Anti-Money Laundering (AML) Non-Compliance is Injurious to Your Business’ Health

On June 3 2018, the Commonwealth Bank of Australia was fined $700 million for AML non-compliance. Some of the problem areas at the bank included:

• Failure to properly monitor transactions for money-laundering red flags on 778,370 accounts for three years. This failure was likely due to the flood of AML alerts generated every week and insufficient resources to address them due to the high number of false positives (alerts that flagged but aren’t related to AML activity), estimated to be as high as 95% for leading banks.
• 149 Suspicious Activity Reports (SARs) were filed late, or not filed at all. Finding false negatives or hard-to-find AML alerts buried deep inside intricate network of accounts and identities is time consuming and often leads to late filing or worse no filing at all.

Commonwealth bank of Australia isn’t alone — U.S. Bancorp was fined $613 million in February 2018 by U.S. authorities for lax anti-money laundering controls.

There are three fundamental issues with AML monitoring process that are the root cause for non-compliance:

1. High number of false positives in AML alerts — As much as 95% of AML alerts raised are ruled in the end as being unrelated to money laundering.
2. Hard to find or false negatives in AML alerts — Money launderers become more sophisticated every year, creating an intricate network of identities and accounts to funnel their ill-gotten gains. This makes it particularly hard and time consuming to find the false negatives buried deep inside the mountain of legitimate transactions.
3. Manual time-consuming process of case investigation — The alerts that are ruled as high risk turn into cases that are investigated by AML analyst. It can take anywhere from 20 minutes to several hours to investigate and resolve complex alerts, turning those into Suspicious Activity Report (SAR) or closing the cases where investigator deems the activity as unrelated to money laundering.

We will explore first two issues — false positives and false negatives in AML alerts in this blog and look at how graph analytics can help address those to improve AML compliance.

REDUCING FALSE POSITIVES IN AML ALERTS WITH GRAPH

Figure 1 — Ruling out low risk alerts with graph (reducing false positives)

There is a new AML alert raised for a counterparty, Counterparty 2 that has had recent financial transactions with a customer account. Traditional approaches would suggest that this new alert is high risk, because the traditional metrics, such as high number of alerts generated and multiple SARs (Suspicious Activity Report) filed on the same customer account, all point to the likelihood of high AML risk. Nonetheless, through graph analysis, it turns out that of all the previous alerts, only those related to Counterparty 1 became SARs while those related to Counterparty 2 have all been closed.

Given that this new alert is related to Counterparty 2, it will likely be more similar with alerts 3 and 4, as opposed to alerts 1 and 2, and thus probably should be closed, or at least low risk. This demonstrates that graph analysis can identify and group “like” alerts where a conventional transaction monitoring system would miss the relationship.

FINDING FALSE NEGATIVES IN AML (ALERTS MISSED BY OTHER SOLUTIONS) WITH GRAPH

Figure 2 — Uncovering high risk alerts with graph (finding false negatives)

In the example above, this new alert would likely have been classified as a low-risk alert under a conventional scoring approach, because none of its attributes measured by the traditional scoring model displays any AML risk. However, the conventional approach fails to consider the cluster of high-risk customers that this alert is associated with. This new alert is connected to a new customer, who shares the same phone number with four other high-risk existing customers, on whom multiple SARs have been filed previously. Such a hidden linkage through a phone number would have been quite difficult to uncover using human review or existing models and systems. Thanks to graph, this hidden linkage is revealed, and this new alert would be elevated to a high-risk alert.

IMPROVING ACCURACY FOR MACHINE LEARNING FOR AML WITH GRAPH-BASED FEATURES

Consider three alerts raised in the example above — we will consider how the alerts were rated based on traditional features based on account history and how they are classified based on graph-based features.

Training data for machine learning includes features such as financial transaction amount, SARs filed for related account and if the particular account is part of a high-risk geography. Based on these features, an alert is raised for Counterparty 2 as Counterparty 2 has received funds from a customer account that is also doing business with Counterparty 1 and there are SARs filed for Counterparty 1 based on past transaction history. Counterparty 2 is also in a high-risk geography. After reviewing features generated by graph database, alert for the Counterparty 2 is reduced to low risk — all alerts in the past for this account have been closed and none have tuned into SARs. Even though the account is in high risk geography, it does not share phone, address or any other information with a high-risk account with SARs. Graph based features have essentially ruled out a false positive in the AML alert for Counterparty 2.

Let’s consider the alert for the new customer, who is not located in high risk geography, does not have any alerts or SARs as they do not yet have a history with the financial institution. Traditional AML solution will not flag an alert for the new customer. However, graph-based features dig deeper and find that the new account shares a phone number with several customers with SARs: graph-based solution creates a new AML alert that was missed by traditional AML solution and marks it as high risk for further monitoring and investigation. Graph based solution finds the false negatives i.e. AML alerts missed by traditional solutions.

Implementing graph analytics to improve AML compliance for your organization

We have explored all three issues — false positives, false negatives and case investigation efficiency in great level of detail in the new Anti-Money Laundering (AML) executive brief, authored by the banking industry expert, Robert Liu (CEO, Nanling Global, Principal at Promontory Financial Group). Robert has also laid out a prescriptive three pronged approach to adopting graph analytics in your financial institution in a measured manner to improve AML process efficiency, reduce costs and minimize the risk of non-compliance.

If you are interested in learning more here are some helpful links:

Download the AML Executive Brief here.

Register for the Risk.net On Demand Webinar with Robert Liu, Lester Joseph (Manager, Global Financial Crimes Intelligence Group, Wells Fargo) and Christopher Ruzich (Senior Manager, Financial Crime Compliance, Standard Chartered Bank) to learn and create your own roadmap for improved AML compliance in your organization.