Machine Learning can bolster our defences against financial crime

As winter approaches, so does the season of coughs, colds and ‘flu. Many of us will take the opportunity of having a ‘flu vaccine to ward off this seasonal lurgy. Unfortunately, ‘flu vaccines are not 100% effective because the ‘flu virus mutates rapidly, making it difficult for medical experts and scientists to predict precisely which strain will dominate from year to year. However, this year, breakthroughs in both the US and Australia using artificial intelligence and machine learning promise solutions to the annual battle against ‘flu.

In a similar manner to biological viruses such as the ‘flu, the techniques used by criminals to launder money and finance terrorism mutate and evolve, driven by increasingly sophisticated uses of technology and the ongoing digitisation of finance. Recently, criminals have been found to use on-line games as a mechanism for laundering money. There is a rise in the use of ‘money mules’ which are notoriously hard to detect and new methods such as ‘cuckoo smurfing continue to arise.

The first wave of technological solutions to the problem of money laundering and transaction monitoring in particular employed rules-based logic to identify suspicious transactions. Creating these rules effectively depended on understanding the known patterns of money laundering – the types of payment patterns that may indicate smurfing, for example, or transactions of a size that is unusual for a particular customer. 

Of course, rules-based systems are a huge improvement on manual transaction monitoring and have been very successful in improving the detection of illicit financial flows but their effectiveness is limited by three key factors:

  • their reliance on known patterns of behaviour
  • the need to set quantitative thresholds for the rules to operate effectively
  • The requirement for ongoing recalibration and rule adaption when new money laundering typologies have emerged

However, as criminals become ever more sophisticated in their use of technology and devise multiple and various ways of hiding their proceeds of crime, transaction monitoring products based on rules alone are no longer proving to be an adequate defence against money-laundering. Figures from Europol suggest that whilst levels of reporting are increasing year on year, only around 10% of SARs lead to further investigation and only about 1% of criminal proceeds in the EU are ultimately confiscated.

Over the last few years, the RegTech market has seen a huge growth in products designed to fight financial crime that are making use of other, more innovative types of technology to improve levels of detection accuracy and efficiency in transaction monitoring.

Transaction Monitoring products in the RegTech Directory

Machine learning (ML) in particular has the capability to be more adaptive than rules-based systems and able to spot anomalous patterns in data that indicate something suspicious is going on, in real-time. Indeed, a recent joint report from the FCA and the Bank of England has highlighted that anti-money laundering is a key use case for ML in financial services, and one where these firms see real benefits.

ML is a type of artificial intelligence which uses advanced statistical models to parse huge data sets to identify patterns and make predictions. In the case of transaction monitoring, ML systems will use models to flag patterns of behaviour in transaction data that appear suspicious and do this in real-time. Broadly, there are two types of ML models – supervised and unsupervised. Supervised ML models are ‘trained’ on large sets of historical data so they can recognise known patterns of behaviour that are likely to be suspicious, based on what has gone before. Unsupervised ML models are not trained – instead, they can identify patterns of behaviour without reference to existing typologies and are thus used to detect anomalies in transaction data which are likely to be suspicious.

Generally in financial services, we are extremely good at detecting and understanding risks such as market and credit risk where there are huge sets of historical data that can be analysed statistically to help us predict risk in the future. This is analogous to supervised machine learning – historical data is used to train ML models to detect known outcomes. When it comes to financial crime, we can detect a proportion of suspicious transactions based on known money laundering typologies, but unfortunately, as we have seen above, new and unknown patterns continue to emerge.

For these Rumsfeldian unknown unknowns, we need to think more about financial crime in terms uncertainty and less about risk. This is a distinction made by Knight as far back as 1921 and hinges on the idea that we are dealing with risk when, even if we do not know the outcome, we can measure the probabilities of different outcomes occurring. Uncertainty, however, means we do not have all (or any) of the information in order to set these probabilities in the first place. And this sounds very much like unsupervised machine learning – which can detect new and emerging financial crime typologies that have not before been encountered.

On this basis, we would expect that transaction monitoring systems based on unsupervised ML would be the most desirable solutions for financial institutions. However, there is an important trade off that has to be considered. Regulatory expectations (and good practice) around ML models require that the application of these models is transparent, and that the outcomes and decisions reached by ML systems can be explained. Unfortunately, levels of explainability decrease significantly when unsupervised ML models are used and firms must weigh up this balance between accuracy and explainability when implementing ™ systems using ML.

As far as trends in the RegTech market for transaction monitoring tools go we have observed the following:

  1. Optimisation of existing rule-based systems through the use of data analytics to improve their tuning and calibration
  2. Layering of products making use of ML techniques on top of incumbent rules-based systems to improve detection accuracy and reduce false positives
  3. Replacement of incumbent rules-based systems with products based on a combination of rules and ML models – both supervised and unsupervised
  4. Vendors with products that use ML models are developing repositories of crime typologies and seeking ways of sharing these across the industry

Hopefully, these advances in the use of ML and sharing of data will continue to be adopted throughout the industry and improve the level of detection, providing a more robust and adaptive solution to the virus that is financial crime.


For more information on our market assessment of the transaction monitoring tools in our RegTech Directory, click here.

How technology can make name screening easier….

Whilst President Donald Trump’s tweets have already been found to move markets, and having significant consequences for investors, his more recent pronouncements about economic sanctions against Turkey are likely to prove even more of a headache for compliance departments. Financial firms are obligated to comply with economic sanctions as part of their financial crime compliance – and in the case of Turkey, must not transact or do business with any of the entities that appear on the US Office of Foreign Assets Control Sanctions List.

This may sound straightforward, but the process of screening customers or ‘names’ against sanctions lists is anything but. Name screening is one of the critical Know Your Customer (KYC) and anti-money laundering (AML) activities. In addition to sanctions, customers need to be checked to see whether they are Politically Exposed Persons (PEPs) and / or whether there is any negative news that may indicate they are a higher risk customer.

In theory, it should be simple to match a customer’s name (and some other details) to a list which contains details of PEPs, sanctioned entities and those with associated adverse media so they can be flagged as high risk and dealt with accordingly. In reality, however, there are multiple problems and issues that can result in high rates of false alerts (both positive and negative), impacting not only efficiency but the ability to identify the bad actors.

Why is name screening difficult?
Like most things these days, this is a data problem…one which innovative technologies can help to solve.

  1. Customer data quality – Effectively matching internal customer data with external name screening lists and data sources relies in part on the accuracy, completeness, consistency and timeliness of internal data sources. If data quality is below par, matching accuracy will be lower – ultimately resulting in higher levels of false alerts.
  2. Reliance on official lists and third party data – As well as keeping internal ‘black lists’ of potential PEPs or other high risk entities, financial firms are reliant on accessing many sources of external screening data. Official data, such as sanctions lists, are not provided in a consistent format or with all the data attributes required to make an accurate match (such as birth dates). These lists are also updated at varying frequencies and suffer from some of the same data quality issues as internal customer data.
  3. Name or ‘entity’ matching is inherently difficult – Any sort of ‘entity’ matching – finding a common entity between two or more sets of data is beset with difficulties (usually related to data quality) but there are some unique problems presented by name data because of their variability and complexity. These include:
    • Phonetic similarity but different spellings
    • Transliteration spelling differences
    • Nicknames
    • Titles & honorifics
    • Truncated name components
    • Out-of-order name components
    • Initials
    • Names split inconsistently across fields

As well as these generalised problems, there are specific challenges associated with different types of screening. In the case of sanctions screening, there are multiple official lists (e.g. the OFAC sanctions list, the EU Consolidated List of Sanctions, HM Treasury sanctions list and the UN Sanctions list) which are released in different formats and updated at different frequencies. For PEPs, there are no ‘official’ lists so FIs usually rely on a combination of third party data providers as well as internal ‘black lists’ that are built up over time (and suffer from similar data quality issues as customer data). 

Adverse media screening can prove to be even more problematic because it involves enormous quantities of unstructured data involving multiple languages – the phrase ‘looking for a needle in a haystack’ springs to mind. Additionally, adverse reputational information may be difficult to find, requiring deeper searching tools than generally provided by popular search engines.

How can technology help?   
There are two key considerations in developing or selecting a name screening solution. 

Products featured in the RegTech Directory (rtdirectory.co)
External Data for Matching

Firms need to decide how to source the list data related to PEPs, sanctions and adverse media. Three main options exist:

  • going straight to the source data e.g. official sanctions lists
  • using a single third party data provider 
  • using a name screening platform that integrates a number of data sources and / or maintains a dynamic database of high risk names. 

We are seeing a significant growth in products which aggregate and enrich multiple external data sources.

Name Matching Technology

Traditionally, name screening has been performed using rules-based matching techniques which make exact matches on specific data fields or attributes and whilst this is the easiest method it has relatively low levels of accuracy. Accuracy can be considerably improved by using more probabilistic methods such as advanced fuzzy matching algorithms and even elastic search. Again, newer products are offering more sophisticated matching techniques to address false alerts and drive efficiency in the name screening process.

False alerts can further be reduced by enriching customer data to provide additional data elements to aid the matching process. Some RegTech vendors are using AI technology such as Natural Language Processing to extract information from unstructured data, such as a date of birth or occupation and then creating rules based on this information that further improve matching accuracy.

We believe there will be a further development in name screening products that look to integrate name screening more closely not only into onboarding processes but the ongoing monitoring and risk assessment of customers. Smart vendors will either develop robust and flexible platforms that cover multiple financial crime compliance use cases and / or will innovate to further reduce false alerts through more sophisticated matching technologies or data enrichment from additional sources.


We have conducted a market assessment of all the Name Screening products in the RegTech Directory which maps the vendor landscape and highlights the capabilities of the vendors in this market segment. Click here to download the report.

Market Integrity and Transparency Part 2 – The How and the What

In this second of two posts, we explore the difficulties presented by complying with market integrity and transparency regulations. Thankfully, there are many innovative technology solutions on the market to address these challenges and we have created a market map of this category to help buyers understand which products might fit their particular use case.

It is clear that the regulatory requirements covering investor protection, market abuse and market integrity are not only deep, in terms of how far they penetrate into business and trading processes but also broad with respect to the areas of a trading firm or exchange that they cover. Anyone who was involved in the implementation of MiFID 2 in early 2018 will attest to the effort that went into achieving compliance with this complex piece of legislation. Indeed, the cost of MiFID 2 implementation was expected to be over $1bn for the top 40 global investment banks and the final cost is likely to have been greater.

Emma Parry, an expert in Conduct Risk, explains why requirements such as Best Execution place such a burden on financial firms:

“Implementing an effective control framework for best execution presents numerous challenges – from establishing the foundation elements (eg. Correct client classification data, consistent reason codes) through to determining the extent to which the review of findings can be incorporated into existing processes (eg. off market rate checking) or requires additional governance.”

She goes on to explain the challenge this presents when trying to manage Best Execution manually:

“When there are potentially millions of transactions per in-scope asset class per annum, clearly spreadsheets are not the answer.  Reporting and diagnostic tools that enable teams to drill into specific trades, a series of transactions or to analyse potential patterns at a client level are key”.

Similarly, the recent regulatory crackdown on transaction reporting for Mifid 1 reporting, let alone MifiD 2,  has demonstrated the need for effective systems and controls that can ensure the accuracy and completeness of transaction reporting. In March 2019, both Goldman Sachs and UBS were fined £34.3m and £27.6 respectively by the FCA for incorrect and misreported transactions, dating back to 2007.

Stephen Hanks, head of markets policy at the FCA is reported to have said that

“there are still issues we see in reports and we are particularly disappointed to still be seeing errors in reports which would have been errors under Mifid, never mind Mifid II. So it’s important for firms to be monitoring the nature of their reports, checking them and send us any errors and omissions – with particular focus on getting the fundamental economics of transactions correctly reported to us.”

The key issue here is one of data – volume, complexity and management. Understanding which data is located where, ensuring correct counterparty and instrument identifiers are attached to each transaction and perhaps most crucially, having consistent and systematic reconciliations of transaction reporting data in place.

Data is also at the heart of compliance with the need for surveillance and monitoring to detect market manipulation and abuse. As Emma Parry explains,

“Firms continue to expand the range of communication channels they use.  These advancements undoubtedly improve internal collaboration and overall client experience but pose an increasingly complex surveillance challenge.  RegTech solutions that support firms in collating disparate structured and unstructured data, as well as enabling the retrieval and reconstruction of complete communication chains is critical to the war against market abuse.”

It is clear that compliance with market integrity and transparency rules requires firms to pay significant attention to vast quantities of data, as well as ensuring that data is accurate and complete for reporting purposes and for monitoring and embedding investor protection in all stages of the client and trade lifecycle. Given the high trading volumes and diverse array of data sources, this is a problem that is beyond human scale and needs a technological solution.

We have identified over 70 RegTech products which provide solutions to many of the problems faced by financial firms in complying with regulations such as MAR, MiFID 2, EMIR and SFTR. Many of these products aim to solve more than one problem, so rather than mapping them neatly into discrete sub-categories, we have tried to indicate which use cases are most applicable to the relevant product.

Clearly, the majority of solutions are focused on monitoring and surveillance, using either trade or e-communications data or a combination of both to help firms detect patterns that could indicate misconduct. Whilst the requirement to record all types of communication seems sensible, as Emma Parry suggests, recording this data alone is not enough to make use of it:

“Even with recorded lines and chat room surveillance, how do you detect a trader’s prompt to go to an unmonitored channel?  Advances in Natural Language Processing are providing enhanced capabilities to detect and capture potential market abuse at the very earliest opportunity.’”

Many of the monitoring and surveillance tools in the market map make use of advanced AI and machine learning techniques to identify patterns and generate alerts when anomalous behaviour appears. This can significantly reduce the number of ‘false positive’ alerts that are generated by more traditional trader surveillance tool, allowing greater effort to be spent on investigating trades that are genuinely suspect.

Products that combine trade and ecomms data with additional data sources such as market data, and even data from a customer relationship management systems have additional power and can meet a larger number of use cases. For example, the existence of a single source of high quality and high accuracy trade data can facilitate transaction reporting, especially if this data is automatically reconciled to its origin. Meeting the Best Execution obligations also becomes easier, and some of the market leading products will even automatically monitor execution quality on an ongoing basis. These products will also significantly cut the time and cost associated with trade investigations and more sophisticated firms are also beginning to use these solutions to surface additional insights from data that go beyond compliance and improve the bottom line.

Market integrity and transparency regulations do not only impact the large buy-side and sell-side firms, however. Smaller asset managers and indeed any firm that offers financial advice must also comply with conduct of business regulations which can arguably be proportionately more costly for these smaller firms. We are seeing the emergence of a number of products that assist these firms with customer profiling and suitability assessments as well as building in conduct risk management across the customer lifecycle.

We consider the Market Integrity & Transparency category to be one of the most dynamic in the RegTech market and we also believe levels of adoption in large firms will begin to increase as regulators focus their enforcement activity more in this area and as AI techniques become ever more sophisticated.

If you are a RegTech firm with a Market Integrity & Transparency product but are not yet featured on our market map, you can apply to be in our RegTech Directory here and we will include you in our next market assessment. Browse the full list or read our categorization criteria.

Market Integrity and Transparency Part 1 – The Why

Fair and effective financial markets are critically important to the broader economy because:

“They help determine the borrowing costs of households, companies and governments, set countries’ exchange rates, influence the cost of food and raw materials, and enable companies to manage the financial risks they incur through investment, production and trade. They also support employment for many around the world, not least in the United Kingdom, which hosts a substantial share of these markets. So it is vital that they work well, and in the best interests of everybody.”

(Source: Bank of England, Fair and Effective Markets Review Final Report June 2015)

Financial Markets – theory and reality

Theoretically, markets are fundamentally rational and efficient, with price discovery reflecting new information as it becomes available and assessed by independently acting market participants. These market participants themselves are assumed to be rational actors and as a result, overall prices have a strong tendency towards equilibrium. Two key consequences follow from this theoretical position:

  • Allocative efficiency benefits are achieved by efficient and liquid financial markets, allowing participants to effectively fulfil their preferences for risk, return and liquidity
  • Rational markets do not require regulatory intervention

Unfortunately, reality does not match these theoretical expectations, as amply demonstrated by the global financial crisis of 2008-9. For example, assumptions of individual and collective rationality are being challenged by findings from behavioural economics and neuroscience and by events such as speculative bubbles. Asymmetries of information do exist between different types of market participants, particularly between retail customers and financial institutions and some market participants engage in collusive behaviour, such as price fixing (e.g. LIBOR). These are all examples of market failure, justifying the need for  regulatory interventions to ensure financial markets remain competitive, transparent and efficient.

MiFID II and MIFIR (Markets In Financial Instruments Directive) and MAR (Market Abuse Regulation) are examples of regulatory standards from the EU that address market shortcomings.

Ensuring fair and efficient markets

Market Transparency and Structure

Transparency is central to the fairness and efficiency of a market, and is defined as the ability of market participants to obtain information about the trading process such as price, order size, trading volume, risk etc. Transparency is necessary both pre and post-trade, and regulations such as MiFID II require near real-time reporting of trades for regulated markets (such as stock exchanges), multi-lateral trading facilities (MTFs – commonly known as exchanges), and other types of trading facilities. The precise requirements will vary depending on the type of trading venue, and if an investment firm is executing trades outside of a trading venue, that firm will be required to report these trades.

One of the primary aims of the first MiFID was to improve competition in the EU financial markets, particularly in terms of the various types of trading venue. Whilst encouraging different business models for trading venues and types of trading (e.g. high frequency trading), MiFID 2 includes requirements for ensuring these various market structures to manage their operational risk and also to ensure that smaller market participants are not denied access to trading venues.

Regulatory authorities rely on data to monitor the integrity of the financial markets, and to detect and investigate suspected market abuse, insider trading and market manipulation. Supplying this data to regulators is mandatory for investment firms under MiFID 2 and all such firms must report ‘complete and accurate’ details of those transactions to their home competent authority as quickly as possible, and no later than the close of the following working day.

Investor Protection

At the heart of all types of regulation focused on protecting investors is the fact that a fiduciary relationship exists whenever one party appoints another party to act on his or her behalf. In such relationships, the agent should act in the best interests of the principal but conflicts of interest may arise when incentives are misaligned. Information asymmetries also need to be rectified to ensure the investors are equipped with all the data they need to make decisions.

Measures such as best execution, the disclosure of all costs and charges, product governance and suitability requirements all aim to protect the integrity of fiduciary relationships and ultimately, the investor. Best execution, for example, ensures that firms execute trades on behalf of their clients so that they receive the best terms (which could be based on just price or on price and other factors such as lowest cost-per-trade and the speed to execute). Not only must firms perform best execution, they must also provide information to clients on their policy for best execution and publish data publicly on execution quality for each relevant trading venue.

Governance & Controls

Additional requirements relate to the governance and conduct of investment firms that underpin the other principles discussed above such as investor protection, fair conduct in the market and market transparency. These include the need to have suitable governance and risk management and control frameworks in place, processes for monitoring conflicts of interest, employing personnel with the appropriate levels of skills and knowledge and expertise and, in the case of the Board of Directors, be considered fit and proper for their role and level of responsibility. There are also specific requirements under MiFID 2 for firms to record telephone conversations and electronic communications that relate to the ‘reception, transmission and execution of orders, or dealing on own account’ – including on mobile phones, SMS messages and electronic communications, and store them for a minimum of five years.

A key component of product governance is establishing a complete product lifecycle – from initial business case through to product reviews and a process for orderly demise.  The new product business case must outline the client needs being addressed alongside which target markets the product will serve. Regular review of products versus their business cases is essential to demonstrate products are meeting their objectives.  Critical to the reviews is client feedback – including complaints – alongside mechanisms to demonstrate how the ‘voice of the client’ is listened to and acted upon.

Market Integrity

Market integrity is defined by the International Organization of Securities Commissions (IOSCO) as:

‘the extent to which a market operates in a manner that is, and is perceived to be, fair and orderly and where effective rules are in place and enforced by regulators so that confidence and participation in the market is fostered

Source: IOSCO, Regulatory Issues Raised by the Impact of Technological Changes on Market Integrity and Efficiency (2011)

Types of market abuse may include insider dealing / trading on inside information and the deliberate manipulation of the market with the aim of moving market prices artificially to make a profit or avoid a loss. As well as releasing false information, price fixing or benchmark rigging, the following mechanisms are used to move security prices:

  • “Wash trades” – a trader simultaneously buys and sells the security meaning there is no change in the ownership of the security
  • Improper matched orders –  matching buying and selling orders are entered into simultaneously
  • “Pools” – groups of investors trade amongst themselves to give the impression of an active market in a particular security
  • “Painting the tape” colluding parties make trades in securities that are shown on a public display facility (ticker tape)

Whilst these types of behaviour are clearly prohibited under securities regulations (e.g. EU MAR), firms should have systems, processes and controls in place that both prevent and detect market abuse. These may include written policies or procedures, watch lists, restricted lists, ‘Chinese’ walls and automated trade surveillance to identify likely patterns of misconduct in trading data that can then be investigated further.

Hopefully, it is now clear why we need regulation to ensure fair, transparent and competitive financial markets.

In the second post next week, I will discuss how financial firms meet these regulatory obligations from a practical perspective, how RegTech can help and our view of the this sector of the RegTech market. Make sure you don’t miss out on our blog posts and forthcoming market map by signing up to our newsletter. Also take a look at our past newsletters.  

Regulatory Change Products – Our Market Assessment

Our RegTech product directory covers nearly 500 different RegTech products, categorised according to the type of regulatory problem they address. This year, we are extending our research to further understand the market.  We will create market maps of each category and provide insights on the current state of each market segment. In March, our focus has been on the Regulatory Change category.

Regulatory change management and ongoing compliance monitoring is a critical activity for all regulated firms due to the volume, velocity and variety of regulatory changes.

This category therefore includes products that enable regulated firms to:

  • Perform horizon scanning and ongoing monitoring of regulatory developments.
  • Interpret, assess and analyse new regulations to determine their relevance and impact
  • Map changing and existing regulatory rules to internal policies, processes and controls
  • Manage the risks associated with the complex and changing regulatory environment and the deployment of that knowledge to the right people, enabling the right decisions at all levels of the organization

Mapping the Market

We have further subdivided the RegChange category, as illustrated by our market map:

Classifying technology solutions that are multi-functional is never an easy process and is more of an art than a science so if you are a RegTech with a regulatory change product, do let us know whether you feel your product is in the wrong place!

In addition to categorisation by function, products in this category can also be grouped according to their maturity

Incumbents

Using older or more traditional technology, these are generally the large Governance, Risk and Compliance frameworks that were largely born out of the Enterprise Risk Management movement in the early 2000s. Established partly as a response to the 2002 Sarbanes Oxley Act, these products have dominated the market in multiple industry sectors. Recently, there has been some consolidation in this market with the acquisition of Nasdaq’s BWise by SAI Global and RSAM by ACL Services, speculatively as a result of the RegTech Challengers in this sector.

Challengers

Following the global financial crisis of 2008 and the subsequent wave of regulatory reform, several products emerged to challenge the incumbent GRC platforms, using more innovative technology such as AI and data analytics. These products automate the gathering and analysis of regulatory change information necessary to inform organizational decision-making about how to respond in a highly pressurised environment.

New Kids on the Block

Even more recently, we are seeing the deployment of more advanced AI, particularly Natural Language Processing and Machine Learning to add further levels of automation into the management of regulatory change – largely to create a more seamless process of mapping regulatory rules and their changes to existing policies, processes and controls.

Trends

Platforms vs Point Solutions

When we last did a detailed assessment of this market segment, many of the challenger products were either focused on a specific type of regulation or a specific aspect of managing regulatory change, such as horizon scanning or policy management. Over the last six months there has been a concerted effort by several firms to (a) increase their regulatory coverage and (b) extend their functionality into other aspects of the regulatory lifecycle such as rules mapping, workflow, traceability and evidencing of compliance. Two companies to note here are ClauseMatch and Ascent, both of whom had significant Series A raises in 2018 and are rapidly scaling their products and geographical reach.

Regulatory Change Management vs Compliance Management

Now that the major pieces of regulatory reform are complete, future regulatory changes are likely to be piecemeal and focused on fine-tuning rather than wholesale changes. This will shape the market for Regulatory Change RegTech products in two key ways. Firstly, regulated firms now have some much needed breathing space to develop more strategic approaches to managing regulatory change and technology is the optimum solution. Secondly, while large scale changes will attract senior management attention (and budget) and be managed as discrete change programmes, it is harder to keep track of and evidence the compliance of smaller scale changes that are managed as part of BAU. We are therefore seeing the Go-To-Market focus switching from regulatory change management to ongoing compliance management and assurance, meeting the increasing demand for more advanced mapping of regulatory rules and obligations to policies, processes and controls so this can be managed more effectively.  

Business Model Taxonomy – The Holy Grail

Full and seamless mapping of regulatory rules and obligations (often using techniques based on natural language processing and machine learning) requires several foundational building blocks to be in place.

  1. The disaggregation and disambiguation of the regulatory texts into machine readable rules.
  2. An up to date repository of policies, business processes and controls that these machine readable rules will be mapped to.
  3. A dynamic and machine readable version of a business model taxonomy, which represents the many dimensions of a complex financial institutions and the relationships between these dimensions – products, legal entities, business lines, functions, countries, regulatory jurisdictions.

Without this third building block, mapping regulatory obligations onto the business in a seamless way will be difficult to achieve. Open industry standards such as the Banking Industry Architecture Network (BIAN) standards and the ontology work of the Object Management Group are steps in the right direction but the first RegTech product to really crack this tough nut is certain to do very well indeed.

Financial Crime predictions for 2019

We asked our new Associate, financial crime expert Vesna McCreery to tell us her key predictions for fighting financial crime in 2019.

Financial Crime in banking is usually synonymous with regulatory measures to combat money-laundering, corruption and ensuring compliance with financial sanctions. However, we should also consider cybercrime under this umbrella, even though it has not traditionally been the responsibility of the Money Laundering Reporting Officer.

Increased levels of cybercrime

Unfortunately, I believe we are going to see continued and more sophisticated attacks on online users of financial products, particularly those who use mobile services. Some financial firms are trying to keep up with this, and some are doing so with a degree of success but it is unlikely that these sort of attacks are going to be easy to resolve or become less risky.  

Social engineering, which feeds authorised push payment fraud and other payment scams, is likely to continue contributing to rising losses and suspicious activity reporting numbers.

The final and most obvious aspect of cybercrime to consider is continued data breaches and hacking successes that help obtain information from a variety of sources. Even if the source is not necessarily a bank, hacking does still expose financial institutions by revealing banking details of their customers.

The likely regulatory response is additional pressure from regulators to tighten protections for customers, force improved prevention around fraud and money laundering through automation and increased use of data analytics.

Public-private co-operation on financial crime data

2019 is likely to see the continuation of cooperation between investigative authorities and financial services firms, and this is set to widen and grow over time even if the pace feels glacial at times. While this is a positive, we have also seen the regulators use this data exchange against large banks with criminal investigations being launched following what should have been perceived as exchanges in the spirit of trust and co-operation. It will be interesting to see if this stifles the industry / regulator dialogue in the future. But the practice is spreading globally and ultimately, authorities should be aiming to use the financial institutions as valued data sources more productively, rather than having endless attempts to criminalise their possession of such data. Striking the right balance on that account could be an interesting area to observe.

Data Protection

There is no question that data protection affects how financial crime relevant information is gathered, stored and deleted – now more than ever. Some interesting tests of this might come in 2019. And this is clearly related also to how firms are able to process and analyse information they have on customers in different silos and pockets, and that may at any given time look unrelated but with hindsight look “obviously” related to an issue uncovered externally by authorities or journalists.

Fighting financial crime with RegTech

One of the key trends in 2019 will be the continued exploration of new and known technologies – also known as regulatory technology – to help manage the pressures created by new forms of crime and continually higher regulatory expectations.

RegTech Associates Financial Crime Market Map

Financial institutions need innovation to compete and to protect themselves from crime, but finding a way of identifying firms products that resolve these problems rather than just having a good sales pitch can be problematic without participating in extensive testing. For small RegTech firms, this can mean delayed revenue whilst having high monthly burn-rates, which can threaten their financial survival. It will be fascinating to see how this problem is resolved  in practice and if simple referral by one institution to another will continue to be good enough or if services of those who can test and advise on behalf of the financial institutions will be used more widely.

Our recently updated RegTech directory is a key resource for informing buyers about the RegTech products than can help them fight financial crime. The Financial Crime Market Map analyses 120 products from RegTech firms to match them to specific financial crime use cases. If you would like more information about this aspect of the RegTech market, do get in touch.