Skip to content
Compliance & Risk

ACAMS: How financial institutions are using AI to improve Enhanced Due Diligence

Tad Simons  Technology Journalist/Thomson Reuters Institute

· 6 minute read

Tad Simons  Technology Journalist/Thomson Reuters Institute

· 6 minute read

A panel at the recent ACAMS conference discussed how artificial intelligence can be used to greatly improve firms' enhanced due diligence compliance

At financial institutions, routine background checks on new customers, referred to as customer due diligence, are required as part of the industry’s standard know-your-customer protocols.

However, when assessing individuals or organizations who are deemed “high risk,” a more intense level of scrutiny — known as enhanced due diligence (EDD) — is required.

As the name implies, EDD involves a much more thorough investigation of an organization or individual’s financial universe. And when institutions conduct EDD, software powered by machine learning and artificial intelligence (AI) is often used to search for evidence of criminal activity, money laundering, or other indicators of business malfeasance.

At this year’s Association of Certified Anti-Money-Laundering Specialists (ACAMS) annual conference, held virtually last week, a panel of experts from across the compliance landscape discussed AI’s impact on EDD and how financial institutions are incorporating advanced information-gathering tools and techniques into their risk-assessment frameworks for Bank Secrecy Act and anti-money laundering (AML) compliance.

Risk vs. reward

In theory, AI-enhanced EDD provides a much more comprehensive and holistic view of a new customer’s business associations and financial activities, which allows financial institutions to make more informed decisions about who they choose to do business with. In practice, however, all that additional customer data can complicate customer relations and introduce new variables into the risk-assessment process, reinforcing the need for prudent human judgment.

“EDD is not a one-size-fits all approach,” said panelist Monique Johnson, a VP and Senior Compliance Manager at KeyBank. “All institutions, regardless of asset size, should be developing an EDD program that is consistent with their risk appetite and risk profile,” she said, adding that individual institutions also must decide for themselves how much risk they are comfortable taking on.

When it comes to assessing so-called “high-risk” clients, Johnson said the challenge is balancing the institution’s risk appetite against the potential rewards — or ramifications — of doing business with such clients. For example, it is mandatory to consider some clients “high risk” simply because of the business they are in, whether it’s a money-service business that could be used for money-laundering purposes or a cannabis-related business that deals primarily in cash, she explained. In most cases, politically exposed persons (e.g., politicians, government officials, heads of state) are also considered high-risk clients because their positions can be abused for money-laundering purposes. Still other entities may or may not be considered high risk, she added, depending on other factors such as geographical jurisdiction or whether they operate in countries where sanctions are being enforced.

However, according to panelist Hue Dang, VP and Head of Global Business Development and New Ventures for ACAMS, the water gets much murkier when dealing with clients that don’t check the obvious high-risk boxes. “The challenge for institutions is determining what you don’t typically see as high risk — but is — and how do you recognize that it should be?” Dang said.

In such cases, an EDD process that incorporates AI technology is helpful because “the technology helps us identify linkages to see where the risks are — to identify where the money flows and what connections an entity might have,” she noted. “Without data analytics, you can’t really see the connectivity.”

Gradients of risk

Indeed, today’s advanced investigative search tools pull information from a variety of sources — such as bank records, public databases (e.g., court filings, DMV records, land title registries, collection/repossession data), news sources, proprietary databases (e.g., insurance, professional licensing, business bureaus), and other sources — to create sophisticated neural maps of the business and financial activity of an organization or individual, including their connections to other people and business entities.

“EDD is not a one-size-fits all approach. All institutions, regardless of asset size, should be developing an EDD program that is consistent with their risk appetite and risk profile.”

And according to another panelist, Jason Somrak, Chief of AML and Advanced Analytics at Oracle, information this granular allows AML compliance officers to judge “nuances” and “gradients of risk” that were unavailable using previous research methods. “There are ways with technology now that we can view risk not just as ‘bad’ or ‘good,’ but to understand what the actual risk is on a spectrum,” Somrak said. For example, he noted, many institutions are beginning to use more advanced techniques, such as temporal analytics, which allows institutions to track and compare a customer’s activities over time, automatically flagging potentially suspicious changes in business behavior, transaction patterns, or other discrepancies.

AI technologies are continuously evolving, of course, so investigative procedures that were once fairly routine are now more dynamic and fluid as more information on customers and their associations becomes available. In fact, this increasing dynamism should be pushing institutions away from a “linear” model of due diligence to a more “circular” model wherein high-risk customers are regularly re-evaluated as new information about their activities and associations is accumulated, said ACAMS’ Dang.

However, if technology is going to be driving the evolution of best practices in the industry, its reliability needs to be unquestionable, added Johnson of KeyBank. “We need to make sure that the technologies we utilize are accurate,” she said. “Just as institutions are re-assessing their customer base and high-risk customers, we need to also make sure that we are continually staying abreast of our technologies to ensure that they are providing us with the most accurate results, so that we can maintain compliance with our regulators.”

Better decisions, less risk

Keeping up with technology can be a challenge, especially in the rapidly developing area of AI and machine-learning, the panel noted. “As an industry, we are just at the starting line when it comes to using AI, particularly around our transaction-monitoring software,” said panelist Jason Frantz, a senior Risk, Compliance & Audit  manager for AML at U.S. Bank.

For compliance officers, AI-enabled software does help weed out unhelpful or irrelevant information, but it also picks up new information that may or may not be relevant, and machine-learning systems need to get “smarter” at differentiating between the two, Frantz explained. Improvements in AI are inevitable, he added—only the timeline is in question. “I don’t think anyone knows what the full capacity of AI will look like in five years,” Frantz said, “but right now we want to use it to get the best work we possibly can to our human counterparts.”

Johnson agreed, saying she is confident that broader adoption of AI tools will benefit the industry significantly. “The banking industry is utilizing these technologies to increase efficiencies in our processes, identify risk, and make better risk decisions,” she added. “The more we develop and utilize these technologies, the more our AML compliance programs across the organization can do nothing but continue to be better and better developed.”

More insights