Artificial Intelligence: The Implications of False Positives and Negatives

Does overthinking artificial intelligence result in self-inflicted suspicious activity reports (SARs)? Financial institutions not only pride themselves but are obliged to document when consumer activity goes astray. SAR authors who have an overreliance on the results of anti-money laundering (AML) detection/risk assessment software dutifully draft the then required-per-policy SARs. These reports then spur a chain reaction of events that impact not only the customer, but the financial institution and law enforcement alike. But what are the ramifications when financial institutions become victims of their own policies that are based on default artificial intelligence rather than due diligence? What are the possible implications of a misinterpretation of otherwise legitimate customer transactional activity?

False Positives

Frequently, automated transaction monitoring systems will alert AML investigators when a customer conducts cash withdrawals in a pattern indicative of possible structuring. This pattern often consists of the customer(s) conducting cash withdrawals on the same, consecutive or closely consecutive days at either the same or multiple branches. At face value, this pattern would appear to be suspicious and potentially unlawful. A SAR would be filed on this customer, as there is an appearance of high-risk behavior. But what does this first SAR mean? Clearly, this customer will become subject to frequent review. Each review will scrutinize the customer’s transactional activity. Should this seemingly suspicious transactional behavior occur again, the customer relationship could be subject to termination. Multiple SARs could attract the interest of law enforcement. This ripple effect would likely trigger law enforcement to generate a subpoena for records and documents. From there, time will pass and when the records are produced, a bill will be attached with an expectation of swift payment. Investigators will then invest time—to the detriment of other cases on their desk—to craft a spreadsheet reflective of the suspicious transactional data as well as produce a line of questioning for witnesses and suspects alike. A secondary officer will then be requested to backup and respond (now without delay) to the first branch location with the lead investigator. Officers will interview a teller as to any knowledge about the customer or if they recall any details with regard to the suspicious transactional activity that was the basis for the SAR in the first place. An anxious teller will agree to answer the questions and then, and only then, the investigators will learn that the circumstances behind this “activity” was actually created by the bank and not the customer.

The financial institutions had a posted “cash back” limit below the CTR level. The customer needed more cash than could, or would be, provided by the branch. The lack of funds at the first branch was the stimulus for subsequent visits to other branch locations and cash withdrawals. This revelation affirms there was no intent to commit the suspected structuring captured by the monitoring software. It was just an attempt to obtain the necessary funds as expeditiously as possible. The customer was not engaging in criminal conduct, but without initial examination executed by the AML investigators, the customer became falsely labelled as a risk and subject to undue scrutiny by not only the financial institution but now law enforcement. An initial query by the AML section would have de-risked this customer saving both time and money—two commodities that are precious to law enforcement and financial institutions.

While bulk cash withdrawals in and of themselves may seem unusual, there are still legitimate businesses and professions that are frequently subject to this scrutiny, but never afforded exculpatory considerations. Worse, know your customer (KYC) documentation may not capture this information as it is often associated with a secondary occupation.

For example, private ATM operators are often subject to short notice on if, and when, bulk currency will be needed for their machine(s). Withdrawals have been observed from both business and personal accounts on same, consecutive, and/or closely consecutive days at the same or multiple branch locations in order to satisfy the funds necessary for their side business. Although there are AML considerations with private owner-operated ATM businesses, the majority still remain a legitimate business venture.

Private ticket services and agencies often work on short notice as to when the tickets for the “hottest shows” or popular sporting events become available. These business owners are in need of immediate currency and have been found to take extensive, but ultimately legal, measures to achieve the necessary funds for the ticket purchases that may make or break this now proper version of “ticket scalping” business ventures.

Updated or even supplementary KYC customer contact, in addition to communication with the particular branch(es) regarding the date(s) of the suspicious transactional activity would have correctly categorized the above described customers. These preemptive measures would likely increase the probability of preserving a banking relationship with the accountholder(s) and eliminating a false positive(s).

Dependence on the algorithms of artificial intelligence without verification can come at a cost

False Negatives

As frustrating as it may be to have exhausted law enforcement and financial resources on an investigation that could have been resolved at the onset of detection, worse is the unexposed “false negative.” The seemingly low-risk profile, which poses little to no exposure for the financial institution, possesses high-risk indicators of criminal activity.

Many compliance and risk assessment monitoring systems are equipped to mitigate risk on behalf of the financial institution, but some fail to identify the accounts and/or customers engaging in unusual, but not necessarily suspicious, activity that would trigger a SAR filing.

The first example is a business account for a used car dealership. This typical account profile is not immune to cash deposits. In fact, U.S. currency for used vehicles is a common business practice. However, when a West Coast used car dealership is receiving multiple cash deposits into their business account from outside the geographic location it would take the scrutiny of an experienced AML investigator to recognize it is unlikely that customers were buying used vehicles, only to then pay shipping fees (or drive cross country) for said vehicles. It would be logical to infer the same, or at least similar, vehicle would be for sale within the geographic footprint of the out-of-state customers. Monitoring programs can and have overlooked this very profile, as there was no loss to the financial institution. However, there were numerous financial losses to the victims of various false pretenses. It was not until one victim finally recognized he/she was duped and had the courage to report this (in hindsight) scam, did law enforcement initiate contact with the financial institution to report the criminal activity. Only then did law enforcement from various states and the financial institution work in conjunction to dismantle the criminal organization and attempt to make the victims whole.

The second example is a personal account assigned to an East Coast customer. The account was receiving nominal amount wire transfers reflecting the subject matter as “family support.” In addition, out-of-state cash deposits were also transacted into this account. At face value, this would appear to be overly generous efforts to support a loved one. Again, there was no loss to the financial institution and no SAR filed on the customer or the account. Had a SAR been filed, AML investigators and law enforcement alike would have quickly discovered the account from where the “family support” wires originated was partially funded by yet another victim who was hoodwinked in a real estate scam. Had either of these accounts been identified as suspicious at the emergence of the wires and out-of-state cash deposits, there would have been a chance that all the funds could have been traced and seized pursuant to court orders. Instead, law enforcement, with the assistance of AML investigators, were only able to trace and retrieve a percentage of funds.


False positives and negatives can and have gone unnoticed by detection programs. Dependence on the algorithms of artificial intelligence without verification can come at a cost. From failure to de-risk a customer to discounting suspicious accounts that pose no loss to the financial institution, there is room for negligence but also opportunity for reformation. To error is technology but to mitigate risk is divine.

Stacey Ivie, M.Ed., task force officer, Washington Baltimore HIDTA, Northern Virginia Financial Initiative (NVFI), Annandale, VA, USA,

Leave a Reply