From “no” to “go”: FinTech compliance expert series
In a recent FinScan LinkedIn poll of 194 compliance professionals, 54% said incomplete customer data was the biggest cause of false positives. This mirrors our recent webinar poll where 54% of 317 attendees said data quality was where compliance professionals spent a significant amount of time.
What gives?
With FinTech compliance teams focused on the promise of using AI and automation to help solve their biggest challenges, getting data right is no longer optional.
Poor data quality = bad automation. Poor data quality = bad AI.
And that’s just part of the story. Other pressing challenges are putting up barriers to reducing risk and achieving what everyone wants: sustainable growth.
In this series, Steve Marshall, Director of FinScan Advisory Services, Innovative Systems; Leda Glyptis, PhD, author, speaker and FinScan advisor; and Mayank Sharma, Senior Product Marketing Manager at Innovative Systems debate the challenges and opportunities compliance teams face as they shape the future of compliance for their organizations.
Part 2: From AI to AML—how FinTechs power up compliance
FinTechs are racing to deliver faster, more seamless services, but balancing agility with airtight compliance is a huge challenge. With regulatory pressures mounting and compliance missteps carrying costly consequences, how can FinTechs stay ahead? Innovative Systems’ Steve Marshall and Mayank Sharma break down the cutting-edge regtech solutions that are transforming AML, KYC, and sanctions processes—helping FinTechs scale securely while leveraging AI to automate compliance and manage risk in an increasingly complex landscape.
What regtech solutions can help fintechs with compliance?
Steve Marshall: For FinTech companies, efficient processes are essential to deliver secure services and ensure AML compliance, including Know Your Customer (KYC). To do this, integrating AML and sanctions checks into their workflows is crucial to avoid disrupting business operations and provide seamless user and customer experiences.
Scale, speed, and security are also critical. FinTechs need to be able to easily scale their operations to handle growing transaction and customer volumes without compromising performance and achieve faster response times per transaction. In addition, streamlining identity verification with integrated KYC and sanctions checks enable faster customer onboarding, and secure and compliant cross-border transaction processing to support global growth.
Mayank Sharma: For growth-stage startups and FinTech companies, the most critical factor is the speed at which they can deliver products and enhance customer experiences. This agility is their primary advantage over traditional financial institutions, which often suffer from bureaucratic inefficiencies. However, in their pursuit of speed, many FinTechs struggle with compliance, with some studies indicating a failure rate exceeding 93%.
Balancing the need for speed with compliance is essential, but there are no shortcuts. Due to a lack of experience and resistance to complexity, FinTechs often opt for orchestration platforms that promise an all-in-one solution for AML compliance, instead of thoroughly exploring the technical landscape to build an efficient, tailored compliance program.
A case in point is the speed required in merchant sales. When a customer taps a point-of-sale (PoS) terminal, merchants expect the transaction to process within approximately two seconds. Given the multiple compliance checks required within this brief window, every millisecond counts. For example, if an orchestration platform takes about one second to check for sanctions violations via an API call to their partner firm, this consumes 50% of the available processing time. In contrast, a fully optimized, in-memory processing database can perform the same check in just 80-100 milliseconds—only 4-5% of the total time—leaving ample time for other processes.
How is AI automating compliance processes in the fintech industry, and what impact is this having?
Steve: With financial institutions increasingly looking to extend the use of AI and automation in AML processes, compliance officers struggle with how to best incorporate AI. Certainly, to the extent processes can be sped up will facilitate operations but that cannot be at the cost of being compliant with sound model risk management requirements and expectations.
Financial institutions, including FinTechs, are looking at AI and how it can positively impact financial crimes compliance. Areas such as transaction monitoring where analyzing large volumes of data and looking for patterns or anomalies are fertile grounds for AI. It is in areas such as this that a far greater level of precision in the analysis can result in more financial crime being detected while reducing the occurrence of a large, unmanageable, volume of false positives.
However, with the likely benefit of AI comes the potential for increased risk. If the data used to train the AI system is biased or does not reflect the actual data which will be analyzed by the system, the results will not be trustworthy. Further, AI cannot simply be the next shiny object that we, as financial crimes practitioners. must have. We need to understand how and why the system performs the way it does and be able to completely and accurately document and describe that performance. And finally, the impact of AI must be assessed in the context of data quality. Poor data quality will lead to adverse impacts through the implementation of AI.
Mayank: There is a need to distinguish between AI in terms of pattern recognition and analysis, and Gen AI.
Clearly defined use cases of many firms using Gen AI in Retrieval-Augmented Generation (RAG) frameworks are emerging for detecting adverse media risk through Large Language Models (LLMs) in looking at news articles and categorizing risk. This is becoming more efficient than list-based searches, such as sanctions or PEPs, as companies become aware of predicate offense risks as they happen rather than waiting for a regulatory agency to put the entities name on a sanctions list. There are other use cases in Gen AI which are under exploration such as template Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs), case summaries for remediation, track changes in regulations, and co-pilot-based chat bots. In the long term, as Gen AI becomes more reliable, it might be able to automatically update compliance frameworks and maintain documentation, making compliance programs more agile and robust.
In fraud and AML risk detection, pattern, analysis-based AI algorithms are here to stay. It has been demonstrated that rules-based monitoring can be circumvented, so layering that over with clustering and pattern algorithms can lead to detection of more risk. Using AI to analyze vast amounts of transaction data to identify suspicious patterns indicative of money laundering or fraud over and above rules-based frameworks has been adopted by many organizations—here we see more coexistence of old and new ways of detecting risk.
What role does risk orchestration play in enhancing the agility of financial institutions against emerging threats?
Steve: Risk orchestration should not be limited to AML and fraud but encompass the full spectrum of financial crime risk. Over the past decade, there has been a significant evolution in how companies approach risk management. Previously, the AML focus was primarily on conducting due diligence during the onboarding of new customers and periodically throughout the customer lifecycle. For fraud, the focus was historically on customer identity. However, the modern landscape demands a more holistic approach, requiring companies to evaluate their entire network of customer and counterparty relationships and the associated financial crimes risk.
This necessitates a complementary risk identification and mitigation effort involving AML and fraud. However, combining the organizations may not lead to the intended benefits. Rather, looking at the potential overlap of risk and risk mitigation may be the appropriate focus.
FinTechs must vigilantly identify and monitor financial crimes risks to identify potential sanctions violations and suspicious activity. Failure to do so can lead to significant financial penalties. Beyond financial repercussions, inadequate risk management can lead to severe reputational damage, emphasizing the importance of a robust and forward-looking financial crimes analysis and risk assessment process.
Miss Part 1 of this series? Check it out to discover:
The compliance industry’s three biggest challenges
Whether or not regulators should impose tougher penalties