What do AML/BSA/CTF Regulators think of Machine Learning?

Prior to 2018, regulators resisted recommending the use of Machine Learning (ML) based Artificial Intelligence (AI) for AML compliance. There was a mindset shift in mid 2018 indicating that proceeding with caution in implementing AI approaches for AML is appropriate. Regulators realize the adoption of recent innovation, such as the use of AI-ML and robotic process automation (RPA) techniques, enables AML compliance improvements not otherwise attainable. A risk-based approach to compliance, underpinned by AI/Machine Learning, creates opportunities for governance and process refinement as well as identifying potential untapped revenues. Reliance on box-ticking approaches familiar to users of legacy rules-based compliance systems is no longer sufficient.




Despite more than $80 Billion global spent annually on AML compliance, current AML approaches are not working as evidenced by the meager 1% of laundered funds intercepted . While banking regulators urge caution in the adoption of advanced analytics and AI based machine learning, reality dictates that adoption of new analytics and automation is imperative and urgent.

An old colonial idiom comes to mind to reflect the current regulatory viewpoint on innovation, "slowly slowly catchy monkey," which in essence means be patient. However, in the short to medium term that “be patient” approach exacerbates increased expenses and a failure to produce effective results. For the up-to 50% of banks that are at risk of survival in a downturn, things have to change and now is the time to get started.

In the third decade of 21st century financial services, innovation is required to be a leader, if not a survivor. Innovation is required across the organization. AML compliance is critical; lessons learned in advancing AML will benefit the user - and vice versa. Financial organizations that innovate will invest in building the capabilities needed to support AI and all related automation efforts.

Download the Agile Compliance Whitepaper


FATF, the "regulator of regulators" acknowledges the need for improvements in AML/CTF compliance. In a recent keynote address at the 7th International Anti-Money Laundering and Compliance Conference in Bratislava, David Lewis, FATF Executive Secretary said. "Stopping money laundering is about stopping the harm caused by serious crime. Stopping money laundering is not about ticking boxes.” However, today’s AML efforts remain dominated by a check-box approach that results in continuously rising costs caused by wasted human effort in wading through mountains of alerts of which 90+% are false positives. The evaluations conducted and published by the FATF underscore that sentiment. They show that in nearly 100 countries evaluated, fundamental or major improvements are needed in the preventive measures taken by banks, money service businesses, lawyers, accountants, company formation agents, real estate agents, casinos, and other regulated organizations.


What Needs to Change

Again, Lewis is pragmatic in his direct guidance to AML compliance leaders;

  • Supervisors need to better understand the risks, have the skills and capacity to act, and to incentivize the right behavior.
  • Recognizing and rewarding activity that leads to the right outcomes, not only the right pieces of paper.
  • It means supervisors, as well as those they regulate, need to find ways to improve the current process-based approach. This can be found most profoundly in software analytics and automation improvements.

“Not accepting opportunities to improve through the adoption of advanced automation means accepting an incredibly high failure rate. It means acknowledging that unless you close the banking system completely, money launderers will continue to operate, and that it’s not possible to catch every bad transaction. It means taking reasonable measures to prevent and detect it."

Lewis concludes that embracing new technologies, from artificial intelligence and distributed ledgers to privacy and digital identity have the potential to reduce compliance cost and risk and promote financial inclusion.

Federal Reserve System

At a November, 2018, "Fintech and the New Financial Landscape" conference in Philadelphia Pennsylvania conference Dr. Lael Brainard presented her view about the potential for AI and machine learning. In short, while Dr Brainard is bullish on the transformative capabilities of AI and Machine Learning, she is cautious about explainability and the audit-ability of black box AI models. She states the need for "guard-rails" to contain AI risk, while observing safety and soundness and consumer financial protection.

In her address entitled "What Are We Learning about Artificial Intelligence in Financial Services?", she told delegates she is optimistic about the potential for AI and machine learning in particular, but guarded on how new machine learning models can be audited.

Dr. Brainard's well informed speech begins, "Modern machine learning applies and refines, or “trains,” a series of algorithms on a large data set by optimizing iteratively as it learns in order to identify patterns and make predictions for new data. Machine learning essentially imposes much less structure on how data is interpreted compared to conventional approaches in which programmers impose ex ante rule sets to make decisions."

She accurately states the value of machine learning when applied to banking AML and loan processing; here are quotes from her remarks:

  1. "Firms view AI approaches as potentially having superior ability for pattern recognition, such as identifying relationships among variables that are not intuitive or not revealed by more traditional modeling.
  2. Firms see potential cost efficiencies where AI approaches may be able to arrive at outcomes more cheaply with no reduction in performance.
  3. AI approaches might have greater accuracy in processing because of their greater automation compared to approaches that have more human input and higher “operator error.”
  4. Firms may see better predictive power with AI compared to more traditional approaches--for instance, in improving investment performance or expanding credit access.
  5. AI approaches are better than conventional approaches at accommodating very large and less-structured data sets and processing those data more efficiently and effectively."

A Word of Caution

Dr. Brainard continues, "The question is how should we approach regulation and supervision? It is incumbent on regulators to review the potential consequences of AI, including the possible risks, and take a balanced view about its use by supervised firms.

Regulation and supervision need to be thoughtfully designed so that they ensure risks are appropriately mitigated but do not stand in the way of responsible innovations that might expand access and convenience for consumers and small businesses or bring greater efficiency, risk detection, and accuracy."

Interim Guard Rails

The Federal Reserve acknowledges that the current AI model guidance SR 11-7, dated April 2011, is a dated document in a technology sector where innovation is accelerating exponentially. The Fed is actively engaging industry thought leaders to consult, educate, and help regulators, so examiners can stay current with rapidly evolving innovation.

Subsequent conversations with tech-savvy regulators from within the Federal Reserve system recommend "guard-rails" in the form of running AML systems that use machine learning in parallel with legacy systems or at a minimum, conducting quarterly reviews to ensure AI model analyses are consistent with results from legacy, rules-based systems.

DBO California

In September last year, Shirish Netke, Amberoon CEO interviewed Jan Lyn Owen, the first commissioner for the California Department of Business Oversight (“DBO”). Her department oversees more than 360 thousand licensees, four thousand small business lenders and 400 non-deposit mortgage companies in addition to more than 240 banks and credit unions in the state of California.

Shirish asked Jan, "Technologists in Silicon Valley are sometimes labeled as “solutionists” for their propensity to create solutions in search of problems. Can you give examples of three real business problems in financial services that you would ask these innovators to address?"

Jan responded as follows.

  1. “Still being developed is the ANALYTICAL side of reporting. We are awash in information, but the mere compilation of data is not enough. We need to be able to analyze and understand the data and what it means for consumers, economic growth and regulatory compliance.
  2. We are still evolving. As for PROBLEMS to be solved, Artificial Intelligence is being talked up as a great new innovation. It has promise to streamline regulatory compliance and reporting and even responses to complaints. But we will watch to make certain that consumer protection standards are not relaxed in the process.
  3. In terms of regulation and oversight, TECHNOLOGY has improved the speed, integration and thoroughness of compliance. But customer privacy is a big concern; we could use some help in ensuring a proper balance.”

The DBO acknowledges the inevitable entry of FinTech’s and other traditional competitors into the California market and seeks to work with innovators and FinTech’s in an environment of engagement and transparency.


Analyst firm McKinsey in their 2019 Global Banking Review entitled, "The Last Pitstop? Time for Bold Late Cycle Moves" is pessimistic about the prospects for American Banks and in particular Community Banks that fail to innovate to realize the benefits of digital transformation. In the report McKinsey explains the difference between the 40 percent of banks that create value and the 60 percent that destroy it. In short, these are geography, scale, differentiation and business model.

The clarion call in the report is that in an inevitable downturn, 60% of banks face extinction,- unless bold moves are undertaken in the immediate future. These include:

  • Advanced analytics (AA) and artificial intelligence (AI) are already producing new and highly effective risk tools; banks should adopt them and build new ones.
  • McKinsey estimates that less than half of bank costs (vested mainly in IT and support functions as well as some operations) is directed towards activities that do not differentiate an organization from competitors
  • When FinTech’s spend 70% on innovation compared to 35% at banks, the need is to industrialize tasks that do not convey a competitive advantage and transfer them to multi-tenant utilities. Industrializing regulatory and compliance activities alone could lift Return On Total Equity by 60 to 100 bps.
  • With most indicators showing that we are in the late economic growth cycle, it is time for banks to ramp up planning for resilience, determining how to manage risk and protect returns in a downturn.

McKinsey final thoughts: "Reinvent, scale, differentiate, or perish: These are the stark choices banks face today. Late cycles spur talks of “bad banks.” All stakeholders, which includes society, investors, and regulators, want “good banks,” i.e., banks that have a firm sense of their “why” or purpose.

Banks especially need to figure out their purpose in society beyond the basic economic role they play. Those banks that look beyond the regulator’s license and central bank protection in grappling with their reason for existing will thrive in the late cycle and into the next.

The future is depressing at best for institutions that fail to focus on their “why” and their core strengths, to differentiate in markets they serve, to merge when accretive, and that hesitate to embrace AI and machine learning innovation in regulatory, fraud and customer acquisition.

Final Thoughts

Regulators are running hard to stay current and banks outside the big money centers are struggling to attract talent to implement and embrace modern technology.

Relevant advice about innovation for banking leaders and compliance teams was captured in the comments referenced from FATF Executive Secretary, David Lewis. “Banks need to take a risk-based approach and accept that a risk-based approach means not stopping everything. It means accepting a failure rate. It means taking reasonable measures to prevent and detect it.”

Embracing new technologies, from AI to RPA and distributed ledgers to privacy and digital identity have the potential to reduce cost and risk, as well as promote financial inclusion.