SAS AML Next Generation Apr2022
SAS AML Next Generation Apr2022
SAS AML Next Generation Apr2022
Contents
The drive to advance the state of AML............................................................. 1
The state of next-gen AML around the globe................................................ 2
Asia Pacific: In discovery, with growing interest but few guidelines...................2
Europe: Gaining ground but still grappling with basics.......................................3
US: Driven to maturity sooner in a stricter regulatory environment...................3
Ten keys to success with next-generation AML.............................................. 4
1. Innovate, but with caution........................................................................................4
2. Establish rigorous model governance..................................................................4
3. Securely share data across borders.......................................................................4
4. Consider a hybrid approach...................................................................................5
5. Take a hard look at the data foundation...............................................................5
6. Take a granular approach to thresholding...........................................................5
7. Focus on what matters, defer what might matter later......................................6
8. Use machine learning to detect rare events........................................................6
9. Embed best practices into reusable packages...................................................7
10. Converge or at least integrate financial crimes systems and processes.....7
Advanced AML in action: Use cases around the world................................ 8
Intelligent automation..................................................................................................8
Rare event detection.....................................................................................................8
AI-powered detection..................................................................................................8
Natural language processing......................................................................................9
Closing thoughts................................................................................................... 9
Featuring:
Wallace Chow, AML Practice Lead, FCC Analytics
Amith Satheesh, Principal Solutions Architect and Global Lead, AML Analytics, Security Intelligence Practice, SAS
Beth Herron, Senior Solutions Architect and Americas AML Lead, Security Intelligence Practice, SAS
David Stewart, Director, Security Intelligence Practice for Financial Services, SAS
1
Money laundering disguises the sources and destinations of these funds and fuels
some dire downstream effects, such as compromised financial systems and the means
to keep terrorists and crime rings in business.
Anti-money laundering (AML) has been a hot topic − and an intensifying regulatory
pain point − for financial institutions for decades. For example:
• The USA PATRIOT Act, swiftly enacted after 9/11, expanded requirements for
detecting and reporting activities that could signal money laundering or terrorist
financing.
• The New York State Department of Financial Services regulation 504, “The Final
Rule,” effective in 2017, added more granular and stringent control expectations
for anyone operating under New York Banking Law, from multinational banks to
local check cashing outfits.
• The Fifth EU Anti-Money Laundering Directive (5AMLD), which takes effect in
January 2020, expands the scope of covered entities, introduces stricter due
diligence and disclosure requirements, and puts the onus on European enterprises
to align with US regulations.
• Transaction monitoring systems that flag transaction patterns that could indicate
suspicious activities.
• Currency transaction reporting systems to report large cash transactions ($10,000
and more in the US).
• Customer due diligence/know your customer systems to get clarity into customer
relationships and risks.
• Watchlist screening to identify suspicious or sanctioned individuals and
organizations.
Now there’s a lot of talk about advancing the anti-money laundering arsenal to the next
level, sometimes referred to as next-generation AML, AML 2.0 or AML 3.0. Whatever
you call the next wave of AML technology, it’s about solutions that draw on such
advances as robotics, semantic analysis and artificial intelligence (AI).
It’s about making AML processes more efficient and effective. And it’s about
augmenting the traditional rules-based approaches to drive down the rate of
false positives and more accurately detect activity worth investigating.
Semantic Artificial
Rules Analytics Robotics
Analysis Intelligence
Source: Celent
“Much of the work in the last 18 months has been to apply artificial intelligence to some
low-hanging fruit, such as using robotic process automation to investigate and prepare
cases more quickly,” says David Stewart, Director of the Security Intelligence Practice
for Financial Services at SAS. “As of 2018, we’re starting to see adoption of machine
learning not just for process automation, scoring and hibernation, but to supplement
or even replace traditional Boolean logic for detection of potentially suspicious activity.”
But overall, the efforts in Europe have been mostly reactive. Much of the work still
revolves around the challenges of getting the basics right, and that puts Europe about
10 years behind the US, Satheesh says. “Many banks are in catch-up mode. They’re still
focusing on foundational areas such as segmentation, single view of the customer,
moving from account-based monitoring to customer-based monitoring, threshold
setting, building better-performing scenarios, reducing false positives and addressing
data quality.
“That’s where more of the focus is right now, rather than on implementing predictive
models to build better detection scenarios. Progress is being made. There are discus-
sions and active proof-of-concept efforts to achieve those results, and people are open
to hearing about new AI and machine learning modes.”
“Folks are paying a lot of attention to detection mechanisms and questioning whether
their rules and scenarios are really capturing all the risk at their institutions,” says
Herron. “So we’re seeing a lot of experimentation in sandboxes or analytic environ-
ments, a lot of proof-of-concept projects, and it’s encouraging that we’re seeing a lot
of those projects moving past the experimentation stage and into production, with
great results.”
“So, while we have this tone of encouraging innovation to drive our processes forward,”
said Herron, “the word ‘responsibly’ sends a clear message that they expect this to take
place in a sandbox or run in parallel for some time, to truly make sure we’re getting the
results that we would expect, and these new techniques are stable and explainable.”
The statement says these exploratory efforts “should not subject banks to supervisory
criticism even if the pilot programs ultimately prove unsuccessful.” Banks would
probably prefer more definitive language than ‘should not,’ especially since AI-powered
methods will probably find more suspicious activity and potentially make existing
systems appear deficient.
“I don’t see a big emphasis on that third line,” says Satheesh. “Europe could benefit
from more rigor in this area. It’s highly reactive at the moment. Only when a bank is
in trouble and in the news are questions raised about model risk governance.”
“What has come out of some of those sessions is consensus that before we can adopt
machine learning in a meaningful way, we need to have a way to securely share data
across borders in a GDPR world,” says Stewart. “We need technologies like homomor-
phic encryption, which would allow us to transfer information across borders.”
(Homomorphic encryption − still largely a theoretical capability − is a form of encryp-
tion that allows computations to be performed on data without decrypting it.)
5
But nobody is ready to abandon their rules-based systems and fully replace them
with analytical models and robotics. “We’re seeing a hybrid approach,” says Herron.
Use rules where they do the job, models where rules would fall short. “There are some
areas where patterns are so well defined that there’s no need for a model, or there’s
the expectation that this is a covered area, and maybe the target areas or the outcomes
are so rare that it’s difficult to fully automate.”
Analytical models shine in situations that call for discerning complex patterns from
well-defined behaviors. For instance, alert scoring and hibernation models can
clarify the risk associated with a package of alerts, rather than just looking at a single
transaction.
“This is a way to get more value out of a traditional transaction monitoring system,”
says Herron. “Maybe one wire transaction doesn’t necessarily look risky, but when you
see it combined with additional activity, that is going to raise suspicion. So we’re seeing
a move away from looking at individual activities and more toward a behavioral profile
or multiple activities that can really drive a successful case.”
Many financial institutions haven’t evolved much from a data perspective in the last 10
years, says Satheesh, at least from his vantage point in Europe. “Many banks still do not
have a single view of the customer, for instance. Scenarios are continuing to generate
alerts at the account level, and all of them are being worked by different analysts,
without a full view of the customer from a risk perspective.”
But big banks have it mastered, right? “Larger banks, especially if they’ve grown
through mergers and acquisitions, have more silo systems and databases feeding into
a compliance data hub, and not all of them are connected,” says Satheesh. “I see a lot
of data quality issues, not being able to draw the line between those source systems
all the way to the destination. It’s a big challenge.”
Getting more granular works. For example, for one SAS customer using this approach,
segmentation refined by machine learning improved productivity rates from 2.8% to
6.8% while decreasing false positives and overall alert volume. After tuning the thresh-
olds for each segment, the productivity rate − the percentage of alerts that resulted in
cases worth investigating − jumped to 10.4%.
7. Focus on what matters, defer what might matter later Don’t chase what may
Why expect investigators to look into every alert that pops up? Some will represent only
scant risk. Couldn’t you safely put it on hold until it rates a higher risk score? Yes. Auto-
turn out to be false
referral or hibernation functions tap into a broad range of relevant information to either positives. Low-risk alerts
expedite or hold off on escalating an alert for review.
can be put in hiberna-
“Once the alert has been generated, an AI engine helps calculate the risk score to see tion mode while the
if the alert is actually good for investigation,” said Chow. Those with a very low score −
system gathers more
as determined from multiple risk variables and categories − could be put in hibernation
until the score warrants a closer look. “This saves quite a lot of human effort and ensures information related to
that investigators get good alerts to be investigated, those with a high likelihood of the case and triggers
converting to SARs.”
an alert when additional
8. Use machine learning to detect rare events relevant information
Through unsupervised learning, a model can analyze a large amount of data and is found.
identify hidden patterns and find things that are out of the norm. “In this case, you didn’t
necessarily know if people are good or bad; you’re just looking for those who represent
‘edge cases,’ people who are behaving out of norm, relative to their peers,” says
Stewart.
In one case, SAS® used supervised learning to find a handful of illicit players hidden in
1.7 billion transactions, says Herron. “It would be incredibly difficult to apply rules and
knowledge to this task. In this context, we really needed to use some advanced
methods.
“As our target variable, we used the behaviors of a specific population of customers we
knew to be registered with FinCEN. The model then looked for those behaviors in the
rest of the population to spot those who were not registered as the type of entity we
were seeking but behaving like they are.” Rather than a handful of illicit players, the
model found dozens.
“When we think about forensic teams looking for that proverbial needle in the haystack,
these techniques can be very, very powerful for churning through large volumes of data
to find that piece of risk that’s difficult to find using traditional methods,” says Herron.
7
This capability automates the creation, publishing and retraining of machine learning
models. It offers data scientists and compliance analysts pre-selected variables and
recommends best-fit models based on sampling of rare events. In short, it enables
more meaningful data analysis with less effort from data scientists − and helps speed
the detection of suspicious activities.
“Right now we are
experimenting, doing
10. Converge or at least integrate financial crimes systems proof-of-concepts and
and processes
on-the-side implemen-
Financial institutions today have various risk functions − fraud, public security, cyber-
security, credit risk, AML − typically with disparate systems, people and processes. tations. But in the
future state I do see
“I foresee the convergence or integration of all these different financial crimes
functions, with a more comprehensive and fully resolved workflow across them,” says
this as more of a plug-
Satheesh. “Instead of looking at a customer in an AML lens or a fraud lens, the future and-play kind of
will be looking at customers holistically through all these lenses in one central place.”
feature with a solid
Data orchestration, analytics development, decisions, case management, reporting analytics foundation.”
and governance will take place in a unified environment that supports bidirectional
Amith Satheesh,
communication and synergies among functions.
AML Analytics Lead
“When that happens, we’re going to see all of these risk functions be more powerful, Security Intelligence Practice
more efficient and more cost-effective,” says Satheesh. SAS
SAS developed an alert scoring and hibernation approach for predicting which cases
would lead to productive investigations. The scoring algorithm was based on transac-
tion risk, entity risk, network risk, scenario risk and customer risk. Applying ensemble
methods using gradient boosting and deep neural networks, the model fully auto-
mated the alert review process and reduced false positives by 33% − for significant
savings in costs and investigators’ time.
The bank engaged SAS to mine a large data set and find something they didn’t know.
Specifically, they wanted to ask, were there high-risk customers in their customer base
that weren’t properly classified?
“We applied some of our newer algorithms – a random forest model with 200 trees,”
said Stewart. “The model split out what we deemed to be customers who were
behaving as money service businesses but who were not declared as such during the
onboarding process, nor were they legally registered as money services businesses.
AI-powered detection
A Tier 2 regional US bank wanted to modernize its incumbent rules-based AML transac-
tion monitoring system. Its library of 200 transaction monitoring scenarios was difficult
to manage. The bank needed to reduce the volume of low-value events, address gaps
in coverage and improve SAR conversion rates.
The bank deployed a SAS neural network model into production to replace 10 cash
activity scenarios from their transaction monitoring system. The data scientists noted
that the model uses 75 to 80 variables to detect potentially suspicious cash activity,
whereas their previous rules-based scenarios used only six to 12 variables.
9
“They have tripled their SAR conversion rates and cut their monthly work items by
50%,” said Stewart. “Their plan is to roll off 200 other current rules-based scenarios into
maybe 25 or 40 analytics-based scenarios for certain types of high-risk typologies, and
over the next 18 months move everything else to machine-learning strategies.” If you’re making decisions
on only on the structured
Natural language processing data fields in your
A Tier 1 global bank wanted to improve the customer experience for trade finance
business by accelerating due diligence reviews and improving accuracy. As it was,
systems, then you’re
staff couldn’t keep pace with service level agreements for trade document review. making decisions with
It was time-consuming to ensure packages passed compliance review. Automation
would reduce the burden on employees and reduce costs.
less than 20 percent of
the available data. To
The bank deployed deep learning algorithms to classify the types of documents under
review. It applied contextual analysis to specific classes of documents, such as identi-
reach the needed level
fying under- or over-invoicing. In this case, automation driven by machine learning of accuracy, it’s critical
reduced the effort from two weeks of staff time to less than a minute.
to bring in unstructured
data from sources such as
Closing thoughts previous SARs, comments
Next-generation AML is coming to the forefront as the financial services industry goes in customer service
through massive digital transformation and as regulators keep upping their definition
of “reasonable” control and governance. Robotics, semantic analysis and artificial records and recordings
intelligence − particularly machine learning − will be central to this evolution. of phone calls.
Instead of simply reacting to past information, machine learning delivers a forward-
looking advantage. You can distill new data elements not previously known or available
for AML models. Let the computer uncover patterns the human eye would never see.
Validate those insights and feed the results back into modeling efforts. The more
training a model gets with feedback data, the smarter it becomes and the less tuning
it requires. By applying advanced
Not ready to give up your trusted rules? Adopting machine learning doesn’t mean analytics and powerful
you have to abandon established ways of working. The right route for an organization’s machine learning
AML modeling might be a complementary approach, a hybrid of rules and predictive
models. on a unified platform,
financial services firms
The use cases described in this paper are things SAS has been doing for years with very
progressive clients. What has changed is that the barrier of entry has been reduced for
can gain a holistic view
smaller institutions. SAS is packaging proven machine learning techniques for AML of risk, uncover more
tasks to automate repetitive, manual processes, more accurately detect potentially
suspicious activity, and put these capabilities in the hands of more financial services
financial crime patterns,
organizations. reduce false positives
Learn more at sas.com/aml-ctf.
and run more efficient
investigations.
10
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries.
® indicates USA registration. Other brand and product names are trademarks of their respective companies. Copyright © 2019, SAS Institute Inc.
All rights reserved. 110644_G104442.0619