• George Goognin, at Evita


• 29.07.2024 11:30 am
#ai #compliance

INTRODUCTION

Before 9/11, there was zero to no KYC/AML policies in the banking industry: anonymous accounts, unlimited transactions, ability to send funds to any country for whatever purpose. In 2001, President George W. Bush signed a USA PATRIOT Act that created a new global industry: banking compliance. Since then, banks became obligated to proactively assist governments in controlling money movements, owners of the funds, and legitimacy of wire transfers.

RISING COMPLEXITY OF THE REGULATION

During the first years, the regulation was simple enough for a human officer or basic software. By 2024, the amount and complexity of rules across hundreds 100s of countries became so cluttered, that it turned infeasible to verify whether a transaction is fully compliant. 

Here's the very basic check-list for cross-border payments:

1. What is the purpose of the payment?

2. What is the relationship between the sender and receiver?

3. Where is the documentation (invoice, contract, or bill of lading)?

4. What goods/services are being sold?

5. What is the country of residence of the sender?

6. Who are directors and 25%+ shareholders of the sender? 

7. What is the country of residence of the receiver?

8. Who are directors and 25%+ shareholders of the receiver?

9. Is it legal to send money from the sender to receiver considering their countries of residence and sanctions lists?

10. Is it legal to deliver the goods/services from country A to country B.

11. What is the final destination of the goods?

12. Is sender or receiver under sanctions? 

    1. If yes — what restrictions are imposed on them? 

       1. Can they trade these goods?

       2. Can they trade with certain countries?

       3. Do they need a license for this trade?

13. Is the receiver's bank under sanctions?

    1. If yes — what restrictions are imposed on them?

14. Is there any secondary exposure to sanctions?

    1. What is the trading volume of the receiver with different countries/entities?

    2. Are there any sanctioned entities across this list?

       1. If yes — what restrictions are imposed on them? 

15. If there's a high probability that sender and receiver are trying to conseal the actual items that are being delivered or the final destination?

    1. What is the import/export history of sender and receiver?

    2. What goods they typically deliver?

    3. To which countries?

    4. What's listed on their websites?

    5. Who are their beneficial owners / parent companies? What industries do they serve?

As there is no single authority in the world to define the final compliance checklist, every bank has its own policies. Those policies might differ by orders of magnitude between financial institutions in different countries, which makes a job of compliance officers even harder.  

The additional level of complexity is the absence of a single website or an API where a compliance officer or a software can upload an invoice with wiring instructions and items list, and get a binary YES/NO answer on whether a transaction is compliant or not. 

There are deterministic services like Sanctions List Search OFAC, but in most cases the information is scattered globally across websites of hundreds of government bodies. And a typical unit of data is a broad document with dozens of cross-references to another similar documents. Example: the EU regulation 833/2014.

HOW IT AFFECTS THE BANKING INDUSTRY

Banks spend hundreds of billions on compliance every year:

Source: Forrester Research True Cost of Compliance 

LexisNexis reports that opening a business account and performing a basic due-diligence takes 25-47 hours of labor, depending on the country. 

INEFFECTIVENESS OF THE CURRENT AML POLICIES

According to the IMF and independent analytics from FACT the amount of laundered money is growing, and is reaching $2-3 trillions/year, no matter the AML costs grow even faster.

Persona, one of the global leaders in KYC/AML software, reports in their 2022 Money Laundering Statistics that compliance software triggered 95% false positives leading to billions of dollars of wasted labor. 

HOW TO OPTIMIZE COMPLIANCE COSTS WHILE KEEPING THE SAME LEVEL OF EFFECTIVENESS

I foundedI'm a founder of Evita, a cross-border factoring and payments company, to focus focused on large B2B wire transfers between different countries and currencies. This niche is considered high-risk by many banks in the world, and this extensive pressure from financial institutions forced us to develop a comprehensive AML approach.

At first, we tried to perform all checks manually, and it lead to:

1. Bad user experience: customers don't want to wait for a few hours while we check whether the transaction is compliant or not. Plus, our customers are scattered across 15-hour time zones difference, which makes the waiting time even longer.
    

2. Excessive costs of doing business: compliance doesn't bring profits but requires a lot of labor.

Then we tried to purchase a software, but encountered more issues:

1. Many vendors are focused on large enterprise or government contracts, so, they don't respond for requests for quotes from small/medium companies.
    

2. Even the enterprise compliance software doesn't provide YES/NO answers, so, our officers have to manually dive into each case.
    

3. Some software provides basic Google-like search acros a fixed amount of lists which doesn't make a difference.

So, we decided to give a try to AI because banking compliance appeared to be the perfect task for it: 

• A lot of texts as an input.

• All input data is available publicly or via an API.

• AI could be trained to adjust the level of scrutiny on certain details.

We used Relevance AI as a basic layer because they allow our software developers and product managers to:

1. Easily switch between AI-providers (Open AI, Google Gemini, Grok from Elon Musk, etc.). It helped us to figure out which language model (LLM) is the best fit for our niche task. Open AI 4 appeared to be the most adequate.
    

2. Build a custom step-by-step workflow to process each compliance request.
    

3. Integrate Google OCR to automatically transform PDF invoices into machine-readable text.
    

4. Integrate Perplexity to search across the internet for data.

Here are our key findings:

AI IS LAZY, BUT YOU CAN ENFORCE IT TO WORK PROPERLY

Many articles about AI prompting say "the more detailed the prompt — the better." According to our tests on thousands of invoices and five LLMs we can prove this advise to be wrong for our niche.

We spent about a month trying to enforce AI to perform the whole multi-step prompt at once. In most cases AI executed only 3-4 out of 7 items of the prompt.

After numerous advisory sessions with peers and experts we found out that this laziness is observed often and there are two major workarounds:

1. To create an AI manager to monitor the quality.
    

2. Or to split the process into smaller steps and feed the result of one step as an input to the next one.

We decided to focus on the second option and used Relevance AI to build custom workflows with atomized steps. Here's one of those workflows:

AI HALLUCINATES

Yes, in 3-5% of the cases AI can "see" what isn’twasn't there. For example, one of our red flags is aviation and aircraft spare parts because it's one of the most heavily-regulated and sanctioned industry. And our AI bots sometimes say "this company is NOT compliant with our policies because they trade aviation spare parts according to their website" when it's false. We don't know how to manage it yet, so any expert comments are welcome.

HOW MUCH DOES IT COST?

One-time R&D:

• 2 months of a product manager = $11k on labor.

• 2 part-time months of a software engineer = $5k on labor.

• $2k on consultations with industry experts.

• $1k on testing third-party solutions.

• $19k and 2 months total.

Ongoing operations:

• $100/mo Open AI

• $200/mo Relevance AI

• $17/mo Google Gemini Pro for OCR (turning PDF invoices into text).

• $20/mo Perplexity Pro for searching the internet online.

• $700/mo ImportGenius for import/export data.

• Total $1,037/mo on software subscriptions.

• $700/mo on engineers to tweak the settings.

• $300/mo on compliance manager's part-time.

• Total approx $2k/mo.

• Our average compliance check is approx $2 and lasts 2 mins.

• We perform 1,000 checks per month now.

• When we grow to 1,000,000 checks per month — our costs per check will decrease, but not proportionally, because the major cost is the AI subscription, and their cost is mostly based on electricity burned on calculations. Our estimate is $0.75 per check for this volume.

HOW MUCH DID IT SAVE?

Before AI we spent up to 1 labor hours per each check, which is $10 (our compliance managers reside in Argentina). And, to serve the customers from different timezones we had to hire two additional managers, so the costs ramps up to $30. And in 10% it takes a senior manager to engage in checks, which costs an additional 1 hour at $100/hour, adding $10/check on top. 

So, if we would try to process our current 1,000 checks/mo manually — we would spend approx $480,000/year on labor. While the AI set up keeps our costs at $24,000/year, an impressive x20 efficiency gain.

BETTER USER EXPERIENCE

Our customers say the compliance have turned from a nightmare to a breeze.

Before:

• A customer from Hong Kong put a payment request.

• Wait for 12 hours until the compliance manager in Buenos Aires or New York will wake up and open the laptop.

• Wait for a few hours more until the checks are performed one-by-one. 

• Receive a pack of questions the next Hong Kong morning.

After:

• A customer sends an invoice to the Telegram bot at any time.

• The bot answers within 2 mins with a quick YES/NO and an option of getting the detailed report with questions to clarify.

• In 90%+ cases the answer is YES, so theres no need to wait for a live compliance manager to respond.

GENERAL COMMENTS

AI brings the whole new product building experience. It feels more like training a niche expert than writing if-then-else code. And the speed of delivering features is hundred times more than with old approach.