KPMG’s Thomas Keegan and Stephen DeParis discuss technology’s growing role in managing compliance – and empowering people in the legal department.
CCBJ: What is intelligent automation?
Stephen DeParis: In defining intelligent automation, you have to look at its components, such as machine learning or robotics. These components make up a continuum of increasingly intelligent automation, which is used to solve business problems. The simplest solution on this continuum is robotic process automation, or RPA. RPA is essentially software bots that can interface with legacy applications and the internet, just like a human would. They’re great for being able to replicate simple manual activities – pulling data, “pushing” buttons, writing emails. They’re effective at taking out costs associated with those basic tasks.
Next on the continuum, you go up into machine learning, where human decisions can potentially be replicated by a machine. Machine learning typically uses algorithms to look at historical outcomes and predict what the next outcome will be based on the pattern of events that it’s seen in the past. The more historical data you have, the better chance the machine has of making an accurate prediction of what will happen in the future.
Further along the continuum, you enter the realm of artificial intelligence, where you start to simulate human thought and reasoning. Altogether, when you take these types of components and you put them under one umbrella, it’s called intelligent automation.
What are legal departments in the financial industry doing with intelligent automation?
Thomas Keegan: The clients that we’re speaking to are not looking to go straight to artificial intelligence or extremely advanced analytics. They are looking to start taking the intelligent journey. They’re examining their processes, and they recognize that they need to work through a cadence with their regulators to get them to understand and move with them on that journey. Over the past 12 months, we’ve helped implement many RPA elements, often taking the investigative process or first-level review process in the financial crimes area, and using the software bots to automate repetitive procedures, such as the gathering of information. Humans can then look at the results and make the decisions. Instead of spending their time doing redundant tasks, people consume the information the bots have gathered for them, and they can make faster decisions than they have in the past.
Specifically, the legal departments are interested in the defensibility of the approach and how it will be viewed by regulators.
Why is intelligent automation especially relevant for the financial crimes area?
Keegan: Regulations require that the financial services industry take on the task of trying to stop money laundering and other criminal events. To do so, companies have looked at the history of transactions and say, If a transaction fits this profile, then put an alert on it and have somebody manually review whether it’s actually something that’s good or bad. That has been considered the most effective way to comply with regulatory demands. But it has also increased costs dramatically over the past 10 to 15 years. The number of individuals who are spending their time primarily documenting why something is a false positive has become a significant burden for organizations.
That approach is actually making compliance harder. When you’re running in the 90 percent and above range with false positives, there’s a tremendous amount of effort required just to deal with things that you know are not going to be helping you reach the ultimate regulatory objective of stopping money laundering or other crimes. Companies are spending so much money documenting false positives that they can’t improve their processes to find more true positives. So with financial crimes, we now have an area where there is a great deal of spend for relatively little value. We’ve hit a tipping point where you need to use machine learning and other techniques to come up with a better overall front-end approach that uncovers more problems without having the systematic creation of false positives.
Which areas of financial crimes would benefit from automation?
DeParis: All areas of financial crimes can definitely benefit from intelligent automation – know your customer, anti-money laundering, sanctions, and even fraud and anti-bribery and corruption. We’ve seen many clients have success using RPA to automate some of the manual steps that are involved with an alert investigation, which traditionally required investigators to pull transaction histories and do a great deal of internet searching. With RPA, we’re able to pull that information together when the alert is generated and upload it into case management systems. The investigator then has all that information in their queue.
Another important area, as Tom mentioned, is false positives, and introducing machine learning to look at previous alert investigation outcomes to determine whether a particular alert is likely to be a false positive or something that should be escalated right away.
What are the special challenges you see for using intelligent automation to address financial crimes?
DeParis: One area is AML [anti-money laundering], which, generally speaking, is very, very subjective. It basically involves a pattern of activity. You look back to find activity that indicates someone is trying to launder money. It’s usually not just one transaction, but rather a pattern of transactions. Often, you don’t know the actual outcome of the investigation. Once you file a suspicious activity report, there’s very little feedback to show this ultimately became a true positive.
That’s a challenge because typically, machine learning is used in areas where there was an objective outcome. For example, with a loan default, you know that someone actually defaulted on that loan. You have that data, and it’s very objective, and that lends itself to machine learning. But with AML, you often don’t have all the data about outcomes. So it’s a challenge, but I think it’s a challenge that can be met by flipping the problem on its head. Instead of focusing on uncovering the one potential suspicious activity report filing in a hundred thousand transactions, let me uncover and confidently classify the thousands of false positives that I know are there based on previous alert investigation outcomes.
Where do you see the future of intelligent automation and compliance going?
DeParis: I think that anti-money laundering is going to become more focused on the customer. The way we look at anti-money laundering now, it’s largely about the transaction. The alerts are scored based on the transaction. But I think that anti-money laundering automation is going to become more about the customer and the customer’s behavior and a little bit less about the transaction. With technologies such as artificial intelligence and link analysis, systems will be able to look at prior activity, other types of alerts and other information that is available publicly. We’ll be able to paint a better portrait of who the customers are and the focal entities that are transacting with each other. That will be one area that will expand in AML, and it will start to be more increasingly real time.
Keegan: The techniques we’ve been describing are relevant across the compliance spectrum and across industries, not just financial services. They can be used for something as simple as looking for fraud in time and expense reporting, or things as complex as transactions related to bribery and corruption.
Much of the activity across compliance areas is the same: An alert is generated, and then there’s a set of information that needs to be obtained in order to decide whether or not that’s a true-positive alert or a false-positive alert. The intelligent automation technology does that, allowing the human to make a faster decision. So overall, we think that we’re going to see a rapid adoption rate within financial crimes because the cost is so high. But it certainly is going to be adopted within other areas of compliance as well.
What’s the best way for an organization to get started with intelligent automation?
Keegan: From a technology perspective, robotic process automation is an easy way to get started. There’s little to no regulatory risk. The technology is not making decisions, and RPA primarily involves automating repetitive, redundant tasks. But the savings and the return for the organization can be substantial. It’s a way to show results and then begin to go down the path of automation.
The second thing is to make sure you look at the type of analytics you’re running and identify those areas that have a high false-positive rating. Look for ways to allow your existing system to continue to perform while supplementing it with some of the intelligent techniques we’ve been describing. That way, you’re not “throwing the baby out with the bath water.” You’re allowing the system to continue to run. You’re letting your regulators see the results they’ve seen in previous examinations. But you’re also introducing the concept of machine learning to both your internal processes and to regulators in a way that is supplemental to, but not in conflict with, existing systems.
DeParis: To add to that, you can have a solution that is basically 100 percent accurate as far as you’re concerned. But if you can’t explain it to the regulators or upper management, it essentially has no value. These models or algorithms need to be well understood, and they can be. Some vendors will tout their solutions, saying they can do all these amazing things. But it’s often a black box, and you really don’t know what’s going on inside. That simply is a non-starter for this regulated environment. All of the models have to be open and understood. And every single outcome has to have an audit trail that’s in a human-readable form. When a regulator comes in and asks, “Why did your machine close this particular alert?” you need to be able to explain in detail every single reason why it made that decision. It’s very important to keep that in mind when you’re going in this direction.
What level of investment is required to get started?
DeParis: It can actually be surprisingly low. With RPA, the licensing for many of these software bots is about $5,000 a year. For $5,000, you essentially get 24 hours of capacity where a bot can perform tasks sequentially.
Separately, none of this needs to be thrown away as you move forward. For example, when you add machine learning, you’re still going to use the robotics that you’ve laid down to interface with your legacy systems. We think of the robotics as the hands or the arms that interact with different systems, and the machine learning then starts to become the brain. Putting these things together, you start to build a true intelligent automation solution. Take small bites, and build out from there.
Keegan: I would add that the cost of intelligent solutions is probably a fraction of what companies are spending on these efforts today. Each of these components adds to cost savings and better deployment of capital.