Accurate Triage and Batch Processing for Risk-Based Backlog Remediation

AMLA 2020: Risk-Based Approach to Backlogs

The recently-enacted Anti-Money Laundering Act of 2020 (AMLA) brings the most substantial changes to AML compliance requirements since the USA Patriot Act of 2001. Particularly notable to the topic of backlogs is a formalization of a need for a “risk-based” approach that prioritizes the highest-risk transactions and the imperative to bring “technological innovation and the adoption of new technology” to counter money laundering. The act makes it explicit that resources should preferentially be prioritized for high-risk customers. This required resource allocation is paramount in addressing the backlog across financial institutions, and innovative technologies are critical to putting this risk-based approach into practice.

Many financial institutions were struggling to keep up with increased requirements in anti-money laundering (AML) compliance before the pandemic. They rely on thousands of investigators plowing through millions of alerts to decide whether or not to open a case, conduct an investigation, and determine what is suspicious. 

The process is largely manual and time-intensive and often allocates the same intensive manual process for all alerts, independent of the associated risk. Furthermore, this process touches some of the most sensitive customer, transactional, and account data in the bank. The sensitive nature of this data creates additional challenges, as global financial institutions begin shifting many of their workers to working-from-home, and as workers become ill or must take care of sick loved ones. Keeping the teams sufficiently staffed to handle the growing workload is a challenge further exacerbated by investigator burnout. Furthermore, the ability to hire sufficient remote investigators is proving to be a significant challenge.As a result, many financial institutions have seen a growing backlog of alerts developing over the past year.

We know from past crises that even though overall economic activity may slow during the crisis, suspicious activity often increases. Law enforcement has seen a rise in phishing emails from criminals posing as local, state, and federal government health agencies that offer testing services and vaccines in exchange for sharing social security numbers and account info. At the same time, anomalous but expected pandemic-related transaction behavior such as increased wires and new money transfer apps are evident. There will be no slowing down in the number of alerts being generated. A machine learning solution that can automate much of the decisioning and leverage risk-based scoring is the most efficient, accurate, and scalable approach available.

The Origin of the Backlog

Regulations require that Suspicious Activity Reports (SARs) are filed no later than 30 days from the date of the initial detection of facts that may constitute a basis for filing. A bank will feed thousands (and sometimes millions) of customer records, all of the accounts associated with those customers, and the millions of transactions and interactions on those accounts into an analytical engine, and then apply rules against that data to attempt to identify a subset of those transactions that violate any of those rules.

The objective is to get a manageable number of meaningful “alerts” that then need to be investigated by analysts to answer those questions posed by the bank regulations: what was the background and possible purpose of the transaction? Does that transaction involve potential money laundering? Did it have no business or apparent lawful purpose? Was it the type of transaction that the particular customer would not normally be expected to conduct?

Backlog Problem

Reduced workforces and remote employees have negatively impacted an institution’s ability to process alerts. However, we have learned that money laundering and fraud, unfortunately, often increase during a crisis.

Gathering all the customer, account, interaction, transaction, and all of the relevant external data and information, and then answering those questions, takes a tremendous amount of resources — data, technology, process, people, and time. Rising regulatory expectations brought by the recent Anti-Money Laundering Act—coupled with harsh penalties “in the case of repeat BSA violations” —drive many institutions to alert on too many transactions for fear of missing something that, in hindsight, turns out to have been suspicious and reportable.

As a result, in the best of times, many banks are faced with an imbalance in the number of alerts being generated and their ability to investigate and disposition those alerts in a timely fashion. Even though more than 9 out of 10 alerts generated by the typical AML transaction monitoring system do not result in a SAR, all of those alerts still need to be reviewed manually by an analyst.

While software providers have jumped at the pain point of reducing the number of false alerts, the rate of alert generation is still vastly outpacing most institutions’ abilities to process, investigate, and decision these alerts. Financial institutions cannot hire and train fast enough in order to keep up. Furthermore, the answer is not to simply generate fewer alerts, or to cap the number of alerts, as that has led to penalties

This tension between massive alert inflow and the constrained resources to process them within the time required has led to a backlog of tens of thousands of unprocessed alerts at many institutions. Similarly, when a financial institution is forced by the regulator to complete a lookback, this added burden can also tilt the scale towards causing a backlog problem due to insufficient resources. Reduced workforces and remote employees have negatively impacted an institution’s ability to process alerts.

Backlogs can lead to public enforcement actions. Under normal circumstances, financial institutions are penalized for having an alert backlog or other AML deficiencies. We can expect these penalties to be enforced on institutions that do not vigorously process accumulated backlogs, even during the pandemic.

Limitations of Rules-Based Automation

Typically, banks will hire a consulting firm to clear their backlog of alerts. And typically, those firms will use a blunt-force, labor-intensive approach to churn through the thousands of backlogged alerts. Even for a short six-month backlog, the costs will run into the millions of dollars, and the project may take 6-12 months to complete.

Tackling the backlog is a critical step and will be vital in clearing buildup accumulated during the coronavirus pandemic. However, an ideal solution will address the underlying inefficiencies in the alert generation model by tackling the high “false positive” rate. Otherwise, the inflows will remain greater than the bank’s ability to manage the outflow, and it is likely that the alerts backlog will accumulate again, particularly as it may take some time for investigative teams to be back to full capacity. This buildup can only be prevented by driving efficiency in alert processing. Suggested steps to drive efficiency include automated SAR processing for some classes of alerts and robotic process automation (RPA) for certain time-consuming aspects of the investigation. However, both automated alert-to-SAR processing and RPA have limitations.

The OCC has provided guidance that alerts for structuring cash transactions below $10,000 to avoid BSA reporting thresholds can be automatically filed as SARs without a manual investigation—under certain, somewhat limited, conditions. The guidance allows for automated processing of these alerts in the absence of “other high-risk activities in close proximity to the potential structuring,” and provides that “automated filing of structuring SARs is only permissible to the extent that it is supported by strong risk governance that removes higher risk transactions from the automated process.”

This approach of streamlined processing for structuring would still require techniques to prove that there are no other high-risk activities involved. Therefore, without more intelligent automation, this approach alone is unlikely to provide much relief, as additional investigations will be required to safeguard against associated risks.

RPA techniques have been attempted as a solution here, for example, to generate automated Google queries of the subjects in an alert and to discover any adverse media. These involve programmed queries that append a list of negative terms to a subject’s name. However, as Google is not designed to be a query engine for AML, the false positive rate of this RPA is very high. 

Furthermore, many data sources such as DOJ reports, sanctions and PEP lists, and other beneficial ownership information is not effectively indexed by Google. RPA may therefore not qualify to alleviate concern of the possibility for other high-risk activities involved.

A Subject-Based Approach Powered By Artificial Intelligence (AI)

A machine learning approach is needed that recognizes which negative news themes and context are predictive of risk-based SAR filing, and which are not, and can comprehensively search those sources that Google does not. Accuracy in terms of entity extraction is of course the baseline minimum for leveraging the power of public data. However, relevance in associating the correct risks is critical for being able to automate more of the process. This approach puts into practice the risk-based guidelines of the recent AMLA.

Backlog Diagram

Quantifind’s Graphyte Platform

Quantifind’s Graphyte platform provides a solution to this backlog problem, both in addressing a backlog developed during the pandemic, as well as providing efficiencies to prevent them going forward. Graphyte automatically screens the subjects of all alerts through PEP lists, sanction lists, negative news, and adverse media, and leverages machine learning scoring algorithms to extract only the most accurate and relevant sources.

Graphyte has been shown to help eliminate 90% of an alert backlog with a one-time batch screening.

Quantifind also provides executive-level reporting of the alerting triage, providing links to source documents and risk factors and scoring. Confidence levels of these risk factors are also transparently provided.

Graphyte integrates with existing case management platforms to include internal customer data and leverage established decisioning rules as well. It can drastically reduce a backlog within days, and even more importantly, provide the level of automation necessary to prevent new backlogs from accumulating to create sustainable solutions for global financial institutions.

This automated approach to remediating backlogs can be leveraged for lookback applications as well. There is a reduced benefit to manually intensive investigation for the lookbacks. A batch screening of external risk factors for the entire lookback period can help prioritize the limited number of cases that actually do require manual investigation. This could reduce the professional services resources needed by an order of magnitude.

Automation Makes Clearing and Preventing Backlogs Part of the Workflow

Risk-based automation of alerts triage incorporated into the AML workflow makes operations more predictable and can prevent backlogs from building into unforeseen future costs. It remains to be seen exactly what AML compliance modernization will bring in terms of enforcement, but it’s clear that technology will play a substantial role in bridging the gap between resource shortages and accelerating growth of transaction volume.