top of page
  • Bill Trueman

Can we Automate AML/CTF?

Increasingly, we read sales brochures and marketing literature from around the globe, and engage with companies that profess to have processes, products and solutions that ‘solve our AML/CTF obligations':

a) Without any focus or allusion to demonstrate a detailed understanding of AML/CTF legislation and requirements on impacted parties, and/or;

b) That assert that the solution is automated and worse still and somehow uses AI to differentiate, improve performance or results.

Vendor Solutions and AML Legislation

Often, solutions address only one of the four pillars of AML - namely that KYC/KYB (know your customer/business) can be done better, faster and/or quicker. Too many believe that to address, automate or gather more data about a customer at onboarding ticks the AML compliance box, and fails to recognise firstly that an automated tool does not fully address KYC, and mostly side-steps the wider AML requirements and challenges.

By relying upon a technology solution to undertake our KYC - we must be careful that, as an organisation, we have not just used a solution to collate details of the identity of a customer as simply gathering of credentials is not ‘knowing the customer’ and often moves us 'further away from understanding customers’, which is quite an irony.

We need to understand instead the risks within our product or service, how it will be used by customers and consider the risks that our product can, or might be used for money laundering and terrorist financing activities today OR in the future. A technical solution cannot understand this for us!

At the Simplest of levels, AML Legislation Requires of Us to:

1. - Know and understand who we are dealing with (KYC/KYB), what the customer is doing and how, the customer product and how and where it engages with its customers.

2. - Continually look for changes, and regularly check (periodic review) that they are still doing what they told us originally, and how they engage with their customers. Look for changes in product and the people that run or own the business and where we send their money.

3. - Watch and investigate the financial transactions that we process, look for and investigate anomalies - potentially daily, maybe every transaction before or as it happens depending upon the risk of ML/TF.

4. - Report suspicious transactions to the (appropriate for country) authorities.

Artificial Intelligence (AI)

In (3) above, technology has helped us to identify transactions that need to be investigated further, that are out of pattern from the norm. When a company sees millions of transactions a day, it needs to automate a process to show the one that should be looked in to and to highlight business model changes that may need further investigation. Over the last 20 years, terminology and technology have shifted from ‘rules-based’ reporting, machine-learning, automated risk identification etc. And more recently, people are suggesting that AI is now being used and provides the magical solution.

CARE though: whilst “Artificial Intelligence” or “AI” is changing the world, it is also something that marketing teams are readily using as a ’new term’ for all sorts of other technology and developments. And most likely not in this AML space. We need to be very careful what is and is not AI. And if you are in any doubt test suppliers and IT departments hard.

We’d certainly recommend 'Scary Smart’ by Mo Gawdat, a former CEO of Google AI: who is an ideal teacher and guru for what AI is, where it is going and maybe also why it is both ’smart’ and very, very ’scary’ at the same time.

Authors: Kevin Smith and Bill Trueman are directors at Riskskill, and are well known payments and risk specialist, with over 25 years of experience. For more information about Riskskill visit website at or contact them at

76 views0 comments

Recent Posts

See All


bottom of page