People-related components (employment and training) dominate, accounting for almost 70 percent of AML compliance costs in the UK, compared to just under 25 percent relating to technology – see Fig 4. This is consistent with our Future of Financial Crime Research in 20207, which showed two thirds of AML compliance budgets were being spent on people-related costs, and only a third on technology.
On average firms reported having 38 full-time equivalents (FTEs) working on AML compliance in the UK, although for the bigger banks, this figure rose to over 100 FTEs.
The biggest proportion of a firm’s AML compliance costs relates to staff. Training staff and holding on to them can be difficult, especially given the high demand for financial crime compliance staff in the UK. If they are to be effective at spotting relevant activity and successfully preventing attacks, firms need to continuously ensure their compliance teams are fully briefed on all new and emerging criminal threats, yet, in practice, most AML related training is focussed on rules compliance and internal processes.
Keeping on top of fast-evolving criminal threats can be a real challenge, for example with the dramatic increase in malicious bot attacks and social engineering scams, or criminals infiltrating systems and client accounts, using different IP addresses and devices. It will come as no surprise therefore that almost 15 percent of total AML compliance budgets are being spent on staff training. Another issue relates to experience; ensuring frontline staff understand not only what they’re being asked to do but also why, and what to look for.
“There is such big demand out there for compliance people, especially AML and KYC, you tend to find that people will jump ship quite often. This means that in many cases, compliance staff are not staying in roles long enough to achieve the necessary level of embedded learning into the commercial changes of financial crime trends that are occurring in that space.”
– Kam Biring, Currencies Direct
“Previously, there was an expectation on frontline staff to key the details in at the point of onboarding new business. That becomes problematic where staff perhaps don’t see the value, because you could go all your life keying these in and never, ever [see a] ‘sanctions match’ in your life.”
– Graeme Morrison, Ardonagh Group
Almost two in three firms experience problems with data quality; two in five experience issues with legacy systems; and a further two in five struggles with data silos. All of these issues contribute to unnecessary compliance activity and costs.
The reassuring news is, technology and data solutions are typically top of the priority list for firms aiming to improve AML compliance processes over the next three years, in particular, challenger banks and smaller financial institutions. Many large firms appear to be leading the charge in this regard, reporting strong performance in effective data management (91%), recent investment in technology (72%) and strong return on (technology) investment (81%).
In fact, according to our survey, there’s a clear and strong direction of travel towards greater use of technology and data: Two in five (43%) firms are planning to launch data quality initiatives in the coming year, with a third (32%) planning to do so in the next two to three years.
Around the same number (39%) of firms will be implementing new compliance software this year, with a third (34%) looking to do so over the next three years.
41% of firms said they are looking to upskill their compliance staff with data science and technology capabilities over the coming year, with a further 31% of firms looking to recruit new staff with these skills within the same time period. The recruitment and upskilling of staff become even more of a priority for firms over subsequent years.
The pandemic has massively accelerated the shift to digitalisation. On average, respondents expect their technology costs to increase by 11.4% as a result of changing consumer habits and expectations.
To understand the relationship between technology and future cost pressures, we modelled the relationship between the expected change in AML compliance cost and a firm’s current reliance on technology and data, as a share of costs.
Firms that report having more advanced technology and data systems also report lower compliance costs, all else being equal. These same firms expect compliance cost growth to be slower than for other firms, which suggests that data and technology is playing a crucial and effective role in helping firms to reduce the cost and burden of AML compliance, as well as mitigating future cost inflation.
There’s no substitute (yet) for applying good old-fashioned human instinct to properly risk-assess a case, as Group Head of Financial Crime for a UK specialist lending bank, explains. “Systems are getting more capable of identifying some of the anomalies that you see; we’re using systems to eradicate some of that increase in work, but it’s difficult, especially with money laundering. You need that human interaction or intervention. You can put certain parameters in to help you identify what becomes a risk, but inevitably, there comes a final point where you need somebody to actually have a look at a case.” He adds, “I think the idea of technology is to maintain the staffing levels rather than having to increase. It’s not about reducing resource, it’s just about managing your needs more sensibly.”
“An IT system doesn’t replace the human cost. The system is a support function to your human staff, but not a replacement. If you invest more in developing the knowledge of your frontline staff and compliance staff around financial crime risks, you’re actually getting a better output, regardless of what the system is.”
The majority of financial services organisations see scope for improvement in AML compliance process efficiency across the board, with around a fifth seeing an opportunity for significant improvements in relation to existing customer due diligence processes:
Watchlist, sanctions screening and onboarding
Identity authentication checks and risk assessment
Ongoing monitoring of customers and payments
Alert remediation and decisioning
Investigation and reporting
Smaller organisations are more likely to see scope for improvement in each of the AML processes, with more than a quarter seeing large or very large scope for improvement in KYC identity authentication and watchlist and sanctions screening, as well as overarching activities.
Challenger banks in particular are aiming to improve data quality, with half launching data initiatives over the next three years and two in five (43%) updating compliance processes.
The Financial Action Task Force (FATF) has indicated in its objectives for 2020-2022, that it will “Prioritise work to tackle some of the great challenges facing societies around the world, including the opportunities that new technology offers to strengthen AML/CFT systems through digital transformation.” This includes a project aimed at helping the private sector make better use of artificial intelligence and big data analytics for AML/CFT.
So, what is stopping financial institutions in the UK from making better use of AI and advanced analytics?
Legacy systems and infrastructure making it hard to take advantage of new technologies?
A lack of understanding and knowledge of artificial intelligence, machine learning and natural language processing?
Fear that the regulator will not fully endorse adoption of AI and analytics tools?
Budgetary issues – the need to run legacy systems in parallel with new systems and techniques, and for smaller firms the initial cost of investment?
Insufficient drivers for change – an embedded culture of rules-based compliance to satisfy the regulator rather than focusing on preventing dirty money entering the system?
Lack of alignment within organisations between compliance and digital transformation strategies?
Lack of vision as to the art of the possible – what can be achieved with big data and advanced analytics?
As the MLRO of a leading UK bank points out, one of the fundamental challenges is trying to move towards AI and analytics whilst simultaneously maintaining existing systems and controls. This inevitably causes the costs of financial crime compliance to increase considerably: “You keep your old stuff running, and then you try to exploit new technology. That's quite a hard sell in terms of a board that's typically got a 12 to 24 month horizon.”
