Focusing the Criminal Activity Picture

Financial institutions create, modify, and store more than 5TB of data per day to verify identity, assess credit risks and measure market risks. They collect news and social media data about their customers, prospects and investors; they capture data about every automated and human interaction they have with these constituents, as well.

Like pieces of a puzzle, as more data is collected, a picture of consumer behavior begins to crystalize. This activity is commonly known as customer risk and transaction monitoring – but “intelligence-based monitoring” might be a more apt term.

Financial services firms spend billions of dollars on technology and operations for anti-money laundering (AML) programs – $25 billion annually in the U.S. alone. The average bank spends about $48 million each year, according to KPMG. The percentage of unusual activity found and filed with regulators for money laundering is about 2-5% of what they investigate, and less than 1% gets followed up or executed by law enforcement agencies.

Given that suspicious activity reported by financial institutions is the catalyst to most financial crime investigations, the question becomes, how can banks and financial institutions better assist law enforcement?

Adding intelligence to transaction monitoring

The answer might seem counter-intuitive: more data. The aim of intelligence-based monitoring is not to reduce data but rather to collect, create, and ingest more data into the program. All the data, or “intelligence points,” firms have about customers or prospects are important in building pictures of their behavior. More data collected and used by artificial intelligence (AI) technologies (including supervised and unsupervised machine learning) makes the “analytics” more effective at:

1. Identifying new activities, events or interactions that pose risk to the industry;
   
   
2. Connecting the entities involved through data engineering and network analytics of the financial activity; and
   
   
3. Reducing focus on “false positive” or known activities that are less risky to the industry and to the financial institution itself.

While more data often equates to more work, the added effort can pay dividends, making it well worth the investment. This “extra” data allows the advanced analytics to identify more substantiated unusual activity and, in turn, produce better regulatory reports. This ultimately aids law enforcement in combating and disrupting crime.

Financial institutions will likely identify new risks, as well, through regular risk assessments and ongoing investigations. The question is whether leadership feels their AML monitoring programs are covering all identified risks. Existing false positive rates and operational overhead have many firms concerned about adding more rules and models to cover all the risks or expanding their risk profiles with third-party customer data.

With intelligence-based monitoring, the more defined and accurate the data fed into the process, the more sharpened the criminal activity picture becomes. Data quality is a concern in any monitoring program, so firms still require operational controls around the input data, but there should be less fear in adding quality data into the intelligence-based monitoring program.

Beyond the data

It is said every answer leads to more questions. If more data is the answer to better helping law enforcement fight financial crime, it is logical to ask:

• How do firms look at everything being produced? The fact is they don’t need to, because all that history will reveal what’s risky and what is not risky – or at least not risky on its own. The key is the patterns, combinations, and linkage of entities, activities, and intelligence.
  
  Investigators know it’s never a single factor that leads to the identification of a risk; rather, it is a combination/linkage of data points, or new patterns or combinations, that guides the decision whether to investigate or watch for more activity to build.

• How do investigators know when something is investigation worthy? This is where AI and analytics come together. Several SAS customers use supervised and unsupervised machine learning to help them weed out less risky activity while identifying new, higher-risk activity. SAS has seen some customers reduce alert volumes by 25% while almost doubling their suspicious activity reporting for the same type of activity.
  
  While using unsupervised models still requires human intervention to determine whether the new activity warrants further investigation, the effort helps identify and validate new patterns of activity. These outcomes can be fed back into the AI models to help them learn to detect future unusual activity.

• How do investigators gauge if it’s working? To truly round out intelligence-based monitoring, testing is critical. Monitoring and testing the results will ensure the institution isn’t missing activities that pose risk. By sampling activities that were not triggered by the monitoring, teams can validate that the model is doing its job. This testing will require resources, rigor and documentation to continuously validate the effectiveness of the intelligence-based monitoring. The regulators and examiners will expect this level of testing, but the goal of these controls is to ensure law enforcement is getting a more accurate picture of criminal activity.

Fighting money laundering in a post-COVID age

COVID-19 has dramatically changed consumers’ spending patterns, thereby greatly impacting organizations’ ability to detect unusual activity. It’s simply much harder to spot anomalies as activity patterns diverge so far – and so quickly – from historical norms.

This circumstance makes an intelligence-based monitoring program all the more critical. Identifying the riskiest activity demands more risk data elements and attributes, a factor driving firms to rely on more third-party identity data attributes to validate the sources of transaction activity.

Law enforcement cannot fight financial crime without the help of financial institutions, yet firms are pressed to focus their monitoring programs on the entities and activities that pose the most risk. AI-augmented intelligence-based monitoring delivers on both needs. Banks and financial institutions who embrace its tenants can produce better regulatory reports and arm law enforcement with the information they need to better combat financial crime.

Carl Suplee is Director for Product Management for Fraud and Financial Crimes at SAS, where he is responsible for the strategic development and modernization of fraud and financial crimes solutions. A leader in the development and integration of AML and financial crime solutions for nearly two decades, Suplee’s experience includes integration of rules-based event generation, predictive analytics, anomaly detection and link analysis into fraud and AML programs. He is co-inventor of several patent-pending solutions for combating AML risk in banking.