In an era where criminal activities evolve with technological advancements, regulatory bodies and industries face the challenging task of staying one step ahead. As the complexity and volume of transactions grow, there's a mounting pressure to adopt advanced technological solutions, such as AI, to bolster CDD(Customer Due Diligence), AML(Anti-Money Laundering), and CFT(Counter-Financing of Terrorism) measures. However, the road is not without its hurdles. Striking a balance between the complex regulatory landscape, the power of technology, and compliance with the GDPR(General Data Protection Regulation) is just the tip of the iceberg. This article aims to highlight these challenges and explore how harnessing the synergies of the upcoming AML package and the EU AI Act might resolve this tension.

THIS ARTICLE IS WRITTEN BY CEM ADIYAMAN AND SEFA GECIKLI. CEM ([email protected]) AND SEFA ([email protected]) BOTH HAVE A STRONG FOCUS ON LAW & TECHNOLOGY WITHIN RSM NETHERLANDS BUSINESS CONSULTING SERVICES

Challenges and Technology's Role in the Evolving Criminal and Regulatory Landscape

Criminals continually innovate to devise new methods for illicit activities. The EUROPOL report indicates a merging synergy between online and offline criminal activities. For instance, They're using digital currencies (like Bitcoin) for both online scams and real-world crimes. They even found a way launder make money by playing songs on Spotify.  These new methods introduce additional layers of complexity to CDD/AML/CFT compliance measures.

Additionally, there are more and more money transactions happening every day. In 2022, the European Central Bank stated that in just one day, they saw more than €3,481 billion being moved. On another day, they processed over 622,000 transactions.

With so many transactions and tricky crimes, we need a way to track them better. That's where technology, especially Artificial Intelligence (AI), comes in. It can learn patterns and spot suspicious activities, which could make CDD, AML, and CFT measures more efficient and cost-effective. Such digital solutions can enhance risk identification and the monitoring of suspicious activities, responding to them more effectively.

On the other hand, the current unclear rules in CDD/AML/CFT have caused organizations to handle more data than may be necessary. Additionally, with AI's ability to collect vast amounts of information, there's a chance we'll gather even more data. This could lead to potential issues, like the AI making decisions based on incorrect patterns or missing out on important details..

The set of rules itself is also evolving, demanding even more data processing. For instance, due to EU’s sanctions on Russia, the CDD process now also evaluates persons associated with sanctioned natural or legal persons, potentially unveiling political inclinations—a category of sensitive data.

With the increase in data collection, it's a significant challenge to balance the advancements in technology and changing rules with the need to protect people's personal information, especially following the GDPR.

Future Solutions: Harnessing Synergies of Upcoming Legislations

In July 2021, the European Commission rolled out a set of new rules to strengthen the EU's defenses against money laundering and financial crimes. One of the main features of this package is the creation of a new EU authority called the AMLA. Its main job is to oversee and improve cooperation between financial watchdogs in the EU. This central body will work closely with national groups to ensure that businesses across the EU follow the same set of rules.

The upcoming AML Authority aims to provide clear and straightforward guidelines. This is essential to avoid collecting too much personal information "just to be safe". By giving clear instructions, the AMLA will help businesses understand exactly what information they need to collect and check. Also, there's a new "EU single rulebook on AML/CFT". This new regulation is set to embed direct, actionable rules, especially concerning CDD and the identification of beneficial ownership. These steps clarify for businesses precisely which data they need, simplifying adherence to data protection rules, such as GDPR's data minimization principle.

As stated, there's a growing interest in using AI technology for financial checks and procedures. The upcoming AI law in the EU looks at AI tools and decides how risky they are. Not all AI tools used for financial checks will be seen as "high-risk". However, the proposed AI Act identifies AI tools used for biometric identification and the categorization of individuals as high-risk domains. It is known that many businesses have started using this kind of AI for identifying and verifying customers.

For the riskier AI tools, the new law will have stricter rules. These rules cover things like how data is managed, keeping clear records, being open about how the AI works, making sure there are humans involved in decisions, and ensuring the system's security and accuracy. Importantly, these rules line up well with the EU's data protection rules, known as GDPR. So, when businesses follow this AI law, they're also on the right path to following GDPR. This not only ensures data is handled transparently and responsibly but also makes the AI tools more reliable. In the end, this means better results when businesses check and comply with financial rules as well.

Conclusion

As our world becomes more digital, we see a mix of exciting tech developments, clever criminals, and the rules trying to manage it all. Criminals are coming up with new ways to get around the system, pushing our rule-makers and businesses to keep up. Thankfully, new tech like AI is stepping up to help. But as we dive deeper into using this tech, we need to make sure people's personal information is kept safe. With new rules on the horizon, like the AML package and the EU AI Act, there's hope that we can find a good balance.