Financial institutions (FIs) are using advanced analytical techniques, machine learning or some form of artificial intelligence (AI) to reduce compliance costs—or at least that is how it seems. The reality is that many FIs are taking advantage of these advanced methods. The institutions using these methods generally consist of large, well-funded institutions or fintech companies, both of which possess unique benefits that allow them to take advantage of these technologies. Large, well-funded FIs have the funding and patience to hire experienced resources, such as Ph.D.s, and to purchase advanced analytical tools. They also can run proof of concepts in parallel to their business-as-usual activities. On the other hand, fintechs benefit greatly from their lack of legacy and disparate systems, enabling them to leapfrog their competition. These fintechs have literally built their business model on advanced technology and data, making their entry into advanced monitoring almost immediate. So, what about everyone else?
All other FIs generally fall into one of four categories:
- Those that have implemented new systems including advanced monitoring methods and are on their way to reaping its benefits
- Those that finally completed the implementation of their new compliance systems only to realize what was new three to four years ago is not providing the cost savings and efficiencies they were promised
- Those currently exploring new systems or technology to keep up with their institutions’ strategic plan
- Those with legacy systems and outdated technology unable to undertake the implementation of a new system
Those in the first category are steps ahead of the rest. Those in the other three categories, or in a similar position, still have work to do. The question is where and how to start moving in the right direction.
Despite the “Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing”1 issued by FI regulatory agencies, FIs may find it difficult to obtain support from executive management to implement new and emerging technologies as well as advanced monitoring methods. Thus, leaders of compliance departments may feel stuck, with the only option being to hire additional resources to maintain compliance and support the business’ growth. While these situations can be difficult, the choice does not have to be between implementing a new system and hiring more resources. There are other options and since these are technical in nature, it is prudent for the compliance department to evaluate and execute the options by working very closely with the model risk management team.
For starters, the path to advanced monitoring modeling methods does not typically begin with a quantum leap from an institution’s current system to emerging technologies and advanced analytics. The actual process consists of several activities that when implemented individually and in a specific sequence can provide immediate benefits while serving as foundational pieces for subsequent processes. For example, the foundation for any advanced analytical/statistical modeling lies with developing a data-rich database/data lake, also known as an analytics database, which contains data elements that are not always present in an institutions’ existing monitoring systems. This analytics database is the underlying foundation and contains data used to build machine learning and advanced modeling techniques. And what is needed for this database? Data. But how often does a team find itself wishing their current systems contained more data?
As a first step, a data discovery exercise can be conducted to determine what data resides within the institution today that is not mapped to the current monitoring system while keeping the following three goals in mind:
- Assess the source and accuracy of the information relied upon by the current monitoring system.
- Enrich the data in the current monitoring system to increase the efficiency of the detection scenarios and subsequent alert review process in the near term.
- Lay the foundation for identifying new and more effective detection scenarios through machine learning and advanced analytics modeling techniques in the long term.
Institutions should also consider leveraging external data sources in addition to enterprise data. This additional data can augment the institutional knowledge of the customer with publicly available and external data, which is vital in identifying and investigating suspicious activity. Therefore, consider undertaking a data enrichment activity as well. Data enrichment combines data and attributes from an external third party to enhance and append the institution’s existing data. Types of external data that can be sourced for compliance purposes include the following:
- Beneficial owner and director information
- Individual and business information to supplement customer information or payment details such as:
- Demographic data
- Additional email addresses and domains
- Financial information
- Social media tags, posts and presence information
- Deep-web information
The additional data gained through data discovery and data enrichment activities—separately and combined—can be incorporated into an institution’s underlying databases and compliance systems to be utilized in the short term. This data can also be positioned for strategic purposes including the following:
- Appending the current customer and transactional data to make more informed investigative decisions in the short term
- Incorporating data into the analytics database for consideration during new scenario identification, as well as tuning and optimization activities that utilize machine learning and advanced analytics modeling techniques
Once the additional data is obtained and stored in the analytics database, the information is further supplemented on an ongoing basis with results from the institutions’ historical investigations as well as industry and regulatory guidance. This information flow creates a feedback loop that aids machine learning models in understanding what the intended goal of the model is and, most importantly, enables the models to “learn” based on decisions made by investigators. Institutions can utilize the data in varying modeling techniques and analytics to identify suspicious activity better and create detection scenarios that are more efficient than the institution’s current methods. The application of machine learning and advanced analytics modeling techniques to fulsome data is the easy part. The tougher task is how institutions incorporate these more efficient models and detection scenarios into the compliance departments’ business-as-usual processes such that they are explainable to key stakeholders (e.g., internal audit, regulators).
When implementing and operationalizing machine learning and advanced analytical modeling techniques, compliance leaders must also determine how best to incorporate the newly identified models and detection scenarios into the institutions’ current investigative process while ensuring that the compliance department operates efficiently without adding disparate processes. In addition, institutions must ensure their model risk management resources and regulatory examiners are kept informed and educated throughout the entire process. Doing so will aid in overcoming scrutiny when moving from rules-based monitoring to advanced analytics monitoring, as the efficiency of these techniques compared to rules-based monitoring take time to evidence and are not always widely understood and accepted. Therefore, it is useful for institutions to run the current monitoring system and the aspirational monitoring model and detection scenarios in parallel, or for select lines of businesses within the institution, to demonstrate to its model risk management team and examiners that the advanced monitoring is achieving the intended results. This parallel monitoring can be a costly endeavor as resources are required to implement another monitoring system and review the output from two separate sources (the current system output and the advanced monitoring output). This process also requires separate procedures, making an already cumbersome review process more time consuming and inefficient.
With a phased approach in mind, an institution can turn its focus to determining how the institution can utilize its existing case management system efficiently while testing the effectiveness of advanced monitoring techniques. To solve this, commercially available case management systems or the use of robotic process automation (RPA) provides users the ability to leverage more effective detection scenarios created via advanced modeling techniques while simultaneously ingesting the output from the institution’s existing system and aggregating the output from both sources into a single review process. This approach enables institutions to continue its current monitoring while evaluating the output from machine learning and advanced analytical modeling techniques within the same review process, reducing inefficiencies and manual effort associated with performing reviews from two disparate sources. Over time, the institution can evaluate the performance of the various detection methods, including rule-based monitoring, machine learning and other advanced analytics monitoring, and choose the methods most effective for its customer base and risk profile.
The road to more efficient and effective suspicious activity monitoring methods is within reach and can be achieved through the following phased approach and activities:
- Data discovery
- Development of an analytics database
- Date enrichment
- Application of machine learning and advanced modeling analytics techniques
- Consolidation of output from both the current system and new models through a single system or RPA
The timing and the way these activities are conducted can vary, but each can individually and collectively provide immediate benefits to the institution while simultaneously propelling the institution toward the future and advanced monitoring at its own pace.
Nick Grove, CAMS, director of AML and regulatory compliance consulting, RSM US, LLP, New York, NY, USA, firstname.lastname@example.org
Chetan Shah, Director of AML and Regulatory Compliance Consulting, RSM US, LLP, Charlotte, NC, USA, email@example.com
- “Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing,” Financial Crimes Enforcement Network, December 3,2018, https://www.fincen.gov/sites/default/files/2018-12/Joint%20Statement%20on%20Innovation%20Statement%20%28Final%2011-30-18%29_508.pdf