Cognitive Robotics and the Annual AML Risk Assessment

Powering the Process through Automation

For financial institutions, the cost of noncompliance with AML policies and procedures is ever increasing. Per industry reports, AML fines have gone up to nearly $4 billion since 2014, and they continue to rise. Among other solutions, the banking industry is beginning to adopt robotics process automation to improve compliance.

The cost of noncompliance is ever increasing, with more and more financial institutions being fined for failing to adhere to AML (anti-money laundering) policies and procedures. Per industry reports, the AML fines have gone up to nearly $4 billion since 2014, and, if looking at the AML fines imposed by global regulators in 2017, the fines are only increasing. The banking industry is trying to mitigate such fines by chalking out adequate budgets in their annual spends to bring in newer technologies and improved AML compliance processes.

The AML risk assessment program – which helps banks and regulators to derive insights on the AML compliances within the bank – is one such key process. The annual report submitted to the regulator is based on the broad dimensions that have been prescribed by the AML examination manual, and the risk assessment process helps a bank to gain insights into its business practices and also understand any associated compliance risks.

What follows are the broad dimensions on which the assessment is performed:

• The bank’s products and services
• Its customer base
• The geographic areas wherein the bank operates

Figure 1 – AML risk assessment coverage

Typically, the AML assessment exercise is done manually. There are close to 40 reports to be pulled out of a bank’s systems and compiled into reports across products and services, customers and geography risk factors. These reports are later analyzed by the compliance office, which gathers the findings, provides the necessary qualitative commentary and prepares the final report. The final report is further reviewed by the bank’s chief compliance officer and presented to the bank’s board of directors. After obtaining necessary approvals, the report is finally submitted to the regulatory authority. The regulators then carry out any necessary due diligence in consultation with the bank’s compliance office and provide their findings. If the findings are found satisfactory, no fines are levied.

Typical challenges faced by banks during the risk assessment process include:

• Intensive manual effort – The AML risk assessment process is very high on manual efforts. Typically, one manual cycle of producing the annual reports takes three months, and around 70 percent of the effort is dedicated to extracting data and creating the
• On-demand assessment – Though the AML risk assessment report is submitted annually, the compliance department may like to carry out periodic assessments on demand, which in a manual setup is
• Lack of controls – Since most of the process is manual in nature, it is difficult to place adequate controls on the
• Significant remediation efforts – Since the process of extracting and creating the reports is manual in nature, the process is error prone and, thus, very high on remediation efforts, adding to delays in compilation and final reporting.
• Detecting patterns and trends – Since the process is carried out annually, it’s possible to identify hidden patterns or trends by studying past submissions. Because this exercise is very time-consuming, however, usually only limited references are made to prior reports and submissions, and important patterns or trends are often missed.

Considering the problem and the challenges faced, most banks are typically looking for solutions that can definitely shorten turnaround time, providing the bank a low-cost option that seamlessly integrates and interacts with the existing infrastructure, runs the process on demand and does not interfere with the legacy investments. In such a scenario, an RPA-based solution combined with cognitive capabilities can help banks meet their expectations and achieve the desired state. RPA, or robotics process automation, is a utility that mimics human behavior and carries out operations that are standard, low on exceptions and manual in nature.

It can also carry out business rule-based automations and judgment-based automations when combined with artificial intelligence solutions like machine learning, natural language processing, etc. This type of an automation is referred to as cognitive automation. Due to the above qualities, an RPA-based solution is emerging as a potent solution to many risk and compliance challenges.

If one were to envisage a solution for the above problem, it would typically involve combining RPA with cognitive capabilities. The RPA portion of the solution will definitely aid in reducing manual efforts by gathering the data from various sources, aggregating the data, carrying out data quality checks, preparing the reports and running the business rules. The cognitive solution then compares the current report with past reports and, through machine learning techniques, provides analytical insights on trends and patterns. This output is then mailed with the audit log by the RPA BoT (Robot) to the compliance office, where they can review the final reports and the insights provided. The compliance office accordingly provides suitable qualitative commentary and finally submits the report with findings to the chief compliance officer for his review.

Figure 2 – Illustration of a cognitive RPA solution in action

Once established, a cognitive RPA solution can providing the following benefits:

• On-demand analysis – The compliance office can run the process on demand or regular time intervals to have a constant check on the data
• Reduced manual effort – The available efforts of the compliance office can be now diverted for conducting value-added activities, such as detailed reviews
• Increased control – A log is maintained of all the RPA processes that are run. Any exceptions encountered are also captured in the log.
• Minimized need for remediation – Since the process is automated, it is error
• Greater insight into patterns and trends – The cognitive component of the solution can provide detailed analytical insights not previously possible.

RPA’s applicability in early days was seen more from a tactical viewpoint, but – given its capability to gel in the existing infrastructure without impacting the legacy system, its lower cost of implementation and its capability to integrate with other digital technologies – it is graduating to strategic space where it can drive end-to-end, transformational business process automation. RPA adoption is still in the early stages, and many banks are still exploring use cases and problem statements, but banks are learning fast, and with every new problem statement, they are trying to raise the bar for RPA to achieve cost efficiencies and optimizations in their business processes.