How Banks Can Avoid AML Compliance Fines in 2024

Fraud, Fines, and Freedom

7 billion dollars. That's the amount of money large banks, financial institutions, and gaming organizations paid incompletely avoidablefines in 2023.

We'll get to the avoidability of these fines, but the numbers are extreme and warrant a browse.

Binance led the pack with a whopping$4.3 billionslash to their bottom line. However, cryptocurrency and new financial mediums weren’t the cause; lack of anti-money laundering and customer due diligence drove these penalties.

• Despite finalizing their guilty plea in December of 2022, Danske Bank was promptly ordered to pay an incredible$2 billion finewhen the US judge accepted the plea in early January - all for failures in proper AML implementation.
• Wells Fargo made the list with a$97 millionpenalty for violating sanctions.
• Deutsche Bank paid the feds$186 millionforthe slow pace of their AML improvement.

Then we have an amalgam of Australian, Canadian, and British institutions following suit with over $300 million in fines, all for the same cause: processing criminal funds.

And yes, $7 billion in fines ishuge, but the true scale of the problem isenormous.

---

The Trillion Dollar Problem

The recently released2024 Global Financial Crime report by Nasdaq Verafinestimates that in 2023, the total illicit funds flowing through the global financial system hit3.1trilliondollars.Yes, that’sonly2023.

This gave way to about $464.6 billion in losses from bank fraud schemes, which tells us that the fines are only a slice of the liability cake. There’s nowhere to go but up. Knowing all this, it may seem ridiculous to the untrained eye that banks don’t follow these regulations. But, of course, that’s not the whole story.

If you’re a compliance officer, risk manager, or AML analyst, you know your organization spends more than considerable resources on these issues. AML, KYC, and CDD solutions (and processes) are implemented across the entire sector  - so why are banks still facing fines?

It’s a simple answer but a complex problem:It’s 2024.

New technology is being invented every day, but banks (for the most part) are old. As the gap between technology and business processes widens, security spending is desperately trying to catch up - and we can see it in real-time.

A Gartner Report forecasted thatGlobal Security Spending will total $215 billion for 2024, a 14.3% increase from last year, with notable increases in Identity Access Management and Data Privacy.

This investment directly addresses the non-compliance fines and game of technology-catch-up we’re talking about,but…there’s a problem. The numbers were largelast yearas well. They’ve only been growing.

IT spending, specifically in banking, was estimated to be$652 billion, and with security at the forefront, the question still stands.

If we’re addressing the pace of technology and the sophistication of new threats with larger security budgets, once again, why is there seemingly no progress?

Well, it may not be a question of “How much money do we spend?” but more of a “Wheredo we spend it?” problem.

But the “Where?” should also be straightforward, shouldn’t it?

Isn’t the answer “Compliance?”

---

The Analog Solution (and why it doesn’t work anymore)

Compliance requirements and regulations arelong.

The required reporting, unending changes, and countless regulatory watchdogs make it complicated at best. But, when discussing our solution to this trillion-dollar problem, we’ll concentrate on the one piece of legislation that matters the most:The Bank Secrecy Act of 1970 (BSA).

The BSA has many amendments, too many to cover here. However, we've broken down nine of them along with theirAML requirementsbefore; in short, the BSA is considered the major ‘compliance rulebook’ for financial institutions.

Being law, the BSA does have a handler: The Financial Crimes Enforcement Network (FinCEN).

FinCEN is the primary body that sets out guidelines and changes to the BSA and, as its name suggests, enforces it as well. These regulatory changes build on past requirements. Some are specific, others are vague, all need to be interpreted, and that’s a job for compliance teams.

Compliance departments are created to ensure that banks follow these regulations. The job isn’t simple. Their task is constantly and meticulously interpreting regulations to avoid a repeat of 2023: billions in fines, even more in fraud losses, and a corrosion of consumer trust.

Some specificAML requirementsare:

• Flagging and reporting cash deposits over $10,000 a day (Currency Transaction Reporting).
• Creating a framework to identify transactions related to money laundering and reporting when they’re over $5,000 (Suspicious Activity Reporting).
• Recording international transfers exceeding $3,000 and the sender and recipient details.
• Recording US customers that exceed thresholds in foreign financial accounts.

In addition, creating policies and procedures for adverse media, PEP screening, and cross-referencing sanctions with watchlist data are all a part of the requirements - this is more vague.

Enter Technology (or a lack thereof)

We all know our banks aren’t using pen and paper.

For banks to operate their business (sometimes spanning multiple cities, states, or countries), they need a way to keep track of and manage accounts, customers, interest calculations, loans, and, most importantly, deposits and withdrawals.

To keep track of all of this in real-time (for countless customers), banks use something called aCore Banking System (CBS)- which is essentially a specialized ERP/CRM system.

In managing these transactions, these massive and complex systems have compliance modules - and this is where our compliance teams start addressing all these rules set out in the BSA.

As we said earlier, the answer to preventing fraud issimple, but the problem iscomplex- it’s 2024, but the most popular Core Banking Systems areold.

• SAP for Banking was released in the 1990s
• Infosys FINACLE in 2000
• Temenos T24 in 2003

These systems are widely used by some of the largest banks in the world, and of course, they’re updated often enough,butbeing multifaceted systems,their primary purpose isn’t stopping fraud.

CBSs providesbasictransaction monitoring, like setting limits to flag the dollar amounts and deposit frequencies mentioned earlier. Their Anti-Money Laundering is worse. It only has limited reach when performing critical tasks like watchlist screening.

These systems fall over when criminals:

• Start depositing under threshold limits.
• Use sophisticated or erratic deposit patterns.
• Hide their money with fake business activities.
• Leverage AI to tamper with ID or doctor documents.

This is why the fight against money laundering, fraud, and other criminal activity is tedious and expensive.

However, these goliath banking systemsdoallow for integrations; in fact, theyrelyon them. But, if you’ve worked in a large organization with legacy software before, you know that integration isn’t justapain; it'sthepain.

Legacybanking systems rely onlegacyAML solutions delivered bylegacyproviders, all culminating in the enormous fraud losses we’ve been discussing.

Remember Danske Bank and their 2 billion dollar fine? A part of their settlement was upgrading their AML procedures, a 2018 to 2022project spanning $1.2 billion. This price tag could have been much smaller and much more incremental without the additional fine for AML system failures.

Legacy AML and fraud prevention solutions are:

• Difficult to integrate and rely on many ‘band-aid’ solutions to emerging problems.
• Automation-deficient, requiring unnecessary manual intervention.
• Severely lack the capability to mitigate against new threats.
• Have siloed data leading to false positives in flagging threats.
• Expensive over the long run as the CBS of choice becomes more entrenched with legacy workflows.

And the use of these old AML systems isrampant- much like the criminal activity they fail to curb.

Banks are left with two solutions:

1. Overhauling their Core Banking System to a more modern system with better capacity to integrate AML solutions (expensive and time-consuming), or, more realistically,
2. Changing their AML and fraud detection provider by partnering with fintechs and emerging contenders in the space.

Gartner has publishedcase studieson how some banks assess the question of partnering with, buying COTS products of, or customizing solutions provided by fintechs - it all comes down to flexibility and ease of integration.

So we’ve hit bedrock.

Criminal activity is inevitable, but the cause of fines and fraud losses is a lacking response to that unavoidable activity; in other words, the cause is using legacy AML. In saying this, we now better understand the solution: adopting a flexible, modern, and easily integrated fraud prevention solution.

---

The Fix: Integrating Modern Fraud Detection

The simple compliance rules and cash thresholds of legacy AML solutions are no longer enough.

AI-powered criminal activityis now taking center stage.Synthetic fraud, i.e., the use of PII to fabricate a person, is on the rise at38% year-over-year (YoY), targeting U.S. auto loans, bank credit cards, retail credit cards, and unsecured personal loans.

In 2024, it’s estimated thatover 95% of US citizens will be banked, meaning the top banks will servetens of millions of customerswith multiple accounts(all carrying individual risk).

With more regulations, sophisticated technological threats, and a wider risk surface (that comes with millions of customers), it’s now aprerequisitefor banks to use modernidentity verificationand fraud detection to avoid losses.

Fraud detection solutions need to go beyond flagging the basics; they need to:

• Automate the creation and decision-making for risk profiles based on risk tolerance.
• Access global authoritative sources while being sophisticated and targeted in risk scoring.
• Ensure customer due diligence requirements are met.Pre-validating entered data (which alsoreduces drop-offduring account opening).Biometric scanning and facial matching.Detecting fake or doctored IDswith AI-powered authenticity checks.
• Pre-validating entered data (which alsoreduces drop-offduring account opening).
• Biometric scanning and facial matching.
• Detecting fake or doctored IDswith AI-powered authenticity checks.
• Sequence identity checks across multiple authoritative data sources while remaining cost-effective.
• Scan and flag high-risk individualsacross global watchlists and sanction lists.
• Check for adverse media presence and flag politically exposed persons.
• Remain flexible and integrate seamlessly with systems already in use.

All while ensuring the customer experience remains frictionless, match rates are maximized, false positives are minimized, and legitimate new account holders aren’t sacrificed for security.

The providers that have demonstrated these advances in their capabilities, that can handle all touch points across CDD, KYC, and AML, and, of course,seamlessly integratewith leading Core Banking Systems: those are the solutions banks must adopt.

It’s pivotal that compliance teams identify providers that can deliver these capabilities and ask the right questions when considering options.

Data Zoo’sIdentity-Proofing Buyers Guide Questionnaireis a great starting point in ensuring customer due diligence is on par or beyond industry standards when evaluating fintech partners.

Another point to consider is whether theircompliance certificationsprovide an extra layer of security when it comes to data handling.

After confirming these modern capabilities are available and industry certifications are present, banks will be in one of the most advantageous positions for fraud prevention as well as AML and regulatory compliance as a whole.