AML systems under the attack of coronavirus

AML systems under the attack of coronavirus

Kamil Kouba | 10. 11. 2020

During the COVID-19 pandemic, the counter money laundering and terrorist financing measures (hereinafter only the „AML/CFT“) got as much tested as never before. The same is true for the automated AML/CFT monitoring systems (hereinafter only the „AML systems“). How did the unusual situation impact functionality of these systems? Martin Mužný, one of the AML Academy lecturers, delivered a remarkably interesting lecture on this topic. For the essence of his speech, please read the text below, which is an opening article on AML systems. Perpetrators of crime stand ready to seize and benefit from any opportunity or situation, such as the pandemic. Obliged entities should therefore remain on high alert and continue enforcing their AML/CFT measures more than usual. EBA [1] and the Financial Analytical Office have also indicated that safety measures should not distract the obliged entity´s attention to the due client identification, see our video blog [2], as well as AML/CFT monitoring system. The AML system is one of the key pillars of the AML/CFT measures, as it usually hosts the client data as the central storage, whether in the form of client identification data, information on transactions, or other risk factors necessary to compile the client’s risk profile. The data are used to comply with the legal obligation to continuously monitor clients to secure the timely detection of indicators of potentially suspicious transactions. Substantiated suspicions must be reported to the Financial Analytical Office. A well-functioning AML system is even more important in situations where other ways of detecting potentially suspicious transactions are largely reduced or completely absent, such as the possibility of physical identification of a client by a bank clerk. In practice, AML systems´ quality can vary dramatically; a lot depends on the type and size of the respective institution. The biggest difference is the origin of the AML system itself – some institutions develop their system internally and operate a tailor-made in-house system, others buy a robust commercial solution which can usually offer many complex AML functionalities, which in-house solutions usually lack because such functionalities tend to be expensive and their development is time-consuming. Both approaches, however, have one thing in common – they detect potentially suspicious transactions using so-called scenarios or rules. Each scenario/rule monitors certain money laundering or terrorist financing typology. To do so, AML systems use various approaches starting with simple detection protocols that generate a pre-defined outline of all transactions, including matching of transactions to clients up to sophisticated rules. The highly sophisticated systems are built on behavioral scenarios and work with client statistical profiling and analyses of their usual conduct; some of these systems use elements of partial or full artificial intelligence (so-called semi or full AI), which can draw a separate behavioral profile of every individual client and, to a certain extent, propose modifications of the detection principles contained in the AML system (e.g. the missing link analysis). There is yet another significant criterion – does the AML system operate solely off-line, i.e. does it receive information daily in batches (so-called D + 1 mode), or partially or fully in real time ( so-called real-time regime)? The latter is more demanding on the system operation and is typical for the more robust commercial solutions. Most clients of obliged entities have recently changed their behavior rather significantly, and their transaction profiles show dramatic shifts. This can make, and it must have happened on numerous occasions, the AML system – set to the “usual” behavior of a client in each segment – to generate an increased number of false hits. The AML system evaluates such changes as risky, even if they were due to legitimate reasons. At the same time, the increased number of false alerts becomes time-consuming and labor-intensive for the obliged entities’ dedicated departments which must analyze the alerts. In such demanding times, a suspicious transaction that should have been detected in time, blocked, and reported to the Financial Analytical Office may more easily “escape” the system´s attention. Paradoxically, this can be a real challenge especially for the most advanced systems using elements of artificial intelligence. To “learn” the “correct” behavior of the client, these AML systems are initially calibrated with the help of sample datasets collected over an extended period. In this respect, we are now facing two different problems. First, AML systems which are currently implemented and calibrated, consider the current situation as “normal”¨. When the situation normalizes back to where it should be, the systems will detect changes in client behavior as suspicious. The second challenge is a fully operable and well-calibrated system, which will require some time to adapt to the new situation and stop evaluating the current changes as suspicious. The current situation has shown that this technology, however modern, requires further development, especially with an emphasis on faster adaptation of elements of artificial intelligence. The good news is that selected leading manufacturers have already announced research and development to this end. In the light of the above, the obliged persons should pay increased attention to the design and setup of their AML systems, to perform complex analyses of all detection protocols, and to have them modified and adapted to the current situation so that their systems fully comply with the legal requirements. An AML system must be efficient and powerful enough to mitigate and manage the risks of money laundering and terrorist financing. For more, please attend one of our open seminars instructed by Martin Mužný, our lecturer, or contact us for an individual training tailor-made by him to respond to your needs.

[1] EBA statement on actions to mitigate financial crime risks in the COVID-19 pandemic

[2] AML identifikace v době koronaviru


Kamil Kouba

AML officer with more than 16 years of experience in the anti-corruption police.
In the rank of colonel, he headed a special department, which was the recipient of criminal reports to the FAU.
He was repeatedly awarded for the fight against money laundering, he served as a member of the Czech negotiating team in defending the AML measures taken at the Council of Europe in Strasbourg.
For 6 years, it has been successfully providing services in the private sector across the spectrum of liable persons.