The banking sector is soon set to witness the effects of the PSD2 (Revised Payment Service Directive) this year. Heralded as the defining moment for European banking sector, the PSD2 has created a clean slate for all banks, new entrants and old players, facilitating data sharing of customer data and payment networks to third-party providers (TPPs) under a standard format.

Open banking is not a new concept in the world of finance. Countries like Singapore, South Korea and India have gained significant traction in terms of open banking APIs. The US and Australia are expanding their financial standing via offering consumers more choice of financial service providers. Joining the Open Banking digital revolution is Europe with its PSD2 mandate. The European financial ecosystem would see banks defining their Open API strategy for new entrants. PSD2’s main aim is to foster innovation through a healthy-competitive environment. The new directive opens ups the playing field for FinTech startups and other companies to create innovative products through APIs and new payment strategies.

What does the revised directive mean?

PSD2’s multi-faceted regulation has its implications on banks, tech companies, financial institutions and customers. Banks are looking at increasing security measure for online payments with strong customer authentication. The digital strategies would need to incorporate interoperability between various financial institutions. Third-party providers on the other hand enter a regulated environment wherein they get technical access to all payment systems.

As banks head towards a single digital market, customers stand to benefit from this directive via reduced costs of operation through higher competition and decrease in card transactions. Innovation would bring about a new host of products and services with respect to account information service providers (AISPs) and payment initiation service providers (PISPs) – leading to an improved customer environment.

Are banks prepared?

Giving data access to non-banks puts them in the same league as traditional banks in providing similar payment services. Merchants and third party providers can highly benefit by selecting specific services to hyper focus and capitalize on. Banks would be competing against retailers like E-commerce vendors, social media sites and other established businesses that can effectively function as independent AISPs and PISPs – effectively bypassing banks.

Traditional banks need to reposition their revenue streams through innovative customer servicing technologies and strategic alliances. Banks will need to look into:

• Payment Dispute Resolution – Effective from July 2018, payment service providers (PSPs) will be obligated to respond to payment complaints within 15 business days, as opposed to the standard 8 weeks timeline.
• Two Factor Authentication (2FA) – Strong Customer Authentication (SCA) is a key element of PSD2, calling for a minimum 2FA for digital transactions.
• Right to privacy – The General Data Protection Regulation (GDPR), which is due to take effect from 25^th May, 2018, is aimed at regulating data sharing between parties. This raises a compliance concern for banks and what comes under the purview of legal consent at the end user.
• API disruption – Banks have till September 2019 to introduce the API technology to new FinTech partners as part of the PSD2 RTS (Regulatory Technical Standards). Opening new financial services under the API would require extra security measures to be implemented along with a robust framework for network protection.

It’s positive to note that banks are viewing PSD2 not as a threat but a strategic opportunity to develop on bank’s core services. In a recent survey by PwC, it was noted that 71% of banks are considering partnerships with FinTech to develop new products and services. The survey also highlighted the difference in PSD2 readiness between the UK and mainland Europe. While UK is proactive with PSD2, mainland Europe is still holding back on partnering with FinTechs.

The transition period is tricky as consumers and banks grapple with the changes. A recent survey by Which? found that 92% of the public haven’t even heard about Open Banking. The earlier PSD rule applied to European Economic Area (EEA) countries only, but the revised directive has its implication across Europe. The complex architecture of PSD2 shifts the power of data relevancy to consumers – raising data concerns regarding what is perceived as “sensitive data” by banks versus end users. Hence, the need of the hour being for all stakeholders to clearly communicate data permission and privacy laws to customers.

Overall, 2018 is going to be an interesting year to see how the financial markets shift in Europe with the formation of new bank consortiums and partnerships. With players like Facebook, Google and Amazon entering the payments market, banks need to look into the impact of disintermediation on their business.

The rise in money laundering and terrorist financing cases has led to a global awareness on financial loss and its impact on the economy. Over the years, regulators have increased pressure to monitor every financial transaction for criminal activity, terrorism, and tax evasion. The penalties for non-compliance are staggering – a recent example being Deutsche Bank which was fined $41 million in 2017 for money laundering lapses.

Banks and financial institutions (FIs) have been exploring multiple software solutions to reduce their operating costs on AML, at the same time maintaining an efficient system that delivers accurate compliance reports in time to stakeholders and decisions makers. Financial ecosystem players – FinTech and RegTech, have been continually evolving to develop robust solutions, through inclusion of AI-based initiatives and automation.

A Thomson Reuters survey indicates that an average financial institution spends close to $150 million on AML/KYC initiatives. The prominence of data collection, aggregation, and analysis combined with a high degree of repetitiveness and process-oriented approach, makes AML an ideal candidate for achieving cost benefits and efficiency through automation.

Automation can be achieved across multiple areas of AML, prominent ones being Know Your Customer (KYC), Customer Due Diligence (CDD), anomalous transaction monitoring and even Extended Due Diligence initiatives. Based on the maturity of the process under consideration, it can be completely automated or partially automated by bringing in the human intervention at suitable intervals. Few of these are listed below.

Customer onboarding

While many of the data collection processes at this stage like gleaning customer data from accessible sources like the bank’s CRM system can be automated, a lot of time is spent in carrying out KYC. Majority of the current KYC processes may take days/weeks to comply with regulators. A global survey done by Thomson Reuters on KYC indicates that the time to onboard has jumped from 28 days in 2016 to 32 days in 2017 and would continue rise by at least 12 percent in 2018. Further, financial institutions with revenues in excess of $10 billion have witnessed an increase in KYC spend from $142 million in 2016 to $150 million currently.

Many banks have started exploring Artificial Intelligence/Machine Learning based automation systems across their KYC initiatives. Processes around validating customer data by scouting across various surround systems, compliance directories, social media feeds and regulatory bodies can be fully automated. Similarly, screening of the customer information through OFAC and PEP checks as well as external government watch lists can benefit through automation. The latter can be extended not only to new customers but also to existing customers of the bank.  Multiple solutions in the market take automation a step further by validating the identity of applicants in real time, thereby drastically reducing on boarding times.

By using RPA a European bank was able to automate customer checks and make information readily available to analysts for clearing CDD compliance. The time taken drastically reduced by 80% from 20 minutes taken initially.

Customer risk profiling

Building customer risk profiles is an important step towards identifying suspicious activities and flagging off investigations. It involves data collation not only through established sources like legal registries and directories but also the broader online space including social media networks, websites etc. While data is collected at the time of onboarding, there needs to be mechanisms in place to constantly scout and make updates on an ongoing basis.

Currently, financial institutions use manual intervention in the processing of structured and unstructured data. The high cost of integrating systems is a major deterrent to automating this process. This makes it an ideal platform for using BOTS that can crawl around frequently, update information to customer information as part of risk profiles and provide quick response to any customer risk assessment requests.

Further, technologies like Artificial Intelligence and Blockchain are increasingly being used to carry out real-time reporting that compiles, tracks and stores large data sets while adhering to regulatory rules set by different financial agencies. Few leading banks are also experimenting using chatbots for quick and easy KYC compliance of customers. The bots analyze user responses using Natural Language Processing (NLP), in turn reducing time and labor requirements for KYC processes.

Suspicious activity monitoring

Research reports on the global AML software market indicate that transaction monitoring has the highest penetration rate. Little wonder that regulatory solution providers like Nice Actimize and Pega systems have been incorporating RPA, machine learning, and analytics principles to automate suspicious activity monitoring solutions. On one hand, such solutions provide better accuracy in reporting anomalies and on the other, free up financial crime experts to look at higher category threats.

On similar lines, various RegTech players have been attempting to enhance automation across this space through Anti-Financial Crime Solutions that aim to understand customer behavior, identify patterns coupled with unstructured text analysis, and detect even the smallest anomalies in transactions. Such initiatives further help in reducing the number of false positives by having an accurate risk profiling of the customer that can be mapped to flag off truly suspicious transactions.

We also see that newer and effective systems are continually replacing their predecessors. Today’s BSA/AML programs are becoming increasingly reliant on quantitative models (like Bayesian networks) to detect suspicious activity. Bayesian frameworks are being used to assist in building a risk score for customers, essentially identifying customers who need to undergo the EDD process. These are further used to build customer profiles and drive automated Suspicious Activity Report (SAR) filings, based on anomalies detected in their transaction histories.

While automation seems to be the magical process to solve all AML issues, banks need to recognize the limits of AML automation. Technology decisions need to be customized to a bank and not blindly replicate other systems. Financial institutions also need to note that not all processes can be automated. Some processes like transaction investigation can be semi-automated wherein specifics associated with an anomalous transaction can be provided by automation system while aspects relating to analysis, classification of the transaction and rectification measures are carried out through human intervention.

Automation for Cost-effective AML Compliance

Over the last few years, all industries have as witnessed a series of seismic changes, all driven by technology.  And the banking industry is not immune to these changes. However, what hasn’t changed for banks is the strict regulatory framework within which they need to navigate and manage these dynamic market changes; all the while being compliant, and cost focused.

No longer a new concept in the banking industry (which has always been an early technology adopter), Robotics Process Automation (RPA) is being leveraged by banks to meet the regulatory requirements set out by the Bank Secrecy Act and Anti-Money Laundering (BSA/AML) in a cost and time efficient manner.

So, what is RPA? Essentially, it is a software application that replicates human actions and at the same time interacts with various applications on the computer. It does this round the clock, through the year with or without the support of human interaction. It is most often deployed for repetitive tasks.

RPA for AML

Being highly regulated, the banking and financial services industry can ill afford errors. With a growing customer base, stringent global and local regulations, and digital operations posing a high-risk of security and fraud; an error can mean penalties in cases of non-compliance. Which is why more and more banks are becoming increasingly stringent with their ‘Know Your Customer’ or KYC norms. It is in this space that RPA offers a huge opportunity to enhance regulatory compliance, including AML and customer due diligence.

Some of the areas where banks can use RPA are:

• Customer onboarding: This is a time-intensive process and RPA can reduce the time taken significantly—from months to weeks, or even days. For example, if a bank is onboarding a corporate customer then leveraging RPA the bank can log in to various public registers of companies and retrieving the registration information (date, number) and getting the list of company directors; thus, hastening and completing the identification and verification of the customer.
• Customer due diligence: The due diligence processes can be improved substantially, with time reducing for an average check by as much as 50%.[i] Banks can use RPA for data entry of customer information, while the bots can validate the existing information by accessing internal databases, social media, and websites.
• Customer outreach: As part of AML compliance, banks need to update customer information at regular intervals (dependent on customer risk levels), apart from collecting this information during initial onboarding. Doing this manually would be cost inefficient as well as increase the probability of human errors. By deploying RPA, banks can structure the process and at regular intervals, the additional data can be collected from external sources.

Innovation in Automation…

While at present most banks are deploying RPA for the basic repetitive processes, once the shift has happened there is a significant scope to leverage innovations as well.

For example, Artificial Intelligence (AI) and machine-learning have a huge potential to impact the KYC compliance process by assisting in identifying high-risk customers who need to be screened with an Enhanced Due Diligence (EDD) process. This can be done based on pattern recognition techniques coupled with unstructured text analysis.

HSBC has been automating some of its compliance processes to become more efficient. The bank is leveraging AI technology to automate its anti-money laundering investigations, which were traditionally conducted by individuals. In a 12-week period, HSBC was able to achieve a 20% reduction in false positives while maintaining the same number of reports of suspicious activity for human review. Taking this initiative forward has the potential to save HSBC millions of dollars per year.[ii]

Another area of innovation is using chatbots for customer communication during the onboarding process and using the Natural Language Processing (NLP) to analyze their responses to identify any high-risk behavioral the while saving cost as well as reducing human error probability.

Similarly, using Machine Learning banks can automate SAR filings and report generation; and leverage visualization technologies to make sense of large volume of unstructured data.

In conclusion

Facing several challenges, the banking sector can leverage automation and specifically RPA to manage and mitigate a number of them. Considering the significant potential of RPA, especially in managing the regulatory compliance needs, banks across markets are deploying this technology on a wide-scale.

By using this in an optimum and intelligent manner, compliance teams in banks can not only save time and costs, but also reduce the risk of human errors significantly; in this stringently regulated space. For tomorrow’s banking leaders, it is imperative to build organizational maturity and ability to adopt these technologies.

[i] Read now: Automation for cost effective AML Compliance

[ii] Read Case study from HSBC and iQiYi: Evaluate the Managerial Effectiveness of Artificial Intelligence