By Loo Siew Yee assistant MD (Policy, Payments & Financial Crime) at MAS.
Technology can be a powerful enabler in the fight against money laundering. The right solutions support financial institutions, and I will refer to them as FIs, to more sharply and quickly detect higher risk customers and activities, to do this at scale and systematically, and to act decisively to mitigate the risks.
We are keen to have FIs adopt data analytics in a manner that is commensurate with the risk profile of the business. Let me talk through briefly three key elements:
- At the customer level – to know your customer better, proactively detect and assess changes in customers’ risk profile in a dynamic fashion
- At the network level – to identify and disrupt illicit fund flows between customers in a network, so taking a more holistic rather than a silo view of the customer’s behaviours and activities
- At the system level – to amplify the effectiveness of data analytics through close collaboration between the public and private sectors, as well as within the industry.
We need to build defences at all levels and mobilising these three data analytics elements together will engender a paradigm shift in the disruption of financial crime. Conventionally , FIs put in place cycle-based customer risk assessments, where the frequency of these periodic customer reviews is based on “static” risk indicators that may not be updated until the review itself is being conducted or there is adverse news or other overt risk trigger events. This time-worn approach, however, is not sufficiently responsive to changes in customer transactions, ownership or business profile, which taken together, present material risk impact that heightens the customer’s ML/TF risk.
Using technology solutions, it is now possible to integrate and analyse changes in the customer’s behavioural, transactional and profile data holistically and in a more timely manner. This would then allow the FI to assess and update the customer’s risk assessment on a more “real-time” basis, rather than performing customer reviews in a fixed cycle.
In practice, this means that FIs are alerted to customers with potential higher risk concerns, based on various combinations of behavioural red flag indicators or features of typologies, to cater for evolving or emerging risks in different business segments. Once alerted, FIs can then perform timely and effective reviews which are focused on addressing these concerns. This would allow the FI to better focus its resources on the higher risk and higher impact cases.
Of course, the shift from the cycle based periodic risk assessment to this more dynamic approach requires deliberate efforts in system and process changes. There needs to be sufficient validation of increased effectiveness over existing practices and also involves upskilling of staff to recognise, prioritise and act on the risk signals. We have observed that banks are making a sensible start in specific business segments, such as those exhibiting higher risks including private banking as well as SME customers, with a view to scale up to other areas.
Enhancing ability to identify networks of suspicious customers
Dynamic customer risk assessment is a significant improvement but more still needs to be done. As criminals collude via sophisticated illicit financial networks, focusing on an entity-level assessment may “miss the forest for the trees” and fail to detect that seemingly innocuous transactions are actually part of a larger and nefarious web of activity.
Several FIs have successfully applied network link analysis to detect and visualise connections among customers and their transaction flows with greater ease . This has proven particularly useful in the detection of networks of shell and front companies or nominees used to facilitate illicit activities. In the wealth management industry, such techniques have uncovered unusual links and transaction flows and concealment of true beneficial owners.
Further, FIs are using network risk-scoring and centrality analysis to prioritise higher risk networks for review. We are encouraged by the progress being made, as we continue to closely partner with all of you to protect our financial system from criminal abuse. To encourage and support FIs on this journey, MAS offers financial assistance schemes for FIs to further your data analytics development.
MAS similarly leverages STR, intelligence and other data points to perform network link analysis to detect emerging threats or suspicious activities. We have shared key insights and typologies uncovered from this work with our FIs in a variety of ways, through bilateral supervisory engagement with relevant FIs, typologies alerts to the wider FI community and issuance of supervisory guidance on appropriate detection and mitigation measures. This segues nicely to the third element of data analytics collaboration between the public and private sectors, and within the private sector.
Strengthening information sharing and public-private collaboration
A long-standing obstacle to the effective detection of illicit financial flows lies in the limited channels that FIs have to alert each other. Criminals exploit this by layering transactions across multiple FIs to evade detection. In overcoming this issue, it is important to ensure that the interests of legitimate customers are not unduly impinged upon.
In this regard, advances in technology has the potential to bring us closer to a turning-point. WMI and NTU are doing pioneering research to enable secure, privacy-protected sharing of intelligence across FIs. This and other promising techniques, such as federated machine learning, could hold the key to analytics-driven collaboration on a large scale, which would enable us to be more effective at ferreting out criminal activity at the customer, bank and industry level.
But technology, while crucial, is only part of the equation. Sharing of information needs to take place within a robust legal and technical framework, to maximise its effectiveness and address legitimate concerns about loss of privacy and misuse or theft of data. For a few years now, CAD and MAS have been leveraging on our AML industry partnership, or ACIP, to accelerate the investigation into priority cases, with some notable successes. We are building on this positive momentum.
In close collaboration with CAD and a number of major banks, we are developing a technology enabled platform for participants to share information on customers exhibiting significant risk red flags and warn each other of potential criminal activity. We are finalising the details of the platform and look forward to being able to share more with you soon. Responsible and secure sharing of information amongst FIs, coupled with the effective use of data analytics, promises to be a game changer in our fight to keep Singapore safe from financial criminals.
Nurturing a data analytics-savvy talent pool
Data analytics techniques will be a mainstay of the future AML/CFT landscape. FIs should actively consider the training needs of your staff, which should not be just about hiring data scientists or engaging external solutions providers. FIs should equip your AML/CFT professionals with the skills to make full use of these promising tools, to understand and properly apply the insights from data analytics and collaborate with analytics experts to develop successful AML/CFT solutions.
The WMI has played a purposeful role in advancing the AML/CFT and data analytics capabilities of the wealth and asset management industry through its training programmes. The “Data Science and Fintech” and “Certified Private Banker – Digital Wealth Management” courses are accredited by the Institute of Banking and Finance, or IBF. I encourage you to make use of these opportunities and the training support provided by IBF, to upskill and deepen your proficiency in AML/CFT data analytics.