Over the past twenty years, the anti-money laundering (AML) regulatory framework has undergone minimal changes in its processes and mechanisms. This stagnation has allowed fraudulent entities to exploit the deficiencies in firms’ capabilities to identify and address money laundering activities. To put this in perspective, this is akin to businesses still safeguarding their IT systems against the threats and technologies of 2001, a time that predates significant technological advancements such as the iPhone, Bitcoin, 5G, and even ChatGPT. The resultant vulnerability leaves entities exposed to a myriad of new risks that have surfaced since then.
Despite the establishment of AML regulations almost fifty years ago and the subsequent formation of the Financial Action Task Force (FATF) in 1989 by the G7 nations to combat global money laundering and terrorist financing, the fundamental AML regulatory framework, as we recognize it today, remains primarily derived from the USA PATRIOT Act of 2001, which was a direct response to the 9/11 terrorist attacks. Despite the significant evolution in financial systems characterized by unparalleled interconnectedness, high-volume money flows, rapid cross-border payments, and heightened risks stemming from organized crime and terrorism, the AML framework has not progressed at a comparable rate.
The scale of the issue is substantial, with the UN estimating that money laundering constitutes two to five percent of the global GDP, amounting to $800 billion to $2 trillion. While AML regulatory mandates and laws may appear reasonable, key principles such as Know Your Customer (KYC), transaction monitoring, and suspicious activity reporting exhibit significant deficiencies. A primary obstacle is the absence of clear definitions delineating ‘suspicious’ activity, leading to inconsistent interpretations and reporting practices across different institutions and countries.
Despite expanded global endeavors to combat money laundering subsequent to the USA PATRIOT Act, such as the establishment of the Anti-Money Laundering Authority (AMLA) by the EU and the typology reports from the Egmont Group—a global network of FIUs designed to aid governments and stakeholders in comprehending existing and emerging threats—these efforts have fallen short of their intended efficacy.
One critical issue is the substantial time lag between the identification of an issue by FIUs or the FATF, the consensus on an approach, and its dissemination via typologies. This delay affords money launderers significant opportunities to exploit outdated guidelines. For example, the FATF adjusted its standards to address virtual asset risks in June 2019, over a decade after the launch of Bitcoin, and such delayed responses impede the fight against contemporary financial crimes.
Inadequate regulatory responses not only provide openings for criminals but also complicate business operations. For instance, transit accounts, which are frequently flagged as suspicious by the FATF, form a crucial component of many neobanks’ business models. In consequence, banks and fintechs submit numerous Suspicious Activity Reports (SARs), often as a precautionary measure, leading to what is termed ‘defensive reporting’. Despite the escalating number of SARs, the volume of seized or confiscated assets has not kept pace, indicating deficiencies in AML enforcement.
While AML technology has made substantial progress since 2001, incorporating advancements in automated transaction monitoring, machine learning, and big data analytics to augment detection capabilities, global typologies remain context-specific, heterogeneous, and subjective, thereby posing challenges in translating them into structured data for machine learning models. Furthermore, trends in data protection and privacy, although essential, erect obstacles in information sharing about known bad actors.
The future of AML lies in embracing technology. Synthetic data, a method that mimics real-world patterns without compromising privacy, presents a potential solution. By retaining only the requisite data for risk identification, organizations can impart insights without divulging sensitive information. When combined with privacy-enhancing technologies (PETs), machine learning, and AI, this approach can shift the AML model from reactive to proactive. Analyzing historical suspicious transactions using advanced tools facilitates the anticipation and identification of future criminal activities, creating a more robust defense against financial crime.
In conclusion, innovation, collaboration, agility, and proactive measures are imperative for the future of AML. Cities like Vilnius, with burgeoning fintech sectors and a commitment to combating financial crime, are well-positioned to spearhead these efforts. While the current AML framework might be flawed, technological innovation and human ingenuity can surmount these challenges, and in turn, establish a more secure and effective system for the future.