Why now is the Right Time for AML Transformation 

Why now is the Right Time for AML Transformation 

Why now is the Right Time for AML Transformation

If you’re on the front lines of the money laundering fight within a bank, insurance company, building society, payment processor or other financial institution, you know, that despite your best efforts, it’s still a losing battle against the war on Financial Crime.

You feel the “Unknown Unknowns’ ticking time bomb residing within your walls, and hope you find these bad actors and their schemes before it is too late. With millions of relationships across customers, suppliers and partners, you’ve been leading with efficiency practices, namely rules-based transaction monitoring systems to detect and alert risky and suspicious behavior.

Unfortunately, you’ve learned that rules-based detection logic and automation systems are vastly ineffective and inefficient at identifying suspicious behavior. Thomson Reuters states that over 95% of system-generated suspicious behavior alerts conclude as “false positives” in the first phase of a suspicious behavior review — while approximately 98% of alerts never culminate into a SAR (Suspicious Activity Report). You’ve become too aware that this inefficiency has created the fertile ground for a growing number of sophisticated bad actors (terrorists, organized crime, drug cartels, black hat hackers, and sanctioned state actors) to hide within and exploit your financial institution and the rest of the global financial system, despite your best efforts to shut them down.

You’re often asked: Since this is such a big problem, then why don’t you simply innovate and eradicate the global challenge?

While an oversimplification, you know historically financial institutions experience prejudiced treatment by regulators. As such, your compliance leadership is cautious to seriously overhaul and innovate your AML and counter-terrorism financing detection and operations, as experimentation is perceived to have a high probability of incurring regulatory fines if the experiments were to fail. In the eyes of some compliance leadership, it is simply less costly to ‘play it safe’ rather than innovate to catch more bad actors. Better to deal with the devil you know than the one you don’t know.

Fortunately, regulators have made 2020 the right time to innovate. December 2018 saw U.S.-based regulators de-risk AML innovation in order to deal with the global rise in financial crime. Now, you can avoid regulatory fines if a violation is the outcome of an AML innovation. There is never a better time to innovate to address the multitude of AML threats and challenges you deal with every day!

The Challenges:

1. The Rise of the Sophisticated Criminal

You see first-hand that criminals are more sophisticated, organized and innovative than ever before. They talk to each other and share ‘best practices’ on the dark web, all to be one step ahead of your financial system controls and law enforcement.

Criminals constantly innovate, evolve, learn and test new techniques and operational approaches. Their incentive to do so is clear; low risk, high reward. They understand that what worked today to stop them may not tomorrow.You well aware that if you don’t keep pace, you will be left behind, and your risk exposure to financial crime activities and transactions will increase.

How are sophisticated criminals succeeding? If you feel that criminals are gaming the system, you’re right. Criminals learn how to look non-suspicious to hard-coded, rules-based detection systems. Once ‘inside’, they are slowly building their clean ‘IDs’ for the right time to launder their money or execute their fraud on a grand scale … only to ‘disappear’ and start again at another financial institution. If that doesn’t work because of your advanced controls, they find creative ways to take over ‘clean’ individuals through identity theft via data breaches (and other means) in order to commit financial crime. Your case backlog tells you that traditional rule-based systems are no match for these sophisticated criminals that never play by the same rules for long periods of time.

2. Dealing with the Tsunami of False Positives

FinTech disruptors are bringing previously underrepresented populations from around the world into the connected global financial system, resulting in rising transaction volumes. Higher transaction volumes is pushing the number of suspicious alerts requiring investigation higher, of which, 95% turn out to be a false positive. You know full well the system creates plenty of unnecessary and inefficient work, and you would like a better way.

Three key factors primarily drive false positives a) the use of out-dated rules-based detection systems, b) incomplete data and c) the risk appetite of the financial institution.

The volume of false positives generated is creating a near-unmanageable backlog within your processes and operations. This backlog creates the aircover for criminals to be active and go undetected for longer periods of time → resulting in an increase in risk to non-compliance. To avoid any non-compliance resulting from failure to review and/or report in time, you (or your time) work overtime, or you hire external consultants (or worse, make arbitrary decisions) to address backlog in time. You know that this approach is not scalable nor sustainable.

3. The Escalating Volume of Data Breaches

2019 saw a record number of data breaches, both in terms of # of institutions affected and data records stolen. Capital One experienced one of the biggest data breaches ever in 2019, having the records of 100 million customer accounts compromised, including 140,000 Social Security numbers, 1 million Canadian Social Insurance Numbers, and 80,000 bank accounts.

Breaches like the one at Capital One provide a treasure trove of personal information for Criminals to use these stolen identities to gain access to financial institutions to launder money or commit financial fraud.

Besides the safeguards needed to protect customer data, data breaches are forcing financial institutions to incorporate controls and rules into their onboarding and detection systems to account for these data breaches.

4. The Rise of Activist Consumer

Failure from AML non-compliance comes first with a heavy financial loss in the form of multi-million dollar fines, then financial losses are compounded with reputational harm to the brand.

The Media happily “paints the picture” that the non-compliant financial institution turns a blind eye to terrorists, human traffickers, and drug dealers. While so far from the truth (aren’t we all fighting financial criminals), the failure to detect and stop suspicious activities causes the non-compliance report and this (unfair) misperception. Social media and news outlets willingly spread the negative news, resulting in some customers not trusting you to handle their financial needs. By the end of first day after the media report, your share price will decline up to 6%!

If that isn’t enough consumer pressure, shifting consumer attitudes are placing financial institutions in the cross-hairs, as consumers are demanding you become active within society beyond just a seller of products and services.

This means embracing ‘social good’ and thinking beyond pure financials. Once a nice to have to satisfy a small group of customers, Triple Bottom Line frameworks are a new strategic imperative thanks to the rise and influence of the millennial consumer. New customer expectations go beyond charitable giving, whereas the expectations are that the financial sector to join together as a whole to stop human trafficking, cut off the flow of funds for terrorist activities and stop domestic bad actors.

5. Dealing with the Complexity of Regulatory Compliance

Regulations and laws are designed to protect the rights of people while punishing bad actors. In the United States alone, the code of federal bank regulations is in excess of 185,000 pages. You often wonder if other sectors have to deal with so much complexity (answer: only a few ).

You deal with the specifics from regulations through a collection of hard-coded rules and processes designed to address the burdensome number of scenarios created by government policy. Unfortunately, the systems have become a cumbersome, hard-to-manage framework prone to mistakes (i.e. false positives), and long update cycles.

While regulatory compliance is costly, non-compliance is not an option. The financial loss is real:

6. Integrating Available Data and Insights into Rules-based Detection Systems

There is no shortage of customer data and insights available to you. Big data is alive and well inside your institution. You know that the challenge is harnessing this new and available data while making it accessible to the monitoring and detection system. Did we just describe one of the biggest headaches you want to get rid of?

You might be surprised to learn that 41% of a typical financial institution’s relationships (customers, suppliers, vendors, partners) are never screened for financial crime risk, and those relationships that are screened, only 36% of these relationships are screened after onboarding!

You’ve seen first-hand that legacy rules-based systems don’t have the mechanism to easily integrate a new source of data alongside transaction data. This forces you into a lengthy 6 to 12 month development cycle just to make changes to existing detection algorithms or models. Your rules-based systems can’t deal with the insights created over time from KYC profile data, transaction activities AND credit scores in a fluid manner that would result in an increase in detecting of suspicious activities.

No wonder you and your team search for (and wish for) for a new and better way. You search for a solution that can integrate into your process and avoid (as much as possible) a rip and replace. You know this preferred innovation stream is faster to deploy, less costly and achieves desired outcomes quicker (i.e. identifying more true positives “TP” while decreasing false positives). Read section 4 on how a Top 10 Global Bank did just that and achieved its desired effectiveness and efficiency KPIs in 91 days.

7. Lack of Responsive Processes

Similar to the ‘actioning big data’ challenge above, you know that your core AML operations and processes are best described as static.

Of the 59% of relationships that are screened at the time of onboarding, only 64% are never screened again for financial crime risk. Against a backdrop of heightened data-breaches, identity theft, and selling one’s identity, you know that a ‘set it and forget it’ approach to financial crime risk creates detection ‘blind spots’ within your processes, as your systems don’t recognize the change in financial crime risk profiles.

8. Immature “Blackbox” AI/ML Technologies

Many financial institutions are experimenting with first generation AI/ML technologies across departments and process, including AML/CTF, with mixed results. For areas like customer experience and marketing, mistakes in AI-based decisions can be overcome and mitigated. Not so in AML.

While you probably got excited for the automation potential of first-generation AI/ML systems, you quickly got concerned and frustrated with what the leadership and the regulators care about the most: Explainability or all the factors that led to the decision by the AI/ML system. Complex neural networks and other AI techniques can make AI-based decisions very hard to validate, test and audit. The lack of explainability is a barrier first-generation AI platforms cannot overcome, as Financial Institutions must explain the details of their models, how it works, and the criteria used in the decision in order to avoid non-compliance. Why does Marketing get all the fun?!?

9. Lengthy Detection Model Development Cycles

You know that rules-based systems are very hard to update and evolve. Incorporating insights and learnings through the creation of new detection models takes far too long, 6 to 12 months is fairly common. With the rapid evolution of financial crime activities, you often see that newly deployed detection models are almost dead-on-arrival.

In case you are not aware, this extensive and slow development and deployment cycle is caused by

1. The requirement to create the new model from the very beginning
2. The development process itself has several stages (Design, validation, deployment) across several stakeholders (data scientists, model risk managers, auditors, devops, enterprise leadership)

It’s been eight (8) years since IBM Watson won on Jeopardy against the two best contestants in the show’s history. Over those years, Machine Learning (ML) and Artificial Intelligence (AI) have matured and are now ready to deliver the innovative outcomes regulators envision.

With criminals increasingly succeeding in their efforts to work around even the most advanced systems and processes within the industry, revolutionary change is required. With the forgiving regulatory environment in place, and the technology ready, 2020 is the right time to transform AML from a reactive, siloed process to one that can be a proactive and dynamic risk intelligence operation.

Unfortunately, early AI and ML technology test cases focused on being more efficient at AML, driving automation across existing processes and systems. As you have discovered, simply being more efficient is not enough to win the war on financial crime.

An effectiveness-first strategy, pioneered by FatBrain AI, is a transformational opportunity to stop financial crime while simultaneously lowering costs. When executed properly, an effectiveness-first strategy drives a measured increase in both effectiveness and efficiency KPIs.

Enabling an effectiveness-first strategy is a set of advanced technologies centered around ‘biomimetic’ Artificial Intelligence (an approach pioneered by FatBrain AI). The biomimetic approach emulates nature’s time-tested patterns and strategies for learning and growth. Early adopters of this new approach in financial services are managing risk (AML, fraud, credit, etc) in a unified manner, while achieving improvements to effectiveness KPIs not thought possible even a few years ago, bringing with it a transformational opportunity like no other across risk management. (sidenote: Read section 4 for how a Top 10 Global Bank achieved an effectiveness KPI of 90+% after only 91 days using the biomimetic approach).

The combination of an effectiveness-first strategy and the biomimetic AI/ML approach has shown early signs of unleashing a wave of innovation that first transforms AML then has the power to transcend across risk, unifying AML, fraud, credit risks into a unified risk management framework across your financial institution.

Opportunities & Outcomes Available to You in 2020

Outcomes:

1. Find More Criminals Taking Advantage of You (“True Positives”) …

Before the biomimetic AI/ML approach, effectiveness was limited to the size of the AML operating budget. With biomimetic, AML platforms simply get better (and better with machine learning) at identifying true positives while fully explaining the criteria used to evaluate if a financial crime risk worth investigating.

Perhaps the easiest way to explain the biomimetic AI/ML approach is to think of an iceberg. The bulk of the image resides below the surface of the water; much like your AML risk is ‘below the surface’, hard to spot and pinpoint using rules-based detection systems.

Biomimetic is different, using behavior pattern recognition to create a “digital fingerprint” that makes spotting future suspicious activities easier. In the iceberg example, this would be the equivalent of exposing more of the iceberg above the surface.In essence, this shifts more of the transactions ‘above the surface’, thus increasing the transactions that you can identify, score, and potentially action. ( Read section 4 on how a FatBrain outperformed a $100M incumbent rules-based platform and the 1000+ AML team by 64% in identifying true positives).

2. … And Eliminate False Positives

The sad fact is that over 95% of the false positive transactions generated resulted from your systems is deemed “safe” and not criminal after all. Becoming more effective means not flagging these transactions as ‘suspicious’ in the first place without having to negatively adjust the risk threshold.

3. Continuous Know Your Customer (“C-KYC”)

You know that in terms of screening for financial crime risk, KYC is broken. Financial institutions report that only 59% of relationships (customers, suppliers, vendors, partners) are screened for financial crime risk, with 61% of the relationships screened only done once. That is one of the gaps that financial criminals easily exploit for their gain.

With the escalating impact of data breaches, use of synthetic IDs and changes in customer behavior, you know that KYC needs to evolve. There is simply too much at stake.

Using the same AI/ML platform like FatBrain, you can quickly integrate new data sources into legacy processes, use current transaction and behavior patterns to assess risk, and continuously update customer risk scores. The end result is a dynamic, more proximate overall risk score based on actual transaction behaviors and expanded customer data points.

4. Eliminate Model Lifecycle ‘Management’

This may feel too good to be true, especially in the context of lengthy development cycles, as new or enhanced detection models are the most challenging barrier to AML innovation and improvement. You probably spend 6 to 12 months designing, testing, validating and launching new or enhanced detection models based on new data points, inputs or insights. This length of time is very common in the industry.

The core essence of machine learning is that the platform constantly learns and refines the overall decision model on its own. However, this is only possible in AML if you can explain the results. Leading platforms like FatBrain provides ‘explainability’ within the platform, ensuring you (and your regulator contacts) are fully aware of which criteria or rules led to the transaction being flagged (or not flagged).

Early adopters of the biomimetic approach report initial results of enhanced new model deployment cycles being reduced to 1 week, a drastic 96% in time-to-production, with some early adopters reporting a time-to-production is now under 1 day (which is very close to real-time adjustments).

5. Significant Operational Cost Savings

When the volume of false positives increases, you become bogged down in minutia. Transactions flagged for investigation pile up, putting pressure on you to complete the investigation on time. Solving the problem traditionally means you hire more people, tweak the risk threshold or both — all options that are not scalable, feasible or sustainable over the long term.

Being effectiveness-first creates less false positives that require investigation. When you reduce the backlog, you will get significant cost savings as a result of not hiring external consultants or compromising on your appetite for risk.

6. Reduced risk of non-compliance (Financial Institution and Personal)

Simply identifying more true positives means fewer criminals slip through and you catch more. Additional actual suspicious activities identified and reported to regulators reduces the likelihood of non-compliance and the accompanying financial risk in the form regulatory fines (and in some jurisdictions, personal jail time for those that are accountable for the non-compliance).

7. Higher Quality Investigations. Moving as Fast as the Criminals

The complementary benefit of the “more true positives | less false positives” paradigm shift is with fewer cases to investigate, you can increase the time spent on each investigation.

You know the value of this extra time is tremendous, as it provides you more time (or less time pressure) to understand and decode any innovative criminal behavior that could be driving the latest money laundering technique. The insights you derive from these investigations can be applied to the overall detection system, strengthening the system in the process. You will be responsible for stopping more suspicious activities dead in their tracks, faster, along with the identification of new, unseen topologies. When this is accomplished, you will also be responsible for additional potential cost savings in the form of fines not be assessed and levied against your financial institution.

FatBrain pioneered the biomimetic AI/ML approach that is leading to transformational outcomes in AML. The FatBrain platform enables a unified, dynamic risk intelligence framework that is helping turn the tide against the global $2T+ financial crimes problem and similar millennial geometry problems. One Global Top 10 AML early adopter, with a $100M+ rules-based system and 1,000 human experts, saw true positive identification improve by 64% without increasing the volume of false positives with the FatBrain AI AML platform.