We have the technology (but not the returns)

A new survey on anti-money laundering (AML) and anti-fraud software shows that while many firms have made a substantial investment in technology in these two areas, they are seeing little return. Firms complain they have too many systems, pushing out too much data of only moderate usefulness, and that the systems they have don't speak with each other.

The new survey, conducted by OpRisk & Compliance magazine as part of its intelligence series – and sponsored by financial crime software firm Norkom – highlights the fact that firms still face serious challenges in combating financial crime.

First of all – and despite all the hype around AML and fraud over the past few years by regulators – only 54% of respondents said their firm had an AML solution in place, while 47% said they had a fraud detection solution. Reasons for not having either solution in place varied widely, and included "manual processes currently in place deemed adequate enough in light of other system spend risks and priorities", "technology is in its infancy", "too expensive" and "senior management awareness". Several respondents from emerging markets said they were waiting for their national regulator to outline AML rules before buying software. Other respondents objected to the cost of AML and fraud software programmes.

Yet, despite the objections, some 36% of respondents who did not have an AML solution in place plan to implement one over the next 12 months. And 33% of those who didn't have a fraud solution are looking to make an investment in anti-fraud software over the same period. This is because, say industry sources, firms feel regulatory pressure to implement a technology solution, and also because the AML rules being put in place are becoming increasingly difficult to comply with using manual processes in an institution of even moderate scale.

But what value are firms with AML and fraud solutions in place getting for their technology dollar? From the results of our survey, it's clear that many firms are having difficulty using their technology to reduce their work burden. For example, some 10% of AML system respondents said that between 51% and 75% of their alerts were "false positives", and another 6% said that between 76% and 100% of their alerts were false positives. The false positives for fraud are at similar levels, with 11% of respondents saying that 51% to 76% of their alerts are false positives, and another 7% claiming that between 76% and 100% are false positives.

Not surprisingly this level of "false positives" from AML and fraud systems requires a lot of man-hours to sort out. Nine percent of respondents said investigators spent 51–75% of their time investigating false positives, while 6% said their investigators spent between 76% and 100% of their time on them.

"Executives we speak with in the industry are complaining 'I've complied with the regulations, I have a huge cost, and the software is not providing useful information'," says Rosemary Turley, director of Norkom Technologies. "They are saying 'We have too much going on, we can't see the wood for the trees'."

Compounding the problem of false positives is the fact that most firms have more than one AML system and more than one fraud system in place. According to the survey, 33% of firms have between two and five AML systems and two and five fraud systems. This is because many firms allowed different business lines – for example, private banking or asset management – to implement their own AML or fraud system within their particular business line, instead of imposing one AML or fraud system across the company.

As a result, the combining of information about AML or fraud cases across the organisation is often a manual process. Some 48% of respondents said they route their alerts to internal investigators manually, while another 33% said they do not currently route alerts to investigators based on skills or experience.

It is also difficult to improve the accuracy of detection and reduce the number of false positives if a firm has a variety of systems to handle AML and fraud. Some 20% of respondents said they take "occasional action to refine our detection scenarios but this is not a structured process. Another 18% said they "currently take no action to improve our detection scenarios".

In addition, just 15% of firms said they had a software solution in place that supported the sharing of information between investigators in AML and fraud. Some 58% of respondents said that although their firm takes a combined approach to the detection and investigation of money laundering and other types of financial crime, including fraud, they have to rely on structured manual processes to support the sharing of information between investigators. Even more disturbingly, some 27% of firms say they are not currently able to co-ordinate investigations across different financial crime areas.

Looking even more deeply into the question of the centralisation of financial crime information, the survey shows that 16% of respondents believe such information consolidation for investigating and reporting is best practice, and they are taking steps to achieve that. However, some 42% say that while such centralisation is best practice, they "are currently taking no steps to achieve that." A further 18% acknowledge that centralisation is best practice, but argue that they believe "the technology integration challenge to be insurmountable".

Turley says regulators in many countries – including the US and the UK – are becoming increasingly focused on the concept of having firms take a centralised view of financial crime happening within their corporate borders. She says that within three to five years, most of the world's top regulators will require firms to be able to take a centralised view of fraud, AML and other types of crime. "A few firms," she adds, "are changing their organisational structure and putting in systems to have a platform for the future."

For now, though, she says the lack of robust and co-ordinated technology at many firms has led to real "on the ground" difficulties with investigation teams. Investigators become discouraged when faced with stacks of "false positives". They want cases they can "sink their teeth into", she says. Firms with high levels of "false positives" can see high turnover in their investigations staff as a result, she adds.

Other human resources problems can occur as a result of high levels of false positives, she adds. Each false positive does need to be examined, so the more false positives there are, the more investigations staff is required, leading to spiralling HR costs for many compliance departments.

To combat this, Turley says her company is seeing an increase in queries about automated workflow programmes in the RFPs that they are receiving, and that a top concern of the bank executives they speak with is the improvement of the efficiency and accuracy of their investigatory staff. Not surprisingly, Turley advocates the use of technology to improve the way individual cases are communicated and co-ordinated within firms, so that investigators can boost their own performance and enjoy their jobs more. Says Turley, "the accuracy of detection is ultimately down to staff retention". OR&C