For banks and financial institutions across the world, cracking down on money laundering has never been more critical. Today global money laundering transactions comprise an estimated two to five percent of the global GDP - roughly $1 - 2 trn annually, according to PwC.
The costs of non-compliance are high. US Bancorp was fined $613m in February for lax anti-money laundering controls. Similarly, the Commonwealth Bank of Australia was fined $700m for AML non-compliance this summer.
Problem areas cited in the recent case of Commonwealth Bank of Australia are not unique. They reflect common challenges for banks missing the mark with AML compliance. To use this particular case as an illustrative example, the bank was fined for:
- Failure to properly monitor transactions for money-laundering red flags on 778,370 accounts for three years.
- Suspicious Activity Reports (SARs) being filed late, or not filed at all. Finding false negatives or hard-to-find AML alerts buried deep inside intricate network of accounts and identities is time consuming. This often leads to late filing or - worse - no filing at all.
The risk of money laundering spans the entire financial services ecosystem - banks, payment providers and newer cryptocurrencies, such as Bitcoin and Ripple and more. Given how much financial activity occurs every second, everyday, it’s important for banks and financial organizations to develop a robust AML strategy that is effective in stopping fraudsters in their tracks.
However, few people outside the AML compliance profession fully appreciate how hard it can be to get it right. Thankfully, there are new technologies such as graph analytics that can help. As we dive into this topic, let’s first consider key challenges contributing to this exceedingly difficult task.
Common challenges to AML compliance
Three fundamental issues with AML monitoring contribute most to ineffective AML processes. These include:
- High numbers of false positives in AML alerts: More than 95 percent of AML alerts raised in routine monitoring processes are ultimately unrelated to money laundering - an incredibly high rate of false positives. However banks and financial institutions are not entirely to blame as regulators mandate that banks cannot miss a single productive alert that might warrant a Suspicious Activities Report (SAR) filing. Banks therefore will tune alert rules to flag anything that is suspicious.
- Hard to find actual money laundering: Money launderers are becoming more sophisticated every year, creating an intricate network of identities and accounts to funnel their criminal efforts. This makes it particularly hard and time-consuming to find the false negatives buried deep inside the mountain of legitimate transactions.
- Manual time-consuming process of case investigation: High risk alerts are processed as cases for further investigation by an AML analyst. It can take anywhere from 20 minutes to several hours to investigate and resolve complex alerts, turning each case into a Suspicious Activity Report (SAR) or closing it when the investigator deems the activity as unrelated to money laundering. The process is costly, time-consuming and ineffective.
Naturally, the best way for banks to cut cost is to lower the false positive rate without sacrificing the number and quality of SARs filed. In order to achieve this goal, a bank may be tempted to reduce the total number of alerts generated, hoping that this will cut out a lot of false positive alerts. But this is a dangerous approach since it could mean throwing the baby out with the bathwater.
Graph analytics: an ideal technology for AML compliance
Today, existing AML compliance systems, for the most part, are built upon relational databases, which store information (customer, account, transaction, etc.) in rows and columns. Relational databases are great tools for indexing and searching for data, as well as for supporting transactions and performing basic statistical analysis. But, they are are poorly-equipped for connecting the dots and identifying relationships within datasets - essential features for analyzing money trails and assessing AML risk.
The problem is exacerbated given analysts need to join a number of tables to run queries for finding potential connections. These queries can take hours or even days to run using a relational database. The effort renders meaningful analysis of linkages among parties and transactions practically impossible.
Graph databases provide the ideal technology for analyzing known relationships and revealing hidden linkages, networks and clusters. Unlike a relational database model, a graph database stores information in nodes – representing customers, entities, and their attributes— and edges – representing connections.
When there are multiple nodes and edges, a graph is formed. Connections between nodes can be identified by traversals throughout nodes and edges on the graph. This is more efficient and faster than running queries across tables joined together. In the case of AML, fund flow trails and parties involved in money laundering activities together create a web of entities and relationships. This is achieved through the three phases of money laundering: placement, layering and integration.
Using linkage and network analysis enabled by the graph model, this web can be dissected with speeds and accuracy that were impossible using a relational database. Combined with conventional AML compliance tools, we can incorporate graph analytics to uncover key insights. This involves looking deep and hard at data from all types of sources - much like how our brains learn and recognize patterns of suspicious behaviors, activities and relationships - through intelligent analytics and advanced algorithms.
In short, graph is a powerful tool to bring together seemingly fragmented pieces of AML data into a coherent whole. Using graph analytics, institutions can gain new insight into the story behind a particular money movement - including the use of various media and the systems used.
Let’s consider the value of graph analytics in addressing two challenges in AML compliance: false positives and false negatives.
Using graph for reducing false positives in AML alerts
The following figure demonstrates the use of graph to reduce false positives by ruling out low risk alerts:
In this case, a new AML alert is raised for “Counterparty 2” due to recent financial transactions with a customer account. A traditional approach would determine this new alert as high risk. Traditional metrics, such as high number of alerts generated and multiple Suspicious Activity Reports (SARs) filed on the same customer account, would point to the likelihood of high AML risk.
Through graph analysis, we see out of all the previous alerts, only those related to Counterparty 1 became SARs. Those related to Counterparty 2 have all been closed.
Given that this new alert is related to Counterparty 2, it will likely be more similar to alerts 3 and 4, as opposed to alerts 1 and 2, and thus probably should be closed, or at least low risk. This demonstrates how graph analysis can identify and group “like” alerts. A conventional transaction monitoring system would miss the relationship.
Finding false negatives in AML (alerts missed by other solutions) with graph
Our next example demonstrates using graph to uncover hard-to-find money laundering (finding false negatives):
Here, a new alert is classified as a low-risk alert under a conventional scoring approach, because none of its attributes measured by the traditional scoring model displays any AML risk. But the conventional approach fails to consider the cluster of high-risk customers that this alert is associated with.
This new alert is connected to a new customer, who shares the same phone number with four other high-risk existing customers, on whom multiple SARs have been filed previously. This sort of hidden linkage through a phone number would have been quite difficult to uncover using human review or existing models and systems. Thanks to graph, it is revealed, and the new alert can be elevated to a high-risk alert.
As can be seen from the two examples above, graph-aided alert prioritization does not replace banks’ existing alert review processes, but only enhances it by enabling more complete and accurate AML risk assessment of alerts. This allows banks to allocate more time and resources to review higher risk alerts, while leaving lower risk alerts to more junior analysts.
Some large banks have even started experimenting with auto-closure of alerts that fall below a certain threshold during this alert-prioritization stage. This way, banks can save time and lower costs by getting through lower risk alerts quickly, while ensuring the quality of review by having sufficient justification to be confident every high-risk alert receives careful review in due course.
Improving accuracy for machine learning for AML with graph-based features
Let’s consider three alerts in the example below. We’ll examine how alerts are rated using traditional features based on account history, and how they are classified using graph-based features.
Training data for machine learning incorporates key features, such as: financial transaction amount, SARs filed for related account, and if the particular account is part of a high-risk geography. Based on this, an alert is raised for Counterparty 2. This account received funds from a customer account also doing business with Counterparty 1. We see SARs filed for Counterparty 1 based on past transaction history, and that Counterparty 2 is also in a high-risk geography.
After reviewing the features generated by graph database, our alert for Counterparty 2 ultimately is reduced to low risk, as all alerts in the past for this account have been closed and none have tuned into SARs. So even though the account is high risk geography, it does not share phone, address or any other information with a high-risk account with SARs. Graph-based features have essentially ruled out a false positive in the AML alert for Counterparty 2.
Now, let’s examine an alert for the new customer, who is not located in high risk geography, does not have any alerts or SARs and has no history with the financial institution. A traditional AML solution would not flag an alert for this new customer. However, graph-based features dig deeper to find that new account shares a phone number with several customers with SARs. The graph-based solution creates a new AML alert missed by the traditional AML solution, marking it high risk for further monitoring and investigation. In this way, our graph-based solution finds the false negatives, or hard-to-detect money laundering cases, that would be missed using traditional solutions.
The future of AML
In today’s era of data explosion, it’s more and more important for organizations to make the most of analyzing their colossal amounts of data in real time for AML.
The key to capturing money laundering activities is to represent transactions in a manner that enables understanding of the flow of money through the various accounts, potentially spanning several intermediaries in the graph. In addition, side information, such as media used to interact with the accounts can be used to further study the money transfer behavior for laundering activities.
By supporting this effort, real-time graph technology and analytics offer a rare opportunity to revolutionize the entire field of AML in banking and financial services. It will become the industry best practice in the near future and may well become part of the regulatory expectations.
Implementing any new technology requires some investment and commitment, but at the same time, not having graph in an AML compliance toolkit will likely prove to be even more costly and painful over time. The best way to get started is to with baby steps (e.g., alert prioritization) to get real benefits first, and then to follow an evolutionary path to more widespread use of graph in AML compliance.
As the entire banking and financial services industry embraces graph in AML compliance, institutions that start early will surely get ahead of the curve. Using graph, they are finding that the once burdensome process of AML compliance can transform into an advantage.