Hey Google: Spell Fiduciary How Artificial Intelligence Is Revolutionizing The Financial Services Industry
In part 1 of my article on artificial intelligence and the financial services industry (CMS July/August 2022), I looked at some of the ways robotic process automation (RPA) and artificial intelligence (AI) are changing how the financial services industry does business. This article looks at the compliance focus.
For a sector as compliance-driven as the financial services sector, it has been slow to adopt technological enhancements. Anyone who has ever had to drive across town to sign an application with an actual pen on actual paper knows this, especially when “banker’s hours” are still a thing and you need to run the teller gauntlet to get to the personal banking person who then connects you with the investment/mortgage person.
In addition to the customer service experience, paper takes a lot of room to store, is bad for the environment, is easy to lose or misfile and is harder to cross-reference to detect potential fraud. Even if the documentation is eventually digitized, there can be a time-lapse.
Regulators And More Regulators
The Canadian financial services sector answers to many regulators both federally and provincially. For example, federal regulators1 include:
- Department of Finance (and Canada Revenue Agency)
- Office of the Superintendent of Financial Institutions (OSFI)
- Bank of Canada
- Canada Deposit Insurance Corporation (CDIC)
- Office of the Privacy Commissioner
- Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)
- Canadian Council of Insurance Regulators
- Canadian Payments Association
Then, each province or territory has its own regulator for things like insurance, securities, investments and provincial taxes. There are also self-regulatory associations such as Investment Industry Regulatory Organization of Canada and the Mutual Fund Dealers Association of Canada.
Then there are international treaties and agreements that Canada is a signatory to that also apply, such as tax treaties, and then there’s the whole World Economic Forum. In short, financial services have a myriad of regulations from multiple sources to keep up with.
In many financial services companies, all that regulatory oversight falls to the compliance department. I know; I used to be one. Keeping up with pending regulatory changes is a full-time job, and regulators don’t care if other regulators are making changes; every financial institution is expected to adhere to any changes the nanosecond the regulations come into effect. That means every interaction, application, contract, booklet, system, or document must reflect the new reality, all staff need to be aware of and follow them, and it all must be done when regulators say so. Sometimes they give a grace period, but not always.
Enter The Bots
One of the big advantages RPA brings to the financial services industry is the ability to scan, tag, analyze and escalate information and data. The bots can peruse millions of data sources simultaneously, including things like draft legislation, white papers, position papers, reports from government departments, world economic summits and government websites. They can flag and escalate anything that could be important, and they can do it in a fraction of the time even the best compliance person can do it.
It goes further than that. Intelligent automation can use optical character recognition (OCR) and machine learning (ML) to find information in notes, speeches, blogs, podcasts and other alternative sources of data that are often the first inkling that something is coming down the pipeline. For example, pension changes often start at a meeting of pension regulators or providers before they ever become a draft amendment to the legislation. Bots can find that information much faster than a person, and they don’t need breaks, lunch, statutory holidays, personal time off or sick days.
Once the changes are required, bots can make the changes across many operating systems, including legacy systems, in multiple locations simultaneously. They can update fields, checklists, and procedure documents, flag outstanding information or gaps in information and escalate it for follow-up.
Bots with AI and ML give an extra layer of fiduciary accountability and due diligence.
Caught In The Act
If there’s a way to commit a crime, some enterprising lowlife will find a way to commit it. In a document-reliant industry like financial services, it has been relatively easy to bait and switch with bad cheques because, by the time the fraud is detected, the money has been withdrawn, and the bandits (and the funds) are long gone. It was also relatively easy to avoid money laundering flags by having a variety of people go to different branches with bank drafts in an amount not likely to set off alarm bells, and by the time it is all processed and tallied, the funds have been cleaned, pressed and sanitized.
Or that used to be the case. Intelligent automation can scan transactions in real-time, identify and flag anomalies, and OCR can flag forged or questionable identity documents while the trickster is still at the counter. RPA can determine if the funds are genuine, can detect and flag patterns of suspicious activity and raise the alarm before the fraud is completed. It can also scan accounts in multiple locations on various enterprise systems simultaneously, searching for patterns and anomalies. This data analysis happens while Bonnie or Clyde is still standing at the counter, waiting to complete their transactions.
RPA can also search for trends across the globe, flagging new twists on old scams, complete a risk assessment and flag suspicious activity that fits the profile.
Bots can also search data sources for previous transactions and identify, analyze and flag them for further investigation. ML and AI allow bots to get faster as they “learn” the patterns and anomalies, so the bots know what to look for next time. OCR can flag the fakes, and ML can figure out what they are doing and add it to the list of things to watch for.
How Bots Are Helping Financial Services
In addition to fraud detection, RPA has several other applications that can improve compliance and due diligence in financial services.
Know-Your-Client (KYC)
Bots can ensure that KYC protocols are followed, identify and request missing information, send follow-up requests and file the information once it’s received. They can process hundreds of data simultaneously, relieving human workers of tedious data entry and follow-up.
OCR is effective at determining whether ID is genuine or fake and can search multiple databases of passport and driver’s license characteristics in seconds.
They can scan and digitize information in a variety of forms, make it keyword searchable, readily accessible to anyone with authorized access and store the information in the cloud, adding encryption and a layer of security.
No matter how an account is opened, whether online, in person, or over the phone, KYC and due diligence are essential. Bots can quickly develop a customer risk profile, monitor account activity, flag suspicious transactions, request and extract third party reports, credit reports, appraisals, or title searches, and amalgamate all the information in a comprehensive client file.
Anti-Money Laundering (AML)
Money laundering can still conjure images of shady mobsters with briefcases full of funds hustling into the casino, only to emerge later with a squeaky-clean bank draft that is untraceable. It’s much more complex than that, especially when coupled with anti-terrorism guidelines.
The Criminal Code of Canada makes it a criminal offence to “knowingly deal with any property or provide or facilitate any financial or related service”2 and puts an onerous duty to report on financial services such as banks, insurance companies and other financial services industry partners. Since cryptocurrencies have now entered the market, that duty to report also extends to them; exactly how AML applies to crypto is still a moving target.
In reality, AML is full of data entry, forms, spreadsheets and reports of reports to various regulatory agencies. It’s tedious, it’s time consuming, it’s labour intensive and can be prone to human error when the person entering the data gets tired.
The U.S. Government Accountability Office conducted a study in 2018 that found that banks spend an average of “0.4% and 2.4% of total 2018 operating expenses on anti-money laundering activity and Bank Secrecy Act compliance”.3 28% of that was for reporting, 35% was compliance program requirements, training, testing and software and third parties.4
In Canada, small banks can spend $1.4 million annually on AML, while the larger financial players can spend $14.3 million, and half of that is on labour costs.5
The advantage intelligent automation brings to the table is the ability to identify multiple transactions for the same customer across multiple accounts or enterprise systems, tally them up and flag them if they seem suspicious. RPA can scan millions of data simultaneously, and intelligent automation is scalable, allowing organizations to scale as needed.
In addition, RPA can be updated quickly is AML regulations change, and the bots will incorporate the new information as soon as it is entered. Better yet, the bots probably detected the information change in the first place and flagged it.
Cyber Security
Another advantage RPA brings to the table is a combination of cloud encryption and cybersecurity. Bots can continuously scan for unauthorized breaches or security threats, flagging them and activating deterrents and protocols as soon as a threat is detected. In addition, information transferred to and from the cloud is encrypted, offering an additional layer of protection for sensitive data.
Some of the biggest cyber security breaches in the U.S., including the Solarwinds breach that hit everyone from small suppliers to various U.S. government departments including the Pentagon, and big players like Microsoft, occurred via a small supplier who was hacked, and had malware embedded into a routine software update that was used to manage IT resources. The update then infected every system of the Solarwinds’ clients who downloaded the update.6 1
The breach wasn’t detected for a few days, allowing Russian hackers loads of time to download sensitive information. RPA would have detected the breach as soon as it started, and could have shut things down, protecting sensitive information.
Conclusion:
The financial services industry is document-reliant and heavily regulated. Many of the tasks are data-driven, requiring many entries, cross-referencing and reporting. RPA with AI and ML can complete many of the tedious tasks efficiently, assisting with everything from fraud detection to KYC and anti-money laundering, as well as providing an extra layer of cyber security. It may never replace the pen on a chain, but it’s a pretty close second.
Lisa MacColl is an Ontario-based writer who specializes in B2B and B2C communications, as well as investments, insurance and financial topics. She has also written general interest and parenting articles, and her novella, “Cannoli” is available on Amazon.
3 https://bankingjournal.aba.com/2020/09/gao-estimates-bank-costs-for-aml-bsa-compliance/
4 Ibid.
6 https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12