Using AI to combat financial crime in real-time payments

In today’s always-on, need-it-now world, both merchants and consumers alike are quickly relying on real-time payments as a preferred method of payment. This summer, real-time payment adoption is expected to soar when the U.S. Federal Reserve rolls out FedNow.

For merchants, the value of real-time payments is in speeding up the time frame for improving cash flow management, increasing liquidity, and offering better back-office efficiencies. For consumers, it offers a fast, frictionless way to send and receive payments between friends, family, or even vendors, regardless of time or distance.

However, the convenience of real-time payments doesn’t come without risk. Faster payments provide easy access for bad actors to exploit for money laundering and financial crime. This poses a huge threat to fintechs, banks, and payment service providers (PSPs) that need to have strong anti-money laundering (AML) controls in place.

Sanctions Bottlenecks Risk Customer Experience

To protect businesses from high-risk customers and ensure the integrity of the global financial system, sanctions screening is an integral part of AML, know your customer (KYC) and counter-terrorist financing (CTF) programs.

However, as the popularity of real-time payments accelerates, the time it takes to review sanctions alerts also increases exponentially—creating a potential bottleneck. On average, it takes three to five minutes of a human reviewer’s time per transaction, and that’s if the alert is worked immediately. Alerts are generated overnight and often sit in queues, increasing the average time worked to 30 to 60-plus minutes. This means that the real-time alert processing is no longer happening in real-time if it’s done by a person—jeopardizing customer experience and devaluing the instantaneous nature of instant payments.

Financial institutions (FIs) must deliver a seamless customer experience for real-time payments, including speed, security, and convenience to create a competitive advantage, maintain revenue, and prevent reputational damage.

Cross-Border Payments Risk Regulatory Enforcement

While domestic real-time payments are relatively low risk, cross-border payments are another story. Cross-border payments are exceedingly more complex since they involve bridging multiple currency systems and regulatory jurisdictions, and generate far more sanctions alerts.

Today, cross-border payments no longer take days, they are nearing real-time, with many transactions now being processed in minutes, or even seconds. This means for sanctions screening to be effective, the information included in payment messages needs to be good quality, which is often the biggest challenge for compliance.

According to SWIFT, “Banks that receive suspicious payments must often follow a trail of breadcrumbs across time zones to find missing data. Simply misspelling a name can quickly result in higher costs, missed shipments, idle factories, and empty shop floors.”

The increased potential for financial crime and sanctions evasion with cross-border real-time payments has attracted the attention of regulators. You need to know where the money is going, not just who is sending it. Over the past six months, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has brought several enforcement actions on FIs that were in violation of sanctions compliance controls, specifically related to their failure to use geolocation tools.

In November 2022, OFAC announced a $362,158.70 settlement with Payward, Inc., aka Kraken, a virtual currency exchange for cryptocurrencies. Kraken agreed to settle its potential civil liability for apparent violations of sanctions against Iran. Due to Kraken’s failure to timely implement appropriate geolocation tools, Kraken exported services to users who appeared to be in Iran when they engaged in virtual currency transactions on Kraken’s platform.

Additionally, in September, Tango Card, a Seattle-based company that supplies and distributes electronic rewards, agreed to pay $116,048.60 to settle its potential civil liability for apparent violations of multiple U.S. sanctions programs. According to the Department of Treasury, “in total, between September 2016 and September 2021, Tango Card transmitted 27,720 merchant gift cards and promotional debit cards, totaling $386,828.65, to individuals with email or IP addresses associated with Cuba, Iran, Syria, North Korea, or the Crimea region of Ukraine. While Tango Card used geolocation tools to identify transactions involving countries at high risk for suspected fraud and had OFAC screening and Know Your Business mechanisms around its direct customers, it did not use those controls to identify whether recipients of rewards, as opposed to senders of rewards, might involve sanctioned jurisdictions.”

Regulators Call for Use of Innovative Technologies to Combat Risks

The debate over whether FIs should pursue advanced technologies—including artificial intelligence (AI) and machine learning (ML)—to drive sanctions compliance has shifted from “if” to “when, how, and on what scale?”

Even regulators now recommend technology to combat risks specifically related to real-time payments. Last Fall, OFAC published Sanctions Compliance Guidance for Instant Payment Systems. In its guidance, OFAC reaffirmed that financial institutions should take a risk-based approach to manage sanctions risks; and encouraged the development and deployment of innovative sanctions compliance approaches and technologies to address the risks.

OFAC specifically calls out the availability and use of emerging sanctions compliance technologies and solutions. It states that “technology solutions for sanctions compliance, which have advanced significantly in recent years and become more scalable and accessible, can be leveraged to help mitigate a financial institution’s sanctions risk, including with respect to instant payment systems.”

How AI Can Help

Alert fatigue is draining on compliance teams and adds time to the sanctions screening process. Sanctions screening software generates many sanctions alerts, and 99% of those alerts are false positives. For each alert, payment is held up pending review. This means real-time isn’t near real-time anymore, it just becomes a wait.

In response, FIs directly employ or contract out dozens or hundreds of people to manually review these alerts. Using time and money to review thousands of false positives is an efficiency problem that can lead to missing that rare true positive.

Following OFAC’s guidance, AI tools can mitigate many of the sanctions’ risks associated with real-time payments, including:

• Accelerating exception processing to near real-time, thereby mitigating sanctions risk and maintaining speed-of-transaction.

• Instantaneously resolving exceptions (sanctions alerts) and allowing the payment to progress with no effect on the customer.

• Determining those payments consistent with past customer behavior, which a financial institution has previously vetted and cleared for potential sanctions implications. Therefore, the exception can be reviewed and processed in real-time.

• Evaluating data fields in the payment messages associated with exceptions, eliminating the false positives, and escalating only potentially true positives to compliance teams.

• Leveraging geolocation tools to identify potential sanctions violations.

I recently had a conversation with a BSA officer from a top 30 U.S. bank who said that their bank strategy is to move to real-time payments. He said that real-time payments for domestic payments will have sanctions screening after settlement. However, he warned, while this works for domestic payments, it wouldn’t work for international. In his opinion, automation is the only way to achieve real-time for international payments because their manual real-time payments sanctions alert review for international payments will slow the process down (20 min SLA), which is no longer real-time.

Real-time payments will continue to grow exponentially with it expected to surpass half a trillion payments globally by 2025. To be a major player, FIs will need to adopt real-time payments. With that said, it has never been more important for organizations to leverage all the tools at their disposal including AI to ensure fast, seamless screening and continuous monitoring to identify potential financial crime activity for both domestic and cross-border payments to ensure customer experience and prevent regulatory violations.