How to tackle the challenges of AML monitoring

As banks and fintechs try to keep up with an increasingly complex regulatory environment, they spend a lot of time, resources, and costs on equally complicated processes that cause customer friction.

By law, banks and fintechs must conduct anti-money laundering (AML) monitoring to detect and prevent financial crime, terrorist financing, and other illicit activities. In 1970, the Bank Secrecy Act (BSA) established certain reporting and recordkeeping requirements for banks, such as reporting cash transactions over $10,000. In 2001, the Patriot Act put more stringent customer due diligence measures in place, including Know Your Customer (KYC) and Know Your Business (KYB) checks.

Over the years, Congress passed additional laws to establish further AML compliance requirements and expand the application of these requirements beyond banks to other types of financial institutions — like fintechs. By requiring banks and fintechs to detect and report potential misuse of the U.S. financial system, these laws help law enforcement combat money laundering and terrorist financing.

Failure to comply with AML requirements can result in significant penalties. (Global fines rose over 50% in 2022.) While banks and fintechs often struggle with several key challenges when it comes to AML monitoring, it is possible to improve and implement better solutions that ease the onboarding process and even contribute to fraud prevention.

Check out Alloy's glossary of compliance terms

The biggest AML compliance challenges

Banks and fintechs struggle with several key issues related to AML monitoring:

  • A high number of false positive alerts

  • Resource constraints due to a high volume of manual reviews

  • A lack of quality, real-time data

  • Shifts in regulatory compliance requirements

  • The inability to detect more complex money laundering schemes due to rapidly evolving fraud techniques

The volume and complexity of financial transactions also make it difficult for banks and fintechs to properly identify suspicious activity. And although the core legislation of AML is long-established, banks and fintechs still need to closely monitor the adequacy of their controls as the nature of financial crime evolves, regulatory priorities shift, and new legislation changes any existing legal requirements.

Challenge #1: False positive alerts, manual reviews, and resource constraints

False positive alerts during onboarding

There are many scenarios that cause a false positive alert during the onboarding process. To name a few:

  • A consumer could innocently provide inaccurate information by mistyping their address or other personally identifiable information (PII).

  • A consumer might share the same name or similar PII with a totally different individual who is on a sanctions watchlist.

  • A business trying to open an account could have a complex ownership structure.

  • If the data source or AML monitoring system has not been updated, it might be contributing to false positive alerts because it does not have the latest information needed to accurately identify suspicious activity.

When these examples result in false positive alerts — and subsequently require manual reviews — the onboarding process slows down, and customers have to wait longer to access the services they need.

False positive alerts during ongoing monitoring

AML monitoring doesn’t end after onboarding. AML regulations mandate that banks and fintechs have ongoing monitoring processes in place to identify and report suspicious transactions. Large cash deposits, large withdrawals, or rapid transfers between accounts can trigger false positive alerts. However, many customers have legitimate reasons to engage in this behavior:

  • A consumer could be making a large purchase, like buying a new car or a home.

  • A small, local business, like a contractor or a roofer, could occasionally receive a large cash payment from a client. (Home repairs and renovations are expensive! And not all clients like to write checks.)

  • A consumer or business might want to open an additional account with an initial deposit that deviates from the baseline of normal customer behavior.

An AML system might identify these behaviors as potential signs of money laundering because the algorithms do not factor in the nature of the purchase or the account holder’s industry. Instead, the system flags any deposit, withdrawal, or transfer over a certain amount — even if the account has not seen any previous suspicious activity, and the transactions are completely legitimate.

Unfortunately, once an alert is generated, further investigation is required. This results in more unnecessary manual reviews, which waste time, money, and resources.

How do false positive alerts create customer friction?

If a false positive alert occurs during KYB and KYC checks, a bank or fintech might need to request additional documentation or information from customers to verify their identity and delay access to the account. During ongoing monitoring, false positive alerts delay transactions and prevent customers from receiving or moving funds. In either case, it is inconvenient and could result in higher customer churn or the loss of customers’ trust.

Challenge #2: The lack of high-quality, real-time data

How does the quality and timeliness of data affect AML monitoring?

The lack of high-quality, real-time data can significantly affect AML monitoring:

  • Without access to up-to-date data, AML systems might miss time-sensitive transactions or patterns, which decreases their ability to accurately identify suspicious activities or behavioral patterns.

  • Inaccurate, outdated, or poor-quality data can lead to inaccuracies in the output of risk assessment models. An AML system could categorize high-risk customers as low-risk, or vice versa.

  • Real-time data is crucial for timely detection and response rates. Without it, banks and fintechs cannot act swiftly to prevent suspicious activities. This could even lead to delayed SARs filing, compliance violations, and financial penalties.

Despite the need for more data, banks and fintechs often find it challenging to implement the necessary integrations to more data sources.

Why is it difficult for banks and fintechs to implement more integrations to different data sources?

The answer centers around legacy systems and in-house solutions, which often lack the flexibility to accommodate more dynamic and complex workflows. (Fintech startups might also lack the necessary budget and technical expertise to undertake extensive integration projects.) These systems are typically built with rigid structures and predefined processes, making it difficult to add new data sources that would improve AML monitoring. They also lack the scalability to handle the large volumes of data. Without these abilities, banks and fintechs cannot create the fuller, more cohesive customer profiles that provide a clearer understanding of behaviors and risks to ease customer friction.

However, as regulatory pressures increase, and the landscape evolves, banks and fintechs need to explore ways to integrate more comprehensive and timely data sources into their AML compliance solutions. Otherwise, they will be stuck with inflexible workflows that do not allow the speed and agility they need to stay compliant.

Challenge #3: Keeping up

Why do banks and fintechs struggle to keep up with AML requirements?

In Alloy's Annual State of Compliance Benchmark Report, 93% of respondents said it was at least somewhat challenging to meet compliance requirements. They also reported that 34% of their compliance teams’ time is spent writing and filing suspicious activity reports (SARs), suspicious transaction reports (STRs), and currency transaction reports (CTRs).

Banks and fintechs need to regularly re-evaluate the effectiveness of their existing systems in light of shifts in applicable legal requirements, supervisory expectations, law enforcement priorities, the nature of financial crime, and the technology and tools available in the market to combat money laundering.

In the past, AML regulations changed in response to emerging threats, like when Congress expanded the Patriot Act after the events of 9/11. In addition to changes in the law, as financial transactions continue to cross borders and technology grows more sophisticated, regulators may adjust their supervisory focus to combat new or evolving threats and shifting law enforcement priorities.

Technological innovation may also impact industry standards and supervisory expectations. For example, many banks and fintechs are now actively using AI as part of their compliance and fraud prevention strategies. As of October 2023, authorities have yet to issue regulations concerning the use of AI for AML monitoring. But no matter how these future regulations unfold, compliance will likely be intricate, and banks and fintechs will need to adjust their policies accordingly.

So, it becomes easier to see why banks and fintechs must always keep their eyes on new trends and reevaluate their compliance programs, and why they end up allocating so much time and so many resources to ensure they stay compliant.

Read Alloy's Annual State of Compliance Benchmark Report

Challenge #4: The increase in sophisticated fraud threats

Where do fraud and AML compliance intersect?

Fraud and AML compliance may intersect when funds that are illicitly gained from fraudulent activities are laundered to make them appear legal. But, in reality, fraud prevention should always be an important component of AML compliance programs, if banks and fintechs want to achieve the most comprehensive risk management possible.

The fact of the matter is, as new technology emerges to help banks and fintechs fight fraud, fraudsters are also benefiting from better tech. For instance, just as banks and fintechs use AI for AML monitoring, fraudsters often leverage AI and automation to mimic legitimate behaviors, bypass traditional fraud detection systems, and better utilize techniques like social engineering or synthetic identity fraud.

The emergence of these sophisticated fraud schemes makes it more challenging to distinguish between fraudulent and legitimate activities, which creates resource strains on the fraud and compliance teams working to identify the potential fraud types and criminal activity in alerts.

Money laundering and fraud share common indicators like sudden, large transactions or unusual behavioral patterns, but distinguishing between the two is critical to ensure that banks and fintechs respond appropriately. If an AML violation is misidentified as an instance of fraud, it leads to inaccurate regulatory reporting. This, in turn, could lead to increased regulatory scrutiny, fines, or penalties.

Read Alloy's Annual State of Fraud Benchmark Report

How can banks and fintechs improve AML monitoring?

To strike a balance between regulatory compliance, fraud risk management, and customer expectations, banks and fintechs need to implement more sophisticated AML monitoring solutions. They need systems and AML tools with automated workflows that:

  • Connect to more alternative data sources

  • Provide more high-quality, real-time data that accurately verifies customer identities

  • Breakdown data silos that impede efficient integration, sharing, and data analysis

  • Build holistic customer risk profiles across the entire customer lifecycle

When data is equally shared across compliance and fraud prevention teams, they can use the additional data points to enhance overall risk visibility and the identification of suspicious behavior. As a result, both teams operate as a fraud and anti-money laundering (FRAML) hub, collaborating with one another and optimizing their strategies and processes in tandem — rather than continuing to work within the confines of their own data silos.

What is an Identity Risk Solution?

An Identity Risk Solution is an end-to-end platform that helps manage compliance, identity, fraud, and credit risks throughout the customer lifecycle.

It helps banks and fintechs meet AML, KYB, and KYC standards by:

  • Integrating multiple data sources to improve the quality of data and provide real-time data that helps build more accurate customer profiles

  • Using advanced analytics and machine learning algorithms to improve the accuracy of alerts and their prioritization while reducing the number of false positives

  • Automating regulatory requirements and aggregating suspicious activity reports (SARs) that can be e-filed directly with the Financial Crimes Enforcement Network (FinCEN)

It also utilizes adaptive risk scoring models to:

  • Better evaluate customer risk levels

  • Adjust risk thresholds based on evolving customer behavior

  • Change risk profiles and reduce the chances of overlooking new risks or more complex schemes

  • Customize control processes for individual accounts

What are the benefits of an Identity Risk Solution?

An Identity Risk Solution has a multitude of benefits for banks and fintechs:

  • It centralizes data, so compliance and fraud teams have a clearer view of customers’ activity history.

  • It combines the data used during onboarding with the data acquired during ongoing monitoring to provide a more robust view of every customer and establish a better baseline of good customer behavior.

  • It runs recurring, automated checks against sanctions watchlists.

  • It provides the flexibility that’s needed to comply with new regulations as they change and evolve, so banks and fintechs can quickly adapt and incorporate new data sources into their workflow.

  • It helps identify more sophisticated instances of suspicious activity, so it’s easier to comply with current regulations.

  • It helps move banks and fintechs towards a perpetual KYC approach instead of an irregular, periodic KYC approach.

In summary, an Identity Risk Solution keeps pace with both compliance regulations and fraud prevention from the very beginning, while reducing customer friction. And those protections do not stop once customers have been onboarded — they continue throughout the customer lifecycle. In turn, suspicious activity is detected more efficiently and effectively. An Identity Risk Solution also enables compliance and fraud teams to collaborate and conduct joint application reviews when necessary, then work together to resolve issues.

How Alloy can help

Alloy is an Identity Risk Solution that partners with a vast array of technology and data providers to help banks and fintechs solve their AML challenges. With Alloy, banks and fintechs can improve and automate more of their AML monitoring processes with a one-time integration — no coding required.

With Alloy, step-up verifications can also be automated on an as-needed basis to adapt and optimize workflows quickly without creating more customer friction. And our Testing Suite lets banks and fintech continuously test and implement new data sources, so they can examine projected outcomes and better predict the customer impact before going live.

Alloy helps banks, fintechs, and credit unions turn compliance risk management into a competitive advantage.

See what you’re missing

First, we’ll learn about your needs, answer your questions, and then see how Alloy can help.