Displaying search results for ""

2022 Banking Regulatory and Compliance Outlook

2022 Banking Regulatory and Compliance Outlook

For banking compliance, a lot is expected to change in 2022. Super apps will dominate, ESG concerns will be prominent in Banks’ annual vision(s), and more use cases for digital currencies will emerge. AI and ML applications will create examples of zero-waste operations, the BNPL payments industry will thrive, and cross-border players will progress.

These are all powerful post-pandemic forces shaping the post-digital era for banking evolution.

Regulatory and Compliance Outlook – Balancing Innovation and Consumer Protection

Central regulators are rethinking and reorganizing their regulatory services with the influx of “digital” in banking operations. Like always, the goal is to ensure a clean and high trusted financial system, which protects end customers and facilitates market competition through product and service innovation.

In 2022, more than ever, the banking regulatory and compliance outlook will encompass the following agendas for action.

  1. Promoting new entrants. Today, more governmental financial authorities are optimistic about data innovation hubs and regulatory cells that help new businesses better interpret regulatory nuances. Along with adopting cashless approaches, regulators encourage economic ecosystems to favor digitization for transparency and convenience. As fiscal operations receive more robust governance, the marketplace will be faster and more cost-effective with high-convenience services. The stage is thus set for the platform giants – Facebook, Apple, and Alibaba.
  2. Reducing the cost and complexity. Simplifying the reporting and fast-tracking complex regulatory requirements is high on the task list. Digitizing reporting rules brings down the overall cost, not to mention the benefits of transparency and customer omnichannel experience.
  3. A case for innovation and higher security preparedness. Emerging technologies – decentralized finance, AI, Robotics, 5G, and APIs – will accelerate new products and services developments and support regulators in their supervision mandates. Additionally, such technological options will boost business continuity plans, risk mitigation, and disaster recovery plans for volatility threats.
  4. Harness the power of data. With mass-scale digitization efforts underway, regulators would benefit from having granular data (and metadata), robust storage mechanisms, and flexible accessibility. This arrangement will likely offer next-level agility that supports diverse business functions and enhances financial insights that improve future research and progressive measures when synced with source systems.
  5. Drive efficiency. By leveraging cloud and AI, forward-looking regulators and central agencies rearrange their clearing and settlement infrastructure. This increases both internal and external efficiencies. A step in that direction is the new ISO20022 messaging standard for richer data and interoperability and a second initiative is the increased usage of APIs.
  6. Effective Communication. In 2022, the steps to merge the vital data element to create a higher degree of transparency will continue. Open communication protocols for regulators are a top priority. The systems must be systematic, consistent, and easily interpretable to preserve bidirectionality.


From PSD2 in the EU, CMA open banking in the UK, HKMA Open API in Hong Kong, and Australia Treasury Open banking, to other countries deliberating open banking in multiple shapes (like Japan, Malaysia, US, Brazil, and Mexico), the banking compliance regulatory authorities are at the vanguard of meaningful industry change. All of these pose some degree of threat to banks’ business models and revenues. Still, they are focused on increasing competition, fostering innovation, reducing costs, and bringing higher-end consumer protection in the long run.


Use of Machine Learning to Eliminate “False Positives” in AML Drive

Use of Machine Learning to Eliminate “False Positives” in AML Drive

With the increase in regulatory demands, and screening volumes spiking through the ceiling, ML is seen as the only viable option to accurately detect suspicious transactions.

Over the past several years, the instances of international money laundering have increased manifold, driving enforcement agencies in various countries to update their AML rules and regulations to curb illegal means of generating income. Globally, financial institutions are racing to deploy heightened screening systems and pushing their existing technologies to cope with the new rush. Events such as the Deutsche Bank’s alleged failings in securities trades, originating from Russia between 2011 and 2015, have led enforcement agencies to make formidable AML regulations.

Almost all FIs and banks are now deploying enhanced identify verification systems. They have come up with more stringent standards for accepting new customers. PEP (Politically Exposed People) screenings have increased. Scrutiny of public records of customers are gaining momentum, so much so that FIs and banks are not hesitating to add negative news as a factor.

This is a double-edged sword for FIs and banks. As they scrutinize more closely, they also have to tread carefully so as not to cross the thin line of violating customer privacy. The customers, on their part, are becoming edgy with their banks asking far too many questions.

The Spectre of “False Positives”

There is an overload of data but data accuracy is becoming a concern. The common element of complaint amongst the financial institutions is the credibility of data procured. The factor of “false positives” where a legal transaction is often flagged as suspect is increasing.

Call out

It is clear that the old ways of rule-based filtering are proving to be inadequate, moreover, existing technologies are not flexible enough for real time interventions. Since the existing system depends on old rule based analytical methods and expert judgment, there is a higher chance of missing valid alerts.

Adoption of ML

There is now widespread belief that the adoption of analytics-led approach and machine learning (ML) will help overcome the false positive challenge. ML based risk assessment scoring and alert generation and adaptive and predictive modeling are now being seriously considered.

One of the biggest roadblocks faced with mostly manual checks and screening is the amount of triage that the personnel must do when alerts are flagged. As this load increases, personnel will set aside triaging or put it in hibernation. Most of it may get auto closed post a time period and the opportunity to action is lost forever. By deploying ML, computers can now be trained to check, screen and do triages, hibernate and close without manual intervention.

With ML, FIs and banks can now draw up a holistic view of the customer from static KYC documents and dynamic data from transactions. ML can also help build the social graphs of customers and can deal with big data effectively to create behavioural models (predictive) for individual customers. The automated system can trigger checks, screenings and triages. What more, an ML engine can be deployed orthogonal to an existing infrastructure running independently without disturbing current operations. Until the organizations gain enough confidence in their ML systems, they can effecively operate both manual and automated systems.

There are a number of solutions put forth by researchers working with real time data for clients across the world. One such solution [6] involves using advanced Data Mining techniques with Neural Network and Transaction Analysis to detect money laundering instances. This solution uses traditional data mining approach involving data gathering, clustering and classification to build a knowledge base about a customer and then watching each transaction for its frequency and quantum of funds involved in those transactions.

Artificial Intelligence (AI) AI and ML are now being deployed right from the CDD (Customer Due Diligence) stage. Called Customer Onboarding, the CDD process ensures that an automated agent provides real-time, dynamic features to the onboarding human agents to detect fraud more accurately and easily. In the next stage, called the Link Analysis, the AI/ML agents help link KYC data with other sources of structured and unstructured data and also real time transactions. This leads to faster customer segmentation where a customer behavioural map can be drawn and can be benchmarked. Once the data is generated, linked and segmented, other features like screening transactions and alerting on suspicious activities are driven through AI/ML automatically with least intervention from human agents.


ML Deployment in real world

Many FIs and banks are using ML for non AML operations such as building the customer transaction profile, offering AI chatbots – mostly for upselling products to customers or for better customer service.  There is a gradual acceptance of ML in fraud detection and AML regulations.

Citibank has made a strategic investment in Feedzai, an data science company that works in real time fraud detection. However, an example of a direct application of ML to detect fraudulent transactions across the globe is that of AUSTRAC (Australian Transaction Record Analysis Center) in collaboration with the RMIT University in Melbourne.

While FIs and banks and national agencies know the power of ML and its benefits, they are looking at ML as a human augmentation tool rather than a fully automated system. They are using ML without much ado to detect suspicious activities and flag it for experts to jump in and screen. However, this viewpoint is rapidly changing due to cost over-runs and sheer volume of alerts that are being generated. We will soon see ML taking on a more central role in AML compliance.



[1] https://www.techemergence.com/ai-in-banking-analysis/

[2] https://gomedici.com/ml-in-aml-applying-data-science-ai-to-tackle-international-financial-crime/

[3] https://www.accenture.com/_acnmedia/PDF-61/Accenture-Leveraging-Machine-Learning-Anti-Money-Laundering-Transaction-Monitoring.pdf

[4] https://internationalbanker.com/finance/five-steps-anti-money-laundering-compliance-2017/

[5] http://files.acams.org/pdfs/2016/Dow_Jones_and_ACAMS_Global_Anti-Money_Laundering_Survey_Results_2016.pdf

[6] A data mining-based solution for detecting suspicious money – arXiv: https://arxiv.org/pdf/1609.00990



PSD2 Implications on Banking

PSD2 Implications on Banking

The banking sector is soon set to witness the effects of the PSD2 (Revised Payment Service Directive) this year. Heralded as the defining moment for European banking sector, the PSD2 has created a clean slate for all banks, new entrants and old players, facilitating data sharing of customer data and payment networks to third-party providers (TPPs) under a standard format.

PSD2 Implementation Timeline

Open banking is not a new concept in the world of finance. Countries like Singapore, South Korea and India have gained significant traction in terms of open banking APIs. The US and Australia are expanding their financial standing via offering consumers more choice of financial service providers. Joining the Open Banking digital revolution is Europe with its PSD2 mandate. The European financial ecosystem would see banks defining their Open API strategy for new entrants. PSD2’s main aim is to foster innovation through a healthy-competitive environment. The new directive opens ups the playing field for FinTech startups and other companies to create innovative products through APIs and new payment strategies.

What does the revised directive mean?

PSD2’s multi-faceted regulation has its implications on banks, tech companies, financial institutions and customers. Banks are looking at increasing security measure for online payments with strong customer authentication. The digital strategies would need to incorporate interoperability between various financial institutions. Third-party providers on the other hand enter a regulated environment wherein they get technical access to all payment systems.

As banks head towards a single digital market, customers stand to benefit from this directive via reduced costs of operation through higher competition and decrease in card transactions. Innovation would bring about a new host of products and services with respect to account information service providers (AISPs) and payment initiation service providers (PISPs) – leading to an improved customer environment.

Are banks prepared?

Giving data access to non-banks puts them in the same league as traditional banks in providing similar payment services. Merchants and third party providers can highly benefit by selecting specific services to hyper focus and capitalize on. Banks would be competing against retailers like E-commerce vendors, social media sites and other established businesses that can effectively function as independent AISPs and PISPs – effectively bypassing banks.

4 Factors for PSD2 Readiness

Traditional banks need to reposition their revenue streams through innovative customer servicing technologies and strategic alliances. Banks will need to look into:

  • Payment Dispute Resolution – Effective from July 2018, payment service providers (PSPs) will be obligated to respond to payment complaints within 15 business days, as opposed to the standard 8 weeks timeline.
  • Two Factor Authentication (2FA) – Strong Customer Authentication (SCA) is a key element of PSD2, calling for a minimum 2FA for digital transactions.
  • Right to privacy – The General Data Protection Regulation (GDPR), which is due to take effect from 25th May, 2018, is aimed at regulating data sharing between parties. This raises a compliance concern for banks and what comes under the purview of legal consent at the end user.
  • API disruption – Banks have till September 2019 to introduce the API technology to new FinTech partners as part of the PSD2 RTS (Regulatory Technical Standards). Opening new financial services under the API would require extra security measures to be implemented along with a robust framework for network protection.

It’s positive to note that banks are viewing PSD2 not as a threat but a strategic opportunity to develop on bank’s core services. In a recent survey by PwC, it was noted that 71% of banks are considering partnerships with FinTech to develop new products and services. The survey also highlighted the difference in PSD2 readiness between the UK and mainland Europe. While UK is proactive with PSD2, mainland Europe is still holding back on partnering with FinTechs.

The transition period is tricky as consumers and banks grapple with the changes. A recent survey by Which? found that 92% of the public haven’t even heard about Open Banking. The earlier PSD rule applied to European Economic Area (EEA) countries only, but the revised directive has its implication across Europe. The complex architecture of PSD2 shifts the power of data relevancy to consumers – raising data concerns regarding what is perceived as “sensitive data” by banks versus end users. Hence, the need of the hour being for all stakeholders to clearly communicate data permission and privacy laws to customers.

Overall, 2018 is going to be an interesting year to see how the financial markets shift in Europe with the formation of new bank consortiums and partnerships. With players like Facebook, Google and Amazon entering the payments market, banks need to look into the impact of disintermediation on their business.


Making a Difference through Automation in AML

Making a Difference through Automation in AML

The rise in money laundering and terrorist financing cases has led to a global awareness on financial loss and its impact on the economy. Over the years, regulators have increased pressure to monitor every financial transaction for criminal activity, terrorism, and tax evasion. The penalties for non-compliance are staggering – a recent example being Deutsche Bank which was fined $41 million in 2017 for money laundering lapses.

Banks and financial institutions (FIs) have been exploring multiple software solutions to reduce their operating costs on AML, at the same time maintaining an efficient system that delivers accurate compliance reports in time to stakeholders and decisions makers. Financial ecosystem players – FinTech and RegTech, have been continually evolving to develop robust solutions, through inclusion of AI-based initiatives and automation.

A Thomson Reuters survey indicates that an average financial institution spends close to $150 million on AML/KYC initiatives. The prominence of data collection, aggregation, and analysis combined with a high degree of repetitiveness and process-oriented approach, makes AML an ideal candidate for achieving cost benefits and efficiency through automation.

Automation can be achieved across multiple areas of AML, prominent ones being Know Your Customer (KYC), Customer Due Diligence (CDD), anomalous transaction monitoring and even Extended Due Diligence initiatives. Based on the maturity of the process under consideration, it can be completely automated or partially automated by bringing in the human intervention at suitable intervals. Few of these are listed below.

Customer onboarding

While many of the data collection processes at this stage like gleaning customer data from accessible sources like the bank’s CRM system can be automated, a lot of time is spent in carrying out KYC. Majority of the current KYC processes may take days/weeks to comply with regulators. A global survey done by Thomson Reuters on KYC indicates that the time to onboard has jumped from 28 days in 2016 to 32 days in 2017 and would continue rise by at least 12 percent in 2018. Further, financial institutions with revenues in excess of $10 billion have witnessed an increase in KYC spend from $142 million in 2016 to $150 million currently.

Many banks have started exploring Artificial Intelligence/Machine Learning based automation systems across their KYC initiatives. Processes around validating customer data by scouting across various surround systems, compliance directories, social media feeds and regulatory bodies can be fully automated. Similarly, screening of the customer information through OFAC and PEP checks as well as external government watch lists can benefit through automation. The latter can be extended not only to new customers but also to existing customers of the bank.  Multiple solutions in the market take automation a step further by validating the identity of applicants in real time, thereby drastically reducing on boarding times.

By using RPA a European bank was able to automate customer checks and make information readily available to analysts for clearing CDD compliance. The time taken drastically reduced by 80% from 20 minutes taken initially.

Customer risk profiling

Building customer risk profiles is an important step towards identifying suspicious activities and flagging off investigations. It involves data collation not only through established sources like legal registries and directories but also the broader online space including social media networks, websites etc. While data is collected at the time of onboarding, there needs to be mechanisms in place to constantly scout and make updates on an ongoing basis.

Currently, financial institutions use manual intervention in the processing of structured and unstructured data. The high cost of integrating systems is a major deterrent to automating this process. This makes it an ideal platform for using BOTS that can crawl around frequently, update information to customer information as part of risk profiles and provide quick response to any customer risk assessment requests.

Further, technologies like Artificial Intelligence and Blockchain are increasingly being used to carry out real-time reporting that compiles, tracks and stores large data sets while adhering to regulatory rules set by different financial agencies. Few leading banks are also experimenting using chatbots for quick and easy KYC compliance of customers. The bots analyze user responses using Natural Language Processing (NLP), in turn reducing time and labor requirements for KYC processes.

Suspicious activity monitoring

Research reports on the global AML software market indicate that transaction monitoring has the highest penetration rate. Little wonder that regulatory solution providers like Nice Actimize and Pega systems have been incorporating RPA, machine learning, and analytics principles to automate suspicious activity monitoring solutions. On one hand, such solutions provide better accuracy in reporting anomalies and on the other, free up financial crime experts to look at higher category threats.

On similar lines, various RegTech players have been attempting to enhance automation across this space through Anti-Financial Crime Solutions that aim to understand customer behavior, identify patterns coupled with unstructured text analysis, and detect even the smallest anomalies in transactions. Such initiatives further help in reducing the number of false positives by having an accurate risk profiling of the customer that can be mapped to flag off truly suspicious transactions.

We also see that newer and effective systems are continually replacing their predecessors. Today’s BSA/AML programs are becoming increasingly reliant on quantitative models (like Bayesian networks) to detect suspicious activity. Bayesian frameworks are being used to assist in building a risk score for customers, essentially identifying customers who need to undergo the EDD process. These are further used to build customer profiles and drive automated Suspicious Activity Report (SAR) filings, based on anomalies detected in their transaction histories.

While automation seems to be the magical process to solve all AML issues, banks need to recognize the limits of AML automation. Technology decisions need to be customized to a bank and not blindly replicate other systems. Financial institutions also need to note that not all processes can be automated. Some processes like transaction investigation can be semi-automated wherein specifics associated with an anomalous transaction can be provided by automation system while aspects relating to analysis, classification of the transaction and rectification measures are carried out through human intervention.


Automation for Cost-effective AML Compliance

Automation for Cost-effective AML Compliance

Automation for Cost-effective AML Compliance

Over the last few years, all industries have as witnessed a series of seismic changes, all driven by technology.  And the banking industry is not immune to these changes. However, what hasn’t changed for banks is the strict regulatory framework within which they need to navigate and manage these dynamic market changes; all the while being compliant, and cost focused.

No longer a new concept in the banking industry (which has always been an early technology adopter), Robotics Process Automation (RPA) is being leveraged by banks to meet the regulatory requirements set out by the Bank Secrecy Act and Anti-Money Laundering (BSA/AML) in a cost and time efficient manner.

So, what is RPA? Essentially, it is a software application that replicates human actions and at the same time interacts with various applications on the computer. It does this round the clock, through the year with or without the support of human interaction. It is most often deployed for repetitive tasks.


Being highly regulated, the banking and financial services industry can ill afford errors. With a growing customer base, stringent global and local regulations, and digital operations posing a high-risk of security and fraud; an error can mean penalties in cases of non-compliance. Which is why more and more banks are becoming increasingly stringent with their ‘Know Your Customer’ or KYC norms. It is in this space that RPA offers a huge opportunity to enhance regulatory compliance, including AML and customer due diligence.

Some of the areas where banks can use RPA are:

  • Customer onboarding: This is a time-intensive process and RPA can reduce the time taken significantly—from months to weeks, or even days. For example, if a bank is onboarding a corporate customer then leveraging RPA the bank can log in to various public registers of companies and retrieving the registration information (date, number) and getting the list of company directors; thus, hastening and completing the identification and verification of the customer.
  • Customer due diligence: The due diligence processes can be improved substantially, with time reducing for an average check by as much as 50%.[i] Banks can use RPA for data entry of customer information, while the bots can validate the existing information by accessing internal databases, social media, and websites.
  • Customer outreach: As part of AML compliance, banks need to update customer information at regular intervals (dependent on customer risk levels), apart from collecting this information during initial onboarding. Doing this manually would be cost inefficient as well as increase the probability of human errors. By deploying RPA, banks can structure the process and at regular intervals, the additional data can be collected from external sources.

Innovation in Automation…

While at present most banks are deploying RPA for the basic repetitive processes, once the shift has happened there is a significant scope to leverage innovations as well.

For example, Artificial Intelligence (AI) and machine-learning have a huge potential to impact the KYC compliance process by assisting in identifying high-risk customers who need to be screened with an Enhanced Due Diligence (EDD) process. This can be done based on pattern recognition techniques coupled with unstructured text analysis.

HSBC has been automating some of its compliance processes to become more efficient. The bank is leveraging AI technology to automate its anti-money laundering investigations, which were traditionally conducted by individuals. In a 12-week period, HSBC was able to achieve a 20% reduction in false positives while maintaining the same number of reports of suspicious activity for human review. Taking this initiative forward has the potential to save HSBC millions of dollars per year.[ii]

Another area of innovation is using chatbots for customer communication during the onboarding process and using the Natural Language Processing (NLP) to analyze their responses to identify any high-risk behavioral the while saving cost as well as reducing human error probability.

Similarly, using Machine Learning banks can automate SAR filings and report generation; and leverage visualization technologies to make sense of large volume of unstructured data.

In conclusion

Facing several challenges, the banking sector can leverage automation and specifically RPA to manage and mitigate a number of them. Considering the significant potential of RPA, especially in managing the regulatory compliance needs, banks across markets are deploying this technology on a wide-scale.

By using this in an optimum and intelligent manner, compliance teams in banks can not only save time and costs, but also reduce the risk of human errors significantly; in this stringently regulated space. For tomorrow’s banking leaders, it is imperative to build organizational maturity and ability to adopt these technologies.


[i] https://forensicdiariesblog.ey.com/2017/11/08/redefining-aml-compliance-in-banking-through-robotics/

[ii] https://www.globaldata.com/hsbc-adopts-ai-streamline-compliance-efforts/