Do AI-based anti-money laundering (AML) systems violate European fundamental rights?
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
Machine-learning algorithms are increasingly used to predict different forms of criminal behaviour.1 It is therefore natural that such algorithms should be used in transaction monitoring by financial institutions to comply with laws on anti-money laundering and countering financing of terrorism (AML/CFT). The EU’s Fourth AML Directive2 requires banks and other financial institutions to conduct ‘ongoing monitoring of the business relationship including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the obliged entity's knowledge of the customer, the business and risk profile, including where necessary the source of funds’.3 Monitoring must be sufficient to ‘enable the detection of unusual or suspicious transactions’.4 Most IT systems used for AML/CFT transaction monitoring already include complex rules-based algorithms.5 Regulators and financial institutions are currently studying the introduction of more opaque machine learning (ML) algorithms to supplement the existing rules-based systems. The introduction of ML algorithms in transaction monitoring could permit detection of new criminal activities, but also brings to the forefront data protection risks that so far have been only partially studied.6 A series of recent cases dealing with the collection and processing of personal data for the purpose of combatting crime and terrorism sheds new light on the compatibility of AML/CFT transaction monitoring with the General Data Protection Regulation (GDPR) and the EU Charter of Fundamental Rights (Charter).7 In particular, the Court of Justice of the European Union’s (CJEU) Digital Rights Ireland,8 Tele2 Sverige – Watson,9 Canadian PNR Agreement,10 and Quadrature du Net11 cases raise serious questions regarding the compatibility of current AML/CFT transaction monitoring systems (TMSs) and regulations with the GDPR and the Charter, leading us to the conclusion that current AML/CFT laws imposing transaction monitoring and reporting of suspicious transactions need to be substantially modified, particularly if new ML tools are to be introduced. In this article, we identify the shortfalls of the current legal framework but also make suggestions on how it can be improved in order to facilitate the introduction of ML algorithms while also improving compatibility with fundamental rights. Some of our recommendations for improvement are consistent with those already made in 2011 by the Article 29 Working Party12 and in 2020 by the European Data Protection Supervisor,13 although ours go into considerably more detail, drawing on solutions that have been developed in the field of intelligence gathering and cybersecurity.
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.001 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.000 |
| Science and technology studies | 0.000 | 0.000 |
| Scholarly communication | 0.001 | 0.001 |
| Open science | 0.002 | 0.001 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it