Eliminate Silos to Optimize Financial Crime Management

In the US, the cost of anti money laundering (“AML”) compliance is estimated at $23.5 billion per year. European banks come close with an estimated $20 billion spent annually. This spend goes towards technology, operational processes, people and legal / consulting costs.

Within the financial crime domain, fraud is a further significant cost area. While sometimes representing less of a direct compliance risk, fraud may result in losses, foregone revenue and remediation costs. Fraud (or false positives identified by a fraud system) also usually result in a negative customer experience. In the case of a rejected card authorization customers often switch to another card in their wallet and continue to use that card for future purchases.

Financial institutions are investing heavily in enhancing financial crime processes and technology. A desire to enhance the productivity of their financial crime operations is one driver. Increased fraud rates during the COVID epidemic and evolving regulatory demands are others. For example, in the US the Anti-Money Laundering Act (AMLA) of 2020 is expected to be a catalyst for investment and change as its provisions are progressively implemented.

In the EU, the ECB’s TIBER framework that enables regulators to test the cyber defenses of banks in their country and has placed additional focus on cyber for many banks.

As financial institutions adapt to these changes some have identified the opportunity to consolidate what are often siloed financial crime operations.

Consider an example — abstracted for simplicity:

  • As part of AML transaction monitoring responsibilities a Canadian bank is required to report a SWIFT MT103 transfer of more than $10,000 or two or more transfers within 24 hours that total more than $10,000.

The siloed nature of the above activities in some banks is due to the evolution of both regulation and the services offered by the bank.

Considering the above — what are the key opportunities for consolidation and optimization? The simplified generic financial crime management process below will be used as context for identifying opportunities.

Generic Financial Crime Management Process

Prevention & Detection

Since there is an overlap in identifying suspicious behavior (typically broadly defined in terms of AML regulation once moving beyond defined rules for suspicious activity) and anomalous or suspicious behavior that might indicate fraud, an immediate opportunity is to consolidate transaction monitoring and fraud detection processes.

  • A single real-time data pipeline can feed data for both uses even though the transaction monitoring detection processes may not need to act in real-time.

The diagram below highlights in red technology capabilities that could be shared in the above consolidation scenario. Rules authoring and detection could also conceivably have uses beyond transaction monitoring in fraud.

In a more comprehensive approach cyber, internal and other fraud detection could also be brought together under the same approach. Log data — often complimentary to (or overlapping) the data shown in the above diagram may be analyzed after the fact using rules and machine learning models to pick up anomalous behavior patterns. This is illustrated in the diagram below.

A consolidated effort incorporating cyber is also more likely to be able to respond quickly to attacks or vulnerabilities identified by authorities or tech firms. The impact of these may range from increased risk of a cyber event like a DoS attack to risk of account takeover.

Combining the data processing, rules definition and data science teams responsible for the detection environments can help. In so doing, members of this team may share insights into bad actor patterns that may be helpful across the various domains. Consolidated management of the data pipeline can also be more efficient as changes to source systems can be understood and adapted to more easily.

Post Detection: Customer Engagement, Investigation & Reporting

Post detection activities may also provide opportunities for consolidation:

  • Automated or intermediated customer engagement after any financial crime ‘event’ may involve orchestrating back-end systems (for example to suspend access), reaching the customer through some channel — message, app or call centre call and then conducting further follow up. Most of these interactions if required can be consolidated and this may lead to a more logical experience for the customer.

Where to start

  1. At a technology level, engineering a consolidated real-time feed of customer, activity and transactional data and adding matching and profiling capabilities is likely to deliver a clear return on investment for financial crime solutions in the short term. This same feed of data has multiple uses in the medium term to drive real-time customer offers and interventions.

In my role at Microsoft I define blueprints for what our Services teams worldwide do to help our Financial Services customers achieve more. Views are my own.