AML – Are we doing enough?
WBJ interviews Karol Wojtczak, AML expert from ING Hubs Poland, about the role of technology in developing AML countermeasures and whether global money laundering can ever be successfully reduced.
WBJ interviews Karol Wojtczak, AML expert from ING Hubs Poland, about the role of technology in developing AML countermeasures and whether global money laundering can ever be successfully reduced.
Interview by Morten Lindholm
How big is the money laundering problem, and is it growing?
Over the past ten years, it's been discussed that approximately 2%-5% of global GDP is being laundered every year, and as GDP grows, so does the issue of financial crime in nominal terms.
There has been such a massive investment in new regulations over the past ten years in anti-money laundering that some banks are asking whether it's still profitable to operate in certain jurisdictions due to the cost of compliance departments and Know Your Customer (KYC) requirements.
In my opinion, the market is over-regulated for some entities, especially for banks and financial institutions. So, of course, someone from a regulatory standpoint will say, okay, we are regulating and even over-regulating because not enough progress is being made.
But the issue is whether we are doing things in the right way. Over-regulating is not the answer to this situation. Instead, the answer is to improve cooperation, data sharing, and data quality technology
and strengthen public and private partnerships. The banks should be able to exchange certain data between themselves, although, of course, not any information that falls under the jurisdiction of the GDPR. However, it could be data that could be handled by safe data-sharing solutions and new technologies assisted by augmented intelligence.
What region(s) are doing and investing the most in AML?
Europe is doing quite a lot for AML. For example, I recently attended a conference organized by Compliance.ai, a San Francisco company. The keynote speakers were from the US, and they mentioned that they were looking at Europe with envy, as the European Union is pressing forward on regulations through the 4th, 5th, and 6th [AML EU] Directive and other new EU initiatives, such as an AML agency that will launch in 2024.
Also, in the European Union, we have seen certain essential changes in public-private partnerships and technology, i.e., in Europe's northern countries or the Netherlands. It seems as if this partnership is starting to play a more significant role, and some types of sandbox solutions are being tested. Also, questions are being asked, such as how can we share certain data to help each other increase the effectiveness of our anti-money laundering activities?
Can you give me an example?
A recent court sentence in The Netherlands shows that there has been a shift in the way we are allowed to use technology for effective anti-money laundering.
Technology already gives us the benefits of machine learning, artificial intelligence (AI), black box, etc. For example, you can drop data into a black box, and machine-learning models generate results. But according to compliance and regulations, we cannot simply throw bank data into a black box and obediently act when the machine says: "This is suspicious," or "this is not suspicious."
In the example from the Netherlands, the DNB National Bank asked Bunq Bank to change their AML processes because they had been using technology and machine learning and could not explain how they reached their conclusions from the beginning to the end.
They were using AI, so they could explain everything up until they put their data into the black box/ML model. Unfortunately, there is no way to know what's going on in the black box. When machine learning models issue a result, there is no way to understand the exact reasoning behind the answer.
The National Bank of Netherlands decided this process was unacceptable from a regulatory perspective and asked the bank to change its procedures. But the bank took the matter to court, and the court agreed with Bunq Bank, saying that you cannot assume that the black box is an improper solution because there is a chance that it may deliver wrong results. If you cannot evaluate whether the results are materially incorrect, there are insufficient grounds to penalize the financial institution.
The issue here is that if you are correct, then great. With this technology, you won't have to spend much money on anti-money laundering measures. But what happens when you are wrong? Then everything becomes a problem—lookbacks and remediations will be required, and you'll need to pay a fine because money laundering occurred in your institution. Big financial institutions cannot afford to bet on a single solution. This is why regularly evolving anti-money laundering solutions are often developed in parallel to AI/ML solutions. So, I hope, with time, that the gravity of AML will move toward more effective tech solutions.
Why do financial institutions have such a huge responsibility in this? What about other companies? How do the rules apply to them?
The second article of the Polish AML Act, contains 25 points that explain the so-called "obliged institutions." Of course, financial institutions are only a part of these, but they handle a significant percentage of the money. According to estimates, only 10% of the money that is laundered actually goes through financial institutions such as banks and credit institutions.
You can launder money through financial brokers, real estate agencies, lawyers, and professionals - they are all also obliged institutions. Then you have cryptocurrencies. And FinTechs. The vast majority of these are also obliged institutions and need to have appropriate AML measures in place. But still, regulators are more strict on financial institutions. However, this is changing nowadays, as can be seen in the third supranational AML/CFT risk assessment by the European Commission.
You said only 10% of the money goes through financial institutions.
Yes, this is because of financial institutions' effective countermeasures. You must register each transaction above $10,000 or €15,000 and provide your data when opening an account. So it's difficult to be anonymous through a financial institution such as a bank. However, in some FinTechs, you can open an account on your mobile phone. Or buy Bitcoin without being registered. So these are attractive options for criminals because they enable them to create a wall of anonymity.
But how can you ever reduce the black economy from 5% to 3% of GDP? It must be impossible if the bank or financial institution transactions only count for only 10% of the 5%.
Correct, if you look at the catalog of those obliged to apply AML countermeasures, it includes the agencies and entities I've just mentioned. However, most of the money is elsewhere, such as in companies trading diamonds or gold. Plus, there is trade with the so-called dual usage goods, like fertilizers for agriculture, which you can make into a bomb. There is also the trade in radioactive materials.
Businesses are increasingly being regulated as well. So now, for example, in the diamond industry, new regulations are supposed to prevent criminal activity.
I would like to understand more about the situation in Poland.
So for Poland, there are two perspectives, The first is a strictly local perspective, and in this, we are improving from a regulatory perspective. The Polish regulators are starting to learn quite fast, the regulations are getting better at being in line with the European Union Directive. But it is also true that Poland is the global hub for AML shared services, so we have access to some great experts.
An estimated 42,000 AML experts work in Poland, many of whom are working for international institutions. I have worked for ING for over 2 1/2 years, but it feels like five because the development has been very dynamic, as we need to be quick and efficient to deliver effective solutions.
What are the countermeasures for money laundering at ING?
At ING Hubs, we operate as an organic extension of the business and keep the client at the center of all we do. We ensure that we remain very effective in the technology we employ. This means that we are investing in our processes from a technology standpoint and are focused on optimizing to advance the technology to ensure effective anti-money laundering. So we protect our clients, we protect the franchise, and we protect the bank.
We develop our approach to shared services in the same way as well. We are always bearing in mind our global capabilities. Our anti-money laundering unit is comprised of a significant group of experts, including analysts in Poland, Slovakia, and the Philippines. We are using our capabilities and experience in these different locations to develop effective solutions for the organization as a whole.
ING's Know Your Customer (KYC) is governed from the very top of the organization. The Chief Operations Officer is the first line of defense, and compliance is the second line. Regarding KYC, effective operations and state-of-the-art technology enable us to cascade compliance risk ownership and management down throughout our organization.
We are very ambitious about the future of KYC. Since 2018, ING has changed a lot. Looking at the experts here, the pace of changes in ING, and the appetite for effective KYC, it's clear that we are starting to be globally competitive in terms of the effectiveness of our AML. We will progress further in the next 2-3 years until we reach the top. That is my aspiration.
So I hear that winning battles against the bad guys is the goal of your AML, yet the bank can also not afford big fines. But is it really worth such an enormous investment?
Absolutely. But again, we do it because it is the right thing to do. So, yes, ING invests a lot. But in our company, from the CEO to each KYC analyst, we understand the importance of effective AML risk management. We also know how to build KYC's future and are working hard to get there.
We have also built a partnership with ACAMS, the AML certification company. They created a unique program in partnership with ING, further developing the portfolio of available certifications and building something new in the certifications market. So currently, ING is one of the best-AML-certified banks worldwide.
I'm leading the section related to transaction monitoring in the KYC at ING Hubs Poland, but my responsibility includes cooperation and building the global experience for the best way of working and best practices in the hubs in Slovakia, Poland, and Manila. So we are delivering the service globally, one single service under one set of procedures with one technology to manage it and do it purposefully.
Let's end on a positive note. Is there a chance for a breakthrough and improving the effects of anti-money laundering – what do you think?
I would end on a positive note. The hope is there, but we need to be mindful of the state of the current crises. We still have a global political crisis, a pandemic, and the war in Ukraine. Let's hope it will all settle down and things will get better. After all, as I said earlier, crises usually fuel financial crime.
I see already that specific solutions will impact the 5% of GDP being laundered and may even reduce it to 4.8% or 4.5 %, or maybe, at some point, even 4%.
Technology gives us an unprecedented opportunity to succeed when taken in cooperation with all the market experts and corporations.
I am hopeful.