Frank J. Meister
As compliance officers throughout the financial services industry scan the horizon for solutions to the never-ending onslaught of transaction monitoring alerts (especially false positives), some are turning to innovations such as robotic process automation (RPA) and machine learning. Each promises to bring efficiencies to Anti-Money Laundering (AML) monitoring regimes that today seem to only generate more and more alerts.
Let’s look at a schema used by many financial institutions for alert generation and review, and point to where these evolving technologies might be applied. The figure below illustrates the flow from alert generation through suspicious activity report (SAR) filing, including quality assurance (QA), with typical completion times for each stage.
A common alert generation and review schema uses a two-tier investigation process with QA steps positioned along the process, which includes the following:
Looking for Efficiencies
- Alert Generation: Generally, this is where transaction monitoring scenarios are executed and result in an alert work item that must be addressed by an analyst.
- Tier 1 Review: This is the triage and information-gathering stage. In financial institutions without integrated management information systems or data warehouses, analysts at this stage are often required to fetch information from a variety of source systems (e.g., wire systems, ACH warehouses, teller journals, card payment systems, relationship management systems, and check imaging systems) to build a case file for a later investigation stage. Typically, once reviewed by an analyst, the majority of alerts do not progress past this stage.
- QA 1: A quality assurance step may be inserted during or after the first review, to monitor the analyst’s work as it either leaves the review process (through a false positive disposition) or continues to flow through to the investigation stage.
- Tier 2 Review: Alerts passing the Tier 1 review are deemed “investigation worthy.” Another analyst will build upon the information gathered to date and perform a deep dive investigation of the customer’s transactions to determine if the activity is suspicious.
- QA 2: A second quality assurance step may be inserted during or after the investigation step, to monitor the analyst’s work as it either leaves the review process (through a false positive disposition) or flows through to the SAR preparation stage.
- SAR Preparation: At this stage, the SAR is readied for filing. The fields and checkboxes are selected, and the narrative derived from the investigation is composed and entered.
- QA 3: Another quality assurance step may be inserted during or after the SAR preparation step, to monitor the work flowing through to the Financial Crimes Enforcement Network (FinCEN).
Although the time allocated by financial institutions can vary widely, those alerts that traverse the complete process could potentially absorb over 10 hours. Of course, not all alerts take this much time; the vast majority of alerts never make it past the Tier 1 review stage. False positive rates for typical detection scenarios are commonly 95 percent to 98 percent. Financial institutions consider a finely tuned scenario to be one with a false positive rate of only 90 percent. Considering the time spent and value of the results, it becomes clear that efficiencies are desirable and necessary.
A widely quoted statistic is that only one percent of global money laundering activity is being detected and interdicted. It is unreasonable to assume that current practices could be scaled to improve that result. Different techniques must be applied, and two that appear to be nearing mainstream adoption are RPA and machine learning. (True artificial intelligence is a much discussed topic, but appears to be some time away from widespread use in AML operations.)
Handing over Tasks to RPA
RPA attempts to replicate the human steps that are taken to complete a business process. It allows employees in a company to configure computer software (a “robot”) to execute existing applications for processing a transaction, manipulating data, triggering responses, and communicating with other digital systems.
RPA matches needs in both Tier 1 reviews and Tier 2 investigations, particularly in data and information collection. Today, analysts access, record, and index structured and unstructured data across a wide variety of systems and applications, including transaction processing systems, account systems, relationship data bases, the internet, and external service providers. They then summarize this data, producing spreadsheets, case files, and summary narrative reports for analysis. By automating the fetching aspects of the task, analysts can potentially recapture 50 percent to 80 percent of their applied time, which could either be reallocated to actual analysis or eliminated from the process.
RPA could conceivably produce actual narrative. This technique could be applied in the Tier 1, Tier 2, and SAR preparation stages. In an example of a current application, the Associated Press has been using bots to compose financial news stories since 2015, based on the publication of quarterly earnings reports. If the requisite data is appropriately structured, RPA could be applied in a similar manner to construct the summary narratives currently composed by analysts.
Stepping up to Machine Learning
In contrast to RPA, where each step of the automated process must be programmed, machine learning is a technique by which the application learns the steps of a process without direct programming. It observes the actions of humans and then programs its own steps to accomplish a task.
There are two promising applications for machine learning in AML alert reviews. It could automatically address alerts to identify false positives, augmenting analyst efforts in Tier 1 reviews. Machine learning algorithms can look across thousands of clearing activities, teasing out patterns or complex combinations of variables that may not be readily identifiable by solo analysts. The algorithms would look for the patterns that analysts are applying to clear alerts, then identify patterns in the data that match the human clearing activities. The large availability of false positives makes this technique most promising in the short term.
In an ideal world, there would be one-to-one matching of alerts to suspicious activity. So the second, longer-term application of machine learning would be to detect actual suspicious activity without the production of large volumes of false positives. Getting the machine to generate more precise alerts will likely require the incorporation of data sets not currently in use by most financial institutions—sources that may raise data privacy concerns.
For example, one approach could combine input from social media and other online data sources with conventional “know your customer” data and transaction monitoring. This could generate alerts that match actual activity with an individual’s modeled propensity for criminal activity based on psychographic profiles, reducing the alerts that are generated for customers with low-risk social behaviors.
Preparing for the Future
How does an organization position itself to implement these promising new technologies? As with most exciting adventures, first come the mundane tasks of preparation.
RPA requires a very detailed process map. That means step-by-step documentation of every task analysts perform as part of an alert review: systems accessed, fields acquired, logic trees, etc. Once the process is mapped, it can be programmed for the bot to execute and repeat. The result is a consistent and repeatable work product that likely improves upon the variation tolerances used when analysts are responsible for the effort—something of great value in a compliance environment.
What’s more, the quality and completeness of data form the bedrock of these advanced techniques. If the data for the alert and review processes is missing or inaccurate, machine learning applications will still learn something, but they will learn it incorrectly.
Data quality has a number of facets, and is a complete topic in its own right, but a brief summary of data risks include:
- Incomplete populations: missing system or application interfaces and faulty interfaces that are not passing data according to needs or expectations.
- Missing attributes: data is not captured or stored in source systems or applications, interfaces may drop data, and data that cannot be stored at the destination.
- Incorrect attributes: incorrect data is captured and stored, and data is incorrectly transformed through an interface.
The good news is that any efforts to remediate data quality issues will be rewarded with better outcomes, even for existing alert generation and review processes. Managing data hygiene is rarely a waste of time, and is likely to be appreciated by a wider population of users within a financial institution, beyond the compliance function.
This is an exciting time to be involved in the technology aspects of AML and sanctions compliance. As with quantum leaps of the past—like the migration from paper reports, rulers, and highlighters or the implementation of electronic case management—the next generation of detection tools and processes promises to bring efficiencies that will reduce the frustrations encountered in the current environment. The foundational work of data quality governance can be tedious and Sisyphean, but luckily it will not be in vain, and will likely benefit a wide variety of any financial institution’s existing processes.
View as PDF
Treliant Risk Advisors
, Compliance, Risk Management, and Strategic Advisors to the Financial Services Industry, brings to you New Coordinates
, a quarterly newsletter offering insights and information regarding pertinent issues affecting the financial services industry. This article appeared in its entirety in the Outlook 2018 issue. To subscribe to our quarterly newsletter, please Contact Us