Discover more about our courses.
ICA is the trusted partner for you and your organisation.
Written by Judith Hawkins on Monday May 15, 2023
We are living through a time described as the ‘exponential age’. The rapid rate at which technology is developing is staggering, particularly in relation to artificial intelligence (AI). Inevitably, this has led to the question: can we – as compliance practitioners – keep up?
Silent Eight’s Vice President UKI & MEA, Pia Ffoulkes, has a key message on AI for financial crime practitioners looking to prepare themselves for the future: “Embrace it.”
“I came from a background of being at traditional screening vendors. When I took the plunge into start-up, scale-up life I was so excited to learn everything about AI and the advice I would give to anybody that’s starting in AI, or if it’s starting to be brought into your organisation, is: consume everything you can. This is the time to be a sponge,” she advises.
AI encapsulates a range of technologies which have applications across all areas of modern life. Within the financial crime compliance context, natural language processing (NLP), natural language generation (NLG) and machine learning are rapidly coming to the fore.
NLP enables unstructured data – such as emails, chat messages, web pages, news articles, legal documents and SWIFT transaction messages – to be analysed quickly to extract useful information and insights. NLG can then be used to summarise in plain English the resulting key findings and decision rationales. Meanwhile, machine learning solutions and algorithms can automatically classify and cluster transactions, customers, and other data points to rapidly identify anomalies and potential fraud.
“All of this happens in real time (versus sitting in the analyst queues for days and months sometimes),” explains Ffoulkes, “enabling institutions to manage risks better and in real time. Our clients have observed significant reduction in response times for escalating and managing financial crime exposure.”
She continues: “Imagine finding a needle in a haystack. That’s how the current compliance processes usually come across. The analysts go through hundreds and thousands of case investigations to identify the true financial crime risks. Sometimes it’s already too late by the time these risks are identified and actioned.”
The flipside of these potential improvements in efficiency and effectiveness is, for some, a fear over job security. First and foremost, Ffoulkes is keen to debunk the idea that AI is going to take over people’s jobs.
“AI is not here to replace you,” she stresses. “It should be a tool that you can add to your skillset, so if you can understand it you can work with it and you will become much more experienced.”
“I don’t see the financial crime practitioner disappearing,” she adds. “I see them becoming more skilled and more specialised. There won’t be this need to take on the straight-forward investigative processes that they’re doing today. Hopefully we’ll see level 1 type tasks are all automated. There’s still going to be a need for practitioners, but they are going to be far more progressed in their skillset, and far more focused on for example risk assessment, decisioning and collating data.”
This chimes with the message currently coming from the UK government, which at the end of March published a policy paper titled, ‘A pro-innovation approach to AI regulation’. In it, Michelle Donelan, Secretary of State for Science, Innovation and Technology, stated: “Our vision for a future AI-enabled country is one in which our ways of working are complemented by AI rather than disrupted by it
“In the modern world, too much of our professional lives is taken up by monotonous tasks – inputting data, filling out paperwork, scanning through documents for one piece of information and so on. AI in the workplace has the potential to free us up from these tasks, allowing us to spend more time doing the things we trained for.”
Nevertheless, there is growing unease being expressed around the world towards AI, including recently in an open letter published by thinktank The Future of Life Institute and co-signed by the likes of Elon Musk and Steve Wozniak. This letter has provoked fierce debate, after it called on all AI labs to immediately pause for at least six months the training of AI systems more powerful than the much-discussed GPT-4. The open letter states: “AI developers must work with policymakers to dramatically accelerate development of robust AI governance systems. These should at a minimum include: new and capable regulatory authorities dedicated to AI.”
A lot of concerns around AI relate to the use of data to train it. Data privacy issues for example saw JPMorgan recently take the step of restricting their staff’s use of ChatGPT, while Italy’s data protection authority blocked it in the country altogether.
Ffoulkes explains: “AI solutions often require large amounts of training data to be successful, so before embarking on any AI journey, a financial institution should understand the applicable laws in the relevant jurisdictions that it operates in. Every country and every financial firm will have its own unique risk appetite when it comes to sharing and processing of client data, so it is important to make sure that any potential RegTech partner is aware of those nuances and is willing to be flexible to meet those specific needs.”
Around the world a variety of different approaches are being taken to AI regulation, ranging from light touch to calls for a full-scale halt of development. With the Artificial Intelligence Act, the EU has proposed rules tailored on a risk-based approach, aiming to categorise AI technology into four levels of risk: unacceptable, high, limited and minimal. Late last year, the European Council adopted a general approach position on the legislation, but it remains under discussion in the European Parliament.
In China, the Shanghai Regulations on Promoting the Development of the AI industry came into effect from October last year. This provincial-level legislation introduced a graded management system, Ethics Council, and incentives for AI development. Also of note within these regulations is how relevant municipal departments will oversee creating a list of infraction behaviours, with a disclaimer stating there will be no administrative penalty for ‘minor infractions’. Meanwhile, many governments are putting regulatory sandboxes at the heart of their AI strategies, allowing live testing of AI innovations but within controlled, regulated environments.
While the debate rages on around the best approach to AI regulation, its illegal uses continue to flourish. Just as the concepts of machine learning and NLP are moving into mainstream conversation, so too are the terms ‘deepfakes’, ‘bots’ and ‘zombies’.
Criminals are now able, with alarming ease and minimal financial cost, to use AI to create fake identity documents and open fraudulent accounts through which to launder illicit proceeds. Major institutions are also seeing an increase in coordinated attacks by cybercriminals using botnets – networks of infected computers controlled remotely. By increasing their own AI capabilities, criminals are making their attacks more sophisticated and harder to detect, including through ‘smart’ malware that can adapt and evolve to override traditional antivirus software.
All of this is adding to the suspicion around AI, but Ffoulkes believes it’s the key to finding solutions. “If you can prepare yourself by having the best technology and the best people, then at least you stand a chance of being able to fight some of these cyber security attacks that we’re seeing today.”
In the right hands
She points out how AI is revolutionising areas like complex transaction monitoring, where an AI model can investigate in minutes, if not seconds, thousands of alerts. Furthermore, supervised and unsupervised machine learning techniques have proved invaluable when studying large datasets of historical alert investigations and ‘learning’ what suspicious (and non-suspicious) alerts look like. These learnings can then be applied to anti money laundering and sanctions detection to find new risks that were previously undetected, or in the case of applications such as those offered by Silent Eight, can be used to learn and replicate the same decision-making process of a human investigator to automatically adjudicate and close alerts.
Yet the human element is always still there and very much required. “It's the practitioners who will come up with the ideas for the AI developers to use. AI needs to learn from them,” Ffoulkes stresses.
“AI can do amazing things, but remember that it still learns from human behaviour and decisions. I don't see AI as a replacement for human investigators, but instead a tool that the most successful investigators will wield to their benefit.
“The more knowledge that the practitioners have, the more knowledge it feeds back. It’s just a constant, continuous loop of learning.”
Pia Ffoulkes is Vice President UKI & MEA, at Silent Eight, a RegTech vendor specialising in AI offerings. Growing from a start-up based in Singapore, the company now provides a variety of solutions to financial institutions in over 150 markets, including the likes of HSBC, Standard Chartered and AIA
Judith Hawkins is Content Manager (Digital) at the ICA
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.