Will machine learning help the Commonwealth Bank of Australia avoid the next banking scandal?

Managing regulatory and reputational risk has become the top priority for the financial services industry in Australia in 2018 – so how will machine learning help?

The Commonwealth Bank of Australia (CBA) has led the Australian market in profitability, customer service and digital offerings[1]. However, it has spectacularly failed when it has come to managing regulatory and reputational risk. In the past year, CBA faced an AUD 700 million (USD 500 million) settlement for 53,750 breaches of the Anti-Money Laundering and Counter-Terrorism Act, as well as a scathing report from the banking regulator on its risk and regulatory practices, the early resignation of its CEO and the scrutiny of a Royal Commission[2][3]. This environment is not unique to Australia with global scandals such as Wells Fargo in the US being fined for opening unauthorized accounts and Lloyds in the UK being fined for mis-selling payment protection insurance[4][5].

CBA is now applying machine learning as a key method of process improvement for its regulatory risk management. CBA is not alone in the growing RegTech space, which applies technology solutions to ensure that financial services companies are able to comply with regulatory requirements as a means of process improvement[6]. RegTech is particularly important as regulatory burden has increased in both quality and prescriptiveness[7]. At the same time, increasing complexity in banking products and a greater focus on incentivized sales targets and cross-selling has made it more challenging to balance regulatory risk management with profitability[8].

In the short-term, CBA has engaged in a RegTech pilot through a partnership with ING and Ascent Technology to apply machine learning and natural language processing to interpret and convert 1.5 million paragraphs of regulation into actionable tasks with 95% accuracy[9]. If applied successfully, this will enable CBA to achieve cost savings and improve accuracy in its compliance function. CBA has identified that ‘RegTech is a very important part of our innovation strategy’[10]. It has also committed to a broader path of collaboration, increasing its involvement with the RegTech Association in order to improve its anti-money laundering and compliance systems[11]. More broadly, in response to the ongoing Royal Commission, it has recognized ‘the need for significant changes, particularly to systems, processes and culture’. However, CBA has not yet identified how it intends to apply machine learning and RegTech methods more broadly to manage its regulatory risk and compliance processes. Interestingly, artificial intelligence and machine learning have been key components of CBA’s broader digital strategy with a chatbot ‘Ceba’ launched in early 2018[12]. This raises a question of where CBA is focusing its growing machine learning expertise. Based on available public information, it does not appear that regulatory risk management has been CBA’s primary focus when it has come to machine learning.

As CBA continues expanding its RegTech focus, it has some key choices when it comes to prioritization, approach to partnerships and intensity of development. Here is my take:

Prioritization: The Ascent pilot seems to be about cost savings – but that is not CBA’s major challenge, and nor is profitability. The prudential inquiry into CBA found that ‘CBA’s continued financial success dulled the senses of the institution’ and that CBA had ‘an operational risk management framework that worked better on paper than in practice, supported by an immature and under-resourced compliance function’[13]. CBA must use its machine learning focus and expertise to identify compliance risks more quickly across different business areas. These types of solutions are already being developed elsewhere, such as IBM Surveillance Insight which can analyze internal data ranging from employee emails to trade transactions[14].

Partnerships: CBA’s current focus is on partnerships to develop regulatory management solutions. This makes sense in the short-term given their low capability compliance function and the large number of RegTech solutions being developed globally. However, in the medium-term the challenge will be integrating various risk management methods and tools into CBA’s everyday business processes and products. This will require internal expertise at the intersection of risk management and machine learning and CBA needs to increase its investment in this capability.

Intensity: Risk management is one of CBA’s top priorities of 2018, taking up the entirety of the Chairman’s letter to shareholders in the 2018 annual report[15]. Yet, this focus has only translated into one early-stage RegTech partnership in 2018. If CBA is serious about achieving a step-change in its regulatory risk management, it needs to harness machine learning at a faster pace, testing multiple solutions internally and externally.

There are many open questions for the financial services and RegTech industries. Across industries facing increasing regulation, where do you see the opportunities for machine learning to improve regulatory risk management? Could RegTech become a competitive advantage for the banks that succeed or is RegTech just becoming a standard tool that every player will adopt? (779)

[1] James Frost and James Eyers, “CBA delivers blockbuster $9.9b profit,” Australian Financial Review, 9 August 2017, https://www.afr.com/business/banking-and-finance/financial-services/cba-delivers-blockbuster-99b-profit-20170808-gxryud, accessed November 2018.

[2] James Thomson and James Frost, “Commonwealth Bank settles AUSTRAC case for $700m,” Australian Financial Review, 4 June 2018, https://www.afr.com/business/banking-and-finance/financial-services/commonwealth-bank-settles-austrac-case-for-700m-20180603-h10wzu, accessed November 2018.

[3] John Laker, Jullian Broadbent and Graeme Samuel, Prudential Inquiry into the Commonwealth Bank of Australia. Australian Prudential Regulation Authority, 30 April 2018, https://www.apra.gov.au/media-centre/media-releases/apra-releases-cba-prudential-inquiry-final-report-accepts-eu, accessed November 2018.

[4] Michael Corkery, “Wells Fargo Fined $185 Million for Fraudulently Opening Accounts,” New York Times, 8 September 2016, https://www.nytimes.com/2016/09/09/business/dealbook/wells-fargo-fined-for-years-of-harm-to-customers.html, accessed November 2018.

[5] Stefania Spezzati and Franz Wild. “Why U.K.’s Costliest Banking Scandal May Get Uglier,” Bloomberg, 5 July 2018. https://www.bloomberg.com/news/articles/2018-07-05/why-u-k-s-costliest-banking-scandal-may-get-uglier-quicktake, accessed November 2018.

[6] Kari Larsen and Shariq Gilani, 2017, “RegTech is the New Black – The Growth of RegTech Demand and Investmen,.” Journal of Financial Transformation (Capco Institute) 45: 22-29.

[7] Kari Larsen and Shariq Gilani, 2017, “RegTech is the New Black – The Growth of RegTech Demand and Investmen,.” Journal of Financial Transformation (Capco Institute) 45: 22-29.

[8] Ensigh, R. “What the Wells Fargo Cross-Selling Mess Means for Banks,” Wall Street Journal, 15 September 2016, https://www.wsj.com/articles/what-the-wells-fargo-cross-selling-mess-means-for-banks-1473965166, accessed November 2018.

[9] Ry Crozier, “CBA uses AI to make sense of regulations,” it news, 23 February 2018, https://www.itnews.com.au/news/cba-uses-ai-to-make-sense-of-regulations-485707, accessed November 2018.

[10] Ry Crozier, “CBA uses AI to make sense of regulations,” it news, 23 February 2018, https://www.itnews.com.au/news/cba-uses-ai-to-make-sense-of-regulations-485707, accessed November 2018.

[11] James Eyers, “CBA joins regtech group to improve compliance,”i, 23 September 2018, https://www.afr.com/business/banking-and-finance/financial-services/cba-joins-regtech-group-to-improve-compliance-20180921-h15pdu, accessed November 2018.

[12] James Frost, “CBA says artificial intelligence won’t replace specialists,” Australian Financial Review, 22 January 2018, https://www.afr.com/business/banking-and-finance/financial-services/cba-says-artificial-intelligence-wont-replace-specialists-20180122-h0m6o9#ixzz58lIaU9Li, accessed November 2018.

[13] John Laker, Jullian Broadbent and Graeme Samuel, Prudential Inquiry into the Commonwealth Bank of Australia. Australian Prudential Regulation Authority, 30 April 2018, https://www.apra.gov.au/media-centre/media-releases/apra-releases-cba-prudential-inquiry-final-report-accepts-eu, accessed November 2018.

[14] April Rudin, “The Regtech Revolution: Compliance and Wealth Management in 2017,” Enterprising Investor. Charlottesville: CFA Institute, 12 January 2017. https://blogs.cfainstitute.org/investor/2017/01/12/the-regtech-revolution-compliance-and-wealth-management-in-2017, accessed November 2018.

[15] Commonwealth Bank of Australia. 2018 Annual Report, pp. 4-6, https://www.commbank.com.au/content/dam/commbank/about-us/shareholders/pdfs/results/fy18/cba-annual-report-2018.pdf, accessed November 2018.

Image credit: ABC News

Previous:

Is Addition the New Subtraction at Lockheed Martin?

Next:

China’s Take on 3D Printing in Healthcare

Student comments on Will machine learning help the Commonwealth Bank of Australia avoid the next banking scandal?

  1. Thanks for sharing your thoughts. I found the article interesting since I had not thought about using technology to manage regulatory risk from financial institutions’ perspectives. I believe areas such as fraud, money laundering could be potentially benefit based on technology like big data, AI etc. If financials institutions like banks could use their internal/external customer data, online data, google and found a trend/tendency of such activities. For example, if there is a cash transfer from one country to another where the address of the bank account seems to be suspicious. At my prior company, there was a fraud case where my company mistakenly sent the money to the fake bank account. It turned out that the supplier my company intended to send money to did not exist in that address. You could easily see that if you google map. If bank could use the technology to prevent such cases, it would be a big competitive advantage vs other banks since they could build trust with customers better.

  2. This was an insightful and extremely relevant read! I see clear applications of RegTech in improving compliance and data integrity in pharmaceuticals manufacturing, where data falsification can lead to stiff penalties for companies and severe consequences for patients. Academia (particularly research) and the clinical trials industry are other areas that are also vulnerable to data manipulation and fraudulent practices and could benefit from RegTech solutions. While using machine learning for risk management seems like a potential source of competitive advantage for a banks, you make a sobering comment on CBA’s priorities – and so I think that adoption will depend on whether the risk reduction is tangible enough to change customer behavior around bank selection. With sufficient traction on customer and regulator demand for adoption, I see this becoming the industry standard in the long run, although early adopters could still enjoy a reputational halo for pioneering such risk management interventions.

  3. The article is very illustrative and relevant in today’s context, where governments around the world are investing resources and regulation to push bancarization in the pursuit of increasing more equality of opportunities, lower predatory lending, and mainly, more efficacy to tackle tax evasion and money laundering. Implementing a machine learning based system to address compliance related issues is therefore not only positive for the bank but also for the national authorities that will see this change with positive eyes.
    As the article states, the Commonwealth Bank of Australia and more broadly all the financial system, has been both 1) investing a lot of money in managing the compliance processes, heavily monitored by regulators, and 2) spending significant resources in fines when their KYC processes are not effective. I believe that introducing this system will very positive to the bank, not only by increasing the efficacy in the evaluation/control of the operations, but also the efficiency, allowing to streamline the tedious processes of multiple background checks and interpretation of vast and changing regulations in all the different markets it operates, among others. For me, the main remaining open question lies on whether the analysts in charge of the risk management processes will provide the system with the correct and full inputs necessary for a satisfactory evaluation, and more importantly, whether the analysts fully understand the underlying of the algorithms and the meaning of the system outputs. If the bank is able to tackle these potential issues, and make sure that trained users will be able to effectively use the system outputs and invest their time in value-added activities that will enhance the analyses, the efforts of innovating in the risk management arena will pay off.

Leave a comment