AML & Fraud Prevention: Uneasy MarriageSuccessful Integration is the Exception, Not the Rule
On the surface, this concept makes a lot of sense. There is an increasing amount of overlap between the criminal elements -- overlap that fraud and AML groups are trying to catch. Many technology solutions introduced into the market in the last decade are positioning themselves as solutions for both AML and fraud prevention needs.
Logical solutions and realistic solutions do not always go hand in hand, however, particularly in the complex world of financial services.
Logical solutions and realistic solutions do not always go hand in hand.
As part of an upcoming report on the AML vendor space, Aite Group has conversed with nearly 40 global financial institutions spanning five continents and ranging in size from US$100 million in assets to more than US$1 trillion in assets. The discussions reveal a few successful experiments in the marriage of AML and fraud, although success is far more the exception than the rule. More than 10% of institutions say they have actually moved down the path toward combining their AML and fraud functions, only to reverse course due to obstacles too significant to overcome.
Integration ChallengesOne of the most significant challenges that financial institutions cite is the culture clash between AML and fraud groups. The individuals that comprise these groups usually come from very different backgrounds. Individuals in the AML group have a more legalistic or compliance background, and those on the fraud side generally are more operational.
The two groups' organizational incentives are often very different, as well. AML groups' mission is to keep organizations in compliance and out of the headlines, and to keep the regulators happy (not necessarily in that order). Fraud investigators' job is to prevent and mitigate dollar losses for the financial institution. The processes required to keep regulators happy are very different from those required to stop fraud. AML is, for the most part, a batch process, while much of fraud prevention must be executed in a real-time environment to be successful.
All of these are subtle yet significant differences that make efforts to combine these groups very difficult. One financial institution made it as far as physically integrating its operations units, with AML and fraud investigators sitting in the same bullpen. But after a number of months of those individuals "fighting like cats and dogs," the financial institution called it a failed experiment and reinstated the previous siloed approach.
Elements of SuccessThis is not to say that the experiments are over, or that these challenges will prevent further integration over time. There have been success stories at small and newer institutions, which tend to have less in the way of organizational barriers and entrenched silos. There also have been successes at larger organizations, where there was political will to push through and make this happen. Institutions are also taking a number of intermediate steps, such as a shared enterprise case management system used by disparate fraud and AML groups. Other institutions keep the detection function separate, but have a corporate investigations unit that spans AML and fraud.
Regulators are also keeping an eye on the progress of many of these experiments, and increasingly asking questions during AML examinations about what institutions are doing to align their own AML and anti-fraud strategies. If a few institutions are able to demonstrate that they are able to make the model work well, this could raise the bar for their peers.
The path toward integration for most organizations will be a winding one, however, fraught with obstacles as unique as each financial institution itself, from overcoming legacy technology challenges to organizational and cultural barriers.
Julie McNelley is a senior analyst at Aite Group LLC who covers banking and payments fraud. She has more than a decade of hands-on product management experience working with financial institutions, payments processors and risk management companies.