Can Robots Save Banks? RegTech’s Potential to Solve De-Risking

Jim Woodsome
February 21, 2018

Policies put in place to counter financial crimes have unfortunately had a chilling effect on banks’ willingness to do business in markets perceived to be risky—due in part to the high price of compliance. This has had costly consequences for people in developing countries, and in particular, has hurt migrant workers, small businesses that need to access capital, and recipients of lifesaving aid in conflict, post-conflict, or post-disaster situations the most. But what we’re seeing is that even as changes are being made to address this problem, financial institutions are developing solutions in the form of new cutting-edge technologies to help them comply better and faster with anti-money laundering regulations.

This week, we published a new study—the first comprehensive effort to assess six new key technologies and their potential to solve the de-risking problem. Financial institutions have turned to new technologies to address de-risking and increase the effectiveness and efficiency of their AML/CFT compliance. These new technologies may enhance transparency and information-sharing capabilities, facilitate automation and interoperability between institutions, and improve banks’ ability to accurately identify illicit activity.

In doing so, they may offer a partial solution to de-risking by lowering compliance costs and improving risk management capabilities.

These technologies include:

  • Machine learning – a type of artificial intelligence that allows computers to improve their performance at a task through repeated iterations. Machine learning may be used to augment or transform a number of compliance functions, including those for developing more sophisticated customer typologies and for more accurately monitoring transactions. These uses could simultaneously cut down on false alerts and identify undetected illicit finance techniques.

  • Biometrics – use distinctive physiological or behavioral characteristics to authenticate a person’s identity and control his or her access to a system, and are more robust than other authentication factors, such as passwords and tokens, as they are generally more secure and easier to use. Biometrics are being used to address the “identification gap” that exists in many developing countries. This use, in turn, could make it easier for banks to conduct customer identification, verification, and due diligence, which may bolster the confidence of their correspondent banks. However, most biometric identification systems are being developed at the national level, meaning that work is required to develop an internationally recognized and interoperable identification system.

  • Big data – refers to datasets that are high in volume, velocity, and variety, and therefore require systems and analytical techniques that differ from those used for traditional datasets. Compared with relational databases, big data applications offer more scalable storage capacity and processing. They also allow many different types of data to be stored in one place, so compliance staff spend less time gathering information from disparate sources. Most important, they can greatly expand the range and scope of information available for Know Your Customer (KYC) and suspicious transaction investigations.

  • Know Your Customer (KYC) utilities – central repositories for customer due diligence (CDD) information. By centralizing information collection and verification, KYC utilities can reduce the amount of information that has to be exchanged bilaterally between correspondent banks and their respondents, thereby reducing the time banks spend conducting CDD investigations.

  • Distributed Ledger Technology (DLT)/Blockchain  a way of securely organizing data on a peer-to-peer network of computers. In a blockchain, which is a type of DLT, data modifications, such as transactions, are recorded in time-stamped blocks. Each block is connected to previous blocks, forming a chain. Modifications are confirmed and stored by all users on the network, which makes the ledger difficult to tamper with. Although blockchain technology is most commonly associated with virtual currencies, such as Bitcoin, the basic technology has a number of other potential use cases, including uses in regulatory compliance. In particular, DLT may be used for securely storing and sharing KYC information, as well as for cheaper and more secure international payments.

  • Legal Entity Identifiers (LEI) – unique alphanumeric identifiers, like barcodes, that connect to reference datasets held in a public database. Any legal entity that makes financial transactions or enters into contracts may request an LEI. In many countries, especially developed ones, LEIs are increasingly mandated by regulation. To date, more than one million LEIs have been issued worldwide. By serving as common identifiers, LEIs can enable different platforms, organizational units, and institutions to refer to entities clearly and without any ambiguity. This interoperability can, in turn, facilitate greater automation and information sharing. A further extension of the LEI would be to include it in payment messages to identify originators and beneficiaries, which would further enhance the transparency of international payments.

Infographic: Background on Know Your Customer utilities Infographic: Background on Big Data Infographic: Background on AI/Machine Learning Infographic: Background on Distributed ledger technology and blockchain Infographic: Background on Legal Entity Identifiers Infographic: Background on Biometrics

Scroll through the infographics above

In the face of de-risking, both the public and private sector have tried to find ways to lower the compliance burden without lowering standards. RegTech (regulatory technology) may be the solution to some de-risking woes. But for this to work, policymakers need to invest time in understanding how these technologies work, and what their benefits and limitations may be. This is the first step in coming up with a regulatory framework that maximizes the advantages of RegTech.

You can find the full study here. We welcome your comments!


CGD blog posts reflect the views of the authors, drawing on prior research and experience in their areas of expertise. CGD is a nonpartisan, independent organization and does not take institutional positions.