Financial institutions also invest significant time
and resources in testing AML and sanctions controls. This can range from testing data feeds and
systems validations to outsourced processes. Since
some tasks associated with testing are repetitive, intelligent automation can be a valuable tool here as well.
Further, given that a machine is performing the tests and testing
the entire population, sampling becomes obsolete since the entire
population can be included.
■ ■ ■ RPA—RPA can quickly identify issues from initial data sets
(including documentation) that humans must review as part
of their testing scope work. Depending on how structured the
data is at a given institution, RPA could be used to conduct
basic testing procedures to identify data completeness. For
example, when testing an institution’s KYC compliance, RPA
could easily examine whether K YC files include required data
points (like address, date of birth, citizenship, source of wealth,
etc.), in accordance with the Institution’s protocols (on 100%
of the files). And as a result, it can identify outliers for further
root cause analysis.
■ ■ ■ Machine Learning—This can be used to ingest data and rely
upon test steps to automatically assess the data. While the machine reads the data, humans could read through any identified
exceptions. If the first line, monitoring uses automation. Then
it may be more effective for the second line (the compliance
function) to review and evaluate the effectiveness of the first
line’s QA reviews, rather than the outcomes produced.
■ ■ ■ Cognitive Automation—Banks can build a domain base
knowledge of financial crime compliance by using:
• Prior outcomes from compliance monitoring and testing;
• Internal audit activities;
• Regulatory exams;
• Enforcement orders and other public information; and
• Information gathered through an institution’s regulatory
This knowledge can then be applied to its customers, business
lines, products, services, delivery channels, and transactions to
search for patterns and compare them to the domain base knowledge. Issues can be identified that were not simply items that failed
a particular test, but rather, outliers that need to be assessed by
a human to evaluate potential risk. These issues would then be
fed back into the domain knowledge.
The Technology is Available…
So, What’s Next?
Financial institutions cannot afford a failure to innovate today.
Whether stemming from regulatory scrutiny, prohibitive labor
costs, or innovation competition, they need to evaluate how and
to what level they will invest in intelligent automation to support
As intelligent automation quickly becomes a more significant
enabler and accelerator in financial crime compliance, financial
crime officers can integrate these capabilities in a way that is right-sized for their institution and business goals, with benefits such
as greater efficiencies, effectiveness, and expanded risk coverage.
If you are just beginning to think about how to
make these changes and the type of financial crime
compliance activities to which it can be applied, it
can seem daunting. For example, it is important
that the institution identify and engage individuals
internally and/or externally who will collaborate with
this individual throughout the digital labor journey. These
individuals should have a hand in the design and implementation
of the ultimate financial crime intelligent automation strategy
and help coordinate with stakeholders in the institution’s overall
strategy to ensure greater consistency and risk awareness from the
changes. This may include internal resources from information
technology and the business lines, risk officers, internal audit,
and others whose roles are strategy development and execution.
In taking that lead, it is wise for the financial crime officer to
leverage any existing organizational infrastructure for governance,
data quality, model risk management, change management and
information security. A financial crime officer must ensure there
is no failure to communicate or innovate. ■
ABOUT THE AUTHORS
THOMAS KEEGAN is a principal in KPMG LLP’s U.S. Forensic
Services focused on analytics. He has spent over a decade as part
of the firms Forensic Services servicing our largest clients and has
led some of its most significant forensic data analytic projects
across a variety of areas including anti-money laundering, sanctions screening, fraud, FCPA and counter party exposure. Reach
him at firstname.lastname@example.org.
STEPHEN MARSHALL is a principal in KPMG LLP’s Financial
Crimes and Enforcement network. He possesses a diversity of skills
in the Bank Secrecy Act/Anti-Money Laundering (BSA/AML), OFAC,
and consumer related areas. Prior to joining KPMG, he worked for
a large bank that provides services to institutional investors worldwide. His responsibilities included implementing a compliance program covering investor services operations in the North America
and Asia Pacific regions. Reach him at email@example.com.
TERESA PESCE is a principal and the leader of KPMG LLP’s Financial
Crimes and Enforcement network and Global Head of Anti-Money
Laundering Services. Before joining KPMG, Teresa was AML Director
for the North American operations of a global bank. She also served
as an Assistant United States Attorney for the Southern District of
New York. She spent about 11 years in the U.S. Attorney’s office, rising
through the ranks to become Deputy Chief of the Criminal Division
and Chief of the Major Crimes unit. Reach her at firstname.lastname@example.org.
The authors would like to thank the following people for their contributions to this article: Stephen DeParis, director in KPMG LLP’s Forensic
Services; Nicole Stryker, director in KPMG LLP’s Financial Crimes and
Enforcement network; and Michelle Harman and Andrew Epstein,
senior associates in the Financial Crimes and Enforcement network.
1 Financial Crimes Compliance Programs typically include Anti-Money
Laundering (AML), Office of Foreign Asset Controls (OFAC)/Sanctions,
Anti-bribery and Corruption (ABC), Insider Trading, Human Trafficking
and other surveillance compliance area.