Fight against Money Laundering and Terrorist Financing (AML-CFT): the contribution of AI
Money laundering is the process of injecting funds from illegal activities (e.g., drug trafficking and organized crime) into the economic system while concealing the origin of these funds. Each year, around 2-5% of global GDP is laundered worldwide. Money laundering is therefore a significant threat to the security of the global economy.
The fight against money laundering is a priority for financial institutions and leads them to exercise permanent supervision over banking transactions. French banks cooperate fully with the public authorities in this fight against money laundering and show great caution whenever an operation is proposed to them with capital from which they cannot ensure the origin, especially in cash.
To effectively combat money laundering, banks are required to enforce KYC (Know Yourk Customer) regulations. The KYC guidelines are intended to: (i) have a comprehensive understanding of the parties to a banking transaction (e.g., originator, beneficiary, bank accounts and source of funds); (ii) understand the behavioural pattern of customers; and (iii) assess the risk that each client represents by taking into account factors such as geographical location and the type of activity carried out.
Another important dimension of the AML-CFT is the consultation of the watchlists regularly updated by the competent authorities or by the financial institutions themselves. Indeed, consulting these lists allows banks to verify the identity of their interlocutors in order to block transactions issued by: (i) known launderers or persons involved in criminal activities (e.g., drug trafficking, human trafficking and arms trafficking); and (ii) the parties (e.g., individuals, companies and target countries) that are subject to sanctions.
Obligations of financial institutions
Various laws have gradually strengthened the anti-money laundering obligations of financial institutions. In particular, they must declare to a service under the authority of the Minister of the Economy, called TRACFIN, the transactions carried out in their books that could come from drug trafficking or organized criminal activities. The following diagram describes the procedure for processing and verifying bank transactions.
Transaction processing and verification procedure
In addition, financial institutions must report:
- Transactions for which the identity of the originator is questionable.
- Those made from capital whose beneficiaries are not known.
- Those carried out by persons or organizations domiciled in one of the countries recognized as non-cooperative in the international fight against money laundering.
Banks are also required to note the identity of their interlocutors, customers or not, for any account opening, safety deposit box rental or transaction of more than 8,000 euros. This information must be made available to the court for 5 years. On the other hand, they are obliged to transmit to TRACFIN information relating to fund transfer transactions from a cash payment or using electronic money, if the amount of the transaction exceeds:
- The threshold of 1,000 euros per transaction.
- The threshold of €2,000 accumulated per customer over a calendar month (threshold since April 2014).
The declarative activity at TRACFIN
Each year TRACFIN publishes statistics on reports of suspected money laundering received by its services. The following graph presents the statistics of the declarations made by professionals subject to the AML-CFT over the period 2011 - 2021.
We note that, over the period considered, the number of suspicious activity reports received by TRACFIN has multiplied by 7, from less than 23,000 to nearly 161,000. The increase is particularly significant between 2020 and 2021 (+44%) and is mainly the result of the explosion in the declarative activity of payment institutions (+119%). In addition, 95.4% of suspicious activity reports come from financial institutions with a financial stake of 28.2 billion euros in 2021 (increase of 65% in 5 years and 31% in 1 year).
A detailed analysis of TRACFIN’s statistics shows that the declarative activity of service providers on digital assets (cryptoassets such as bitcoin) is globally low: only 312 declarations in 2021, or less than 0.2% of the declarations received. Nevertheless, the year 2021 marks a spectacular increase (+259%) in the declarative activity of cryptoactive professionals. There are three main reasons for this growth:
- The increasing number of service providers on digital assets registered with the Autorité des Marchés Financiers (AMF).
- The rise of AML-CFT devices within these institutions.
- The rise among a wider population of the use of cryptoassets that leads to a development of customers with, incidentally, an increase in the number of people engaged in crypto-laundering (money laundering through cryptoassets).
AML-CFT regulations: controls and sanctions
Financial institutions are subject to AML-CFT regulations, the application of which is controlled by the ACPR (the Prudential Control and Resolution Authority). This structure is responsible for monitoring financial institutions' compliance with their national and European AML-CFT obligations. Where a financial institution has violated a legislative or regulatory provision, the ACPR Sanctions Committee may impose one of the disciplinary sanctions provided for in Article 612-39 of the Monetary and Financial Code. For example, in December 2022, the Commission issued a 1.5 million euro reprimand and monetary penalty against the Crédit Agricole Mutuel du Languedofor failing to comply with its AML/CFT due diligence and supervisory obligations.
The Directorate-General for Competition, Consumer Affairs and Fraud Prevention (DGCCRF) also exercises control over AML-CFT. It is in charge of monitoring the due diligence and reporting obligations of professionals accepting payments in cash or using electronic currencies of an amount greater than 10,000 euros. In 2020, the DGCCRF surveyed operators in the watchmaking, jewelry and luxury goldsmithing sector to verify that these professionals were meeting their obligations in this area. As a result of the investigation, 60% of the controls gave rise to injunctions.
The needs of financial institutions
Banks' primary need for AML-CFT is to detect and identify money laundering processes and associated risks more easily. New technologies of Artificial Intelligence (AI) can be used for this purpose. The diagram below describes the contribution of AI to the AML-CFT arrangements of financial institutions.
AML-CFT devices based on AI have the advantage of drastically reducing the volume of false positives (transactions considered suspicious incorrectly) which leads to an operational improvement in the manual processing of alerts compared to standard devices. In addition, the use of AI improves the flexibility of AML-CFT devices, facilitates the detection of new money laundering patterns sufficiently similar to those observed in the past, and therefore allows the monitoring of the evolution of money laundering scenarios. However, it is clear that the use of AI in the context of AML-CFT raises the major problem of the explicability of AI algorithms.
How to address the problem of explicability?
The detection and reporting of money laundering activities are part of the legal obligations for financial institutions. However, when reporting suspicions to TRACFIN, banks are also required to explain the analytical elements that led to suspecting a customer. Hence the fundamental importance of the explainability of AI algorithms used in AML-CFT devices. Explicability therefore makes it possible to understand why one transaction is considered very suspicious while another is not at all.
The ACPR established guidelines on the governance of algorithms in the financial sector, including the explainability of AI algorithms, in its report published in June 2020. It defines four levels of explicability from the simplest to the most exhaustive.
- Level 1: observation. What does the algorithm do and what is its usefulness? This level is for an uninitiated audience.
- Level 2: justification. Why does the algorithm give such a result?
- Level 3: approximation. How does the algorithm work?
- Level 4: replication. Is the algorithm working properly? This level of explanation meets a need for detailed analysis of the algorithm and the data needed for the explanation. It’s for a more expert audience.
The ACPR report also states that the necessary level of explainability depends on the audience and the risks induced by AI. This means that for use cases with minimal risks, the algorithm does not need to be 100% explainable. Take the example of AI which redistributes alerts generated by a transaction filtering system to the right level of manual alert review. Here, the risks are minimal as human beings examine all decisions made by AI. Thus, although this AI system is opaque and little explainable, it can be set up because it is very low risk.
The remaining challenges for explainability in AML-CFT
Although the ACPR has detailed these guidelines on explicability in the financial sector, there are still challenges to be resolved in order to effectively apply AI in the area of anti-money laundering.
- The multitude of audiences for which it will be necessary to adapt the explicability (e.g., the control agent, the internal controller, the external auditor, the ACPR, TRACFIN, any individual impacted by the model and the CNIL).
- The multiplicity of use cases greatly complicates the task of explicability for data scientists . Indeed, sometimes agnostic explanations, which do not depend on the model, will suffice. But for high level explanations it will take specific explanations to the model.
- Access to data may raise privacy issues (GDPR issues).
- The automation bias that refers to the propensity of humans to favor the suggestions of AI systems and ignore their contradictory personal intuitions, even if they are correct.
- The difficulty of measuring the value of the explanations for users.
- The economic aspects of these explanations are not necessarily mentioned in the ACPR guidelines.
Definitions of acronyms
- AML/CFT: Combating Money Laundering and Terrorist Financing.
- ACPR: Prudential Control and Resolution Authority, responsible for controlling financial institutions in matters of AML/CFT, it is part of the Banque de France.
- DGCCRF: the Directorate General of Competition, Consumer and Fraud Prevention.
- CMF: Monetary and Financial Code.
- TRACFIN: is the French intelligence service, responsible for the fight against money laundering, the financing of terrorism but also against tax, social and customs fraud. It is attached to the Ministry of Economy, Finance and Industrial and Digital Sovereignty.
- CNIL: the National Commission for Information Technology and Freedoms.
- GDPR: the General Data Protection Regulation.
List of references
Laurent Dupont, Olivier Fliche, Su Yang (2020). Governance of artificial intelligence algorithms in the financial sector. Pôle Fintech-Innovation, ACPR. https://acpr.banque-france.fr/sites/default/files/medias/documents/20200612_gouvernance_evaluation_ia.pdf
TRACFIN 2021. Activity and analysis. https://www.economie.gouv.fr/files/2022-07/Tracfin_2021_Web.pdf?v=1658933771
Editor : Fatoumata DAMA: R&D Engineer - firstname.lastname@example.org