How can AI, Machine Learning and other RegTech tools enhance protection, detection and response processes

• What will be the next wave of RegTech tools?

• How to determine which technology works and what doesn’t?

 

Transcription

Leigh-Anne :

Hello. Hi, everyone. Welcome back. Thank you so much for joining us at FinCrime Global. Big thank you to our sponsors today, to our wonderful selection of speakers, and to you, the audience for joining us today and for raising so many great questions.

Leigh-Anne :

So, up next, we have a very topical session, a fireside chat on utilizing automation, AI, data, and machine learning to fight financial crimes more effectively, and what’s on the horizon for 2022. So, over to you, Sujata and Vijay. Thank you.

Sujata Dasgupta:

Thank you so much, Leigh-Anne. Hello, and welcome everyone. Indeed, we have a fantastic session lined up for you where we will talk about how utilizing automation, machine learning, AI, and data to fight financial crimes more effectively, and what are the emerging trends that we are seeing in the next couple of years.

Sujata Dasgupta:

First of all, I’d like to introduce myself. I head the global advisory on financial crime compliance for data consultancy services with more than 20 years of experience across various countries. I think I’ve done seven countries in, across U.S., U.K., Europe, and Asia. Now, I’m based out of the beautiful city of Stockholm in Sweden.

Sujata Dasgupta:

And I’m joined by my co-panelist, Vijay Gopaladesikan. Hello, and welcome, Vijay. Hello, Vijay. Can you hear me? I’m not sure if Vijay has an audio issue. Vijay, we can see you, but can you hear us? Oops.

Sujata Dasgupta:

Okay. Probably Vijay, he has to log back on. In the meanwhile, let me introduce the context of this discussion. As we all know, being from this financial crime domain, that financial institutions across the globe have certain traditional challenges. For example, challenges around data, challenges around legacy platforms, challenges around manual processes and so much more.

Sujata Dasgupta:

So, if we have to specifically talk about data challenges, there could be issues around, say, data quality or data being in silos like they would be sitting in multiple different systems. So, there is no unique single customer view. That’s about the data side. About platforms, of course, the traditional platforms which are rule-based, they are not effective enough to detect unusual patterns because they just go by the scenarios and the thresholds.

Sujata Dasgupta:

They do not have the capability of detecting unusual patterns if they are below the thresholds, or not hitting those particular scenarios. And of, course, there are issues with the legacy debt that they carry. They cannot be tuned to a great extent because they have been there for around 10 years, and there are so many new age technologies which these platforms are not compatible with.

Sujata Dasgupta:

In the financial crime compliance space itself, we know that a lot of functions are very much manual-driven. For example, if you talk about the onboarding, the CDD reviews, the enhanced due diligence processes, the periodic reviews, as I mentioned, and then, again, in the investigation part, all of these functions are very heavily manual. The pace at which the financial crime regulations are changing, and the pace at which the financial criminals are becoming tech-savvy, it is imperative that institutions have to move to a more automated digitized processes.

Sujata Dasgupta:

And that is where we want to discuss today. But let me check if Vijay is able to hear me, so that we can start the conversation.

Vijay Gopaladesikan:

Yes, Sujata, loud and clear.

Sujata Dasgupta:

Okay.

Vijay Gopaladesikan:

All sorted.

Sujata Dasgupta:

Okay. Okay. That’s great to have you back, Vijay. Vijay is joining us from Singapore. Vijay, if you could just share a few lines to introduce yourself to our audience.

Vijay Gopaladesikan:

Sure, sure. Yeah. I’m Vijay Gopaladesikan. I’m based in Singapore. I work for Standard Chartered Bank. I lead a few things here. I take care of the Watchlist Management for standard chartered group. I’m also responsible for the detection engine setup in terms of its configurations, algorithms, et cetera, the advanced modules and everything.

Vijay Gopaladesikan:

Plus, the optimization side, to reduce false positives, we manage the rules, and also, with artificial intelligence and machine learning tools, these are the areas that I cover in this domain.

Vijay Gopaladesikan:

I’ve been in this financial crime space for over 15 years now. Prior to Standard Chartered, I was with Royal Bank of Scotland. Before that it was with ABN AMRO. That’s my journey in financial crime compliance. Thank you, Sujata. Over to you.

Sujata Dasgupta:

Thanks, Vijay. I know it’s quite late in the evening for you, so thanks for taking this time and joining the session today.

Sujata Dasgupta:

While you were still getting your technicality sorted, I was just talking about the inherent challenges that we see financial institutions facing around financial crime compliance, and probably you heard me, at least, a part of it. So, if we could start with talking about data, because if we are speaking automation, machine learning, AI, data becomes of paramount importance, right? Because they all work with data.

Sujata Dasgupta:

Talking about data, we know that there are issues in financial institutions when we talk about data. I know you are specializing in the screening side, so from your perspective, how do you think that enhanced data, or more effective use of data can also make the screening process more effective?

Vijay Gopaladesikan:

Sure. Yeah. Data, as you said, is a very vast topic, very vast. But I will touch maybe few aspects, not go through in its entire, but few aspects from screening perspective, say, both transaction screening, as well as name screening.

Vijay Gopaladesikan:

When it comes to transaction screening, and if we look at the problems we face with data, essentially, there are only few attributes that we look for within transactions, right? Names of individuals, names of entities, names of vessels and location names, any embargoed country, city, et cetera. These are primarily… And also, the associated information like the IMO number for vessels or passport or national ID for individuals, et cetera. These are the core elements.

Vijay Gopaladesikan:

Unlike name screening, within transaction screening, we cannot expect, at least, within the MT type, we cannot expect all these additional data attributes of personal identifier information to be available. And one other critical issue with transaction screening is the fact that in a typical customer transfer, customer to customer transfer like an MT103 message, most of the fields are either semi-structured or un-formatted or semi-formatted. You don’t know where the name ends and where the address begins.

Vijay Gopaladesikan:

Typically, you’ll see a lot of cross-matching happening, within the address field in street name, you’ll find name of an individual matching. So, all these are the problems of today, which, if you ask will it get resolved anytime in the future? That’s why ISO 20022 is coming in place to replace 15022 after a few decades. It’s a big change that SWIFT is bringing in. Here, the expectation is some of these semi-structured messages to become fully structured. But when is this starting? November 2022 for cross border, already more than 70 countries have adopted MX types and domestic transactions are already coming through MX.

Vijay Gopaladesikan:

But eventually, 2025 is the deadline by when everyone must comply with this ISO 20022 format, which we expect where the data to be more structured in place of field 50 where all data is now clubbed together in an MT 103 let’s say customer field, or for that matter, [many 00:09:25]. In a structured format, we can have all these data plugged in designated tags like account number tag, name tag, street tag, et cetera, where targeted matching can happen. Some of these cross matching can be eliminated with that.

Vijay Gopaladesikan:

So, data, that one aspect in terms of the structure of the format that I wanted to touch upon when it comes to transaction screening, in terms of what the difficulties we face today versus what might happen in the future. But again, during this three-year period, there’ll be a coexistence of MT and MX. So therefore, we will see both structured, non-structured, formatted, fully formatted, semi-formatted, all this problem will exist for the time being. But eventually, we hope things will settle down and there can be more targeted matching solutions in place by then.

Vijay Gopaladesikan:

The other thing on the watchlist side, if I were to say, just rewinding back 15, 20 years back, maybe, I think it was 2008 when OFAC introduced the 50 plus rule, right? 50 percent rule. Prior to that, banks, mostly financial institutions were only screening transactions against the core regulatory lists as such, nothing beyond. But now, the expectations are changing, right?

Vijay Gopaladesikan:

In terms of how we effectively prevent financial crime from occurring, you got to make sure the data that we use for screening from the watchlist side is pretty solid, right? So, it’s not just what regulators publish, it is also about the ownership and the controlled data.

Vijay Gopaladesikan:

So how can we make sure there is enough research happening to identify parties that are owned or controlled by the parties that are listed by the regulators? Now, the recent change that has occurred as of, I think March this year, was Economic Crime bill was passed in the UK, right? And that has got the Royal Assent.

Vijay Gopaladesikan:

Now, what it means is, previously, banks still had the leeway of arguing through the reasonable knowledge criteria. Meaning, let’s say, as a bank, we are transacting with a party that’s not in the regulatory list. However, that’s owned or controlled by a party that’s listed by, say, OSFI. We had the provisioning in the past where we can always defend that we didn’t have reasonable knowledge to believe this party was indeed owned or controlled by a party that OSFI was listed.

Vijay Gopaladesikan:

But now, that’s changed. That is a strict liability offense that’s been introduced as part of the Economic Crime bill, where the transaction that you let it go, if that same transaction was caught by some other bank and if they had reported, then, regulator can fine us, right? They have all the rights to fine us. So, that argument will no longer hold good.

Vijay Gopaladesikan:

So, on the watchlist side also, when we say data, there is huge expectation that we do a lot of research and screen against the ownership control data as well. Similarly, on the name screening side, if we consider, there are easily about 5 million plus watchlist entries that we got to screen against. Because, typically, banks are expected to screen against sanctions list, the regulatory ones. Plus, also, the ones that are owned or controlled as we just discussed. And you’ve got huge database of PEPs. Then, you’ve got… Most of the banks also do negative news screening, right? List-based negative news screening.

Vijay Gopaladesikan:

So, if you take into account all of these, then, it’s clearly 5 million plus watchlist records that we need to screen against. And it’s not going to be easy when you put through all of these. On the customer side, when I spoke about transaction screening, I did mention that name screening data could potentially be slightly better because the data that we screen are data that has undergone the ID and verifications, KYC has happened. So, it’s more structured, it’s more clear, formatted.

Vijay Gopaladesikan:

But the availability of adequate personal identifiable information on the data that bank hold is still a problem, right? For clients, at least, we might hold, but for related parties of, say, an entity client, a business banking client or a corporate banking client, you may not hold the date of birth, a national ID of, say, a director, or say, a signatory authority.

Vijay Gopaladesikan:

So, with just the name recorded, and likewise, on the watchlist that you see, most of the… let’s take PEP into account, for instance. The person who’s holding the prominent public function, most likely, the information pertaining to that individual will be available in public sources. But, then, if the moment you go to the relatives and the close associates, meaning, the secondary PEPs, the possibility of finding these personal identifiable information on all these individuals is next to nil, right?

Vijay Gopaladesikan:

So, when you just have names, how effective can the screening be? What are tools that you put in place with just the name? You can develop algorithms to an extent to do effective comparison of names, but the moment you go to markets like India, Vietnam, any Asian countries for that matter where names are pretty common, right?

Sujata Dasgupta:

Yeah.

Vijay Gopaladesikan:

In India, there could be tens of thousands or hundreds of thousands of Ramesh, Kumar, Suresh, the moment you screen against such names, the noise that filter will create is going to be humongous. So, that’s a constant challenge when it comes to data, and banks are continuing to take all efforts possible to enhance the data that we hold on our customers, as well as we are working with all the data service providers to see how they can enhance and enrich availability of data within the watchlist.

Vijay Gopaladesikan:

So, it’s a constant struggle, battle, but yeah, we indeed are taking efforts to improve this situation.

→ SEE ALSO: FinCrime World Forum

Part of the Digital Trust Europe Series - will take place through May, June & July 2022, visiting five major cities; 

Brussels | Stockholm | London | Dublin | Amsterdam

Get to the edge of the financial crime debate at FinCrime World Forum.  

FIND OUT MORE & BOOK YOUR PLACE

Sujata Dasgupta:

That’s a great explanation. I mean, you started explaining with the basics, and then, you went into the complications that data can make to a screening process. You brought in the new standards, that’s ISO 20022, the targeted screening, beneficial ownership, all very important points. In the end, when you wrap up that, you know, these are all challenges. So, maybe we’ll touch upon this in a later segment where we talk about improving effectiveness and efficiency. Maybe we can talk about how the advanced technology tools can help in that process. Brilliant points.

Sujata Dasgupta:

And while you mentioned a lot about the screening part, this whole data challenge is also a hurdle for the transaction monitoring side, as well on the AML side where, again, it’s not real time-based when we talk about transaction monitoring. It’s not real time, like the transaction screening that you mentioned, which is, again, real time.

Sujata Dasgupta:

So, in transaction monitoring which happens post-facto, now, there are also a number of challenges with the data, because there are also… the kind of data that is generally used is customer data, account data, transaction data, your associated party data, beneficial ownership data. Because depending on the type of scenarios that are being hit by these transactions, the alerts that are generated, investigation processes would require all of these kinds of data.

Sujata Dasgupta:

And again, the first challenge that I was talking about earlier, because of the siloed nature of customer data itself, if you just talk about customer data. It is so silo, fragmented. Sometimes, they are not even complete. They are not consistent across. Sometimes, in a lot of cases, there are dummy data because, sometimes, maybe a customer has onboarded. He will have submitted only 80% of his information, and the remaining would have just been, you know, just to move the screen, something would have been put in, the name appears in the address line, address appears in the country line and so on. All these inconsistencies, mismatches happen.

Sujata Dasgupta:

And this creates a problem for investigators, also, at a later stage. At the detection stage, investigation stage, these are big challenges, because we do not get a holistic information about the customer. And in anti-money laundering, a lot of scenarios work on the aggregation principle, right? That the same customer done, say, total of, say, $10,000 in the day. So, for doing that, you need to aggregate all transactions of the customer. Now, if I, as a customer, is sitting with three different customer IDs, doing $4,000 of transactions each, the system will not be able to aggregate, and I will go scot-free.

Sujata Dasgupta:

Whereas, I should have been alerted by the system that this client has done three transactions of 4,000 each, which has reached that transaction, you know, currency transaction limit. So, I think these kind of challenges with having data in silos, or not having consistent data, this causes aggregation issues also.

Sujata Dasgupta:

And then, again, when we do not have sufficient information like you were mentioning about this, the authorized signatories, or the people who are in control, the people who own these accounts, or if it’s corporate… So not having these beneficial ownership information is, again, a bigger challenge because we have those, the regulators have imposed those kind of, like it’s 50% there in US, in Europe, it’s 25% with variations. So, all these challenges are caused by data, which, again, institutions are struggling to manage. So, completely with you there, Vijay on that.

Sujata Dasgupta:

Now, this is the problem that we were talking about. And in terms of solution, what is the industry working towards? So, since Vijai is there from Singapore, maybe I can start with what Singapore has been working on this. We know that Monetary Authority of Singapore is very active in this whole area of improving the financial crime compliance ecosystem. And they have come up with the [COSPIC 00:19:41]. I think that’s the name. That’s the collaborative sharing of money laundering information among institutions.

Sujata Dasgupta:

And that is being led by the regulator, that’s Monetary Authority of Singapore. So, these kind of, the public private partnerships that we see. So I started with Singapore, but then, there are some others… Like Hong Kong Monetary Authority has started that, Hong Kong AML Lab is what they call. Then, in Netherlands, they have started what they call Transaction Monitoring Netherlands, or TMNL. In Estonia, they have recently piloted what they call AML Bridge, Estonia’s AML Bridge.

Sujata Dasgupta:

So, all these are various kinds of initiatives where the public and the private, that’s your government bodies, your regulators, law enforcement are working together with the private bodies, that’s the financial institutions, to collaborate on the data, on the information and intelligence, so that if criminals are bypassing multiple systems…

Sujata Dasgupta:

Because information is not there with each other, so if that is the loophole that criminals are exploiting, now, I think this kind of public-private collaboration is what is going to make a difference to, at least, handle the data challenge, so that the data is being shared across. So, Vijay, your…

Vijay Gopaladesikan:

Absolutely. Absolutely, Sujata, very well said. In fact, yeah, you are right about COSMIC. COSMIC is going live next year, at least, that’s when it is later to go live.

Sujata Dasgupta:

Yeah.

Vijay Gopaladesikan:

ACIP, AML/CFT Industry Partnership, this was set up in Singapore, I think, in 2017. And COSMIC, the discussion started late last year. Yeah, I think it was last year. It’s going to be between six banks as pilot. SCB is one among them, SCB and three foreign banks and three local banks. SCB, HSBC and Citi, and three local banks, DBS, UOB, and OCBC. These are six banks that are entering into pilot, but that’ll be extended further to all other banks in Singapore.

Vijay Gopaladesikan:

That’s a brilliant initiative where anything to do with proliferation financing, trade-based money laundering, all these are… and shell companies as well. So, these are the areas of focus. Information will be exchanged freely between these banks. And MAS and CAD, Commercial Affairs Department, these two departments came together with this initiative. We are looking forward to that.

Vijay Gopaladesikan:

And similar to other HKMA ones and Estonia and the Netherlands one that you mentioned, I remember hearing from the Dubai side in the Middle East, the Dubai police initiated something called as FISP, Financial Intelligence Sharing Partnership, again, Standard Chartered, HSBC, and I guess, Emirates NBD, these are the banks that were initially involved.

Vijay Gopaladesikan:

Yeah, it’s all good news. Right? And in fact, with the FATF recommending this MLAT, mutual legal assistance treaty on information sharing, I think slowly, more and more countries are coming up with public-private partnerships to freely share this information to prevent bad actors from exploiting the system. So, that way, it’s definitely great initiatives. Yeah.

Sujata Dasgupta:

True. True. True. So, now, moving on from the data to the use of advanced technology like machine learning and AI, we believe that to address challenges around efficiency and effectiveness, so, efficiency is more around doing your job better faster, and effectiveness is doing the right thing, catching the right kind of criminals, which our rule-based platforms, are not able to do at the moment. Right?

Sujata Dasgupta:

So, looking at these two levers, effectiveness and efficiency, we have seen in the past few years that institutions have started cautiously taking steps towards using AI and machine learning around the detection models, as well as around the investigation part. Right? So, again, both in terms of screening, as well as monitoring, and a large part of AI machine learning is being used in client onboarding and risk assessment, enhanced due diligence and all of that as well.

Sujata Dasgupta:

So probably, your take on how these advanced technology can improve the effectiveness and efficiency of probably the screening side.

Vijay Gopaladesikan:

Yeah. From screening context, you’re right. Artificial intelligence and machine learning tool have been going grounds for the last few years now. But in terms of the adoption rate, it’s still very less. Not all players have come forward to make an investment and try this out, because it, of course, carries some risk, which is why it requires a lot of testing. But things are changing, evolving slowly. That’s what, at least, I could see in the market.

Vijay Gopaladesikan:

But in my view, before we even talk about, let’s say, the RPAs or IPAs, or… Sorry, it’s getting dim here. Yeah. Sorry. RPAs, IPAs, AI, machine learning tool, before we even go there, I think it is fundamental that banks must set certain things right in the first place, which is about clearly defining the risk appetite or the risk tolerance for the bank. That’s very important in the first place. Then, you got to have a very solid policy position in terms of what is good, what is not good for the bank, right? That’s all very essential.

Vijay Gopaladesikan:

Then, you go about defining what are the different message types that, as a bank, we should screen for sanctions concerns. Then, within those message types, what are some of the fields that would carry critical information that should be subjected to screening? And within those fields, again, what are some of the attributes in the watchlist that is critical to be screened against?

Vijay Gopaladesikan:

So, these are important aspects. And likewise, what are the different lists that exist around the globe which regulator has extra territorial jurisdictional authority, that whose list should be applied group wide? What are some of the local regulatory lists that should be applied within the jurisdiction? So, all those are important to be set up.

Vijay Gopaladesikan:

Certain banks take all the different lists that exist all over, and just simply screen, which is going to flood, right, the filters. So, it’s important we clearly define how the set up should be. How do we treat [inaudible 00:26:44], for example. How sectoral sanctions should be treated? Can there be a risk-based approach to deal with that? If it’s a global bank, how we will handle transactions that are into branches? Should we be screening every time the same transaction that goes between your own branches?

Vijay Gopaladesikan:

So, some of these are very, very critical before we go to the advanced technologies. Having said that, again, coming to advanced technologies like robotic process, automation, has been out there for some time in terms of gathering information that could aid the investigators by giving them solid information so that they can spend less time on alert adjudication as such.

Vijay Gopaladesikan:

So, that’s one area. And of course, the traditional approach of false positives tuning through rules and the exceptions list, that’s always out there. But then, with RPA, can you automate such creation, or identification of candidates that could be added to your exception list as good guys? That could be an RPA, right? And likewise, slowly, even… again, depends on how sophisticated your screening tool is, but depending on that, there are tools out there in the market where IPAs exist, right? Intelligent process automation.

Vijay Gopaladesikan:

Is your tool capable of remembering the fingerprint of transactions that were handled before as false positives? And when similar transactions come again, can it remember that fingerprint and reapply the previous decision? So, all these are IPAs, right? That is slowly… Not slowly, it’s been out there for four or five years already in certain systems. Again, it depends on… Certain banks have still not adopted such things, right? They’re operating in a very primitive way. But such capabilities to exist.

Sujata Dasgupta:

Yeah.

Vijay Gopaladesikan:

Then, comes your AI and machine learning tool, which, to an extent, many banks have adopted from name screening context, because that’s where you have all the additional attributes like date of birth and national ID. Then, it becomes a simple decision three-based algorithm. So, if name is a match, then, check for data, national ID. That’s a simple thing.

Vijay Gopaladesikan:

But slowly, banks have started to adopt for transaction screening as well these AI and machine learning tool. Because without this, it’s not going to be sustainable with the growing bad actors, and the volume of traffic keeps increasing day by day. You need solid solutions such as this, otherwise, cost to compliance will keep growing.

Vijay Gopaladesikan:

So, these tools are inevitable, in my view.

Sujata Dasgupta:

Yeah, very true. Because if we just look at the last one month and the geopolitical situation, the crisis that we’ve seen in eastern Europe, I think there itself thousands and thousands of entries have been added to these watchlists.

Vijay Gopaladesikan:

Absolutely.

Sujata Dasgupta:

And, sometimes, same entry may have got added to multiple lists as well. So, even if you look at one name getting added to five lists which means [five-a-list 00:30:01], right?

Vijay Gopaladesikan:

Yeah.

Sujata Dasgupta:

So, I think that is where optimizing those kind of alerts, the method that you said, starting with the risk appetite, and then, using globalists or country-specific lists is the choice that you need to make. So, I completely agree with your views there. So-

Vijay Gopaladesikan:

In fact, pre-Brexit, Sujata, pre-Brexit. UK, the OSFI list was simply following what EU was publishing. Right?

Sujata Dasgupta:

Mm-hmm (affirmative).

Vijay Gopaladesikan:

Post-Brexit, they started autonomously issuing a number of sanctions.

Sujata Dasgupta:

Yes.

Vijay Gopaladesikan:

And now, between February and now with Ukraine conflict that you just spoke about, there is a 35 to 40% growth within Bank of England, or the OSFI and the EU list. Right? Significant entries, like you’ve said.

Sujata Dasgupta:

Yes.

Vijay Gopaladesikan:

You’re totally right on that.

Sujata Dasgupta:

Yeah. So, managing that watchlist, or the overall list management function is what you described very well. On the parallel track around, say, your KYC or the transaction monitoring part, also, where we are seeing a slow adoption of all these advanced technologies, because, you know, the challenges that we were talking about in the area of KYC, for example, where there’s a lot of manual process. Your data being fragmented, you don’t know whether this person onboarding is already an existing customer in the bank.

Sujata Dasgupta:

So, I think entity resolution is something which we are seeing being adopted quite well in this… Again, entity resolution can be used in multiple different ways, but using it in your CKYC during onboarding, during your reviews, that is one part. And, then, again, using them during investigations just to see like I was mentioning, the whole aggregation angle whether three customer IDs belong to the same customer. So, rolling it up at a customer level, right?

Sujata Dasgupta:

So those kind of things is where entity resolution is working very well. Then, we have these graph technology-based network discovery where these… you know, beneficial. It’s so difficult to identify beneficial ownerships otherwise. But with these networks, at least, you can understand the linkages. Even though you cannot identify the ultimate beneficial ownership, but you still discover the hidden linkages. Right? Then, there are shell companies which are being identified through these network visualizations.

Sujata Dasgupta:

So, these are things which are aiding both on onboarding and enhanced due diligence side, as well as on the investigation side as well. And then, also, the legacy platforms that we were talking about which are rule-based and their detection is only based on the scenarios and the thresholds. And, again, they generate a lot of alerts where 95% of them turn out to be false on the transaction monitoring side as well, just like you mentioned for the sanctions.

Sujata Dasgupta:

So, on the ML side, also, I think a lot of machine learning-based innovations are being adopted at the detection stage itself where, it’s a combination of the rule-based and the machine learning-based model. So that, it’s the alerts which are generated are optimized. You have lesser number of false alerts generated, and probably some additional true alerts are also generated, which were passed on as false negatives earlier, because the rule-based system was not able to identify it earlier.

Sujata Dasgupta:

So I think these kind of innovations are helping the overall when we talk about CKYC, sanctions, money laundering, all of these areas are being covered.

Vijay Gopaladesikan:

Yeah. Totally, the entire surveillance space. Yeah.

Sujata Dasgupta:

Yeah. Yeah. There are quite a few questions, but I think as we are reaching up on time, I thought I’ll pick up one which says, how would you decide what regtech tools are right for you when there are so many out there? The question is interesting. I’ll allow you to talk first, and then, share my views, Vijay.

Vijay Gopaladesikan:

Sure. Yeah. That’s right. There are quite a number of tools that exist in the market. And one of the interesting things is even regulators started adopting these technologies now. You have SupTech, right?

Sujata Dasgupta:

Yes.

Vijay Gopaladesikan:

Supervisory technology tools that regulators, they’ve started adopting these. And regulators like HKMA and MAS, MAS has published FEAT guidelines, right, that’s quite useful. Fairness, ethics, accountability, and transparency principles. And likewise, HKMA has done BDAI principles, big data and artificial intelligence. All these most certainly help banks to determine how we can appropriately choose these different tools that exist in the market.

Vijay Gopaladesikan:

Two critical things for me, explainability, transparency, right? These are two critical areas. Of course, we need to establish it’s not biased, et cetera, but when it comes to explainability, it’s very important, because end of the day, if you cannot explain to a regulator, or anybody who does an audit on your function as to why a particular risk event was treated as not relevant, then, your whole implementation fails, right?

Vijay Gopaladesikan:

You’ve got to be able to sufficiently explain the reasoning behind closure of any risk events. Majority of the tools, if you see, would be threshold-based, then, you got to do a lot of positive, negative, above the line, below the line testing, to make sure all your true positives do not get suppressed, do not turned out to be false negatives with your set up, right? That’s critical.

Sujata Dasgupta:

Yeah.

Vijay Gopaladesikan:

So to me, testing, testing, and testing, that’s the key aspect. And any artificial intelligence, machine learning tool, or these days, classified as a model, right? The moment it’s classified as a model, it has to go through all these sort of model governance, and got solid testing framework for model governance.

Vijay Gopaladesikan:

So, without adequate testing, you cannot really get into any of these. And of course, banks won’t do, or invest into this without a POC. And your proof of concept will be really solid before you onboard any of these vendors. So, that would be my view on this.

Sujata Dasgupta:

Yes. Again, I agree with some very important points that you made. The regtech tools that we’re talking about here, it’s driven by the regulatory requirements. It’s not for the bank’s own revenue increase. It’s more of the regulatory mandates, whether the bank is compliant, whether it is able to prevent and detect those financial criminals on their tracks. So, that being the requirement, I think for any product evaluation for that matter, it starts with what the bank wants.

Sujata Dasgupta:

There may be five things in the market, but what is it that the bank specifically wants? Maybe one bank may need five different things, whereas, another might need just two out of those five. So, it starts with that requirement. While we may say that, okay, we have AI-based adverse media tool, right, but what are the variations? What is it that the bank needs? And is this something which is available in all those five tools? Right?

Vijay Gopaladesikan:

Yes.

Sujata Dasgupta:

Based on that, we generally always do an evaluation of all these multiple different products, based on the requirement of the bank. And these requirements are, again, set against the regulatory mandates, right? So, it starts with the regulations, gets transposed into the requirements for the bank, and then, it gets evaluated at the product level. Sometimes, even at functional parameter level and so on.

Sujata Dasgupta:

And then, of course, yes, there are these POCs and testing. So if the POCs able to give a satisfactory result, then, it goes into testing with the bank’s own data and so on. So, yes, that is generally the process that banks generally employ. And even in EU, since you mentioned about some regulations, the FEAT that should apply to these models, similarly, EU has also come up with the ethical AI guidelines that categorizes regtech tools into four different categories that’s based on the risk of these tools, are able to… you know, the risk that they bring in.

Sujata Dasgupta:

So, I think based on the risk categorization, there are four categories, that’s minimal, limited, acceptable, and high, if I remember correctly. So these are the four risk categorization of tools that will come into place. So, it’s only a paper, consultative paper right now, but it will come into effect, I’m not sure of the date. It’s called ethical AI by the European Commission.

Sujata Dasgupta:

And the tools which are of minimal, or limited risk would be… They would be open for adoption by any financial institution. But the ones with the high risk, I think no bank would want to go for those high risk tools. Because again, there will be that explainability angle to the regulators as to why did you have to go to that?

Sujata Dasgupta:

So, I think there are several things which have to come together when you have to decide on a regtech tool for that matter.

Vijay Gopaladesikan:

Wolfsberg is also coming up with some guidelines.

Sujata Dasgupta:

Yeah.

Vijay Gopaladesikan:

I think they’re setting up this data ethics group. Discussion started on that. I recently heard about it. So, there’ll be a white paper or brown paper published on that as well.

Sujata Dasgupta:

Yeah. Great. I think we’ve had a great discussion. Thank you so much, Vijay, for all your deep insights, especially on the sanction screening, very detailed with which you explained everything. Thank you so much for that, and it was lovely to have this discussion.

Vijay Gopaladesikan:

Same here, Sujata. Thanks for sharing your thoughts. Lovely to get connected. Thank you.

Sujata Dasgupta:

Thanks to our audience. Hope you had a good time, and see you all in the next session.

Vijay Gopaladesikan:

Thank you.

Leigh-Anne :

Thank you so much, Sujata and Vijay. That was a very interesting discussion there, and some great questions raised.

Leigh-Anne :

We’re going to take a quick break now, 20 minutes. And then, we’ll start again for our next session of the afternoon, which is changing your fin crime perspective through the use of-

FinCrime World Forum

Part of the Digital Trust Europe Series  -  will take place through May, June & July 2022, visiting five major cities; 

Brussels  | Stockholm  | London  | Dublin  | Amsterdam

Get to the edge of the financial crime debate at FinCrime World Forum.  

FinCrime World Forum  is a two-day in-person event taking place as part of the Digital Trust Europe series. The event will feature presentations and panels from thought-leaders and anti-financial crime professionals that are leading the way on how we can better, more efficiently and more effectively fight financial crime.

FIND OUT MORE

FinCrime World Forum

Utilising Automation, AI, Data and Machine Learning to Fight Financial Crimes More Effectively: What’s on the Horizon For 2022