You'd like to find out more about the range of services offered by the msg group? Then visit the websites of msg and its group companies.
You're using an AML solution with rules and scenarios set up during the implementation project, generating alerts when transactions exceed certain thresholds. Maybe you've even segmented customers into broad categories like "corporate clients" and "private individuals" to fine-tune those thresholds.
Feels advanced, right?
Are all private individuals the same? Do all companies behave identically?
Spoiler: They don’t.
Setting thresholds based on broad categories alone is like using the same speed limit for bicycles and sports cars – it doesn’t make sense, and the regulator won’t favour this approach.
By analysing customer transaction behaviour, we uncover meaningful subgroups within each category. Think of it as introducing "sports car companies" and "bicycle companies" instead of just "companies".
We use advanced statistical methods: first, we identify the correlation dimensions, then compute a suitable number of clusters. There’s no AI involved, so everything is explainable – even to the auditor.
With this refined segmentation, you can:
Once the new subcategories are defined, the logical next step is backtesting. We help you fine-tune thresholds for these newly identified groups, ensuring your AML system is not only compliant but also efficient.
In this blog post, I would like to provide an outlook on 2023 and the following years, this means the near future of our domain that is dedicated to fighting financial crime. As always with such outlooks, this one does not claim to be complete, but is a mixture of subjective perception and observation and objective analysis.
As there are different perspectives on the area of “Anti-Financial Crime Compliance”, I would like to start by outlining what is meant by this, without going into too many details. This is followed by an assessment of 2022 and an outlook for the near future. At msg Rethink Compliance, we summarize the following areas under the term “Anti-Financial Crime” (AFC). Each of these areas is to be regarded individually even if there are overlaps between them. For this, see our Glossary.
Explicitly excluded from this consideration are the areas of tax evasion, which overlaps with AML and KYC, and the area of anti-cybercrime, which in a broader sense is part of fraud prevention but which is an individual topic in the area of industrial espionage, for example. We take this into account in the msg group and offer specialist expertise in the form of msg security advisors.
For 2022, the Financial Crimes News platform provides what I consider to be a very good and structured overview and analysis of events, including interesting questions (Fighting Financial Crime in 2022 – Dashboard by FCN). Since almost every software vendor in the field never tires of commenting on the events of the year, sometimes more, sometimes less, I don't want to join the ranks.
We are continuously and systematically investigating the market. For this, we have developed our AFC Radar, in which we take a closer look at all stakeholders, collect observations, identify trends, and then examine the extent to which these have significant impact on AFC compliance. This includes politicians, regulators, watchdog organizations or the affected industries such as banking, insurance and others. But we also consider changes in the type of work, availability of technologies, system suppliers and software providers as well as the possible uses of the applications. We attempt to corroborate these observations using four consideration perspectives. The following illustration gives a rough impression of the multitude of drivers considered.
Basically, we can assume that these drivers are motivated by a general desire to improve the fight against white-collar crime. Following a recent discussion about artificial Intelligence (AI), I recently tried ChatGPT, an advanced chatbot prototype from the US-based OpenAI. I asked “Got any ideas to improve combating financial crime?” and received the following answer from the AI-driven bot[i]:
The underlying transformer-based machine learning model[ii] has been trained using a large dataset of conversations. Mainstream dominates here, not necessarily facts. Thus, these six points mentioned by ChatGPT hardly come as a surprise. This remains the case if one further questions each individual aspect of the above answers. Even on the question of how this can be implemented, the model provides clues. We have already pointed out the particular importance of transformer models, including the newer feedback transformer architectures[iii], for regulatory compliance at various conferences, as well as the problems, especially with respect to perception bias of AI/ML. ChatGPT has attracted a great deal of attention and received much acclaim. However, there are wholly different questions critical to this specific artificial intelligence that we will not pursue here now. Nevertheless, one can predict that in the area of AFC compliance, the use of technology - which ultimately includes AI/ML - will continue to grow to increase effectiveness and efficiency.
For the near future of AFC compliance, we also see the following additional topics, signals and trends, among others:
Regulation & Supervision. Under this heading I have tried to present our main observations on the requirements and behaviors of regulators and supervisory authorities, without going into new laws or adaptations of existing laws (AMLA (Anti-Money Laundering Act), LkSG (Lieferkettensorgfaltspflichtengesetz), EU Supply Chain Directive, EU AI Act and many more). I have also left out specific industry topics such as Target2 in payment transactions, which is to be successfully implemented in the EU this year, the real estate sector, which is facing tighter regulation and supervision, DNFBPs (“Designated Non-Financial Businesses & Professions”) which will see similar challenges or the challenges in payments and eCommerce. Instead, I will deal with the generally applicable topics below.
In the area of industry drivers, I would like to mention the following from the sum of the identified observations:
Effectiveness & Efficiency. We are inclined to always think of this point as technologically motivated. But that’s not true. Although the topics of automation and AI/ML play a major role in the discussion in this area, it would be fatal to assume that technology alone can bring about an improvement in the situation. Technology – whether new or changed – should always entail an adaptation of processes and, if necessary, of the organizational structure, or this should even precede the technology.
One could write a lot more, but in my opinion the points listed above represent a good mix of currently discussed challenges and those to be expected in the near future. Unsurprisingly, AFC compliance remains a challenging topic in 2023, both in terms of effectiveness and the need to improve efficiency and proportionality of resources.
[i] ChatGPT Dec 15 Version in a Free Research Preview; Original Question: “Got any ideas to improve combating financial crime?”
[ii] Transformer refers to a deep learning model based on sequential data input, but which can be parallelized, helping to significantly reduce training time.
[iii] The term “Feedback Transformer” originates from a research paper dated January 25, 2021 by the authors Angela Fan, Thibaut Lavril, Edouard Grave, Armand Joulin and Sainbayar Sukhbaatar, all from Facebook AI Research, in which the limitations of traditional transformer models were identified as well as the possible elimination of these restrictions. We tend to find the term misleading and usually use the term “recursive transformer”. Here, all layers in a vector are fed into the model memory per time step, not just the representations of the lower levels.. This results in much more powerful models.
[iv] Compare Brunnermeier, M. K. (2021), The Resilient Society, 2nd Edition.
[v] On October 18, 2022, the competent court in Amsterdam ruled that Neobank bunq could very well use artificial intelligence methods to combat money laundering. Among other things, this has so far been rejected by the Dutch central bank. However, the ruling also confirms shortcomings of the bank in the effectiveness of monitoring, especially in the area of customer risk classification. Both DNB and bunq see their opinions confirmed in the ruling. With regard to the use of modern technology to combat money laundering, DNB has announced on the basis of the ruling that it will enter into a dialog with the financial sector
Much is being written about and reported on the topic of supply chain compliance, whether this be the German Lieferkettensorgfaltspflichtengesetz (LkSG/Supply Chain Act), the corresponding EU directive that is in preparation, or the extraterritorial laws that have been valid internationally for some time and also affect the supply chain such as the UK Bribery Act (UKBA) or the US Foreign Corrupt Practices Act (FCPA). My colleagues have already addressed the content of the individual guidelines as well as the broader context on bribery, corruption and ESG and have published this in other blog posts. [👉Pinar Karacinar-Gehweiler: Compliance Requirements Due to the German Supply Chain Due Diligence Act; 👉Lea Ilina: ESG in the Tension Field of Corruption]. This blog post now outlines a corresponding IT system to support supply chain compliance and shows which components should be part of such a system, how and why.
Even if the above-mentioned regulations seem to have little in common at first glance, they all have at least the following points in common:
This results in the following process view on the topic:
Fig. 1: Process view business partner screening
Combining the topics outlined above enables efficiency and productivity benefits to be leveraged. This makes it possible to create a uniform system for business partner compliance that covers and presents the relevant company-specific risks in a holistic manner. In addition to transparency benefits, this results above all in the avoidance of redundancy in processing both within the company and on the part of the business partner, i.e. the vendor. The support provided by a flexible IT system, called a supply chain compliance solution for simplicity’s sake, further contributes to cost reduction by avoiding IT silos, redundant data preparation and storage, and reducing other direct and indirect costs of such a software solution compared to multiple stand-alone solutions.
Based on the above considerations in connection with the process-related view of a business partner lifecycle, the following schematic structure results for the construction of such a flexible software solution, starting with the core processes:
After the core processes have been roughly described, the question arises of the actors who must work on or with such a system, in other words, the question of interfaces and user roles. Here, too, the list is shown schematically.
Interfaces:
With regard to the interfaces, it should be noted that this does not address specific, country- or industry-specific reporting requirements to regulators, which may be another interface requirement.
User roles:
With regard to the roles, it should be noted that these must always be set up on a company-specific basis and that these, as well as the role designations, may well be different.
This roughly results in the following use case diagram for an IT-supported supply chain compliance system:
Fig. 2: Use case diagram of an IT-based system for supply chain compliance (without event/transaction monitoring).
The outlined IT-supported implementation of a business partner compliance system is generic and, in this form, can support the regulatory compliance requirements for cooperation with business partners in general (sales partners, joint ventures, research initiatives, HR partners, etc.) and vendors in particular. Regulatory specifics have been omitted for clarity, as have industry-specific requirements. As part of this blog series, we will soon also provide insights and examples on risk model, audit strategy and reporting. So it's worth following the #rethinkcompliance blog and staying tuned.
msg Rethink Compliance GmbH
Amelia-Mary-Earhart-Str. 14
60549 Frankfurt / Main
+49 69 580045-0
info@msg-compliance.com
msg Rethink Compliance is part of msg, an independent group of companies with more than 10,000 employees.
The msg group operates in 34 countries in the banking, insurance, automotive, consumer products, food, healthcare, life science & chemicals, public sector, telecommunications, manufacturing, travel & logistics and utilities industries. msg develops holistic software solutions and advises its customers on all aspects of information technology.