As an absolute, money laundering is now three times more than it was 30 years ago, or about $2.5 trillion. As a ratio of market volume, it's not much better. Why?
A complex problem, but it is worth arguing for the large misalignment between the speed and creativity of our adversaries and our abilities to keep up. Money laundering structures change literally overnight but by comparison anti-money laundering (AML) changes at a glacial pace.
It is a structural and technical agility flaw that undermines every penny of investment made in AML.
The great news is there are new tools coming on line. Dynamic, agile tools that can catch up, can stay close to the dynamism of market events and more importantly will leverage and make the huge investments in the past absolutely worthwhile.
So how would we today launder money? With so much investment in AML one would think that it would be a more complex and less fruitful exercise. Yet it isn’t. So where are the exposures?
Placement against KYC and on-boarding structures that remain inconsistent
Disciplined sales practices, strong client facing incentive plans and cultural tone from the top are the first and principal barrier to money laundering exposure. If these are weak then it’s easy to place to large amount of funds. Weakness here undermines everything further down the AML continuum - the Transaction Monitoring System, the operations and investigation teams and the resulting regulatory and law enforcement activities.
Even with an excellent and diligent culture, the current Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) processes often remain highly manual, fragmented across different providers and functions and as a result are both expensive and opaque. Most firms invest large sums into EDD third parties because their CDD data access and management is so rudimentary. To be able to integrate and add consistency across CDD and EDD data sources would create a seamless KYC decision making and on-boarding structure. The result is a much more robust barrier to risk walking through the door, a resulting improvement in the effectiveness of all other AML activities and functions downstream, and a not inconsiderable reduction in cost.
Exploit the flaw in the Transaction Monitoring System
TMS’ have been the basis to AML deployments for over a decade now. Running behavioral and comparative algorithms to identify anomalies in behaviors or identify specific malfeasance. Cool technology a decade ago for sure – Mantas (now Oracle) Actimize (NICE), SAS, Fiserv (the old Neteconomy), BAE Detica (old Norkom gang). All pretty good.
Every TMS utilizes solid behavior detection algorithms – critically (and one could argue far too myopically) often aligned to regulatory requirements – identifying outliers in behavior (against peers, against expected behavior established at on-boarding). But money launderers do not want to be outliers, do not want to show behavior that is different to everyone else.
A money launderer that looks like a money launderer doesn’t exist. Or if they do they’re an idiot. Effective money launderers look the same as everyone else. So the TMS is not looking for a needle in a haystack. It is looking for a needle in a stack of needles. And it is this trying to find a needle in a stack of needles that fundamentally undermines the TMS.
To go off on a tangent and something another paper will address in a couple of weeks - often the approach to solving this opacity is to replace the TMS with another TMS. Honestly, this is replacing a steam engine with another steam engine. These tools are great but they are old and they use techniques that find it difficult to identify more agile, more creative adversaries.
Keep the TMS you have. Give it some TLC and focus the budget on supercharging your AML team with a machine learning or rapid analytics layer on top of the TMS.
A layer that leverages the incredible amount of value the TMS has in customer history and enterprise transaction data and regulator approved TMS scenarios, but adds an agile, dynamic and powerful ability to find inferences of criminality, connects the breadcrumbs more effectively and can identify the complex behaviors that the current TMS are finding challenging.
Don’t replace the TMS. Add agility, speed and dynamism to it with machine learning additions – its way cheaper and much, much more effective. But that’s a different paper. Back to the current TMS environments that everyone has ….
So because of the detection rules in place with traditional TMS deployments, the biggest challenge is the volumes of alerts being created by the TMS. These volumes are undermining Operations (often called the Fraud Investigation Unit or FIU) effectiveness, presenting huge opportunities to hide laundering.
It’s always been the same, and we have not solved it and moreover our attempts to control these volumes are institutionalizing the very risks we are trying to solve. What are these attempts and why are they creating easy entry points for a launderer?
Exploit TMS Threshold Management
Lets call it what it is – TMS Threshold “manipulation” or trying to reduce volumes by running predictive models to get alert volumes down and reduce the pressure on the FIU. The consultants doing it are usually not AML experts but rather (really excellent) statisticians. The results of these activities we should all be concerned about – that over 90% of alerts are completely dismissed and ignored.
As a money launderer this it is in this noise where I hide – shell firms with consistent “payroll” payments, or innocuous transactions focused on a single entity that slowly grow over time, particularly aligned to market indices or stock market performance, real estate arbitrage. Establish dull, uneventful statistical activity patterns. Pretty simplistic but powerful actions that give the launderer a 9 out of 10 chance of NEVER being caught. In other words, well intended investments into TMS threshold management has institutionalized the very risks we have been trying to stop. Create activities that get me under the 90% (or even 95%) threshold and I will never be caught.
So if I can lose the signal in the noise, I immediately undermine the behavioral detection algorithms that are looking for anomalies in behavior. Combine this with poor KYC onboarding procedures (that compare current behavior to expected behavior) you undermine most TMS surveillance effectiveness and my chances of being caught essentially go to zero.
Even with thresholds at such a high level, alert volumes are still crazy high. The number of alerts that need to be investigated can be in the 10’s of thousands a month because the TMS analysis is still not finding clear anomalies in behavior.
Exploit the challenges of the FIU
90-95% of alerts from the TMS are not investigated. But the alerts (often in the thousands) that are passed to the FIU, over 90% of these are false positives. So 90% of all your FIUs analysis is a waste of time, money and focus. Moreover the process of analysis and investigation needs to be disciplined and documented, taking a considerable amount of time to review – having to get information from web sites, negative news, PEP lists, internal systems, social media. A lot of effort for a negative result, and huge amounts of redundant activity that the FIU is forced to undertake. So what do firms do to try to solve this? We cover threshold management above but larger firms also …
Target the Outsourced Investigation
Firms drop the operational costs by outsourcing offshore – India, Mexico, China – where labor costs are low. Who cares if you have massive false positive volumes when your paying analysts a few dollars an hour?
Well, as a money launder I care about this very, very much. Nothing particularly sophisticated – but to guarantee laundering success I would go to one of these alert investigation countries, find a few of these analysts that make just a few K a year and offer them a number they can’t refuse. That number is a drop in the ocean for the launderer. If I was making $50k a year I personally would absolutely accept a couple of million in the bank to close any alerts with names or entities that I was asked to close.
And to keep volumes down the entity foci in the alert only needs to be closed a few times and the predictive model will tell the TMS to auto close the alert. Remember the predictive modeling above to reduce volumes? The primary source of data for those analyses is the alert close disposition plots from the FIU.
The result is a virtuous circle for the money launderer created by well intended attempts to reduce alert volumes that once again institutionalize the very problem we have been trying to solve.
I am sure some will push back – that predictive models drive effective TMS threshold management. Respectfully I disagree and the numbers show this systemic failure. If the KYC model is flawed in the first place, the thresholds are doing nothing but institutionalizing risk. Others will say that security integrity in offshore HR is rock solid. Agreed. The resources are driven by getting volumes processed, not finding and dealing with risk. One bad apple has a massively negatively effect.
So what is the answer?
We’ve covered the application of machine learning and new innovations in analytical agility to force multiply the investments made in the TMS.
Fix the FIU investigation process
- Automate data access, calibration, investigation and disposition so the investigation happens in a couple of minutes rather than the 30-60 minutes we have at the moment. There is a lot of relevant and exciting AI and machine learning innovations in this space that can transform the effectiveness of this costly and often subjective activity.
- Ensure the automated process is specific to each alert or case type, each business unit or asset class, each behavior type and ensure these “adaptive workflows” are clear, consistent, documented and disciplined – so remove the subjectivity of the investigation. Robotic Process Automation is interesting technology here, but higher order intelligence needs to be applied so the process is relevant, transparent, constantly learning and continually useful.
- As investigation speed and costs improves TMS thresholds can go from 90% to 60% so hiding in the noise becomes much harder. Threshold manipulation is also removed and feedback into the TMS is based on true evidence based investigation rather than predictive guesswork.
- And the analyst is no longer driven by getting volume processed through an alert factory. Rather now they are investigators following true quality leads rather than trying to find the wood for the trees. And they are well paid because you have a team 10% of the size you required in the past.
The result is an FIU that is 50% cheaper but 50% more efficient. Probably more. Much more as machine learning algorithms increase in effectiveness over time. The result is volumes are investigated, not ignored. The result is money laundering becomes significantly more difficult than it is now. And this is done without replacing or rewriting the impressive investments in transaction monitoring and case management systems of the past. In fact, fix the FIU, innovate at the TMS and those investments become both worthwhile and at long last have a shot of stopping this exposure.