Subscribe to QUMAS Communications QUMAS Compliance Room Blog
Media Center Printer Friendly

OpRisk & Compliance - ANTI-MONEY LAUNDERING

In the line of fire

In the global fight against money laundering, financial institutions are developing various hi-tech weapons. Peter Madigan reports

When you think about money laundering and the people behind the effort to counter it, you don't exactly imagine James Bond. A more likely image would be a team of bleary-eyed back-office guys sifting through piles of transaction reports.

The mundane reality of anti-money laundering (AML) and fraud prevention lies somewhere in the middle – high-speed chases in powerboats down the Thames are uncommon when financial criminals are being arrested, but some impressive technology that could have come straight out of Q Branch has revolutionised the ways in which financial institutions are fighting back against the bad guys.

In fact, in many cases, software providers who built their business around serving the needs of the intelligence community were approached by financial services providers to offer similar search tools to meet their business requirements.

"Our business originated in the security and intelligence areas and we were pulled quite aggressively into the commercial arena, primarily by banks thinking about risk and compliance. Financial services was the first commercial sector to pull us out of government. They approached us for this technology, not the other way round," says Tim Paydos, director of IBM's threat and fraud intelligence unit.

Shared technology

This seems to have been the way many AML software providers working with banks today first became involved with financial services. In addition to IBM, Actimize, Digital Harbor and Mantas also evolved their current detection solutions from tools previously supplied to US and Israeli intelligence.

"Mantas is an offshoot of SRA International, a software firm focused on helping the US government, the CIA, FBI, NSA and the Pentagon with monitoring large amounts of data, and applying complex pattern-matching requirements to that data to find very specific types of information, like criminal behaviour," says Stephen Epstein, vice-president of product management at Mantas.

"Around 1998, SRA considered what other industries these types of technologies could be spun out to and the first was financial services, both because of the various government regulations such as the Bank Secrecy Act (BSA), and other AML obligations. Mantas uses all the same technology, such as sequence detection engines, to find rogue traders that the CIA is using to look for terrorists moving money," Epstein adds.

So what types of technology are we talking about, and how does it actually work? There are four main tools that have been developed to assist in the hunt for potentially criminal activity, three focused on AML and the fourth on internal threats. The simplest means of detection is to configure a system with set limits, within which normal transactional activity takes place. Anything that breaches these limits is then flagged for investigation.

"Transaction monitoring software most often uses business rules that are designed to catch a certain type of transaction or transaction pattern. Business rules are usually written along the lines of 'find all transactions over $5,000 over the last three months'," says Neil Katkov, Asia research director at software provider Celent.

This sounds simple enough, but while transactional limits are the most basic means by which rules could be applied to flag suspicious behaviour, other vendors argue that, despite not been particularly hi-tech, rules-based systems can be the most effective in honing an AML and fraud system to an institution's needs.

"The National Association of Securities Dealers has a whole series of rules for both AML and broker surveillance, and those rules can be built into a system to flag any potentially dubious situations that humans would not even come close to identifying," says Steve Sabin, vice-president of compliance implementation at software vendor Protogent.

"You could have a trader who is trading in and out of a client's account for no benefit to the customer but still getting paid very well for it. Without a rule built in to alert you to such activity, no-one would ever notice," claims Sabin.

Pattern recognition

Rules may be effective but they still have to be built in – the firm has to know the tricks both customers and staff will pull to ensure the system is built to catch them. Other AML solutions apply algorithms to transactional behaviour to identify trends that would otherwise fly under the radar of compliance teams.

"Pattern recognition is all about looking at millions of transactions and hunting for trends of unusual behaviour. Algorithms will look at activities in accounts and then match them against well-understood patterns of behaviour. For example, if a small business is depositing round-number cash values, say $10,000, in an account on a regular basis, then that could indicate something funny is going on. This type of structuring is exactly what pattern-recognition tools look for," says Austin Wells, vice-president of product management at Digital Harbor.

The application of these algorithms is vast and has certain benefits over simple rules-based systems. "Take illicit activity such as insider trading – you could use a rules-based engine to check stock isn't being bought before announcements, but a rule can only evaluate one problem at a time," says Epstein. "If you're looking at millions of data points such as market data, news information and orders and executions you need a sequence-matching solution to detect any discrepancies in the data."

"ABN Amro has 60 million accounts globally. They produce hundreds of millions of records on a daily basis, that they have to look through every night. We apply roughly 110 different patterns to that data, and the following morning tell ABN what suspicious transactions have taken place," Epstein adds.

False positives

The drawback with such technology is the high rate of 'false positives' alerts they can throw up: "as many as 90% in some cases," according to Wells. This isn't just a problem for banks trying to separate real criminal activity from the everyday however, since many banks are now passing suspicious activity reports (SARs) up the chain to federal investigators, without doing any investigation of their own.

This 'defensive filing' of SARs is not simply just the legacy of banks fearful of regulatory reprimand for allowing a bad guy to slip through the cracks, but also a reflection of the manpower cost involved with following up alerts; it is cheaper to report them all than to take the time to sift out the innocuous alerts.

According to Financial Crimes Enforcement Network (FinCEN) data, more than 900,000 SARs were filed in 2005 alone – 30% of all SARs filed in the past decade. The first six months of 2006 saw even more, with an 11% increase on the number filed in the first half of 2005. The surge appears to be waning in 2007.

"The total number of SARs filed annually appears to be levelling off. There are many factors that may contribute to this. Continued regulatory examinations likely play a part in better compliance by the industries. Also, those institutions reporting suspicious activity appear to have a better knowledge of what is reportable," says Candice Pratsch, public affairs specialist at FinCEN.

Nonetheless, better detection tools are probably making a difference too. The answer may lie in increasing cross-referencing across different AML detection tools.

"Most banks have based their AML plans on transactional or behavioural analysis. These are inadequate due to the high volumes of false positives, and the fact that they only show one piece of the puzzle – you need to marry these tools with identity resolution and name recognition because the [basis] of all fraud is identity," says Paydos.

"As a Westerner, you can differentiate Rob, Bob, Bobby, Robby but still comprehend they are variations of Robert. If you take a name from a different culture that you're unfamiliar with it becomes more difficult. Consider the name Mohammed Hussain and all the various spellings and possible different ways that name could be interpreted. There are actually 344 permutations," he continues.

"Having the ability to recognise multinational names in crucial. We acquired a company that is now IBM's Name Recognition Service, which contains a database of more than a billion names. It then utilises sophisticated algorithms to determine name classification, genderisation, as well as simple name-matching to compare with political exposed-person lists," Paydos concludes.

The complete automation of these processes is allowing banks to dramatically cut down both time and financial costs to the AML compliance process. Nonetheless, some AML specialists remain unconvinced as to the value of the tools now being developed.

"Technology is certainly changing the way we work and I think more criminals are being detected now than ever, however, I don't think it's a function of any specific technology. I believe that the mere use of spreadsheets to manipulate data is making a difference, but not the use of any specific and sophisticated technology," says Juan Llanos, director of compliance for Unidos Financial Services.

"A good financial intelligence specialist can effectively detect money-laundering patterns with some basic and fairly widely available tools, such as a good database and Microsoft Excel. I don't buy into the current hype," he adds.

It is not just money launderers and rogue traders that are being targeted by better surveillance. Employees at financial institutions are also being more closely monitored, to ensure any insider threat can be tracked down and dealt with in short order.

"In some respects, AML is relatively simple to track using transaction monitoring. Insider threats on the other hand are a much more complex problem, as it can have collusive elements, and employees know the system and how to hide their tracks," says Yovel Badash, vice-president of US operations at software vendor Intellinx.

"Companies spend tens of millions to secure everything, but the one thing that cannot be secured is what the authorised user does on the internal application of the company – that is the insider threat. There are no controls over authorised usage."

"Our technology plugs a sensor into the network switch that records all the activity that goes through the switch by every user – it's like a camera on the highway recording each car that goes past. We record the user interaction with an application and [can] replay where the user has gone, what the user has looked at and what the user has changed within an application," Yovel adds.

Orwellian parallels

While the comparisons with Big Brother are obvious, such a tool would have implications not only for AML but for every area of an organisation, both within and outside financial services. If such technology had been in place at WorldCom or Enron and punishment appropriately administered to the guilty parties, would chief executives today be signing off on Section 404?

There are truly some exciting technologies available to financial institutions in the fight against money launderers and internal fraudsters, but it is hardly surprising given the regulatory environment in the US since 2001.

"The government has made it clear through the regulators that they expect financial institutions to be the first line of defence against money launderers. They've done this through reports and fines and banks don't have a choice in the matter; they're expected to unearth this activity – this is their job," says Linda Wolosz, head of regulatory services at compliance software vendor Qumas.

Whether banks feel it's their job or not, the US regulators, speaking on behalf of the intelligence services, and politicians in Washington have clearly laid down the law. But that doesn't mean financial institutions are happy about it.

"Making financial institutions the 'first line of defence' is the intended federal mandate of the BSA and the Patriot Act, as several government authorities have repeatedly stated in their speeches. Unfortunately, the government has failed to provide us financial institutions with any consideration whatsoever for this 'public' role. I firmly believe we should get tax breaks or some other form of assistance because without us, the government databases would be empty," says Llanos.

This frustration is understandable, since the cost of conducting AML surveillance falls solely on financial institutions. The tools are out there to build automated systems to alleviate the burden on compliance and AML teams. Whether financial institutions choose to utilise them is another matter.