In the financial sector, maintaining regulatory compliance and mitigating financial crime risks are critical. Two crucial processes in achieving these goals are Know Your Customer (KYC) and Transaction Monitoring (TM). In the past, these procedures have been heavily dependent on manual labor and rule-based systems, and even to this day; but institutions are now using AI to improve their KYC and TM procedures. However, even with these advances, the work is still labor-intensive, and it is not always evident that the effort is focused on the most risky individuals. Can recent developments in the area of Generative Artificial Intelligence (GenAI) provide new opportunities to conduct KYC and TM processes in a way that is more purpose-based?

KYC involves verifying the identity of customers. This includes gathering documentation and other personal data to determine expected behavior and the level of risk involved. TM involves ongoing surveillance of those customers to detect and report suspicious activities that may indicate money laundering or other illicit behavior. Both KYC and TM essentially have the same purpose, to prevent the laundering of money obtained from criminal activities into the legitimate financial system.

Let’s explore how GenAI, and other (AI) innovations, could work to provide a comprehensive solution to the intricate problem of providing purpose to KYC and TM.

GenAI for automated (document) verification

An element of KYC is the assessment of data received from or in relation to clients. This generally requires human effort, because of the various sources of information, but especially because of the required contextual evaluation of the combined information. For a lot of current-day technology, it is very difficult to work with conflicting or incomplete data. Therefore, this process, although supported by technology, is (still) not automated.

GenAI is capable of assimilating multiple sources of data, including (semi-)unstructured data such as government documents, contractual agreements and miscellaneous communication. Subsequently, GenAI is capable of summarizing information, assessing whether (all) mandatory information is available, highlighting uncertainty in the information and conducting an initial risk assessment. With adequate controls in place, GenAI might handle the vast majority of ‘low-risk customers’ without human supervision and in a compliant way, with the system directing the human-in-the-loop to instances where either risk is likely, or where uncertainty is high.

Multi-Agent believe systems and Behavioral Analysis

Transactions and customer behavior need to be assessed, in relation to the bank’s knowledge of the customer and its risk profile, for any indications of money laundering or other illicit behaviors. This is a difficult task, because legitimate customer behaviors can be diverse and dynamic. Therefore, rule-based systems work but generally have the downside of not being discriminative enough, resulting in many false positives. Also for humans it is difficult to assess normality, as they generally have to base their assessment on what data is available in the client file or in the transaction history; this can take a lot of time and essentially requires a human analyst to build up an internal representation of that customer and mentally discriminate between expected and unexpected behavior.

With Multi-Agent Systems (MAS), a research area within the domain of AI, individual agents can be created to represent individual customers. This representation starts off with an empty or predetermined ‘knowledge base’. This knowledge represents the Beliefs, Desires and Intentions (BDI) of an agent and, by extension, the BDI of a (individual) customer. Using adequate techniques, such agents are able to reason and function with outdated, conflicting and/or incomplete information, acquiring this information during each interaction with the client. Such a rich representation of your customer knowledge can augment behavioral analysis and can help identify subtle deviating patterns in customer behavior that human analysts may overlook. This approach can enhance the effectiveness of transaction monitoring, by essentially working with an ‘adaptive digital twin’ of a customer, assessing client behavior in real time. This could be a huge step up from having a ‘digital expected transaction profile’ on file.

Privacy-preserving monitoring

As part of KYC and TM, a large amount of information is assessed. This could be at odds with privacy requirements and the responsible usage of AI. Therefore, although technology might be one of the reasons that mass evaluation of data is possible, technology can also be used to reduce privacy concerns:

  • Homomorphic Encryption – Homomorphic Encryption allows computations to be performed on encrypted data without having to decrypt it first. This technique is useful for, for example, the technical outsourcing of KYC and TM for storage and computation without compromising privacy.
  • Techniques like Multi-Party Computation (MPC) allow institutions to jointly analyze transaction data without sharing sensitive data. This could be useful for the detection of money laundering schemes that span multiple organizations.
  • When providing and receiving information, we generally tend to process more data then actually needed. For example, when buying alcohol, a seller might need to verify that you are of legal age. When providing an ID, we provide (much) more information than the fact that we are of legal age or not. Even our date of birth provides more information than necessary, since it should not matter whether I am 18 or 80. Several techniques can allow us to provide and receive only the required set of assertions, which reduces the risk of leaking information that wasn’t even needed in the first place.

The techniques discussed above, as well as techniques not covered in this article, can allow for a more nuanced and dynamic approach to KYC and TM by having a risk-based approach that uses a lot of data, in a privacy-friendly and responsible way, with human effort being spent on outliers. Institutions can then lessen needless monitoring of low-risk customers while concentrating their human resources on those that present the biggest risk.

However, integrating such techniques into existing KYC and TM processes is likely not going to be easy. Next to regular IT challenges, especially with legacy systems, there will be additional challenges, such as data privacy concerns, model interpretability, and regulatory compliance. Especially with the new AI act and the GDPR, institutions must ensure that systems are transparent, accountable, ethical and in line with privacy requirements.

In conclusion, GenAI, and other techniques, offer immense potential for enhancing KYC and TM, to help gear it towards the protection of the financial system. However, reaping these benefits will not be a walk in the park and will require organizations to make drastic changes and ‘experiment’ with these techniques. It would require alignment with regulators, and cooperating with other financial institutions as well as tech organizations. Internally, it is also likely to require both a redesign of the (compliance) IT architecture and a redesign of the (compliance) workforce. Although it might seem a stretch, the potential benefits to institutions, customers and society as a whole can be immense.

Empower your forensic consulting endeavors with AI-driven precision. Together, we can fortify defenses and uphold integrity in an increasingly digital world.

We will keep you informed by email.
Enter your preferences here.