15 December 2017
Ben Knieff

Outside Look

Ben Knieff - Outside Look

3Posts 16,969Views 0Comments

What does Robotic Process Automation Really Mean

16 June 2017  |  6782 views  |  0

There have been a number of vendors getting in to Robotic Process Automation (RPA) to address some of the tedious aspects of AML compliance. As many know, even the best AML compliance systems tend to produce large numbers of false positives that analysts must review and clear. Large backlogs can lead to enforcement actions and generally lead to high operational costs.


The promise of RPA is in automating these repetitive, human capital intensive tasks without expensive and time consuming IT projects with back-end and middleware systems. In essence, RPA uses existing user interfaces to replicate the actions a human user would take. In theory, this enables automation, reducing the FTE load and overall operational cost, without the overhead of substantial IT integration, shifting the effort to the business to define processes without a lot of IT support.

All of this sounds pretty great, and for many purposes the approach makes a lot of sense. There are many day-by-day compliance activities that are repetitive and require limited subject matter expertise to handle. These seem like great opportunities for RPA, but it seems there are some risks that need to be carefully considered.

  • As RPA is, by design, intended to avoid making changes to back-end or middleware systems. This is great for agility, but could tip the cost-benefit analysis against making much needed changes to those systems. It is entirely possible a temporary fix could become permanent, to the detriment of long-term structural improvements.
  • RPA creates a new risk, or at least a different, risk to manage. What happens when a RPA process misses a sanctioned entity? This is not a one-off mistake made by a human analyst, but a systemic process failure that will call in to question all similar circumstances. Managing the risk of RPA should be taken as seriously as model risk validation and process validation.
  • It could be tempting to “over-automate” some processes – many activities may seem simple on the surface, there are times were subtle aspects of human interaction make all the difference. Call it “gut feeling” or “sniff test” if you’d like, but I can’t how many times I’ve talked to folks working AML or fraud cases that started by noticing something small, or something small repeatedly over time through the course of those tedious reviews.

I’m not suggesting RPA is wrong or a poor approach, the cost reduction benefits are clear. What I’m suggesting is that firms should really think carefully about if and how to implement such solutions, how long term strategic plans could be impacted, and how such solutions impact a holistic AML compliance program.


TagsRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Ben

Phone Scams For Everyone

11 July 2017  |  5206 views  |  0 comments | recomends Recommends 0 TagsSecurityGroupInformation Security

Banking Marijuana Related Businesses

26 June 2017  |  4982 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationRetail bankingGroupFinancial Services Regulation

What does Robotic Process Automation Really Mean

16 June 2017  |  6782 views  |  0 comments | recomends Recommends 0 TagsRisk & regulation

Ben's profile

job title Principal Consultant
location New York
member since 2013
Summary profile See full profile »
Founder of Outside Look Inc, a speciality consulting firm for financial services providers focused on helping financial institutions address fraud, AML compliance and security challenges quickly and e...

Ben's expertise

Member since 2011
0 posts0 comments
What Ben reads
Ben's blog archive
July 2017 (1)June 2017 (2)

Who's commenting on Ben's posts