Many financial institutions were already struggling to keep up with increased requirements in anti-money laundering (AML) compliance before the novel coronavirus 2019 hit. These institutions rely on thousands of investigators ploughing through millions of alerts to decide whether or not to open a case, conduct an investigation, and determine what is suspicious. Often, the teams can barely keep up with the workload. This process is largely manual and time intensive and touches some of the most sensitive customer, transactional, and account data in the bank. The sensitive nature of this data creates additional challenges, as global financial institutions begin shifting many of their workers to working-from-home—and as workers become ill or must take care of sick loved ones—during this unprecedented global pandemic.
With the investigative workforce impacted, institutions that were barely managing to process the alerts in the allotted time, will fall behind. We can therefore expect that most financial institutions will see a slowly growing backlog of alerts developing over the next few months.
While it is reasonable to expect the regulatory agencies to provide some relief when it comes to the case disposition and SAR filing deadlines, eventually the backlogged alerts will need to be processed. And we know from past crises that, even though overall economic activity may slow during the crisis, suspicious activity often increases. Law enforcement is already seeing a rise in phishing emails from criminals posing as local, state, and federal government health agencies that offer testing services and health supplies in exchange for sharing social security numbers and account info[1]. At the same time, anomalous, but expected, pandemic-related transaction behavior such as cash withdrawals and transfers, will also increase. There will be no slowing down in the number of alerts being generated. A machine learning solution, like Quantifind’s, that can automate much of the decisioning is the most efficient approach available.
Regulations require that Suspicious Activity Reports (SARs) are filed no later than 30 days from the date of the initial detection of facts that may constitute a basis for filing. A bank will feed thousands (sometimes millions) of customer records, all of the accounts associated with those customers, and the millions of transactions and interactions on those accounts into an analytical engine, and then apply rules against that data to attempt to identify a subset of those transactions that violate any of those rules.
The objective is to get a manageable number of meaningful “alerts” that then need to be investigated by analysts to answer those questions posed by the bank regulations: what was the background and possible purpose of the transaction? Does that transaction involve potential money laundering? Did it have no business or apparent lawful purpose? Was it the type of transaction that the particular customer would not normally be expected to conduct?
Gathering all the customer, account, interaction, transaction, and external data and information, and answering those questions, takes a tremendous amount of resources — data, technology, process, people, and time. Rising regulatory expectations, coupled with increasing penalties for failing to detect and report suspicious activity, drive many institutions to alert on too many transactions for fear of missing something that, in hindsight, turns out to have been suspicious and reportable.
As a result, in the best of times, many banks are faced with an imbalance in the number of alerts being generated and their ability to investigate and disposition those alerts in a timely fashion. Even though more than 9 out of 10 alerts generated by the typical AML transaction monitoring system do not result in a SAR, all of those alerts still need to be reviewed by an analyst.
While software providers have jumped at the pain point of reducing the number of false alerts, the rate of alert generation is still vastly outpacing most institutions’ abilities to process, investigate, and decision these alerts. Financial institutions cannot hire and train fast enough in order to keep up. Furthermore, the answer is not to simply generate fewer alerts, or to cap the number of alerts, as that has recently led to penalties at U.S. Bank, even penalizing the Chief Risk Officer personally[3]. This discrepancy between massive alert inflow and the constrained resources to process them within the time constraints required has led to a backlog of tens of thousands of unprocessed alerts at many institutions[4]. Reduced work forces and remote employees during the coronavirus pandemic will further negatively impact an institution’s ability to process alerts. However, we have learned from prior humanitarian crises that money laundering and fraud, unfortunately, often increase in these challenging times[5].
While we can expect some leniency on deadlines from the regulatory agencies, ultimately all financial institutions will be held accountable for processing their backlog.
Under normal circumstances, financial Institutions are penalized for having a backlog. In a recent Cease & Desist Order the Office of the Comptroller of the Currency (OCC) entered into with the American branches of the giant Swiss bank UBS[6]. That Order provided, in part:
“The Branches had systemic deficiencies in their transaction monitoring
systems, which resulted in monitoring gaps. These systemic deficiencies
resulted in alert and investigation backlogs and led to a failure to
file SARs in a timely manner.”
Eventually, we can expect these penalties to be enforced on institutions that do not vigorously process backlogs accumulated during the pandemic.
Typically, banks will hire a consulting firm to clear their backlog of alerts. And typically, those firms will use a blunt-force, labor-intensive approach to churn through the thousands of backlogged alerts. Even for a short six-month backlog, the costs will run into the millions of dollars, and the project may take 6-12 months to complete.
Typically, banks will hire a consulting firm to clear their backlog of alerts. And typically, those firms will use a blunt-force, labor-intensive approach to churn through the thousands of backlogged alerts. Even for a short six-month backlog, the costs will run into the millions of dollars, and the project may take 6-12 months to complete.
Tackling the backlog is a critical step and will be vital in clearing buildup accumulated during the coronavirus pandemic. However, an ideal solution will address the underlying inefficiencies in the alert generation model by tackling the high “false positives” rate. Otherwise, the inflows will remain greater than the bank’s ability to manage the outflow, and it is likely that the alerts backlog will accumulate again, particularly as it may take some time for investigative teams to be back to full capacity. This buildup can only be prevented by driving efficiency in alert processing. Suggested steps to drive efficiency include automated SAR processing for some classes of alerts and robotic process automation (RPA) for certain time-consuming aspects of the investigation. However, both automated alert-to-SAR processing and RPA have limitations.
The OCC has provided guidance[7] that alerts for structuring cash transactions below $10,000 to avoid BSA reporting thresholds can be automatically filed as SARs without a manual investigation—under certain, somewhat limited, conditions. The OCC guidance allows for automated processing of these alerts in the absence of “other high-risk activities in close proximity to the potential structuring.” The guidance provides that “automated filing of Structuring SARs is only permissible to the extent that it is supported by strong risk governance that remove higher risk transactions from the automated process.”
This approach of streamlined processing for structuring would still require techniques to prove that there are no other high-risk activities involved. Therefore, without more intelligent automation, this approach alone is unlikely to provide much relief, as additional investigations will be required to safeguard against associated risks.
RPA techniques have been attempted as a solution here, for example, to generate automated Google queries of the subjects in an alert and to discover any adverse media. These involve programmed queries that append a list of negative terms to a subject’s name. However, as Google is not designed to be a query engine for AML, the false positive rate of this RPA is very high. Furthermore, many data sources such as DOJ reports, sanctions and PEP lists, and other beneficial ownership information is not effectively indexed by Google. RPA may therefore not qualify to alleviate concern of the possibility for other high-risk activities involved.
A machine learning approach is needed that recognizes which negative news themes and context are predictive of likely SAR filing, and which are not, and can comprehensively search those sources that Google does not. Accuracy in terms of entity extraction is of course the baseline minimum for leveraging the power of public data. However, relevance in associating the correct risks is critical for being able to automate more of the process.
Quantifind’s AI platform for alerts triage provides a solution to this backlog problem, both in addressing a backlog developed during the pandemic, as well as providing efficiencies to prevent it going forward. Quantifind automatically screens the subjects of all alerts through PEP lists, sanction lists, negative news, and adverse media, and leverages machine learning scoring algorithms to extract only the most accurate and relevant sources. Quantifind can thereby eliminate 90% of an alert backlog with a one-time batch screening. Quantifind also provides executive-level reporting of the alerting triage, providing links to source documents and risk factors and scoring. Confidence levels of these risk factors are also transparently provided.
This backlog solution integrates with existing case management platforms to include internal customer data and leverage established decisioning rules as well. Quantifind’s technology can drastically reduce a backlog within days, and even more importantly, provide the level of automation necessary to prevent new backlogs from accumulating[8]—both during this pandemic and beyond to create sustainable solutions for global financial institutions.
At a time when we need to work together, Quantifind is offering the use of its Batch API for free to financial institutions. This software service will allow financial institutions to triage daily alerts and focus limited resources where there is the highest risk.
[2] An interaction occurs when a customer contacts a bank—through a phone call, a mobile or Internet banking session, or any other interaction with the bank—without depositing, withdrawing, or otherwise moving money. Examples of “interactions” include when a customer calls into the customer help desk to order a bank statement, checks their account balance through the mobile app, or sets a travel alert on the desktop application.
[4] Similarly, when a financial institution is forced by the regulator to complete a lookback, this added burden can also tilt the scale towards causing a backlog problem due to insufficient resources.
[5] https://www.redcross.org/contact-us/scams.html
[6] The Order is available at https://www.occ.gov/static/enforcement-actions/ea2018-044.pdf
[7] The OCC guidance was set out in Interpretive Letter #1166 dated Sept 27, 2019, available at https://www.occ.gov
[8] This automated approach to remediating backlogs can be leveraged for lookback applications as well. There is a reduced benefit to manually intensive investigation for the lookbacks. A batch screening of external risk factors for the entire lookback period can help prioritize the limited number of cases that actually do require manual investigation. This could reduce the professional services resources needed by an order of magnitude.
