Is it time for (re)insurers to crack the code on AML/CFT with artificial intelligence? 

Artificial Intelligence (AI) has caused revolutionary changes in the rapidly evolving fields of technology and finance. It brings unprecedented opportunities for innovation and efficiency, but it also introduces new challenges, especially when it comes to financial security.  

Anti-Money Laundering (AML) is one critical area where the combination of AI and finance is extremely important. In this blog, we examine the relationship between AML and AI in the insurance industry with a Luxembourg perspective, and how cutting-edge technologies can enhance efforts to combat financial crimes. 

Anti-money laundering/combating the financing of terrorism (AML/CFT): The benefits of incorporating artificial intelligence 

Integrating artificial intelligence into anti-money laundering practices offers various advantages that significantly enhance financial crime prevention’s effectiveness and efficiency. 

AI’s foremost advantage resides in its unmatched detection capabilities. It can analyse large datasets (including unstructured information), with exceptional speed and accuracy, identifying complex patterns that could be signs of money laundering.  

During file screening, distinguishing real hits from false positives often involves manual and time-consuming analysis. So, AI can significantly improve efficiency for (re)insurance companies, but also responds to the Commissariat aux Assurances (CAA)’s requirements outlined in Article 30 of Circular 20/03 issued in July 2020. 

• Detecting complex and unusual operations and transactions 

In fact, and according to the article just mentioned, insurance professionals, as part of their ongoing due diligence, are required to focus on activities deemed likely to be associated with money laundering or terrorism financing.  

This involves detecting complex or unusually large transactions and identifying unusual transaction patterns that lack an apparent economic or lawful purpose. For this matter, the CAA has highlighted specific cases for guidance, such as:

Professionals are advised to consider guidance, especially from CAA circulars, when fulfilling these due diligence obligations. Unlike traditional rule-based systems, AI evolves dynamically through machine learning algorithms, adapting to emerging threats and ensuring a proactive defence against evolving criminal tactics. This gives (re)insurance companies the capability to better handle these regulatory challenges and employ adaptive strategies to address issues effectively as they arise. 

• States, natural and legal persons, entities and groups subject to restrictive measures in financial matters 

AI reduces the risk of false positives, a persistent challenge in AML, due to its capacity for context-aware analysis. This improves the accuracy of identifying suspicious transactions but also optimises the allocation of human resources, allowing investigators to focus on genuine threats. Real- time monitoring capabilities empower financial institutions to respond swiftly to potential risks, preventing illicit activities before they escalate.  

Furthermore, the operational efficiency gained through AI automation leads to significant cost savings, as routine tasks like data analysis and compliance checks require no effort. For example, as a MIT’s study showed, Generative AI has the potential to enhance the productivity of highly skilled workers by up to 40%, surpassing those who don’t use it.  

Besides, according to Science Magazine, ChatGPT helped to reduce the average time taken to perform current tasks by 40% and improved output quality by 18%, which represents another significant productivity gain.

AI’s flexibility in adapting to changing regulatory dynamics also guarantees that AML processes stay compliant without the need for frequent manual adjustments. This capability establishes a strong defence against financial crimes and cultivates resilience in response to evolving regulatory landscapes.  

From a regulatory perspective, this adaptive capacity perfectly aligns with the requirement outlined in CAA’s Article 31 of Circular 20/03. This article mandates that companies ensure the filtering tool’s prompt update—whether internal or external to the professional—is used to conduct these controls whenever there is any change in the official lists issued by the United Nations, the European Union, and the competent Luxembourg authorities in the field of financial sanctions.  

Besides, more accurate customer profiling and early detection of suspicious behaviour enhance customer due diligence, reinforcing risk assessment and due diligence practices. This links to the CAA’s stipulation in the said article, which states that every insurance company should put in place measures to detect: 

• “The States, natural and legal persons, entities and groups involved in a transaction or business relationship that are subject to restrictive measures in financial matters in the context of the fight against the financing of terrorism”; 
• “The persons, entities or groups involved in a transaction or business relationship that are subject to restrictive measures in financial matters.” 

The increased efficiency in customer profiling through AI would significantly add value to the (re)insurance sector, particularly during client onboarding, where screenings are essential. 

• Entry into business relationship through “non face-to-face”, distance selling and intermediaries  

Speaking of client onboarding, the subscription process is mainly conducted remotely and facilitated by an intermediary network. This shift to remote interactions highlights the importance of meticulous attention to the risks associated with identifying and verifying the stakeholders involved (that is, the policyholder, beneficiary, ultimate beneficiary owner, proxy, among others).

Ensuring that the involved identities are accurate and authentic become crucial with remote transactions.  

The CAA has also highlighted the importance of conducting customer due diligence, especially when establishing a business relationship remotely without any other suitable guarantee (“non face-to-face” relationship) through Article 27 of CAA Regulation 20/03 pursuant to UE Regulation 910/2014 on electronic identification and trust services for electronic transactions. 

Indeed, AI can improve identity verification processes to ensure the authenticity of individuals involved in transactions. It achieves this by simultaneously accessing multiple databases and using technologies such as biometrics or facial recognition.  

AI is actively employed to enhance the accuracy, effectiveness, and security of biometric systems using various methods: AI-powered facial recognition systems can easily identify individuals with a high degree of precision, even in difficult conditions. 

Using new technologies for identity verification can offer extra assurance to professionals in the insurance sector. 

• Reviewing and updating information 

 Article 33 of Circular 20/03 mandates that every insurance company needs to continuously conduct due diligence, updating documents, data, or information collected from clients. This review is conducted at a determined frequency and under the following situations as outlined in Article 3, paragraph 5, of the Law and Article 1, paragraph 4, of the Grand-Ducal Regulation: 

• “A significant operation or transaction takes place, including an unscheduled surrender or an additional payment; 
• At the first operation or change in a contract included in a portfolio transfer, regardless of the nature of the operation or change made; 
• When the regulation relating the identification of the customers change substantially; 
• If the professional determines that insufficient information is available regarding an existing customer; 
• When the professional is under a legal obligation to contact the customer in order to re-examine any relevant information.” 

For the cases mentioned above, artificial intelligence greatly helps in enhancing the process’s efficiency and effectiveness. It enables the contract review schedule’s regular updating and notably improves the prioritisation of contracts that have surpassed their review deadlines.  

The introduction of the CAA’s Circular 18/9, and most recently Circular 23/15, requiring the implementation of a compliance plan, highlights the importance of adopting AI-based technologies to support compliance teams, who are often under pressure due to the increased regulatory oversight.  

While the compliance function faces multiple reporting requirements (for example, Compliance Officer, responsible for compliance, internal audit, audit / risk committees, regulators, etc), the existing processes are often manual and prone to significant risk of error. AI has the potential to enable compliance functions to manage large volumes of data accurately, allowing for: 

• Efficient implementation and update of compliance plans; 
• Powerful dashboarding to support risk assessments and identify areas subject to corrective measures and;
• Relevant and reliable key performance indicators to allow board members and key function holders to take appropriate measures in due time.

Despite the positive aspects, it’s important to highlight that ethical issues, data privacy protection, and the essential need for human oversight, are key considerations for ensuring responsible and effective implementation of AI in AML processes.

The challenges in deploying AI (emerging technologies) for AML/CFT 

Incorporating Artificial Intelligence (AI) into Anti-Money Laundering (AML) practices presents significant challenges that require thorough evaluation and thoughtful strategic decisions.  

One prominent challenge resides in the domain of data protection. AI systems rely on vast amounts of data, including sensitive customer transaction histories and personal information. The main goal is to ensure that the collection and processing of such data comply with privacy laws and regulations.  

In fact, obtaining appropriate consent from individuals is critical, considering the potential misuse of financial data. As data security becomes a top concern, AI systems need to implement robust measures to safeguard against breaches, unauthorised access, and other security threats.  

In response to these challenges, organisations deploying AI in AML need to implement strong governance frameworks, prioritise transparency, and remain up to date with evolving data protection laws and best practices. 

Additionally, while AI can serve as a valuable tool in initiating criminal investigations, the potential for errors, which can have significant and far-reaching consequences, emphasises the need for caution.  

Therefore, qualified human beings, who can understand how the AI arrived at its conclusions, should make the final decisions. This human oversight is crucial to ensure accountability and fairness. 

Finally, adopting new technologies in AML efforts presents other operational challenges, including costs, employee training and replacing legacy systems that should meet regulatory standards. Regarding system replacement, the users should also consider the new “EU AI Act” regulation, the first European Union regulatory framework for AI proposed by the European Commission.  

The regulation categorises AI systems based on their potential risk to users and aims to ensure that AI systems used in the EU are safe, transparent, traceable, non-discriminatory, and environmentally friendly.  

Conclusion

Integrating AI in AML offers plenty of advantages in terms of detection capabilities, risk management, and compliance. While promising and beneficial for insurance companies such as those in Luxembourg and its ecosystem, it’s crucial to navigate carefully through the challenges related to data quality, interpretability, cost and security.  

Achieving a harmonious synergy between AI-driven automation and human oversight is the key to unlocking the full potential of these technologies in the ongoing fight against money laundering. As advancements continue, taking a proactive and collaborative approach is crucial to address emerging challenges and optimise the benefits of AI in AML processes. 

What we think