Financial institutions are striving to boost efficiency across anti-money laundering (AML) programs by automating processes. However, they are constrained by ineffective risk scoring and the resulting high false-positive rates; automated decisions are only as accurate as the data they are based on.
As we see it, the main reason that client and entity risk scores tend to be so inaccurate is that most anti-money laundering systems define risk too narrowly, through a single dimension. At Oracle, we advocate for taking a "multi-dimensional" view of risk that aggregates information from a wide variety of sources for more accurate scoring. This leads to better decisions and greater AML program efficiency, as more processes can be automated when there is confidence in the accuracy of the underlying data.
How exactly does multi-dimensional risk scoring work, and how can anti-money laundering professionals apply it to boost effectiveness and efficiency across their programs? I'm pleased to share valuable insights from an Oracle expert and one of our partners:
John Edison: Can you provide insight on recent developments regarding anti-money laundering and why it's a good time to focus on risk scoring?
Adam Mulliken: It's no secret that AML teams are under pressure. Regulatory enforcement is driving financial institutions to expand the surface area of their transaction monitoring and customer due diligence programs. Further, transactions are proliferating as customers and banks adopt digital payments. As a result, there are more accounts to review and more alerts to sift through when operational budgets are under pressure because of COVID-19. Fortunately, financial regulators are encouraging responsible AML innovation, so financial institutions have some choices in addressing these pressures. All this makes now a great time for AML professionals to explore ways to improve risk scores and create more potential for automation.
Jason Somrak: While increased transaction volumes and the macro environment are certainly making the need to rethink risk scoring more urgent, this need has already existed for quite some time due to a couple of reasons. First, risk scores are often too narrow (and therefore inaccurate), considering risk only in the context of a specific line of business or at a specific stage of the customer lifecycle (e.g., onboarding). They tend to consider only primary factors like income, occupation, net worth, source of funds, and products or services used. There is typically no feedback from alerts and the Suspicious Activity Reports (SARs). Add to this that information can be siloed across organizations. Any use of external data is usually pretty basic, applied only for screening against lists. How can you accurately evaluate an entity's actual risk based on such a limited profile?
AML professionals should also rethink risk scoring because, as you mentioned, it can pay off big in efficiency. Risk scores have massive impacts on the downstream consumers of that information. Take detection, for example. When non-predictive risk defines risk tiers within a transaction monitoring system, this causes rules-based alerts to be even weaker signals, increasing false positives. Regarding investigations, a one-dimensional view of risk doesn't help an investigator understand what is truly unique about a client and his activity or help the investigator make a contextual decision. As a result, investigations take longer, and there is a risk of missed intelligence.
Non-predictive risk also affects departments beyond compliance and anti-money laundering. In particular, if a customer is misclassified as “too risky” by the compliance department, that decision can't be overridden and that customer can't be onboarded by the business. But with accurate risk scores, you can not only onboard the right customers, but you can also monitor their risk over time and use that information to tailor product offerings or even terminate the relationship if the customer's behavior shifts and their risk increases.
John Edison: What exactly is multi-dimensional risk scoring?
Adam Mulliken: Multi-dimensional risk scoring is multi-dimensional in terms of what goes into it: It considers all available data at once. It goes beyond the standard data points that Jason mentioned previously to look at CIP/CRM data and external data from adverse media, consortia, open sources, social media data, other companies, and public documents. A lot of this external data is unstructured. At Quantifind, we can leverage that data through technology such as text analytics – taking documents and turning them into vectors and matrices and layering statistical machine learning on top. This allows us to derive signals from noise and derive insights that unstructured text.
Multi-dimensional risk scoring is also multi-dimensional in its output: it produces risk scores that consider not only consequences but also the likelihood of those consequences, and it allows you to segment along both of those dimensions.
Finally, it is about aligning risk with an objective via a data-driven model, so it's predictive of the things you care about. We often see risk aligned with policy via a set of rules; that approach's outcome is almost by definition not predictive.
If we can put all these pieces together, we can break paradigms and bring automation to heavily manual AML processes. We can think about using risk scores to sort, filter, triage, and prioritize, intelligently assign resources and focus on the things that matter most in name screening, alerts triage, and investigations.
Jason Somrak: At Oracle, we think about risk in terms of seven different dimensions. First, profile information. While that information is valuable, it can't be the end-all and be-all of risk scoring. Second, similarity: what does the customer behavior or risk signal tell us about their similarity to other known entities? Many deep learning approaches allow us to holistically understand a customer's similarity to previously identified suspicious customers and if a customer is trending towards looking like other suspicious customers. Next, transactions. Are there material increases or decreases in activity? Have the customer's counterparties or source of funds significantly changed? Are they starting to engage in synthetic transactions? Also, temporal. How is overall activity changing over time? Has the customer moved between risk segments? Then, the external dimension that Adam mentioned, which considers external data, including data about related entities. This goes far beyond what you can find in a standard Google search. In addition, we consider trustworthiness. Is the customer behaving in the way they said at onboarding they would? Is their behavior consistent with their profile? Finally, there is the non-traditional dimension like credit risk.
John Edison: Can you tell us how multi-dimensional risk scoring can help unlock automation for AML?
Jason Somrak: The first step is to take all the different risk dimensions I mentioned and use them to create an "adaptive customer score." We do this by leveraging explainable and interpretable machine learning models that take in hundreds of signals related to the risk dimensions and that provide actionable and intelligent scores for consumption. The resulting customer score is truly adaptive because it synthesizes new signals as they occur, not just on some predefined schedule.
This adaptive customer score can then be used to automate AML processes across a variety of use cases. In traditional examples of onboarding and investigations, there are lots of manual interventions where humans must consider risk signals and decision them because the system is not capable of analyzing them. When you can leverage adaptive models with multi-dimensional risk signals, a lot of these inefficiencies are cut out, as the model can analyze these various risk dimensions and provide recommendations to an end-user, with a much more complete picture of risk, so that when a human ultimately has to decision it, they are doing so with all pieces of intelligence.
For example, in the context of onboarding, the adaptive customer score can help you provide customers better experiences, de-risk, and even tailor product offers by scoring risk in real time and enabling faster decisions by providing a confidence level and context for that risk score. In terms of detection, bringing in more risk dimensions allows you to understand if something is truly unusual for a customer so that you can catch criminals faster. And in terms of investigations, you can use multi-dimensional risk factors to prepare and prioritize cases before an analyst starts working on them, significantly reducing the time the analyst must spend gathering open-source intelligence.
Adam Mulliken: I'll round out what Jason said with a few examples. The first is related to name screening, which is done for sanctions screening and Politically Exposed Persons (PEP) screening. Financial institutions deal with incredibly high false positive rates in this area because the consequences of missing a sanctions violation are very high. Thus they set their thresholds relatively low. And while financial institutions will probably continue to set their thresholds low, Quantifind can layer the basic matches with a probability score derived from a series of entity resolution models. This allows the client to build processes and focus resources on the hits that are most likely to be true positives.
Another interesting case study is what we did recently with an L1 investigative team at a large financial institution. There, Quantifind first automatically processes the alerts, determines which ones have risk, and gives that information to AML investigators. With this context in hand, the team has seen a 25% reduction in alerts moved to cases, and progressed alerts are much more likely to become a SAR than they were previously.
Jason Somrak: Another area where multi-dimensional risk scoring can have a really big impact is by helping to clear backlogs. For one client, Oracle and Quantifind together were able to score the client's backlog multi-dimensionally. We found that 95% of the alerts were low risk and could be cleared automatically, with the confidence that a holistic risk assessment had been made. The remaining 5% were able to be prioritized and worked more efficiently.
John Edison: As banks and their customers increasingly adopt digital payments and regulatory enforcement drives financial institutions to expand their transaction monitoring programs, the market is ripe for boosted efficiency across anti-money laundering programs through automating processes. To learn more about how Oracle Financial Crime and Compliance Management can help financial institutions leverage multi-dimensional risk scoring to elevate AML programs, listen to our on-demand webinar with these industry experts.
Subscribe to The Check-In, our financial services newsletter:
Keep up with the latest blogs and more: Sign up today
Request for Information: Link