and not just satisfied [by] the minimum.”

The more comprehensive such efforts are at the enterprise level, the executive said, the odds increase rapidly that they will be well-aligned with different regions, organizations or even regulators.

A Tech and Mindset Shift

Perhaps easier said than done. In the last decade alone, noted Webster, as much as $26 billion in fines has been paid out by banks for non-compliance with AML standards.

As Webster asked, what will it take to catch the bad guys and, perhaps just as importantly, get in front of them?

Answered Cohen: Banks need partners, particularly when it comes to deployments of anti-fraud systems, with an eye on cultural shifts that should be embraced with new software and hardware.

Compliance efforts are thus brought from the back office to the front office (with an important and visible commitment from the top down) – and, as Cohen termed it, can be thought of as a revenue driver.

“Technology providers aren’t really doing [banks] any favors by hard-selling solutions where a bank needs to upend everything they’re doing and make it work,” he said. “The technology has to fit the process and not the other way around.”

He pointed to firms such as Trulioo and others, which use best practices and flexible approaches to help banks do more than “check boxes,” adding that “compliance should never be thought of as a point in time … it’s actually about continuous improvement.”

Perhaps, then, the only constant in a world of change, is change. Because, as Cohen told Webster: “If we’re not improving over time – all the time – you better believe the folks trying to take advantage of this system for bad reasons definitely are.”