This is a transcript of the podcast Dr Mariola Marzouk on derisking, AML regtech and fear of speaking up, a discussion between GRIP’s commissioning editor Jean Hurley, and Dr Mariola Marzouk of Vortex Risk.
[INTRO]
Jean Hurley: Hello listeners, I’m Jean Hurley, Commissioning Editor at GRIP. Today in the GRIP Podcast we’re joined by Dr Mariola Marzouk, Co-founder of Vortex Risk to discuss de-risking, the FCA’s anti-money-laundering priorities and AML regtech.
Welcome Mariola. I’m delighted you could join us, please introduce yourself and give our listeners a brief overview of what you do, and your expertise.
Dr Mariola Marzouk: Thank you for inviting me to join the podcast. My background within the AML space is very much heavily weighted towards regulatory compliance technologies. However, I have also spent some time within the consulting company, helping financial institutions on optimizing their best mitigation strategies to address money laundering and I have also done extensive academic research on specifically on trade based money laundering, given that it is perceived widely as the most prevalent method of laundering money. So I was very curious to learn about how come that is and what can we do about that.
Jean Hurley: Thank you. Well, we’ve decided because we had an earlier discussion what we’ll do on the podcast and we decided to open with a discussion around something that’s been happening quite a lot lately, banks de-risking clients. This is also known as debanking. Can you explain a bit what it is.
Dr Mariola Marzouk: Absolutely. So, maybe I will start from why we have those regulations that are actually causing so much unintended actually consequences because when they were set up nobody thought that they are going to be used in a way that is not favorable towards small and medium enterprises or just normal citizens who might be, inadvertently, just triggering a lot of regulatory red flags and stipulations and risk indicators and whatnot.
So back in 2008 as we remember we had a pretty nice shockwave across the industry around the regulators not being able really to police the behavior of financial institutions, and that also expanded to money laundering or mitigating lots of nefarious activities. And as a result, we had really a lot of regulatory actions taking shape. And some of the statistics I read were quite shocking when they were pointing out that we’ve experienced [490 something percent] of actually new regulatory announcements every month, and they were pertaining not only to AML but to many other regulatory situations. So that’s a lot, imagine you’re a financial institution and you have to all of a sudden deal with all of those changes.
Equally from that kind of regulatory response also came response towards regulated institutions complying with those new requirements. And many banks were found to be in absolute shortcomings in regards to how those regulations were intended to be used or into how banks implemented them. And they faced fines. In 2015 I think, I saw very big global fines level of 11.5 billion. Then in 2020 we had nine billion. And then you would think of that might really slow down but here we go. 2024 we have just one bank, TD Bank, and it’s three billion so that’s just one. So clearly we are not slowing down. That’s pretty heavy weight on the regulated institutions in managing those those finances, because that’s pretty costly.
Now, banks naturally apply lots of self-policing structures in order to make sure they are not going to be found incompliant because it costs money and naturally they are not going to absorb all this cost by themselves so they need to do, they need to pass it somewhere. Typically it will end up being passed on customers on us, just like in any business, they are at the end businesses.
So, you know, if, if we consider some of the statistics I think LexisNexis has been doing this for a very long time, issuing kind of an indications of what costs financial institutions to comply with these regulations. Even if those numbers are not exactly correct, they give us some sort of indication of the problem. The last report pointed to 214 billion globally being spent by financial institutions to defend themselves against those regulatory points, so putting some measures in place in order to protect themselves from from being found non compliant. UK alone was about 34 billion in 2021 that is a really big number and if we compare it to 2015.
There are reports or the numbers I found in academic studies that say it was actually 5 billion in 2015. so it’s huge, so it’s not only the regulations increased the fines increased as well. But then you need to think, right, how about the criminality has that decreased, and actually our data points, it doesn’t, it hasn’t decreased in any way. So that way, because we’ve been quoting you know the statistics around money laundering being worth trillions of dollars a year to today we’re actually saying it’s 5% of global GDP. What a number.
So then if you’re faced with all those costs and financial institutions battling going to see the increasing cost of complying, they’ve passed this on customers. And then we face this problem of de-risking, meaning de-risking is forbidding certain clients or entities from having access to particular products financial products in order to mitigate their risk level. So if I am a financial entity and all of a sudden I want to use trade finance products which by regulators are considered high risk, that would put me into the high risk customer category and therefore banks now need to monitor more frequently and they need to apply far more stringent measures in order to understand if I am behaving in a way that will expose them to fines – it costs money.
It is difficult to obtain, let’s say I’m trading with entities in Asia, where it’s difficult to get access to KYC information. So, it’s just a lot for a bank to take so they need to take some measures so they naturally either restrict me from having access to those products or if I am, for example, quite frequently not even using trade finance product, but if I am frequently triggering red flags that banks find costly and challenging to review and to satisfy themselves that I’m actually not a risk to regulatory fines. I will be debanked, most likely and I have some data points from various different reports recently published on this subject.
So one of them is for example 2024. There was a report by a business banking group and they call it the de-risking report. In that report they’ve highlighted couple of entities that face de-risking challenge. One of them we actually wrote, an article that was published by you. It was around a very legitimate business that was doing a really great cause or it was socially very important. They were building solar powered water pumps. It’s a UK business and they were building those pumps in India in a manufacturing facility that they, they built over there. And they were selling those pumps through a range of intermediaries of West Africa to help farmers water their crops, because reliance on just rainfall is, is a pretty unpredictable and not really sustainable way of ensuring that you have water.
So, this particular institution, have banked for 10 years with that particular financial institution and all of a sudden they received the letter that they are going to have their relationship cancelled. And they gave them about two months to find alternative banking arrangements, and that particular business highlighted that the consequences of that letter first of all shocked them. They didn’t understand why. We’ve been there for 10 years, we are doing … what happened? They’ve tried to inquire from the bank about the purpose of the decision, but of course, the bank would not tell them why. So we’re left in the limbo to kind of speculate all sorts of scenarios. Naturally, they didn’t think about the fact that it might be just the AML regime that was causing this.
They did try to open alternative banking arrangements. And when the other bank asked what happened, haven’t you been banking for a while? They were truthful, they told them well this is what happened, then we all of a sudden we received this letter and we’re being debanked we don’t understand why, but our supply chain is at risk of collapsing, we cannot pay you know for our stuff, it has consequences for business, we can’t just simply not have a bank account. And that bank refused to open, of course, a relationship with them because they felt suspicious something must have gone wrong. Well, in this particular case, it ended up a positive resolution but only because that company asked their local MP to assist them in this matter. That local MP emailed the bank, senior managers, I think it was a CEO, explaining that, in essence, justifying that kind of the entity was it was doing a good cause.
And therefore the decision was reversed on that front. And then we have also Chinese citizens and Turkish asylum seekers that have also complained as well about being unfairly debanked for no reasons.
Of course, the reasons are that they are perceived as high risk customers, but we cannot deny those people access to the banking services because what happens when we, when we deny them they have to still, they have to live, they have to pay for rent, they have to eat, they have to, they have to earn money, they have to sustain themselves. So we’re in essence, telling them, you know, use some sort of other means of financing yourself rather than banks. It creates yet more vulnerability for the shadow economy to exist.
Jean Hurley: Thank you, Mariola, for the examples. Could you explain, maybe in just a few short sentences why you think this is happening?
Dr Mariola Marzouk: Yes. So, banks naturally like any business has to make cost benefit analysis and compliance with the regulations is very expensive. So when a bank has a client that does not deliver much return on investment and cost them a lot of money to comply with. And from a, you know, from administrative point of view from data source in point of view from acquisition of technologies. And even despite all of this costs, they still risk being, face regulatory stipulations and potential fines that it’s natural for any business to make risk decision and simply get rid of a problem. And unfortunately, many small and medium enterprises that have no ability to communicate by with the bank through let’s say dedicated relationship manager will not have an ability to explain, and will simply be left hanging and asked to find alternative banking arrangements.
Jean Hurley: Thank you. This leads to, in the UK, the FCA regulates firms for anti-money-laundering compliance. Can you please explain what are the FCA’s priorities?
Dr Mariola Marzouk: So we have, maybe before we explain FCA priorities, I will very quickly brief audience around policing bodies. So we have public policing bodies that are tasked with making sure that we are safe and crime is detected and normally this is the job of the police but the police in the United Kingdom doesn’t really focus on economic crimes. There are various reasons why that is. Number one, I would call out for time purposes is lack of knowledge and the extensive resources you actually need to find out and investigate to investigate criminality and collect enough evidence for the cases to stand in court and for the individuals to be brought to justice.
There is about 0.6% of the law enforcement in the UK that is dedicated to economic crimes and that includes money laundering, right? And fraud goes into it and others. Because they are so small, someone else needs to pick up the load and do the policing job. And so it happens it falls on the FCA and FCA is a supervisory body for regulated institutions. Mostly financial institutions, banks. So it executes that role. It polices those organizations.
And when it finds a bank non compliant with the rules, naturally, it, it penalizes that bank, it has the enforcement powers. The challenge here is when the police assets and confiscation and you know freezes and asset confiscations amount to like 300 and so millions a year, the FCA is able to actually exert 400 almost 500 million a year from financial institutions for non compliance, which is what three three banks in in 2021 collectively got that.
So we get more money from FCA enforcement than we get from bringing justice to to criminals. We don’t take enough from criminals basically so FCA does the job. But it needs to be perceived as doing the right job and doing the right job means that they are effective in the role they’ve been given to supervise the institutions and that UK financial institutions are perceived as trustworthy on the on the stage of on the international stage. And that is a very important financial center.
However, have they been fair the way they actually penalized those banks? They are supposed to be applying risk-based approach to the regulations, however most banks complain that it’s most like fear-based rule application of the law, meaning banks are not incentivized or encouraged to think about how their institutions can be abused by money launderers from the perspective of their understanding of products and customers geographies and you know and all the experiences they had as a ML arose and you know compliance professionals, they are rudimentarily asked to make sure that they comply with the letter of the law. So, by default, we are not finding much of a criminality problem.
Now FCA also has a lot of challenges with the resourcing of their personnel, because they’ve been told that they don’t pay enough to actually for people to stay and continue their careers. There is a report recently just recently published that surveyed FCA employees and ex employees about the culture within the institution. And they are highlighting that it’s a culture where you are not allowed to challenge. Anything, anyone that challenges will cause a problem, will cause a problem for them. They fear to say, you know, to say their perspectives. They also say that it’s a culture of, I did nothing, therefore I did nothing wrong, that’s a quote from that report.
It’s actually if you read the report, there’s a lot of very, very derogatory quotes there about the culture of the FCA, and why it’s not successful and why you know kind of makes me reflect on the studies I did on trade based money laundering and banks were telling me that every time they try to engage with the FCA to explain to them that the way they are asked to monitor trade based money laundering meaning make make trade finance products very high risk which causes de-risking. They wouldn’t hear it, they wouldn’t they wouldn’t engage. And the reasons why they wouldn’t engage it would be because they are priorities would be constantly changing. And how would they be changing they will be changing based on what’s popular subject. Sanctions is always a popular subject. Another one, wildlife crime, cryptocurrencies, whatever is actually perceived by the public or by the media as important and flashy and you know and it makes FCA look good.
Well, well if that’s how we adjust those priorities, then no wonder we are actually not finding criminalities and banks were further saying like, if we, if we stick to just one, then at least everyone will do the good job, at least in this one front, but they’re constantly changing. Doesn’t help. And banks just simply have to constantly respond to those changes. So it is not proactive it’s very reactive so. And further what the approaches also would be aligned with the expertise they hold internally. So if they know how to police to the regulatory stipulations on retail banking, and they don’t have expertise on trade based money laundering, let’s say or trade finance. You know, can we expect them therefore to go and investigate those fears for trade finance trade based money laundering, or equally for cryptocurrencies. No, they are not, because if they do, they will fail, and that’s not going to look good. So, that’s how those priorities are unfortunately not only in FCA, but in law enforcement as well.
Jean Hurley: So now, can we move on to firms using AML Regtech to comply with AML regulations because they think this is a quicker and cheaper way of adhering to the regulations.
Dr Mariola Marzouk: Yes, yes. So, um, I come from the regulatory technology background, right? I spent a decade, building those solutions or at least trying to find this most suitable features that will help financial institutions. And as I stepped away from the industry doing my PhD studies that was focused on technology and use of tech for trade based money laundering, I realized that actually, we cannot rely on those tools, not because the technology is bad, the technology is there to help us, you know, this is just you know these are just tools, hammers you know nails what whatever they are there. But the people behind those technologies have no understanding of money laundering, they don’t have that understanding because this is a very under-researched subject.
Why is it under researched? Because it’s not a government priority. So we can see you know the cascading challenge. So we cannot, know, say, I’m going to implement the regtech technology, there’s going to be AI running through my data, it’s going to discover all those anomalies and then I will be saying, well hold on, it’s just the tool. Who is the human that is standing behind it. Where did this human get the knowledge about what should AI be looking for. Oh, are we talking about the current regime about those red flags, those risk indicators, how well are they performing in finding criminality?
Well not very well, because those, you know, money laundering statistics are not going down and prosecutors are actually not bringing charges for money laundering, so a person will be, you know brought to justice for drug trafficking. But they are actually, they’re going to frequently drop the money laundering charge out because it’s difficult to understand, it actually skews the data. So, if the underlying tech is driven by people running on inadequate knowledge, because we are not researching it, then we are not going to be doing anything better, just going to do it faster.
Jean Hurley: So do you think it’s the data that needs to be improved?
Dr Mariola Marzouk: The data will never be perfect, let’s say this way. We will never have access to all the data that we need, and let’s not forget that nations currently are not trusting each other and we have a lot of data protection laws all over the world being implemented that are causing additional problem.
China for example, is notorious nowadays known for making it more difficult to access the data. And we criticize them for it. But should we? They are protecting you know themselves. Is it easy to get access to the American data? Is Europe not protecting their own citizens’ data? Data is a very valuable commodity we all have. So there’s always going to be a problem.
In my studies also there were some skeptics who very strongly pointed, they believe that they believe that the data privacy regulations were set up on purpose to prevent banks from actually effectively mitigating economic crimes. Why? Because at that point, they would be also uncovering a lot of very large powerful multinational corporations shifting money around for the purpose of tax evasion. They have a pretty strong lobbying power. I have to say, they give me enough, enough thought, you know, to contemplate that. I think there is a truth and reality in it.
Even if we say, example, when FATF reviewed China. The fact that actually China is so restrictive about their data was not really highlighted there as a major problem. If that’s the case, then yeah I would, I would, I would be very skeptical about some underlying reasons for those global data protection laws and question who ultimately benefits from these being there.
Jean Hurley: So if we go back to AML surveillance software. And as you said there’s a lot AI going through these products now. Do you have any concerns about this?
Dr Mariola Marzouk: Oh yes I do. And I have concerns again, not about the tech itself. But about how it is used, and who is programming that. There’s a lot of potential bias in there first of all, even the whole knowledge of the world is very much skewed towards the Western cultures producing knowledge about anti money laundering, let’s say, particularly the US, United Kingdom.
If that’s the knowledge that this AI is using to how about accounting for variations in cultures, and further, if it’s well because that’s how anti money laundering professionals reviewing alert or customers are asked to make their decisions and this is what they said is in my friend’s, actually PhD study, he has quotes there from those individuals saying that if I see a client, that is a Pakistani or this person might be brought and raised in United Kingdom but has links to Pakistan. I have to treat that client as a high risk. How fair is that? Of course, that’s going to be coded into technology that you need to pay attention to those high risk jurisdictions.
And then if you actually compare, know, FATF compliance rating some of those jurisdictions we say are very risky like Pakistan, Afghanistan and others, or many of them actually had better ratings than the United States. Hold on, isn’t the United States and United Kingdom the number one facilitator of money laundering, and these economies are accountable 40% of how money laundering is done, and yet they feature as low risk, and that’s how it’s going to be coded into the technology solution.
So there’s a lot of bias in there around misperception of what risk is, and who are those entities that we should monitor. Further, large corporations that are listed on stock exchange and already under a lot of scrutiny by other regulators will be perceived as low risk and banks will actually give them access to a lot of high risk products because they can get information about them, and they are regulated by others.
A smaller institution will immediately be perceived as high risk. Small community banks will be perceived as high risk but a large bank will not. All right. Therefore, larger economies, lower risk, smaller economies, high risk, smaller charity high risk, large international known charity, no risk. And if that’s the way, and you put really a criminal mind into practicing your own self, which ones would you use?
Well, I would definitely use those that are perceived as low risk. I would go for those that everyone trusts.
Jean Hurley: Something you’ve said in the past, you’ve told me that you feel as though AI can kill human intelligence. Do you see any role for AI as a tool to free up human intelligence? And what about AI leading to better job outcomes and high levels of job satisfaction?
Dr Mariola Marzouk: Yes, so human intelligence is different to artificial intelligence in a sense that we are creative. That’s it. We are extraordinary beings that can create extraordinary things. In essence, what I would like to say, I love this quote by Einstein that creativity is intelligence having fun. Well, in the AML world we are definitely not having fun. So we are not creative. We are not free to brainstorm ideas. As children, how do we learn? We learn through fun, we learn to experience the world through fun activities, and sometimes we use tools to normal objects of a household to other things, and we therefore create new inventions. We solve problems with whatever we have.
Now, artificial intelligence is heavily reliant on ourself, on our creativity. And if we are not allowed to be creative, not allowed to critically judge, and we just want to be, we’re just forcing the AML compliance officers to follow rules and don’t think, don’t be creative. And you know what, seriously, we might just as well let this AI do all the decisioning, that’s what it’s best at. It’s, you know, it’s best at following those rules. And saying that artificial intelligence is going to help the world because it’s going to find anomalies in data, anomalies in data, so you know, some sort of bizarre behaviors.
As a creative human and a criminal, I probably will not want to trigger things like that. I’ll probably be creative enough not to trigger any, any behavior that I would pick up. I’m creative. I’m not bound by rules. So what is it going to be finding, it’s going to be finding those who just happen to trigger those, those mismatches in data by just simply being in living. I’ve also seen an article recently that we are speculating about allowing the AI to be the regulators or to help regulators.
Quite frankly, again, it might be let it be, since if we are only going to assess institutions by ticking boxes and not how creative and intelligent they are in understanding their risk and putting controls in place, and the same time growing our economy.
So, yes, it can kill our intelligence, I mean, it can actually can kill our creativity which is the intelligence having fun let’s say.
Jean Hurley: Thank you. So it seems your advice is that people have to be creative in their use of regtech rather than just take everything that’s given to them, actually look what’s there.
Dr Mariola Marzouk: But it needs to be incentivized to do that this way right now we don’t have those incentives by the regulators if, you know if the bank has to comply with the rules, otherwise they get fined, then the tool that they apply for the job will also follow the same culture, it has to.
So it goes back all the way to the regulators to be empowering and creative. And I suppose this government the Labour Government, right, might be just that because it’s the, they’re talking a lot about what or Rachel Reeves is what we’re talking about that we are applying regulations to risk, you know, it’s very risk averse. And it’s time perhaps to look at deregulation or something the regulation the same in the America and guess what that already happened in 1980. We had exactly the same situation, where in powerful industrial organizations were complaining about regulations restricting growth. And out of that came deregulations or regulatory relief as they were calling it that time, and then this risk-based approach was born.
We are facing it again.
Jean Hurley: Going back to something we were discussing earlier, you were talking about the All Party Parliamentary Group report. And you were saying that, you know, there’s a fear of people telling the truth and being labeled as whistleblowers. Have you found this when you’ve been doing your own research?
Dr Mariola Marzouk: When I was conducting the research, and naturally you ask people to be kind and to share, right, and not to feel scared to do so, which I thought people would be really open to share about how they how they detect trade based money laundering but actually they were very worried. They were worried because they didn’t want to be identified or the bank to be their bank to be identified having any shortcomings or they didn’t want to be seen as challenging.
So many of them asked me to even review the transcripts before I use it, because they feel that something might just leak out. Of course, conducting PhD research under umbrella of university there’s a lot of ethics that we need to adhere to in order to protect the data so everything is anonymized. You can’t, you know, find out who said what, but this perception of fear was very strong. And even during the interviews they would say just please make sure that nobody knows I said that. And that made me really worried, because how we are supposed to solve this extraordinary wicked challenge of money laundering, if we are, if we fear to innovate to be creative to propose different solutions, because we fear that we will be told that we are non compliant, that we are not popular, that we will be challenged by others, that we will not be invited to conferences, that we will not have jobs.
I was actually told after, er so I couldn’t obviously continue my career in the AML space, also because I couldn’t sell my integrity anymore, I thought I, I couldn’t stand on stages and say those things that would benefit regtechs for example fully knowing that it stands against all the data I collected. So I had to stop, I had to step out. And I know that I am a challenger. And I know that it’s uncomfortable truth. But I have the ability to say that because I stepped outside. But persons who still work, don’t, and they frequently actually text us, me and Dr Gilmore, or LinkedIn, saying, “Thank you for saying those things out loud, please go on, keep doing it” and they some of them actually send us data to say out loud problems they are facing. And then this FCA report came out. And it’s like an echo of what I’ve been hearing and what I’ve recorded in my research.
Jean Hurley: One of the issues that some people have said about that report is that none of the evidence was checked.
Dr Mariola Marzouk: Yes. And also, interestingly, is that the FCA report when they, or studies they’ve done themselves had a difficult different story, they actually portray them pretty good. So I actually had a conversation with some of the banking professionals around the perception of this you know what this report really said, and some of them said it from their own banking perspective that whenever there would be internal survey issued, the senior managers would be actually contacting their staff to indirectly insinuate what they should be saying. Because if we don’t come up good, there might be repercussions on us. So people were indirectly told what to say, and how to feel. And of course therefore the surveys would come up really good. This hasn’t been checked. However, it aligns with my studies.
So I wouldn’t say that these findings is are not accurate, I would actually say perhaps this is a very good potential for someone to pick up the research and do it under academic umbrella in this case.
Jean Hurley: So, finally, Mariola, as we head over into 2025, what would be your wish next year to improve AML reporting standards?
Dr Mariola Marzouk: OK, my wish would be really for people to feel free to speak up. There are so many extraordinary ideas out there. People who have been, you know, been working in this field for a very long time, if they can tell me their ideas about what they would like to see, why are we restricting them from saying it in public? So, I would love to see all those great conference organizers who are obviously generating a lot of money from the sponsorships to put on the stage, not the same people over and over again because they are associated with very popular brands, with great financial institutions or governmental bodies, and therefore bring back same and therefore have the best exposure for those conferences. No, why don’t you change and allow others who have alternative views.
I’m not saying me but there are plenty of others out there. And let them speak. And let’s debate, you know, we’re supposed to be on this boat together, we are not going to solve this problem if each of us is being is behaving in a protective way and fears to innovate, to be creative so yes, I would love to see that. I would love to see all those conferences being, you know, vibrant, challenging for people to come out of it with strong emotions, strong yes or no, disagreements. I want to see that. Not people come out of those conferences and saying, Oh, yes, it’s another boring conference I’ve heard billion times over but they paid me. I went and I had free lunch. I would like to change that just in that.
Jean Hurley: That’s fabulous. Thank you. It’s been great having you on the GRIP podcast. Thank you for your time and sharing your insight in AML reporting compliance, speak up culture and AI, and thank you to our listeners, if you’re hearing this you probably know about us, but please tell your friends about grip. You can find us at grip.globalrelay.com and you can follow us on LinkedIn. Until our next podcast or article, farewell.
