What new technology is available for use by MLROs? What products are the most promising? What problems are AML software vendors facing at the moment? What do they think of the FCA’s efforts? The UK's regulator has attempted to answer all these questions in its latest report.

The report details findings from a study of new IT in anti-money-laundering (AML) compliance by PA Consulting Group (PA) on the regulator's behalf. It conducted 40 interviews with regulated firms, software vendors and others. The overwhelming mood among the regulated firms in the survey was one of aversion to risk – many expressed a clear preference for proven technology wherever possible. This does not, however, mean that they are not exploring new avenues.

Utility - the new watchword

For the purposes of 'onboarding,' or recruiting new customers, many firms are thinking of using or indeed already trying out "utility technologies," the most popular new type of IT. The FCA uses this phrase to mean "those service/technology providers offering a centralised outsourcing of key common tasks, potentially across an entire industry."

Most firms think that the financial services industry can only take 'utilities' on in a big way if the FCA or some other governmental body takes steps to make it happen. Some think that the FCA's "regulatory sandbox" initiative would be perfect for larger-scale 'utility' trials in the industry. It uses the word 'utility' (or a derivative thereof) 24 times in the report. There is also talk of firms sharing "customer duly diligent" data between them with the help of independent utilities. "Customer due diligence" or CDD is a phrase used originally by the Basel Committee for Banking Supervision to describe "know your customer" or KYC initiatives, i.e. the checking of customers' backgrounds and transactions.

Other types of new hardware and software that show promise in the AML sphere include biometrics/video KYC, data analysis (which the FCA calls 'analytics'), machine learning, neuro-linguistic programming (NLP) and blockchain/distributed ledger IT.

Eight times in the report the FCA refers to "industry utilities," by which it means "mechanisms for sharing KYC, transactional or other data between institutions through a third party." It likes the idea of these. At one point in the report, it thinks of such businesses or mechanisms in terms of only one per jurisdiction, saying that "they would have a clear view of the entire transactional profile of an individual within a jurisdiction." This can logically only be done by one business that services all financial institutions in the UK, unless the FCA is thinking of many 'utilities' in the industry talking to one another as well as the regulated firms. Respondents to the survey believe that such a body would be especially useful for financial firms that are inspecting correspondent banking relationships or products that are highly risky (or, as the FCA mysteriously puts it, 'already' highly risky). Nothing, however, makes 'utility' IT harder to use than 'dirty data' and the FCA remarks that "data quality remains an enormous challenge" for financial institutions. With all this in mind, and especially when verifying identities and identifying documents, some firms are conducting trials now.

Elsewhere in the report the FCA writes of 'utilities' as companies that 'share' AML compliance activities 'across' many institutions, but does not seem to be thinking of one pan-industry 'utility.' It also believes that such utilities might reduce costs (presumably at their customer-banks) but mentions this in the future tense, as though it has not happened yet. It also hints, in a none-too-lettered way, that a utility might be a "third party" that can identify systemic trends, including pan-institutional money-laundering patterns.

Data protection is an issue. The report guesses that the European Union's upcoming GDPR or General Data Protection Regulation is going to stunt the growth of "utility providers." This is because regulated firms expect the regulation to make it considerably less attractive for them to share data about customers with non-regulated firms.

Many firms believe that if 'utilities' (including "potential utilities," whatever they may be) were to use data analysis and machine learning, this could be a great help to firms that want to identify and prevent fraud, money laundering and terrorist finance.

Wholesale but not yet retail?

Software vendors, or "technology providers" as the FCA calls them, told the survey that 'collaboration' (presumably between each other) was essential to their continuing development, particularly because "collaborations were more likely to be considered by regulated firms" - a phrase that might indicate that regulated firms are more likely to buy products and services from vendors that collaborate with one another. The FCA writes in the present tense about vendors often collaborating to form "a wholesale ‘utility’ type offering," although it does not say whether such collaborations are common in the retail sector yet.

Third parties

The FCA mentions 'third parties' (a third party being a person who is separate from two people who are primarily involved in a situation, especially a dispute) throughout the report, although it is often vague about their nature in each case. It is clear, however, when it writes about 'third-party data,' defined by Advertising Age as data that a marketer acquires from a multitude of outside sources, often from the Internet. Specialist AML/KYC firms and credit reference agencies provide such data and their services are among the most prominent services used in the 'onboarding' process. Most regulated institutions consider these services invaluable as part of their day-to-day operations but some told the survey that the underlying data was not being updated regularly enough and that this was prompting them to make bad decisions.

Many firms also complained that they were buying some IT services that required manual work, especially as regards "enhanced due diligence," or EDD, and media searches for adverse information about prospective customers.

Existing technology that is still developing

The use of biometrics has become prevalent in recent years, with a number of firms regularly using them on customers. Voice-based biometric IT is common at call centres in many areas of financial services, with life and pensions providers starting to use it now. Firms think of it as a good way to improve the "customer experience" and to reduce fraud.

Device-based biometrics for digital interactions between banks and their customers are becoming increasingly commonplace, especially the use of fingerprint scanning. A number of regulated institutions told the survey that the technology for doing these things was widespread and cheap. Some firms have introduced complex 'biometrics' such as facial recognition IT to match the photograph of a consumer to the one on his passport. Others are holding back.