Convergence of RPA and AI: the changing landscape in banking compliance

Banks and financial institutions (FIs) are amongst the most heavily regulated industries, and are continuously faced with new complex regulations, or changes to existing ones. This requires them to strengthen their compliance frameworks, governance and oversight, procedures and platforms.

While the regulatory environment will always remain dynamic, and perhaps get more complex, emerging digital technologies promise to make regulatory compliance more agile and efficient, with automated compliance processes, employing scalable solutions adaptable to business growth, and at the same time significantly driving down compliance cost. Some of these technologies are robotic process automation (RPA) and artificial intelligence (AI), which are transforming the regulatory compliance landscape in banks.

Converging RPA and AI for banking compliance

A lot has been discussed about RPA’s capabilities of automating rule based repetitive manual tasks which are highly manual in nature, time consuming and do not involve decision making. But we are also aware that a large part of banks’ compliance functions require human decision making, e.g. whether to approve or reject a new prospect as a customer during on boarding know your customer (KYC), whether to close an alert (say screening or transaction monitoring alert) as false or further investigate to check likelihood of suspicious behavior, whether to approve a credit limit breach, and so on.

There are also compliance activities which require human intelligence to complete certain tasks, e.g. verifying documents against data submitted by customers (say KYC documents or loan collaterals), analysing new regulations (or changes to existing regulations) and deciding on how to implement the same in banks, and several others. This is where the strength of AI lies. From machine learning (ML), both supervised and unsupervised, to natural language processing (NLP), chatbots and machine facial and speech/voice recognition – AI has the entire space covered in terms of facilitating the said tasks with limited human intervention!

Customer onboarding

Automation of KYC during customer onboarding has been one of the primary use cases the financial services industry has been pursuing. Onboarding a new customer and KYC due diligence encompasses a series of steps, which are mostly manual in many large banks even now. RPA is now being implemented to automate the routine manual steps of customer data entry, capture of screening results and risk ratings.

NLP-based extraction of customer KYC documents is now being leveraged for document verification, and in some cases, even direct customer data entry from documents into the onboarding systems. ML is replacing manual approval of various KYC workflows, as cognitive RPA is being envisaged as the new age KYC approval mechanism.

Standard Bank, Africa’s largest bank, has successfully implemented RPA along with supervised ML based cognitive automation, to bring down the client onboarding and KYC timelines significantly from 20 days to just five minutes!


AML alert investigation traditionally involves routine steps of investigating suspicious alerts generated by transaction monitoring platforms, accessing multiple systems for collecting information on the alert, writing an investigation report, and finally decision making based on the report whether the alert is false, or seems suspicious and needs further investigation for a possible suspicious activity report (SAR) filing.

Alert case management is also being reimagined by converging RPA and AI. RPA is being enabled in many banks to complete the manual steps of information gathering and populating the results in a templated investigation report. ML is being integrated for decision making on such report, thereby closing false alerts and escalating suspicious alerts for next level of detailed investigation.

Some of the largest Australian banks, viz. ANZ and NAB, have been making rapid strides in their cognitive RPA programs in this very direction. The day may not be far when robots infused with cognition can study investigation reports and decide whether to close the alert or file a SAR!

Regulatory change management

Regulatory change management has been a major pain area for banks and FIs, as compliance regulations are extremely dynamic. New regulations are being enacted by regulators and changes made to existing ones very frequently. FIs need to capture the obligations arising out of such new or revised regulations, analyse and assess its impact on the organisation, identify the new requirements that need to be implemented, create action plans and implement the same, and finally check the maturity of the implemented changes in readiness for supervisory examinations.

Most FIs currently handle this entire lifecycle manually, which is as complex as it is cumbersome. However, a tectonic shift in this function is waiting to happen, as RPA and AI can automate large parts of this extremely important and time bound function. NLP can be used to read the regulation documents, capture the obligations required to be implemented by banks, and the business lines impacted due to such regulations. RPA can then pick these inputs and generate workflows for the respective business lines, for implementing the changes.

Post implementation, RPA can again be used to collect inputs required for assessing the maturity of the implemented changes and collate the same in an assessment checklist.

Limit breach and excess management

Limit breach/excess management is largely a manual activity in most banks, where the violations are individually reviewed by risk officers with supporting information from a host of sources including emails, customer documents and so on. RPA can be enabled in such scenarios, where the robot can collect the required information from multiple sources, based on defined rules, for such breach.

NLP can extract the supporting information from emails and customer documents. Supervised ML can aid in decision making on whether to approve or reject such breach, by generating a comprehensive report on the breach along with a recommendation. The risk officer can accept the recommendation or override the same.

KYC data remediation

KYC data remediation using chatbots, NLP and RPA could be a next gen solution towards ensuring customer data quality, which is an imperative in managing financial crimes risk. RPA can aid in flagging customer profiles with missing, mismatched or outdated KYC information, and initiate a remediation workflow.

While so far KYC data remediation has been a manual exercise, an automated remediation process can be enabled using NLP based text mining of customer documents available with the bank, as well as extraction of KYC data from customer emails, interactions with chatbots and so on. Chatbots can be utilised for seeking specific KYC information and documents from customers, based on the remediation workflow for the particular customer.

Once all of the above steps are completed, the workflow can be routed to an analyst, who can verify and accept or reject the changes made. Any additional updates required can also be made by the analyst at this stage.

Discovering synergies between AI and RPA – the future of banking compliance

Regulatory compliance is an extremely sensitive function in banks and FIs, as failure to comply leads to reputation loss for banks, along with severe penalties!

Banks have been embracing advanced technologies for their compliance needs for a very long time. And now a new digital era has emerged, which has brought in greater accuracy, sophistication and reduction in cost in banking compliance.

While RPA is being used to drive automation of repetitive rule based compliance processes, AI with its capabilities like ML, machine text-speech-facial recognition is enabling automated interpretation, analysis and decision making in various compliance functions. The effectiveness of banks lie in finding synergies between RPA and AI, so that they can implement end-to-end automation of even their most critical risk and compliance functions.

While RPA and AI deployment for banking compliance is still in its nascent stages, the financial services industry is among the largest adopters of these initiatives. Citibank and Barclays have implemented voice biometrics to prevent phone banking based frauds. RBS, HSBC and Lloyds are embracing AI platforms to detect card frauds. Several online identity verification tools, combining customer biometrics and computer vision technology along with ML, are emerging to provide enhanced security for prevention of bank frauds.

Banks worldwide are also envisaging the use of AI along with RPA to conduct real time news tracking and social media screening of their customers and counterparties, to detect early warning signals of suspicious behavior. Any adverse information collected from these sources can also be used to dynamically update the risk ratings of the customers and counterparties using RPA and ML.

Banking compliance is being reimagined by converging RPA and AI, but only a beginning has been made. As more banks implement varied and innovative use cases, and the benefits start to accrue, this journey will get accelerated and a whole new digital world of compliance will emerge as the new norm.

Robots and AI are not just science fiction anymore – they are slowly finding their feet in the real world too!