July 17, 2018
By: Joseph M Bognanno, Chief Innovation Officer, Safe Banking Systems and Ben Knieff, Financial Crimes Expert, Safe Banking Systems*
Financial institutions, and increasingly corporates and non-financial institutions, face the unrelenting challenge of combating those who wish to evade sanctions, money laundering and terrorist financing. A keystone in any effective approach to meeting this challenge is the identification of entities as part of the organization’s Know Your Customer (KYC) program, which always includes screening.
Today, criminals will use every means available to evade detection and obscure their identities when executing their activities and transactions. Successful criminal organizations are those that are complex, opaque, well organized and well informed. In addition,these organizations may be aware of their sanctioned status and how institutions deploy sanctions screening.To manage these complex threats that continue to emerge in an ever-changing environment of criminal activity geared toward avoiding detection, the onus is on financial institutions to take advantage of sanctions technology solutions.Institutions must evaluate current technology and make decisions about augmenting existing solutions, layering, transitioning or even replacing them outright.
In this article we will discuss how the fintech compliance strategy in particular can effectively use data and information, resolve entities, make connections between entities and minimize noise in order to zero in on what is most useful in identifying bad actors quickly and accurately. Though the strategies discussed will focus on sanctions screening, it should be noted, that these strategies have broader implications and may also be used for other types of screening.
No discussion of the application of technology in the compliance and screening context would be complete without mentioning the operational challenge false positives have had on decisions around technology strategies and solutions selection.
The limitations of ubiquitous rules-based solutions are rooted in the inability to enumerate all possible threats and the resulting burdensome volumes of false positives. Many institutions are facing a daily or monthly shuffling of human resources based on changing outputs from solutions that only detect what is expected and cast a wide net to manage risk. Any subtle change in data inputs, market trends, or new product roll-out (just to name of few) can result in large shifts in the number of alerts requiring human adjudication.
This is an expensive and inefficient risk management dilemma.
With newer principles-based, advanced analytics and artificial intelligence techniques, a company can now produce more accurate and productive hits while reducing false positives and false negatives (missed hits) to a fraction of what was realized in the recent past.
Vanguard FinTech Compliance Strategy
Cutting-edge sanctions screening programs combine technology with people to accurately identify sanctioned entities and manage risk. Artificial intelligence, in its various forms, is a component of a successful approach, but the human element, how people interact within a strategic technology enabled operational framework,and the work products they produce are just as important.
Each institution has a unique set of circumstances with which to assess their strategy and framework and begin the process of evaluating, selecting and deploying smart solutions that are intelligent, explainable and,consequently, justifiable to regulators.
So, let’s break it down into some manageable components that support the creation of a new, or optimization of your company’s existing technology strategy.
Increased Data Integrity: Data is undoubtedly the cornerstone of any technology strategy for addressing sanctions risk. Big data has become a rallying point for many organizations trying to leverage large quantities of structured and unstructured data to improve screening accuracy and efficiency. What is often underappreciated in the big data discussion is the integrity and quality of the data. If source systems, data models or reference list data is poorly formatted or lacks integrity there is a risk of increasing both false positives and false negatives. As social media, proprietary data sources, news and other information expand our ability to understand context and develop investigative intelligence, the growth of data availability and the demand to leverage it, is greater than ever.
Successful solutions, which are gaining market share, address data integrity through advanced information governance and control measures throughout the operating model.
Data Profiling and Lineage: It is important to understand the impact on data sets and quality/integrity of data in the source systems as it moves, and is aggregated or transformed for consumption by downstream compliance and detection solutions. While this effort still requires a significant investment of time and labor, new automated and sophisticated tools provide standardization,transparency and the ability to ensure key data elements are prioritized versus treating all data (and data issues) equally.
Together with reporting tools that provide metrics and perspective regarding data, critical data elements can be consistently identified across platforms, tracked and monitored for integrity, and prioritized for reconciliation and use.
Compensating Controls: The non-technical frameworks and activities that must be in place to empower and embed the technology component cannot be ignored.Data doesn’t have to be perfect (in fact, such a goal is likely an exercise in futility), and solutions don’t have to automate or mitigate every conceivable risk. Where data quality or integrity resolution is not within a reasonable effort to correct, measuring and mitigating the resulting risk is often a non-technical complement to the limits of what can be done with data and solutions. Calling this out is good governance and good practice.
Ongoing efforts to review and monitor these compensating controls will provide opportunity to apply optimized controls, while satisfying regulatory scrutiny.
Efficiency Gains with Automated Data Collection: Once critical data elements are identified within the various internal and external sources, advances in automated data collection and staging should be considered for operational efficiency gains. Robotic Process Automation (RPA), for example, reduces the dependency on human efforts around collection, correcting, formatting, and adherence to standards, which are subject to human error. This approach is scalable and allows for the consumption of high volumes of data. It also enables investigators to get information from a single platform to perform their analysis and spend more time applying grey-matter and trained expertise, intellect and intuition.
Optimization with “Live Sandbox”: Over the past 8-10 years, increased pressure to manage the risk of reliance on technology and perform validation of the models and analytics deployed within the financial industry has created a demand for more dynamic tools. Near real-time testing and tuning solutions provide visibility, as well as command and control layers needed by sanctions compliance technology teams to support internal model governance, model optimization and regulatory scrutiny efforts.
One immediate benefit is to remove some of the guesswork in assessing the impact of changes to models and algorithms for optimization. This provides quick results that allow for further tweaks and changes to ensure highly productive model deployment. Processes and resources can also be streamlined based on risk and criticality versus having large teams work as a whole on an entire set of models or algorithms.
While being deployed centrally, “live sandbox” type solutions can be distributed to teams in jurisdictions that may have differing requirements. This has the dual benefit of accelerating deployments while making sure that your company adheres to global standards and local governance requirements.
Entity Resolution: Screening of customers and/or transactions for compliance and risk management has continued to evolve as new methodologies have been developed and older approaches have evolved and become more complex. However, many companies still face heavy alert adjudication and the risk of detection failure. Hurdles such as false positives and false negatives can be effectively addressed by some of the latest solutions proven in the market through “Entity Resolution”.
Individuals and entities on sanctions lists know they are on the list. They work to obscure their true identities in order to bypass filters, and understand that older rules-based solutions can be gamed. There are now a handful of vendors who have solutions that are extremely effective at analyzing all entities. Based on the attributes selected, they develop “candidates” using rankings of probability and risk exposure. Practically speaking, all entities are assessed and thresholds based on risk appetite and probability tolerance define the “production events” pushed to investigators.
Approaches of this type result in effective identification of bad actors without creating high volumes of false positives. These solutions rely far less on rules and more heavily on principles,algorithms and math.
Linking Parties: Once entities have been resolved, it can be valuable to make connections between entities using linking technologies to identify relationships. This will allow your company to better understand the context and develop investigative intelligence around criminal organizations and activities. These relationships can uncover hidden risks such as relatives and business partners of prominent politically exposed persons. This needs to extend beyond “name matching” to look at other identifiers such as addresses, titles and business associations. For example, it is valuable to know if an attorney has links to sanctioned entities, or if a politically exposed person has a nephew who is a customer of the institution, a relationship that may not have otherwise been identified.
There is also another benefit to linking parties through shared attributes and entity-linking technologies. The data elements that may be shared among parties also represent another opportunity for enhancing probabilities and exposure indexes within the entity resolution context.
Explainability: Lastly, a key feature of cutting-edge sanctions screening solutions that has been gaining market share recently is explainability. These solutions are moving away from traditional rules-based methodologies toward leveraging principles-based approaches that more closely resemble real-world dynamics. A solution must be justifiable to regulators and fully documented. Explainability helps considerably in this respect, giving regulators insight to the models that are being used to make decisions, mitigate risk and ensure compliance.
Scoring alerts is valuable, but analysts, compliance officers and regulators need the context around what generated a score to adjudicate the alert. This needs to include attributes that contributed to the score in a clear and concise manner so positive matches of entities between data source and reference source can be understood.
The math, machine learning and other forms of advanced analytics making up these screening solutions are not the obscure black-box phantoms feared by the uninformed regulator or compliance officer. They are clearly explainable solutions that provide a high level of transparency and control. Many have now incorporated features which allow compliance officers to test “what if” modifications to screening deployments. They also allow internal audit and validation teams to interface directly with configurations, parameters and workflows, and enable regulators to gain direct access to audit trails, historical data sets, decision making, alert/case escalation and reporting.
Integrating FinTech Solutions
Organizations can meet the challenge of complex hybrid threats by using smart technology solutions,combined with human processes.
While many solutions generate a high volume of alerts, advanced solutions narrow the alert rate to a few percent without missing hits. These solutions provide people with succinct and actionable information on a small number of targeted hits. No technology solution can be the silver bullet. Nevertheless, smart solutions combined with well-trained staff can allow your compliance department better address and effectively manage the global threats institutions face on a daily basis.
*Joseph Bognanno has over 25 years of experience in the financial industry. More than 15 years have been spent within the Compliance industry, working to mitigate money laundering and other financial crime risks through the use of technology specific to AML/FCC initiatives. He has provided training, technical assistance, and guidance to both public and private sectors in over 40 countries.Joseph joined Safe Banking Systems (SBS) in April 2018 and is spearheading the process for developing, managing and implementing new ideas and innovation throughout SBS. Prior to joining SBS, Joseph served as SVP, Head of Global Risk Analytics at HSBC and was responsible for all transaction monitoring and name screening analytics. Previously, he held various positions at anti-money laundering solutions provider NICE Actimize and spent seven years in the U.S. Treasury, Office of Technical Assistance (OTA). In addition, Joseph serves as Chair of SanctionsAlert.com’s Sanctions Technology Taskforce (STTF).
Ben Knieff is a financial crime specialist with Safe Banking Systems (SBS) specializing in fraud detection, identity verification and authentication, anti-money laundering and block chain technology.He has consulted with financial institutions and technology vendors across the globe, helping to merge technology with business objectives to improve financial crime management programs’ efficiency, effectiveness, and profitability. Ben has presented on fraud and AML at industry conferences the world over, and he is frequently quoted in mass-media and industry publications such as American Banker, ACAMS Today, Bank Info Security, The Times of London, Forbes, The New York Times, and Wall Street & Technology