Solving the billion dollar banking problem: Over 95% of transaction alerts are false positives. It's time for a rethink.
Criminals are evading traditional rules-based monitoring and it’s costing banks a fortune
Banks have spent decades and invested huge sums into automated transaction monitoring systems to detect money laundering schemes and generate alerts — yet, imagine the frustration when 95% of these alerts turn out to be false positives. This leads to billions of dollars lost each year in investigations according to a report by Global Investigations Review (GIR), an online journal focused on the law and practice of international investigations, writes Harinder Singh Sudan, Senior VP, financial intelligence unit at BlackSwan Technologies
And of the 5% of true positive alerts generated by current transaction monitoring systems, only 40% result in a suspicious transaction report (STR) — a document banks are required to file with a designated government agency when there is a suspected instance of money laundering.
The difficulties in prioritising cases that involve actual money laundering schemes have impacted the consistency and quality of case investigations at banks, as well as the productivity of investigators. The knock-on effect has been a significant reduction in operational efficiency, in addition to increases in the cost of processing payments; if a payment is wrongly detected as suspicious, it would still require the same resources to investigate as a payment that has rightly been detected as suspicious. All of this leaves financial institutions further exposed to non-compliance penalties and the subsequent reputational risks that go along with them.
See also: JPMorgan Global CIO Lori Beer on Kubernetes, tech talent, and balancing speed with stability
Regulators recognise the importance of more effectively analysing customer and transactional data to address this issue and are increasingly encouraging the use of advanced technologies such as artificial intelligence and machine learning.
So, how can financial institutions leverage artificial intelligence and machine learning to tackle this billion-dollar banking problem? And what new transaction monitoring techniques are being introduced as a result?
When it comes to transaction monitoring, high false positive rates prevail
While the majority of current transaction monitoring systems are rule-based, high false positive rates prevail. This means that there is room for improvement, but nevertheless, rule-based systems act as a simple yet effective baseline for detecting money laundering schemes.
Rule-based transaction monitoring systems detect suspicious behaviours based on predefined conditions such as unusually large cash deposits, sudden changes in transaction frequencies, and successive transactions of small amounts broken up to evade the reporting limit. When rule-based systems detect such conditions, they generate an alert. Backlogs of these alerts are manually reviewed by internal investigators then categorised as either false or true positives in the first phase; some true positives eventually result in a suspicious transaction report (STR).
Follow The Stack on LinkedIn
However, rule-based systems have certain limitations. The predefined conditions are typically static, meaning that they remain the same and fail to adapt to evolving real-world scenarios. They also become quickly outdated and are easily predictable. This all makes it easier for cybercriminals to predict the parameters and adapt their tactics accordingly to circumvent detection by current transaction monitoring systems.
By combining rule-based transaction monitoring with other methods enabled by AI and machine learning, firms can further analyse customer and transactional data to identify unusual patterns and infer actionable insights. Firms can also identify suspicious behaviours worth investigating before they trigger alerts. This enhances the detection and investigation of suspicious transactions while reducing false positives and increasing true positives.
Two notable methods of this sort are relationship-based monitoring and behaviour-based monitoring.
Enter: relationship and behaviour-based monitoring
Unlike rule-based monitoring that relies on the more simplistic “if, then” logic, both relationship- and behaviour-based monitoring go beyond static rules to identify hidden patterns and relationships between all entities and counterparties involved in transactions.
Relationship-based monitoring systems use visual link analysis to ingest and analyse large volumes of customer and transactional data in order to identify simple and complex connections between the entities and counterparties involved. These systems consider various factors such as transactional activities, ultimate beneficial ownership (UBO), and addresses.
Customer and counterparty profiles are often enriched with data from public and paid sources to improve the identification of hidden relationships and complex networks. These may include connections between parties involved in recurring and non-recurring fund transfers between internal accounts, correspondent banks, and external counterparties.
By uncovering patterns between the identified relationships, relationship-based monitoring enables financial institutions to identify complex money laundering and terrorist financing networks more effectively both on a national and international scale.
For example, large scale money-laundering operations are often conducted by creating networks of shell companies, while using several smurfs and segregating flows of money to complicate detection. Relationship-based monitoring thwarts these efforts by simplifying the detection of such networks.
Behaviour-based systems, on the other hand, determine whether transactions are normal or suspicious based on historical behaviours. By applying machine learning algorithms to analyse large volumes of customer and counterparty profiles and transactional data, these systems uncover hidden patterns associated with normal and abnormal activities.
Staff may also define features based on known money laundering and terrorist financing behaviours. If a customer’s behaviour deviates from historical patterns or from typical behaviours of peers, or if similar to the predefined features, the system generates an alert.
Since relationship- and behaviour-based monitoring consider factors that are more complex and less predictable than those found in rule-based scenarios, criminals find it harder to circumvent these systems. Thus, relationship- and behaviour-based monitoring are more effective against criminals that adjust their methods to bypass detection by rule-based systems.
Moreover, machine learning-based systems are self-learning with dynamic features, which means that they adapt to evolving money laundering and terrorist financing in near real time. This allows banks to more effectively counter money laundering and terrorist financing by significantly reducing false positives, identifying more suspicious activities, and improving SAR filing percentages.
With billions of dollars lost each year to investigating false positive alerts, it's time that financial institutions re-evaluate the techniques they’re using to shrink this ocean of false positives, into a pool whereby it’s easier to detect actual money laundering schemes. While rule-based monitoring remains a critical part of transaction monitoring, by integrating current systems with the more advanced relationship- and behaviour-based monitoring, banks can further enhance the detection of suspicious activities — combining the strengths of each method while compensating for their shortcomings.