Fighting a Losing Battle Against Financial Crime? Use Data Science.
07/22/2019 by Calvin Crase Craig Willis Financial Crimes
07/22/2019 by Calvin Crase Craig Willis Financial Crimes
Money laundering is a constant threat to financial institutions and casinos around the world. Criminals attempt to move dirty money gained from financial crimes related to human/drug trafficking or terrorist activity and convert those funds into clean cash. They are thus making it appear that the funds originated from a legitimate source.
Each year as much as 2 trillion dollars can be attributed to money laundering according to the United Nations Office of Drugs and Crime (UNODC). The Basel Anti-Money Laundering (AML) Index that assesses the world-wide risk of money laundering and terrorist financing noted the slow progress governments are making toward improving their scores.
“64% of countries in the 2018 ranking (83/129) have a risk score of 5.0 or above and can be loosely classified as having a significant risk of money laundering and terrorist financing. The mean average level of risk remains above this (5.63 in 2018),” – Basel Anti-Money Laundering Index
While this AML index may show a lack of effectiveness, it does not mean the governments do not understand the seriousness of the crime or the need for compliance.
Compliance divisions in financial institutions are under increasing pressure from governments to crack down on money laundering. This is not a new global concern.
In the United States, all financial institutions are required to monitor customer transactional behavior to stay within regulatory compliance. The US Financial Crimes Enforcement Network (FinCEN) agency enforces these regulations to combat both domestic and international financial crimes. US financial institutions must comply with two acts: the Bank Secrecy Act (BSA) and the USA PATRIOT Act. These acts help the federal government in monitoring illegal activity and require financial institutions to provide multiple reports, such as the suspicious activity report (SAR).
Since monitoring began in 2012, US financial institutions have
reported over 7.5 million SARs.
Experts in the AML field estimate that Canadian institutions fail to detect money launders more than 99% of the time. Canada is a “major money laundering jurisdiction, in the same league as China, Iran, Paraguay, and other select nations” according to the US State Department.
Failure to report suspicious transactions results in sanctions up to $2 million and five years imprisonment. These sanctions are from the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). All indications point to other governments putting increasing pressure on Canada and Canadian financial institutions to make increased efforts to detect this crime.
There are severe and expensive consequences for institutions that do not comply with the law. In 2017, Deutsche Bank was fined $630 million for failing to detect a whopping $10 billion Russian money-laundering scheme. In 2019 Deutsche Bank was back in the news. The bank is now facing criminal investigations for potential monitoring lapses.
They are not alone.
An internet search yields no shortage of other examples. Banks, such as UBS and Capital One, were been fined 14.5 and 100 million dollars respectively in 2018 for similar crimes. The ACAMS website routinely lists sanctions against banks for failing to comply with regulations. Clearly, management was ignoring the regulatory bodies or their AML compliance solutions failed.
One of the challenges that financial institutions face is the fact that criminals are continually finding new ways to launder money. Thus financial institutions must continually modify their data analytics activities to stay current.
However, the sheer volume of transactions happening each day leads to thousands of routine financial transactions being flagged each month. These false alerts are unproductive. Billions of dollars are spent each year to determine which alerts require investigation – and the problem is only getting worse. Research shows that resources dedicated to AML compliance at major banks in the US have increased tenfold over the last five years.
Most banking customers are not doing anything wrong – making the detection more of a challenge. Another reason a program fails is that they miss important aspects of human behavior as it relates to financial crime.
Advanced analytic techniques, such as machine learning, can detect these behaviors and uncover hidden relationships. As a subset of artificial intelligence (AI), machine learning uses algorithms, analytics, and statistical models to find patterns and make inferences. Let’s review a few examples based on human behavior.
People enjoy being around others and, of course, form social relationships. This behavior is also typical in criminals, who frequently move in packs and develop schemes involving a network of individuals. Their solutions for avoiding detection are nothing short of inspired!
Consider a recent incident in British Columbia where Silver International, a BC-based company, acted as an illegal bank. You’ll need a sketch pad to understand this complicated scheme that involves high-stakes Chinese gamblers, the River Rock Casino, and a well-known criminal organization. This illegal ring was processing $1.5 million in cash daily. Sadly the government was not able to prosecute this ring or levy any sanctions due to a technicality.
It remains that no one was working alone. There were social relationships established, often online, that allowed this activity to continue.
Using advanced analytics techniques like social network analysis, the machine learning tools algorithms can identify and display all the individuals and their relationship to one another. Investigators can see how each bad actor is connected to other bad actors. Once the ring and actors are identified, a formal investigation can ensue. This makes your AML analytics solution a big win.
By nature, humans are also creatures of habit and follow similar behavioral patterns. Former US House Speaker Dennis Hastert was diligent about removing $7,000 each month to give to his blackmailers. He even scheduled his withdrawal transaction for the same day. While fraud was the least of his crimes, his pattern of behavior is what eventually caused his jail time.
However, most customers are not trying to commit fraud and their behaviors are predictable. When their behavior changes, the algorithm can detect the pattern difference.
By using a machine learning technique called path analysis or sequence analysis, analysts can identify the patterns or pathways that customers typically follow. While fraudsters try to mask anomalous activities or simulate typical behavior patterns, their advanced techniques are more difficult to track. This is work for a machine learning model.
Many of us share similar characteristics, such as where we live, shop, and even make purchases. Marketers depend on being able to classify us into these categories to determine what products we are more likely to want to purchase.
When humans are categorized by age, income, and location, it is easier to understand where the group shops and what they purchase – as well as where they do not spend time and money. Fraud investigators can use this same technique to identify fraudsters. Individuals in these fraudster groups also act similarly. While the groupings are different based on the intended use, the methodology for detection is the same.
Another data science technique is customer segmentation or clustering. By using clustering to segment the customer population, you can subset your customer base into groups to create a baseline for attributes. You can then evaluate future behavior as typical or atypical based on the baseline.
Using this baseline, you can conduct path analysis with social network analysis to help investigate cases.
The current rules-based methods of monitoring transactions yield about a 95% false-positive rate in identifying suspicious activity. That’s a lot of wasted time for investigators and wasted money to the management team. AML analytics solutions are not working as required.
These traditional models are falsely detecting regular activities, which begs the questions:
Applying data science and business logic with consistent model testing and validation is key to detecting anomalies and revealing the big picture. There are numerous ways to use predictive analytics to fight crime.
Because criminals are so skilled at their task, financial institutions must continually improve their detection methods as well.
Using machine learning techniques, data scientists can communicate the main drivers of customer risk to stakeholders and understand the factors that contribute to the customer being identified as potential money launders.
Having analysts investigate and prioritize alerts and cases is time-consuming. What we propose is to automate certain elements to save analysts’ time by surfacing up useful information that allows analysts to evaluate the riskiness of specific alerts. The best case is when they can prioritize and disposition them quickly and effectively.
Consider the high-level process and decision-making steps shown in the below diagram. First, the organization defines customer risk. What exactly makes a customer risky? The financial institution must consider what information regulators would expect them to use when assessing this trait.
One of the most important considerations of a high-risk customer is, what is this person’s opportunity to launder money? You might consider the following factors:
The second step is determining if the customer is high or low risk. If the customer is high risk and requires enhanced due diligence (EDD), the analysts review the individual to determine the next steps. Perhaps the analysts discover the process incorrectly identified the individual. Otherwise, more serious actions are required if the individual is correctly identified as high risk.
From a huge data set, the investigators have identified high-risk customers. This data set contained several attributes recognized by the business as significant based on the following.
For this example, our investigators subset a pool of 3,300 customers. Approximately 10% of this subset contains customers who the investigators identified as a risk. The rest of the records are “normal” customers.
Let’s look at how to use predictive modeling with SAS Visual Data Mining and Machine Learning (VDMML) application on SAS® Viya® and see if it gets the same answer.
SAS Viya is a web-based analytics platform that offers an end-to-end solution for complicated business problems, allowing users to explore data and build AI and machine learning models without having to write a single line of code. This tool performs big data analytics easily and can support multiple data sources with ease.
Once the best predictive model is determined, your team can export the code so it is ready for production. Then all of your cases can be validated or even identified.
One predictive model (or machine learning algorithm) is called a decision tree. It can be thought of as a flowchart and is one of the easier to understand algorithms. Using SAS VDMML, we can tease out not only which variables are the most useful for predicting whether a customer is suspicious, but which values of those variables belong to the most dangerous customers. Quickly finding these insights make the analytics worth the investment.
Like traditional trees, decision trees are composed of branches and leaves and are used to cluster individuals. You can follow the branches to the leaves to understand the different combinations of attributes that were used to determine a risk classification.
We can create a baseline predictive model to predict if the customer is likely to be involved in suspicious activity through the institution. After the data is processed through the application, you can review the insights.
The decision tree divides the data set into branches with leaves. The teal leaves indicate low-risk customers, while the orange ones show the population we are interested in identifying – the high-risk customer!
In the right corner, you can see which attribute drove the predictive decisions. In this case, the country where the transaction occurred is most important. It is the longest and darkest bar. The other attributes were not as important overall in determining the answer. Investigators can explore the interactive decision tree to gain more insights.
When you hover over the leaves, the predictive model displays information. The leaf in the picture shows the model classified 34 customers as high risk. As we learned from the bar chart, most of those customers have a high-risk country of residence and many transactions that occurred in one or more high-risk countries.
If you look at the image above in the Node Statistics table, there are three curious columns on the far right. The first column (called Predicted Value) is the variable the decision tree was asked to predict. The other two columns represent the incoming data: 0 (is low risk) and 1 (is high-risk).
When the analyst used the rule-based system to predict the potential for money laundering, these last two fields contain their results. The high-risk (1) column in the first-row lists 32 customers whom the analyst identified as high-risk. The low risk (0) column has a value of 2. Thus, this classification model indicates that the analyst potentially misclassified potential fraudsters.
In other words, when a customer resided in and conducted transactions within a suspicious country, our machine learning model accurately predicted them to be high risk. This is what we expected! The analyst had, in two of the instances, marked a customer who lived in a high-risk country and conducted suspicious transactions to, in fact, be low risk.
Your data science team can surmise one of two things from this example:
Now we have the opportunity to examine these two customers to understand why the business determined them as low risk and adjust the risk assessment if necessary.
This analytics model is an excellent way of validating initial customer risk assessments. We also learned that customers who have a combination of high-risk residence country and transactions in higher-risk countries are almost always classified as needing an additional review.
If the institution likes this model and finds it to be accurate, the code could be exported into a validation program that runs against other investigations on an hourly or daily basis.
This example is a relatively simple one, but the key takeaway here is that we can use the combinations of attributes derived from the decision tree model to understand risk classifications and help validate those assessments. Management will love using advanced AML analytics for monitoring suspicious activity.
Each of these combinations of risk attributes … our “risk pathways” can be ranked, prioritized, tuned and visualized within SAS VDMML to provide the organization with a more significant, faster and more precise understanding of their customer rise.
If you would like to learn more details about the Zencos AML machine learning methodology, contact us! We have deep experience in this advanced technology.