The superhero adventures of AML and KYC

In a land known as Fed, there are two superheroes: AML and KYC. They fly around the world looking for villains attacking the financial markets and aim to zap them. It is a difficult task, and getting more and more difficult every day, but they try … and they fail.

In 2009, the estimated annual cost of compliance with AML and KYC regulations in four EU countries (France, Germany, Italy and the Netherlands) amounted to $81.4 billion. With these countries accounting for 52.2% of the EU’s GDP, a simple extrapolation suggests that compliance costs in the EU amounted to $156 billion (€144 billion) … and yet European authorities only confiscate around €1.2 billion worth of illicit funds per year.

What’s the point?

What’s the point of this blog or the point of AML and KYC?

The point of this blog is that AML and KYC are great ideas, but they seem to be ineffective and, over time, are just becoming more and more irrelevant. Strangely enough, working with a member of Interpol thirty years ago, he was lamenting how useless financial regulations were. He argued that launderers found it easy to buck the system and, these days, he’s been proven right.

The United Nations Office on Drugs and Crime estimate that up to 5% of global GDP is laundered. In other words, for every twenty dollars or euros you spend, one is being used for illicit and illegal activities from drugs to human trafficking to financing terrorists.

The issue is one that has been with us since time immemorial but, like online crime, is hard to grapple with and getting tougher every day. The more we automate the world, the more we offer opportunity for criminal intent.

The fact is we will never get rid of it. In another conversation with the head of fraud at a major global bank, he explained the reality to me of crime and fraud on the network. The explanation was this. There will always be criminals. The question is what is an acceptable level of crime?

For his global bank, their aim was to keep fraudulent transactions to less than one percent. But then you put that in context and think that, for a bank processing a trillion dollars day, that’s $10 billion a day in criminal transactions.  And that’s just for one bank. Add all the banks in the system, and $7.5 trillion is processed a day in foreign exchange currencies, so the criminal amount would be $75 billion a day … at a minimum.

KYC and AML are trying hard to do their job … and failing.

What is really galling in all of this is that banks are spending a fortune in KYC and AML compliance. Banks spend over $200 billion a year on compliance. Most banks have at least one person checking the work of the other two and some banks have two people checking the work of the other one. It is a conundrum and, admittedly, it is not all on KYC and AML, but most is in this area as the banks are viewed as financial police forces of the world. Their role is to stop crime in the network. It’s not working though. When less than $1 in every $100 processed is caught as criminal, it’s not working. And, even worse, when the $99 processed that is innocent is challenged all the time, it’s annoying for those of us doing nothing wrong to be challenged every five minutes.

But then, as my head of fraud said, it’s a balance. A balance between cost, capture and service.

So, what’s the point of this blog Chris?

The point is that we accept there are bad actors in the system. There will always be criminals and crime in the system. We try to minimise it, knowing that we will never get rid of it. The question is: how much control and focus do we need on the people on the system who are bad actors versus the 99% who are clean?

Meanwhile, the superheroes of KYC and AML will continue to fly around the world with their funding coming from the 99% of us who do nothing wrong. Oh yes, I think I forget to mention, that for all that investment in KYC and AML – over $200 billion a year – to capture hardly any crime – around $5 billion a year – the rest is paid for by the customer.

So, what would be the solution?

Surely, it has to be a ledger system and an identity system, harmonised and implemented by all banks globally in a way that works. Never gonna happen, but just a thought.

This blog was inspired by Olivier Roland and, meanwhile, for those who can get to London on November 28th we have a special research dinner discussing whether AI will overcome our issues with fraud. If you are around London at that time, send an email to chris@thefinanser.com and let me know.