Photo: Bay Ismoyo/AFP/Getty Images
Banks need ways to detect money laundering that are less expensive and more reliable.
Money laundering is one of the greatest growth industries of our time. Last year, financial institutions in the United States filed almost 5 million “suspicious activity” reports identifying transactions with potential links to fraud or money laundering.
That figure, already alarming, represents a shocking increase of 2,000 percent in just five years, in part because banks have gotten better at ferreting out illicit transactions.
Money laundering is also an innovative industry. Where a few years ago, a money launderer might do little more than break large piles of cash into smaller piles to escape reporting requirements (“smurfing”) or funnel illicit funds through cash-based businesses such as car washes and casinos, today’s far more sophisticated criminal enterprises conceal money movements through online instruments, digital payments, and dizzying numbers of global transactions. When banks block one strategy, the launderers devise another, staying one frustrating step ahead.
For these reasons, financial institutions need to revamp their anti-money laundering methods. Most need to go much further than the first steps they’ve already taken. To stop money laundering, institutions need to adopt more strategic, end-to-end processes that take advantage of recent innovations in data analysis. Most important, they must replace the familiar check-the-box compliance mindset in favor of full-on engagement.
Slipping through the cracks
Until recently, incremental improvement ruled the day. The tools already at banks’ disposal were acceptable to regulators, if not ideally effective, and few institutions saw the point of undertaking the expense, labor and regulatory risk of creating a new system that no one had asked for.
But now, it’s clear that banks need to make much bigger changes. On average, fewer than one in 10 warnings currently generated by transaction monitoring systems lead to the filing of a suspicious activity report; an estimated 90 to 95 percent or more are false positives. That means that in a year when the industry filed 4.7 million suspicious activity reports, it first had to investigate 50 to 90 million warnings or more—by hand—at an annual cost in the billions of dollars.
Moreover, weaknesses in the current system guarantee that some offenders—thanks to rudimentary modeling techniques, overloaded investigative operations, and lack of a holistic risk management approach—will slip through the cracks. That is a risk financial institutions shouldn’t take. A bank discovered to be inadvertently aiding an illegal gambling operation 40 years ago would have been embarrassed. A bank found inadvertently supporting a terrorist attack against the U.S. today might suffer irreparable damage to its reputation, especially considering the obvious moral duty of banks as the systemic first line of defense against such activities.
Advanced analytical tools are familiar in many areas of risk management, but financial institutions have only recently started using them to detect money laundering. These statistical techniques can reduce both false negatives and false positives—in some cases, false positives have fallen by 50 percent or more—and they help institutions respond rapidly to emerging threats. Quasi-autonomous machine learning can make analytics even more effective, but it won’t achieve its full potential until banks learn how to solve the crucial challenge of explaining to regulators the logic behind what the machine has learned on its own.
Robust client data
Analytics, of course, are only as good as the data they’re applied to. And though financial institutions track transactions well, they need to raise the bar on generating high-quality and well-organized client data that is comprehensively sourced, consistently verified, standardized, and regularly updated. Without it, data analysis is forced to rely on transaction data alone, which is important, but it is not enough. Obtaining customer data is not primarily an IT challenge: The trick is to get bank employees who interact with customers to understand the urgency of consistently asking for and recording a full range of information that will support the analytics program.
Finally, banks need to use appropriate risk management discipline and techniques. Analytics are a wonderful tool, but they aren’t much help without a strong understanding of what you’re trying to catch and why. Banks need to deeply understand how criminal organizations are attempting to exploit them and what new trends are emerging. Money laundering is a dynamic, constantly evolving form of criminal activity, and financial institutions need to create a dynamic, constantly evolving system for responding to it.
Defending the industry—and yourself
Money laundering is vital to the sort of enterprises society would be better off without: terrorist networks, drug cartels, and other disruptive criminal organizations. The penalties and reputational risk faced by banks that fail to identify laundering have never been greater, and the challenge of catching the launderers continues to escalate. We’re at a moment, however, when new tools are available to help the financial industry detect illicit transactions and regulators seem to be increasingly willing to let banks put them to use. It’s time for banks to remove the shackles and defend the integrity of their industry—and the future of their institutions.
Adrian Murphy, Partner, Finance and Risk practice at Oliver Wyman
Stefano Boezio, Principal, Finance and Risk practice at Oliver Wyman
Allen Meyer, Partner, Finance and Risk practice at Oliver Wyman