The conflict in Ukraine has given rise to numerous assets freezing measures and increased vigilance in the screening of financial companies’ third-party databases. This is an opportunity to recall the fundamentals of AML/CFT (Anti-Money Laundering / Combating the Financing of Terrorism) screening as well as the latest contributions of digitisation in these processes with Vincent Bertrand, Project Director and Knowledge Manager of Webhelp KYC Services.

The international regulatory environment has been transformed in recent years, with an increasing number of compliance obligations for regulated institutions. Therefore Know Your Customer costs have become extremely high especially within the financial services industry. According to PwC, the costs associated with KYC represent about 3% of a bank’s operational costs. Over the past decade, this expense has increased fourteenfold.

What is screening in AML/CFT?

In the fight against money laundering and the financing of terrorism (AML/CFT), banks, and more broadly businesses subject to regulation, deploy extensive KYC programs which aim to gather and analyse a set of customer data in order to better identify them, protect them against identity theft and possible financial crime risks.

To this end, a screening process has been put in place to detect and prevent potential violations of financial laws. This involves checking customer data such as name, country, and other additional information against lists of sanctions, embargoes and politically exposed persons (PEP).

The screening process is one of the key elements of the AML/CFT system, along with the KYC process and transaction screening and monitoring.

This process is done in 3 steps:

AML/CFT screening

1/ Alert Generation

The screening tool automatically compares a customer third-party database with data contained in PEP and sanction lists, to generate alerts based on these reconciliations.

2/ Alert processing

Alerts generated are analysed by a level 1 agent who performs a quick check to determine if it is a false positive or if the alert needs to be investigated.

  • In case of a “false positive”, the level 1 agent releases the alert
  • In case of suspicion, the alert is sent to a level 2 agent for an in-depth analysis, based on the customer file and KYC documentation.

3/ In-depth analysis and final decision

After further investigation, the level 2 agent can close the alert if he is sure that the customer does not match the data contained in the sanction list. In case of doubt, the level 2 agent will formalise a Suspicious Activity report to be sent to the local Financial Intelligence Unit (Tracfin in France, NCA in England, …).

It should be noted that the alert management workflow differs depending on the company and its organisation.

Alert management processes are complex but also energy-consuming, not only in terms of time but also in terms of human and technical resources. Which is why the use of automation can be a game changer.

The role of Robotic Process Automation (RPA) in screening

RPA allows the automation of repetitive tasks that would usually require human intervention. The use cases of RPA are various. They can range from the automatic management of responses to certain emails, to more complex processes such as: accounting reconciliation, opening of customer contracts, daily reporting from multiple sources…

In the context of screening, RPA will thus enable the automation of alert processing, the collection of missing data and the sending of communications between level 1 and level 2 agents. It will ensure greater efficiency, faster business processes, and minimal errors.

Nevertheless, one of the disadvantages of Robotic Process Automation is that these solutions cannot automatically adapt to changing conditions.

RPA and Machine Learning

Machine learning is a subset of AI, whose principle is to endow the system with an ability to learn from success and failure. In the case of a screening process, the model allows alerts to be directly addressed to the right level according to their relevance: the most sensitive messages will thus be addressed directly to level 2. As a result, level 1, which is not in charge of the initial processing of some alerts, will then be able to better absorb unexpected increases in volume.

The model is based on a neural network model which is fed by variable complexity characteristics: message characteristics, phonetic distances, address decomposition and free-field semantics. These variables are taken from the messages sent by the screening tool and do not contain personal data.

By combining RPA and Machine Learning (iRPA – Intelligent Automatic Process Automation), the device becomes more autonomous and can handle more complex situations such as a deeper analysis of alerts and decision making and automatic extraction of information from different types of documents.

The decision to adopt these models ultimately depends on the level of risk that organisations are willing to take by automating the decision to rule out false positives compared with the cost of allocating resources to alert processing. It should be noted here that the rejected alerts are nevertheless stored in a dedicated database for analysis, control and audit trail purposes.

How can you optimise the screening process: use cases

KYC screening

To conclude, one of the main issues with customer screening is the generation of a high number of false positives. This problem can be fixed by using a first-line robot such as iRPA to detect these false positives. This means that a higher number of alerts can be processed – more than 22,000 alerts / month – knowing that the average processing time of an alert by a first level operator is five minutes. The second advantage of digitising the screening process is to better allocate resources from level 1 to level 2 by estimating the relevance of alerts (the probability that an alert is a false positive).

According to LexisNexis, 60% of KYC costs are still spent on labour, leaving the rest to technology. This is often not enough to develop in-house RPA tools and processes allowing a real gain in efficiency.

In order to comply with the ever more stringent sanction programmes, and to carry out complex and costly alert processing projects, outsourcing is more than ever a strategy to consider. This enables businesses to be supported by experts who master the automation tools for meeting the challenges imposed by the regulations, while respecting deadlines imposed by the regulators and keeping control of costs.