I got a shock the other day.
We were discussing transaction processing with one of the banks,
when the head of transaction processing
turned to me and said: “Chris, you know what?
We now have more people checking what we are doing than we have doing
what we are doing!”
I think I was supposed to be surprised, but I didn’t quite
get it and asked what he meant.
“Well, now we have all these rules and regulations on Know
Your Client (KYC), Anti-Money Laundering (AML), tracking and tracing
Politically Exposed Persons (PEPs) and identifying and notifying authorities of
suspicious transactions with SARs (Suspicious Activity Reports) means that we
have more people employed in money laundering, compliance, audit and control
than we have employed in the actually business of running the bank.”
This seems ridiculous, I say.
After all, you
can automate all this stuff.
“Automate all this stuff, you say? And how do we do that? Most of this is making disparate connections
between fragmented data and much of it involves actually seeing people to
ensure they are who they say they are.”
So it’s a matter of document proofs and data analysis, both
of which I was dealing with back in the 1990s when AML was just an evolving art
and KYC we being introduced.
“It is that but, if you’ve been dealing with this since the
1990s, then it’s obvious that it cannot be computed as, if it could have been,
it would have been by now.”
Hmmm … I’m now sure I believe that. After all, there are many elegant AML
solutions out there so perhaps the issue is not automation but organisation.
For many banks, payments and operations are dispersed over
many organisational functions and locations.
A multinational or global bank will often be the result of
mergers and acquisitions, and little will have been integrated on a globalised
Potentially you can put into play overlay systems, data
mining tools, aggregating services, but the issues will still be there of organisation
There is also the question of priority: is catching the odd
awkward transaction a priority for the bank’s senior management team?
For example, the UK has some of the toughest AML legislation
anywhere in the world where, under the Proceeds of Crime Act 2002, you can get
fourteen years in jail if found guilty of laundering.
And yet a 2011 report by the Financial Services Authority (FSA) found that: “three quarters of the
banks in our sample failed to take adequate measures to establish the
legitimacy of the source of wealth and source of funds to be used in the
So this area of the business is not as relevant to
banks as it may at first appear.
Certainly this was the case historically, as I don’t know of
many management teams who have cut through the silos, operations and global
spaghetti to create an integrated single platform view of the customer.
It’s just not something that justifies the operational pain
of change or the cost to warrant it.
Unless you get into deep doo-doos, like Standard Chartered
and HSBC did recently.
Then the awakened concerns of bank management around
reputational risk arise.
And when you add on to this the prospect of stinging fines
of anything from $300 million to over $1 billion, the cost of implementing such
change becomes warranted.
So I reckon AML will be a major focus for at least the next
Watch this space.