Commonwealth Bank exploring upgrades to transaction monitoring software
Commonwealth Bank of Australia is considering using new software to improve the way it monitors suspicious activity throughout the bank, suggesting the money-laundering scandal could be a tipping point that breaks down CBA’s insular approach to technology development.
With AUSTRAC suing CBA for failures in identifying suspect deposits, the bank has been exploring how new regulatory technology being developed outside the bank might be incorporated into its surveillance systems to make “suspicious matter reporting” and account monitoring more reliable. CBA sought a meeting with three members of the new RegTech Association six weeks ago to get a briefing on developments in the niche area, where new technologies are being developed to identify unusual transaction patterns, provide staff with collaboration tools and enhance quality of data feeding into its system – all areas where the AUSTRAC case reveals significant shortcomings at the bank.
Several regtech start-ups have been invited to meet with CBA in the coming weeks as it explores options to bolster its surveillance capability after AUSTRAC’s case revealed failings in responding to alerts being made by its transaction monitoring system.
The moves suggest CBA is trying to adapt the culture of its technology development towards one of more openness, given the bank has maintained a reputation among fintech start-ups for several years as being something of a closed shop with a “build it ourselves” approach to its systems. Other banks have also been reluctant to embrace innovative technology in their back-end systems, preferring to spend money on customer-facing mobile applications.
“Regtech players have been finding it extremely difficult to work with the big four banks and the other top 10 financial institutions in Australia,” says Harold Lucero, a member of the RegTech Association’s advisory board. “The problem is banks have a siloed approach. Different areas have different systems, and they don’t talk to one
another. Regtech solutions allow information to be aggregated across systems. I hope this [CBA] situation highlights the need for further collaboration between industry, regulators and vendors on ways to prevent money laundering.”
Anti-money-laundering monitoring typically follows an overnight batching process where the details of account transfers are put through a data warehouse before being fed into the monitoring system. Based on rules programmed into the system, violation alerts are produced, and are examined by teams of analysts. CBA chief Ian Narev said on Sunday that the Federal Court would determine whether the bank’s transaction monitoring algorithms were “good enough”.
But regtech software can help banks do better, including testing and auditing their algorithms. For example, Arctic Intelligence, which is based in Stone & Chalk, has built an independent review program that performs control testing to assess that surveillance systems have been implemented properly and are operating effectively. It also helps with remediation of problems, including monitoring how quickly internal teams respond to risks.
Multiple lines of defence
The claim by AUSTRAC highlights significant delays within CBA when red flags were raised. For example, when one teller reported suspicious deposits at a branch in Sydney, it took a month for this to be investigated by the Anti Money Laundering Team. In other situations, the AML team sought accounts to be closed but they remained opened and the laundering continued.
Other regtechs have built tools to facilitate collaboration. For example, Riskflo, another Stone & Chalk resident, has developed a tool known as the Discovery platform, which can be used to ensure all people who deal with fraud risk within the bank are on the same page with respect to alerts and information and follow-up actions.
Another example of a start-up based in Stone & Chalk that has developed a tool that could enhance the anti-money-laundering compliance process is Simple KYC. Its technology does pattern matching on beneficial owners of companies by tapping into company register databases.
With AUSTRAC pointing to CBA’s alleged failures identifying multiple deposits being made into a variety of ATMs on the same day that passed into the same accounts, Simple KYC’s software could help banks understand the true ownership behind company accounts in a more-automated fashion.
“It is a matter of multiple solutions being integrated, to create multiple lines of defence,” says Simple KYC founder Eric Frost when asked how banks generally need to think about increasing their anti-money- laundering defences. “When technology systems help with risk identification, people can then be freed up, so instead of dealing with day to-day grunt work they can spend time on risk flags and enhanced due diligence. Generically, these sorts of events raise awareness to understand the point that regulation is not a tick-the-box exercise. This incident raises awareness and starts making regtech solutions more of a must-have to evaluate, rather than a nice-to-have.”
Another regtech start-up, identitii, with offices in Sydney, Hong Kong and Singapore, has been working closely with SWIFT, the international transaction network that moves money across borders, including for CBA. identitii’s technology enhances the information in SWIFT messages, which feed back into bank detection systems, making them more accurate.
Martin Rogers, chief investment officer for KTM Ventures Innovation Fund and an investor in identitii, says “much of the big-bank legacy IT infrastructure is not able to cope with increasing anti-money-laundering and counter-terrorism financing demands from governments. That’s why new, innovative software solutions are being developed to help banks meet compliance requirements”. RegTech Association chair Julian Fenwick says it will be imperative for all banks, including CBA, to produce more-powerful technology systems that can pick up patterns of unusual behaviour, in collaboration with technology companies working outside the banks. He acknowledges many start-ups are not sophisticated enough to begin the relationship, and says his association is working to lift skills. But at the same time, he says banks and regulators are too conservative when assessing new technology.
Original Post: AFR