Financial Crime Monitoring: Time for a Paradigm Shift

Nancy Chua Annie Tan Shubha Mahawar Managing Consultant Senior Consultant Senior Consultant Financial Crime Practice Lead, Singapore Financial Crime, Singapore Financial Crime, Singapore [email protected] [email protected] [email protected] Table of Contents

Executive Summary 01 • Current State: Inefficiencies and Ineffectiveness 01 • The Urgency for a Paradigm Shift 01

Understanding Internal and External Drivers of Change for TMS 02 • Common TM Challenges 03 • External Drivers 03

Using AI and Data Science to Overcome Internal Challenges in Transaction Monitoring 05 1. Data Quality Issues 05 2. Siloed Information 06 3. Manual Investigation Process 07 4. Rigidity of Rules 09

How Can Synechron Help? 11 Financial Crime Monitoring: Time for a Paradigm Shift | 1

Executive Summary

The United States and European Union the Commonwealth Bank of Australia and Transaction Monitoring Systems regulators have imposed USD 342 billion was fined a record penalty of USD 529 (TMS). 2 worth of fines on banks since 2009 for million due to Money Laundering (ML) In this paper, we discuss the widening misconduct, including violation of Anti- breaches. While this does not compare gap between the internal operating Money Laundering (AML) rules. This to the billions enforced on US banks, environment in Financial Institutions number is expected to reach USD 400 there has been enhanced scrutiny 1 (FIs) and the increasing regulatory billion by 2020 . The US remains ahead among APAC regulators. As such, the expectations that demand an agile, on this front, but Asia-Pacific (APAC) region has been investing heavily in large adaptive and effective Transaction peers, especially those in Australia, are transformation programmes – specifically Monitoring (TM) programme. increasingly catching up. In June 2018, within the domain of Compliance, AML

Current State: Inefficiencies and The Urgency for a Ineffectiveness Paradigm Shift

Today, TM remains one of the most While most FIs are still trying to catch up demanding AML challenges in most in fixing their internal and legacy issues, FIs, despite all the heavy investment systemic-wide development in the market in systems, compliance resources and continues to shape and define regulatory controls (which remain as largely manual expectations within the AML space. For processes). Though designed to automate example, Artificial Intelligence (AI) can the detection of suspicious activities, TMS be used to tap into communications are deployed in conjunction with a highly such as chats or e-mails related to trades subjective and lengthy investigation conducted. Voice analysis may give clues process. This requires sourcing of on suspicious activities where the stress information from multiple internal and levels seem high or urgency is expressed. external sources to establish and evidence Such advancements in the data and an expert judgment. technology available has increased Often, the majority of alerts produced scrutiny on the AML programmes of by conventional TMS are found to be FIs. As a result, the gap between the false positives due to the transaction internal operating environment of FIs rule setting design, which is based and regulatory expectations continues to on a tick-the-box approach to satisfy widen. regulatory requirements. As a result, this leads to a high level of inefficiencies and rising operational and resourcing costs, and more importantly, it increases the risk at which suspicious transactions go undetected exposing FIs to more regulatory penalties.

1 | https://www.reuters.com/article/us-banks-regulator-fines/u-s-eu-fines-on-banks-misconduct-to-top-400-billion-by-2020-report-idUSKCN1C210B 2 | https://www.channelnewsasia.com/news/business/australia-s-commbank-accepts-record-penalty-in-money-laundering-case-10361156 Financial Crime Monitoring: Time for a Paradigm Shift | 2

Understanding Internal and External Drivers of Change for TMS

For a TM transformation programme depending on their operating models, the problem, we have also identified to be agile, adaptive, and effective, it is governance, policies, and procedures. four external drivers that encourage important to consider two major angles These internal drivers are often the the widening gap of unmet regulatory – both the internal and external drivers. reason for high levels of ineffectiveness, expectations. We have identified four internal drivers operational inefficiency, and gaps in that are managed very differently by FIs compliance coverage. To exacerbate

Common TM Challenges Internal Drivers External Drivers

Data Quality Increasing number of Higher number Issues transactions of false alerts 1

Siloed Proliferation of alternative Information payment systems as ML 2 vehicles High cost of Widening operation & gap of unmet maintenance Manual regulatory Increasingly complex Investigation 3 expectations technological landscape Process

Financial crime regulatory gap Rigidity of Highly sophisticated 4 Rules financial criminals

Underperformance against regulatory expectations Increasing regulatory expectations

Diagram 1 : The widening gap of unmet regulatory expectations Financial Crime Monitoring: Time for a Paradigm Shift | 3

Common TM Challenges

Evidently, despite all the technological advancement, most FIs continue to face legacy issues that erode the effectiveness and efficiency of their TM programmes. The following are products of the internal drivers within the operating environments of FIs. • High number of false alerts – Studies have shown that 75-90% of the TM alert population comprises of false positive alerts.3 With an increasing number of transactions over the years, the number of false positives has correspondingly ballooned as well. • High cost of operation & maintenance – Banks continue to invest heavily in technological infrastructure in view of improving and shortening the turnaround time of TM processes. Despite this, the process remains highly reliant on manual investigation and interpretation. As a result, the External Drivers cost of operation and maintenance continues to increase in parallel with In recent years, the systemic environment from which FIs are operating in has vastly the increase in transaction volume. changed, indirectly shaping new areas of attention for the regulators. Key changes in the landscape include: • Financial crime regulatory gap – Banks are still under strict scrutiny • Increasing number of transactions cloud, enterprise services, and from the regulators and continue – Steady upward trend in global implementation of new systems, getting penalised for TM deficiencies transaction volume, mainly driven by amongst many others. Using a wide caused by the ever-changing the growth of emerging markets and range of systems and tools, with the regulatory requirements paired with digitalisation of the financial services involvement of multiple parties can banks’ inadequate frameworks in industry. enable great progress or may also place. They are failing to solve the become a liability if not managed root causes of TM issues and are • Proliferation of alternative well. not adapting quickly enough to the payment systems as ML vehicles demanding regulatory landscape. – Alternative payment options like • Highly sophisticated financial Bitcoin and Alipay may propagate criminals – Criminals are early Often, we observe leading banks the risk of being used as a ML vehicle adopters of technology and they attempting to crack these problems due to their relative anonymity are always striving to utilise and by switching to different vendors from conventional banking products manipulate them illegally for their or going through organisational which makes it difficult for banks / own financial gains. Examples transformation and process optimisation regulators to piece together a full ML include the Malaysian 1MDB that simultaneously cut structural cycle. scandal4 where political affiliations and operational costs. Fundamentally were prominent, as well as however, these changes only solve part • Increasingly complex technological cybercriminals who employ virtual of the equation and not the root causes, landscape – The system currencies, gaming, digital payment hence FIs find themselves going through architectures of FIs have never systems and micro-laundering TMS transformations every few years. been more complex. Institutions 5 now work with in-house experts, schemes . Monetary trails and contractors and third-party vendors evidences that were previously to fulfil a variety of needs. Examples easier to trace and gather are now of these include integrating or becoming more obfuscated and at decommissioning legacy systems, times, untraceable. data warehousing, moving to the

3 | https://www.forbes.com/sites/steveculp/2018/03/05/banks-need-new-approaches-in-complying-with-financial-crimes-regulations/#5e1cddec4147 4 | https://www.wsj.com/articles/scandal-in-malaysia-1436113149 5 | https://www.cnbc.com/2018/03/16/globe-newswire-up-to-200-billion-in-illegal-cybercrime-profits-is-laundered-each-year-comprehensive-research-study-reveals.html Financial Crime Monitoring: Time for a Paradigm Shift | 4

Internal Drivers Root cause to the common legacy issues faced by the banks

• No authoritative data source Data Quality • Low traceability from source to monitoring Issues 1 • Poor governance framework

• Fragmented customer view

Siloed • Information is captured based on functional 2 Information requirements • Mismatch in level of due diligence and risk profile

• Time consuming due to disparate data sources Manual • Potential bias – reliant on investigator’s 3 Investigation knowledge & skills Process • Investigation process, justification and outcome not fully documented

• Potential coverage gaps Diagram 2 : The 4 main internal Rigidity of drivers that are the root causes to • Manual tuning of TMS is time consuming 4 Rules the common legacy issues faced by • Inflexible to regulatory changes banks Financial Crime Monitoring: Time for a Paradigm Shift | 5

Using AI and Data Science to Overcome Internal Challenges in Transaction Monitoring

1 | Data Quality Issues

Currents Issues Key Questions Essentials Emerging Technologies

No Authoritative Which system(s)/tool(s) • Agreement on data sources • Text Mining Data Source capture data at its source? • Mandatory field requirements • Optical Character Is the data complete and • Periodic validation checks Recognition (OCR) captured accurately? • Natural Language Processing (NLP)

Do you know every system • End-to-end data mapping • Automated Controls Low Traceability that the data flows through? from Source to • Up-to-date data lineage visualisation • Machine learning Monitoring How is data transformed from • Transformation of each data point • Rapid Visualisations start to end? • Controls for data integrity

Poor When you have a data • Master data management • Smart tools to Governance question, where do you look? methodology gather and classify Framework (Note: Not "who do you • All data treated in a standard documents and go to?'') manner requirements • Governance framework as the first reference

Diagram 3 : Internal Driver 1 – Data Quality Issues

In implementing a robust TMS, the for bank account opening. The goal of in an auditable format where the first step is to strengthen existing data using such technologies is to alleviate the corresponding code is created in line with foundations by improving the quality of issue of incomplete or inaccurate data the documentation and is not subject data. capture at its source. to interpretation. Automated validation Authoritative source systems, or systems Data is often fragmented between controls in place should check that the receiving data upstream, should be different systems - legacy, current and integrity of data is maintained. identified and agreed upon by business upcoming. Stakeholders are not always A master and reference data and technology stakeholders. Identified aware of how data transforms from the management procedure and protocol Critical Data Elements (CDEs) should be source, where it was received, and to should be in place for the reference of made mandatory based on regulation its final form, where it is consumed and any stakeholder. Any incoming raw and the bank’s purview of customer monitored by its final users, with regards data should be captured accurately, information through business process to transaction monitoring. The traceability transformed appropriately and updated automation and text analytics. Optical of data through each system from an as needed per policy and procedure. The Character Recognition (OCR) and Natural authoritative source to the monitoring governance framework must be the first Language Processing (NLP) can be system should ideally be visualised in the resource for all stakeholders regarding used to extract data, especially from form of a lineage that is easily updatable data. unstructured sources such as a driver’s as required. The transformation of licence or an employee reference letter each data point should be made clear Financial Crime Monitoring: Time for a Paradigm Shift | 6

2 | Siloed Information

Traditionally, banks use different TMS Entity resolution using data science 3. Normalisation: A process also in various business units, countries, and known as canonicalisation, A process of bringing together many products. Each TMS is a standalone standardises data that has more different pieces of data to create silo that is supported by different data than one representation into one singular view of data. This can architecture, data definitions, and “normal” / “standard” forms. E.g. be achieved through the following processing engines, hence the resulting imputation of missing attributes techniques: output is also analysed in isolation. by merging into a standard form Problems arise because the systems 1. Deduplication: A data compression that is the most likely candidate for do not speak to one another across the technique for eliminating duplicate downstream matching copies of repeating data through business units / countries / products. 4. Record referencing: An entity clustering of records / mentions that Hence, the bank is unable to fully disambiguation technique that correspond to the same entity understand the risk profile of a specific matches noisy records to clean, customer. As a result, the corresponding 2. Record linkage: A process of deduplicated ones in a normalised due diligence may not be appropriately matching records from one reference table aligned to the actual risk profile of deduplicated data source to another the customer. An entity resolution methodology can be applied to help solve this issue.

Traditional Data Siloes Entity Resolution Single View of Customer (E.g. Account Information)

Checking account Data Attributes

Deduplication

Other Internal Sources Record Linkage Credit card

Normalisation

Other External Mortgages Sources Record Referencing

Information Link Entity Resolution Process Other Sources Not Presented

Diagram 4 : Internal Driver 2 – Siloed Information Information barriers exist in traditional data siloes. This diagram shows that account information for the same customer exists in different systems – checking account, credit card, mortgages. However, a single view of a customer allows for available information related to the customer to be presented in one view through the entity resolution process.

Through entity resolution, a single view This provides banks with an aggregated A single view of the customer also enables of the customer can be achieved where view of the customer as an entity, in a holistic assessment of the customer’s all data points / information related to terms of the types of activities and overall profile, and allows the bank to the entity are grouped and connected to business they have with the bank, the apply an appropriate level of risk during provide an entity-specific context. transaction behaviour, related parties, etc. the investigations process. Financial Crime Monitoring: Time for a Paradigm Shift | 7

3 | Manual Investigation Process

Due to the limitation of a traditional TMS the time is spent on the manual collation investigation process. This exposes the and the lack of contextual background in of different sources of information and bank to the risk of non-compliance with connecting the transaction to a customer establishing the connections between AML requirements, with financial and profile and transaction history, a high the various sources to the transaction / reputational risks accordingly. number of low quality TMS alerts are customer. produced, and they often lead to less than 6 In the process of aggregating all the 5% of Suspicious Activity Reports (SARs) . research information, the investigator Where any human intervention and may not sufficiently capture his / her judgment is concerned, a high level investigation components and may not of inconsistency is introduced in how document the relevant evidence in the an investigation is carried out, how a case management tool within the TMS. conclusion is drawn, and how detailed More importantly, he / she may also a case is being documented before an miss out on a potentially suspicious alert is closed or escalated. Often, a lot of component of the transaction in the

6 | https://www.quantexa.com/wp-content/uploads/aml-reducing-false-positives-v1.pdf Financial Crime Monitoring: Time for a Paradigm Shift | 8

Traditional Transaction Monitoring Process

Extent of TMS Effort Extent of Manual Effort

Manual sourcing Establishing connection and aggregation and investigation of of information suspicious data points to High Volume Limited establish judgement of Low Quality Information Alerts presented in TMS

Transaction Monitoring Process through Contextual Monitoring

Extent of TMS Effort Extent of Manual Effort

Performing further investigation A pre-analysed view of the by exploring the customer and its relevant network to confirm connections that supports whether the alert is suspicious based Low Volume of High enhanced understanding for human based decision on pre-established Quality Alerts making connections supported with evidences

Sourced by TMS Information / Evidence Missing Information / Evidence

Sourced Manually Suspicious Information / Evidence High Quality Alert Low Quality Alert

Diagram 5 : Internal Driver 3 – Manual Investigation Process

Contextual monitoring using AI customer from entity level, network Using contextual monitoring, a TM An AI-based TMS creates a dynamic level, and other specific risks investigator is informed of the overall and holistic view of customers, their dynamically risk level of the customer and the transactions, and network. In effect, • Comprehensive coverage of potentially suspicious areas of its it replicates the laborious parts of the investigation scenarios regardless of network before a detailed investigation investigation process in an automated, customer risk level is performed. All the relevant sources and evidences yet fully transparent and understandable • Generation of high quality alerts and manner. that are connected to the customer reduction of false positive alerts are gathered using Robotic Process Key benefits of contextual monitoring: • Holistic view of a customer’s Automation (RPA) and highlighted in • Connections of relevant data sources overall risk profile upfront, and the the system, substantially decreasing that support dynamic evaluation and reduction of judgment bias (before a the manual effort required for sourcing assessment of the customer’s overall manual investigation is conducted) and evidencing of such information risk profile in the form of preliminary analysis in the traditional process. This would enable for the auditability of the case • Inclusion of internal data such as conducted by advanced network being investigated and further ensure historical transactions and external analytics and dynamic risk profiling that the investigators have a standard data such as information from • Transparency in the list of rules and sufficient level of information Bureau van Dijk (BvD) / scenarios triggered by the and documentation before making a transaction • Risk scoring model that evaluates the judgement. Financial Crime Monitoring: Time for a Paradigm Shift | 9

4 | Rigidity of Rules

Typically, TMS rules have several as part of their daily activities, but an overall effectivity of the rules engine in parameters that determine the individual earning USD 100,000 a year the TMS. generation of alerts. The rules are and remitting USD 1 million every other This tuning is typically conducted usually applied across multiple business quarter may raise suspicions. manually and generally takes units, although they may not always This mismatch between the rules approximately 6-12 months to complete be relevant to the specific business and specific business risks inevitably each year. To improve the effectiveness of risks. For example, a threshold limit of give rise to a large number of non- each rule, a risk scorecard can be utilised USD 1 million may be applied across all productive alerts. Further, these alerts where various factors - beyond just the business units, but realistically, might serve as the data population that inform usual 2-5 parameters per rule - can be be more applicable for a retail customer iterative tuning cycles. Alerts that end used to establish a more optimised alert transaction relative to a commercial up becoming SARs, and those that do generation process. business transaction. This is because a not, provide for a means of qualitative business in the Food and Beverage (F&B) and quantitative analysis that enables industry, for example, might transfer analysts to tune thresholds in place for USD 5 million to a shipping company each rule in an attempt to increase the Financial Crime Monitoring: Time for a Paradigm Shift | 10

Dynamic Rules Engine unit, transaction, and counterparty risk. Machine learning can be applied to Each rule should churn out a risk score continuously recalibrate each rule. This process would be like putting that, when combined with context- The thresholds and algorithms can be together Lego blocks (granular-level based algorithms, will give an overall continuously improved based on a variety rules) to form specific shapes as opposed risk score that is representative of of inputs including smart research, to constructing a jigsaw puzzle (an the potential level of suspicion of the historical alerts, and investigations out-of-the-box scenario). The former is transaction and entity. leading up to more recent periods (e.g. a versatile and adaptive while the latter is month). rigid and fixed. A combination of the rules and the addition of context should reduce the Rules that form a composite risk score number of false positives generated and cover risks including, but not limited to, potentially identify false negatives that geography, customer, product, business may be inconspicuous.

• •

• • • •

• • • • • •

Diagram 6 : Internal Driver 4 – Rigidity of Rules Financial Crime Monitoring: Time for a Paradigm Shift | 11

How Can Synechron Help?

With regulators strictly enforcing a more stringent financial crime regime, and given the cost and limitations driven by a bank’s internal environment, it is imperative that banks harness the power of new technology to get ahead of the curve. This entails transforming their TM operations from one that is manual in nature to one that incorporates AI and high automation.

An agile, adaptive and effective TM programme that is automated and intelligent

Automated updates to Increased accuracy of Text mining, OCR, NLP Iterative rules adjustment customer profile in-line results with automated capabilities using machine learning with relevant risk factors feedback incorporation

Automated transformation Entity resolution – single Network based contextual Risk scorecard and lineage updates customer view monitoring system

Defined authoritative data Automated view of a Set-up of data connections Score-based alert sources and documented suspicious entity and its between silos generation data lineage connections (RPA)

Awareness and Established data Set-up of automated Re-modelled rules at a documentation of data governance framework aggregation of information granular level silos

Manual tuning cycles and Poor governance Data inhibited by Manual sourcing and thresholds-based alert framework in place traditional data siloes aggregation of information generation

Data Quality Issues Siloed Information Manual Investigations Rigidity of Rules

Current Internal Drivers and their Potential for Enhancement

Diagram 7 : Addressing the root causes will enable FIs to move towards a more automated and intelligent environment Financial Crime Monitoring: Time for a Paradigm Shift | 12

Data quality issues, siloed information, manual investigations, and a rigidity of rules can be addressed over time by implementing processes and controls that take advantage of newer technologies.

Synechron can help in:

1. Setting up the groundwork by 3. Applying network-based analytics fixing the data and establishing to create a contextual monitoring governance standards system • Analysing and visualising • Through AI / robotics, the data flow and lineage automatically pull together using suitable tools as well disparate sources of data about as identifying and fixing data the client and create visual and deficiencies. advanced analytics (related to a • Ensuring quality documentation, client’s meaningful relationships) governance standards and that enables financial crime effective data controls are in investigators to make sound place. decisions and minimise heuristic biases. 2. Enabling a single client view through entity resolution and 4. Developing a risk scorecard systems integration approach that is tailored to specific risks and business units • Uniquely identifying a single customer and documenting • Using a fit for purpose tool to business requirements to enable the prioritisation of alerts implement customer data based on the outcomes of the management across separate risk scorecard. This will refocus business / geographical domains. the investigative process to the highest risk alerts while doing a quick review of low risk alerts.

These drivers will eventually lead up to higher quality alerts which will enable an automated and iterative rules adjustment process using machine learning algorithms. Over time, a phasing out of older processes is inevitable. It is essential that banks are ready to make this paradigm shift in order to remain competitive, relevant, and effective in combating financial crime. Synechron’s unique approach using the Power of 3 – Digital, Business Consulting and Technology – positions us to solve problems at their roots as they exist and arise. We enhance our digital footprint by exploiting trends and partnering with vendor solutions that are at the forefront of the technological landscape. The tools we identify are tailored for clients either for their tactical and strategic initiatives based on an analysis and assessment of their internal environment. With this, we affect changes in the bank’s architecture making it ready and adaptable for new challenges.

Synechron has 8000+ team members globally with offices and FinLabs across North America, Europe, the Middle East and Asia-Pacific. Within financial crime, we offer the following services: • Anti-Money Laundering / Countering Financing of Terrorism (AML/CFT) • Sanctions Management • Anti-bribery & Corruption (ABC) • Tax Crime Prevention and Detection • Transaction Monitoring • Regulatory Change Management • Data Analytics and Cybersecurity

Financial Crime Monitoring: Time for a Paradigm Shift | 14

Global Footprint

www.synechron.com | Email: [email protected]

Proprietary material “This material and information is the sole property of Synechron and is intended exclusively for general information purposes. Any rights not expressly granted here are reserved by Synechron. Please note that copying, modification, disclosure of data, distribution or transmission of this material without prior permission of Synechron is strictly prohibited.”