‘Buy versus build’ and other considerations for banks adopting AI
In the past six months, it seems like the entire world has transitioned on the topic of AI from “should we invest” to “how should we invest”. Yet, in the banking industry, there are two competing, and somewhat contradictory narratives around this question:
By The Fourthline Team
SHARE
The bullish narrative says it’s time to put the foot on the accelerator. Established banks are not adding new clients in meaningful volumes, and operating costs are high. Generative AI could enhance productivity in the banking sector by up to 5% and reduce global expenditures by up to $300 billion, according to McKinsey. That’s an impressive figure, and is only taking into account GenAI, with the implication that the overall upside could be far bigger.
On the more cautious side, current strong profits, plus strict responsibilities to regulators and clients, mean that banks must be more cautious and deliberate about how they adopt AI. There is no urgent need to widely adopt AI tech in the short term; slow and steady is the way to go.
Nonetheless, AI has already reached a wider inflection point. Even with a responsible approach that takes into account regulations and security, it is now time to start considering how to leverage this technology. In this post we will examine some of the risks, and some of the ways to approach AI adoption prudently. We will also evaluate the pros and cons of building AI capabilities in-house versus partnering with an external provider.
1. Take evolving and international regulations into account
Regulations are the most obvious consideration for any new technology in banking. They are also the most important, so it is worth drilling down into what this means. First, regulations change frequently. Second, occasionally, regulations are not just EU-wide; they are also local. So if you build an AI solution or partner with a provider in one market, and later want to expand, there may be a whole new set of regulations to comply with. Likewise, building and staying in one market means there is also going to be a cost in terms of maintaining compliance.
What you can do about it
If you are building AI tools in-house, you must first understand the resources you will need in order to comply with regulations. This shouldn’t just be applied to today, but also how they will evolve in the future and how they apply in different markets. If you don’t account for this before you start, it can become a huge hidden cost.
On the other hand, if you partner with external providers, it is vital to have complete trust in what they are doing. You should look for partners who are compliant and regulated, in the same markets and in the same way you are.
How Fourthline can help
Fourthline is built in Europe, for European clients and to the same regulatory standards expected of European banks. As we operate at scale across a number of European jurisdictions, it is key to our business that we are always in step with regulatory changes across all our markets. Because we are doing this at scale, and are wholly focused on it, we can evolve our technology in line with regulatory changes in a more agile and cost-effective manner.
2. Adopt an uncompromising stance on ethics
There are a range of potential ethical pitfalls when it comes to adopting AI tools. Among other things, training data is sometimes sourced unethically, without the consent of the individual providing it, or from entities that have collected it in ways that are not clear. It also includes data biases. Incomplete data can produce biased outputs and AI can further amplify existing human biases. For example, if a bank’s historical data shows that certain minority groups have a higher rate of loan default, AI may automatically reject loan applications from those groups.
An ethical approach to AI is critical both terms of providing better service (read: not being biased against customers due to gender, ethnicity, or other reasons) and protecting your bank’s reputation. As the use of AI becomes more widespread, the ethics behind it will become vital for society’s trust in the financial sector as a whole. This is especially important since discriminatory outcomes produced by AI can perpetuate existing inequalities.
What you can do about it
To avoid selection biases, make sure your data is representative of your users. If building in-house, either use internally-sourced data or be sure you know where it comes from. If you are buying AI solutions from a third-party provider, make sure you know how they source their data.
How Fourthline can help
Fourthline ensures integrity around data and an ethical approach to AI in several ways. First, all our training data is strictly governed, meaning there are no capabilities trained on unethically-sourced data. Second, the training data is representative of the end customers. During Fourthline’s onboarding flow, customers agree to share their biometric data to improve the service, meaning our models are trained on the exact data to which they are applied. We have trained our models this way for many years, meaning they are already very advanced.
3. Make sure your decisions are explainable
It is a regulatory requirement in the EU that identity verification and AML technologies, such as Fourthline, are able to explain how their solutions work. However, many institutions have trouble explaining why a model makes certain decisions, putting them at regulatory risk.
What you can do about it
If building internally, you must design explainability into AI processes and outputs with a focus on explaining rationale, responsibility, data, safety, performance,and impact. If partnering with an external provider, look for a partner who does the same, and grill them on the details.
How Fourthline can help
If a regulator wants to know how decisions are reached and how the model works, we can explain it easily, and will provide full audit trails for auditors and regulators. For example, our case auditing functionality helps both in-house teams and regulators understand the details of how cases are processed, and the evidence that decisions are based on.
4. Maintain high standards around security
In 2024, for the second consecutive year, cybersecurity is the top concern for European banking Chief Risk Officers, with 82% ranking it as the biggest threat to business over the next 12 months. Retail banks emerged as the most vulnerable, with 82% experiencing a third-party breach in the past year, and 8% suffering from breaches within their own domain.
What you can do about it
If building in-house, as well as ensuring compliance with privacy regulations, you need to incorporate privacy and protection by design, and of course, maintain strict security procedures for AI models.
But what is particularly interesting is that the vast majority of breaches in 2023 occurred through third party suppliers. Many third-party AML or KYC solutions use APIs and core technology built by other companies. This is particularly concerning because it isn’t always clear what is happening with the data, where it is being stored, and how secure it is. If you are working with third parties, this underscores how critical it is to understand and trust their security practices.
How Fourthline can help
Fourthline meets the same European standards as banks and all our technology and training data is built and maintained in house, on our own servers. This means we meet the highest standards of physical and cyber security[1] and data cannot be used in ways that we are not aware of or would not expect. Further, our solution uses a mix of AI-powered technology and a team of compliance experts. This combination of speed and accuracy, coupled with human expertise, creates a robust defence against fraud and financial crime.
5. Calculate the ROI of different approaches holistically
Whether building or buying, there is an initial investment that can seem expensive up front. However, building something from scratch which already exists on the market is almost always more expensive, because existing third party solutions have already solved the same challenges. Partnering with third parties frees up internal resources, removes the need to pass on costs to customers, and can help banks build organizations with better unit economics. Nonetheless, partnering with third parties also comes with risks, which you need to manage properly.
What you can do about it
When talking to prospective partners, the first thing to evaluate is their compliance and technology. Next is building the business case. On the one hand, it is important to run the numbers on the ROI of partnering with an external provider. But it is also important to understand all the hidden costs of not just building, but also maintaining your tech in house. This, of course, includes navigating changing regulations, competing priorities, and expanding into new markets.
Fourthline’s approach and ROI
According to a commissioned study conducted by Forrester Consulting on behalf of Fourthline on a composite organization based on interviews with Fourthline's users, Fourthline delivers 390% ROI, with a payback period of under six months, and improved operational efficiency worth $13.3 million. It is worth keeping in mind that, with our modular solutions, it is possible to work with Fourthline to solve one specific challenge in your KYC or AML processes and then scale if the business case makes sense.
AI is imperative for banks to stay competitive
Relatively high interest rates, sticky, high-value customer segments, and strong levels of client trust mean that banks are currently stable and reporting good profits. Nonetheless, they have high operating costs and are not attracting significant volumes of new customers, which puts a question mark over the long-term sustainability of their businesses.
Against this backdrop, AI presents an opportunity and a threat. Adopting new AI tools in a timely, ethical, secure, and compliant manner will enable banks to build new competitive advantages against fast-growing competitors. But, whether you are building in-house or considering third-parties, the choices you make at the start, will be central to your long-term success. The risks of expensive and slow rollouts are high. Smaller competitors, who are already adding significant volumes of clients, are likely to work with AI tools to further improve their processes and build new competitive advantages.
To find out more about how to leverage AI for AML and KYC processes, contact us.
SHARE
Want to learn more? Talk to our experts
Get in touch with our Account Executive Pierre Matta