Using Technology to Improve the Quality of your AML Programfiles.acams.org/.../Using_Technology_to_Improve... · Using Technology to Improve the Quality of your AML Program Agenda

Using Technology to Improve the Quality of your AML Program

Moderator: Peter Wild, Wild AML Solutions LLC

Erick Christensen, Protiviti

Brian Ferro, BAE Systems

Kamil Kaluza, Quantaverse

Dan Soto, Ally Financial

1ACAMS Carolinas Chapter Annual Symposium July 17th, 2019

Using Technology to Improve the Quality of your AML Program

Agenda

1. Know Your Customer Management Erick Christensen

2. Alert Management Kamil Kaluza

3. Investigation Management Brian Ferro

4. Information Technology Management Dan Soto


Know Your Customer Management

Know Your Customer,

Customer Risk Rating

and Automation

Erick Christensen

Managing Director

Protiviti


KYC Process – Current Challenges

• Financial Institutions spend substantial resources to conduct KYC activities. Processes are manually intensive and inefficiently designed.


Roughly 80% of Investigator time spent on manual data collection and normalization.

Data gathering from multiple, disjointed data sources to pull customer data.

Error prone and untimely reporting of periodic review schedules due to manual tracking.

Time-consuming manual reviews of negative news results to verify sources and content.

Limited reporting capabilities to provide detailed, accurate metrics through dashboards.

AML Operating Model – Current State


Policies Proceduresand Standards

Governance Training

Second Line: Advisory, Compliance Testing, QA Third Line Controls

Artificial Intelligence

Robotics Process Automation

Compliance with Blockchain

Data Analytics and Visualization

Regulatory Reporting

Data Flow

RiskAssessment

CustomerOnboarding

Screening(Ref Data andTransaction Data) Transaction

Monitoring

PeriodicReviews

Reporting

KYC Process – Solution Benefits

• Replace cumbersome, manual activities with an intuitive, customizable platform that simplifies and automates KYC activities.


Orchestrate a tailored KYC Review platform for

your specific needs

Accelerate reviews through intelligent

automation

Eliminate manual data gathering and

consolidate data sources

Strengthen accuracy of reviews and focus on

investigations

AML Periodic Review Powered by Smart Orchestrating Platforms• A KYC Periodic Review (“PR”) Tool based on a smart orchestrating platform provides a solution to six

key pain points commonly found in financial institution’s review processes today.


Summary views of transaction activity over the review period are provided. Additional analysis can be incorporated to identify potentially suspicious activity or additional due diligence requirements.

Dynamic reporting is available to include tracking SLA compliance, identifying exceptions, assessing trending, and performing day-to-day monitoring of individual cases.

Reviews are easily and immediately escalated within and between departments. Review schedules and event trigger rulesets are systematically maintained.

AML Periodic Review powered by Smart Orchestrating

Platforms

Data Orchestration

Automated Searches

Holistic Transactional

Reviews

Streamlined RFI Process

Ease of Escalation &

Workflow Management

Real-time Reporting

Negative news, sanctions and internal blacklist searches are automated; results are displayed and dispositioned by the Analyst within the tool.

Sources dispersed customer information from various systems and displays for review in a centralized, interactive review platform.

RFIs are systematically generated and tracked and an Audit trail is maintained.

KYC and Robotic Process Automation (RPA)

• KYC provides a fertile environment for RPA implementation as tasks are generally heavily manual, rules-based and high in volume.


RPA provides an opportunity to automate KYC activities, including for CIP, CDD and

EDD.

Protiviti, in collaboration with RPA vendors, has

developed Next Generation AML bots to address the

complexity and cost traditionally associated with

KYC activities.

FIs are required to divert capital and labor to time-

consuming activities.

Increase in KYC regulatory requirements has led to a

complex yet heavily manual regulatory environment.

High Risk Customer Review – Multiple Bots• The following bots were developed for a mid-sized bank in order to make the high risk customer

reviews (periodic reviews) more efficient. Two Bots were subsequently customized and are now being used by the Bank’s AML Transaction Monitoring Alert Investigations team. The key tasks performed by the Bots are listed below.


Customer Information Drawdown Bot

TransactionalAnalysis Bot

Negative News Bot

• Logs on to the bank’s KYC database and transcribes relevant information (name, address, SSN, etc.) in a prescribed template

• Pulls in the information on the related parties on the account as well, recording it in a pre-existing Excel template

• Accesses the bank’s documentation warehouse and pulls down KYC documents related to the customer in question. The pdf copies of the KYC documents are then available for an Analyst to review

• Logs on to the Bank’s transactional database and downloads the account activity over the specified review period (12-18 months). Bot transcribes the transactions in an Excel file

• Transaction pulls are performed for all accounts of the customer

• Performs data standardization on the transaction data to ensure usability by the Analyst i.e. labels transactions consistently such as ACH In/Out, Wire In/Out etc.

• Summarizes and pivots transactions by transaction type and/or counterparties

• Accesses the bank’s transactional documentation web app and downloads the relevant pieces into a PDF for easy access by the Analyst.

• Pulls the names of the related parties and counterparties from the output of the CustomerInformation Drawdown Bot and the Transactional Analysis Bot and prepares a list of names for the Negative News Bot

• Logs on to Thomson-Reuters World Check One and performs zero-footprint (non-case manager) searches on parties, taking in names and TINs from the output of the Customer Information Drawdown bot

• Obtains potential matches and pdf the search results based on the pre determined thresholds

• Saves all pdf in designated folders

Lessons Learned from RPA Implementation• Lessons learned after the implementation of several RPA bots at a diverse group of clients


• Teams encounter challenges with scope management given limited business requirements available in advance of initiating projects.

• Having deep dive scoping sessions in advance of initiating POCs may help alleviate this pain point.

Proofs of Concept

• Security evaluations may create roadblocks and increase time to implementation.

• It is a best practice to hold off on bot development until there trial RPA licenses are obtained.

Security Infrastructure

• Establishing boundaries on early COEs and right sizing can be a challenge.

• As COEs are ongoing, deliverables and tools created for them should be living documents/tools that continue to improve.

Center of Excellence

• Deliverables and tools needed after an RPA program is up and running for multiple months differ from early deliverables.Governance

Data Governance – Next Generation KYC

• Improve data infrastructure and governance to strengthen accuracy and efficiency of KYC program.

11

Capture, integrate, process and sort data on a timely basis through common data repositories and a simplified data ownership structure.

Simplify manual, complex KYC data gathering and consolidation efforts through infrastructure redesign and automation.

Effectively maintain, understand and use data to obtain a holistic view of the customer and reduce time spent conducting manual due diligence.

Leading practices in Customer Risk Rating

12

Client RiskProduct /

Transaction Risk

Geography Risk

Other Risk factors

(incl. Auto High criteria)

Customer Risk Rating

The traditional CRR models are static.

Move to a Dynamic Risk Ranking By:- Looking at actual transactions and comparing with anticipated activity - Adjust risks based on thresholds set for customer who have higher dollar values and/or volumes for higher risk

products services (Internation wires to high risk jurisdictions, excessive cash transactions, structuring, etc.)- Periodic reviews on High Risk customers to be tee-ed up when a High risk customer alerts through the banks

transaction monitoring system. In other words, build a link between CRR/KYC and Transaction Monitoring and actively monitor results

- Move beyond just the three categories of risk (H, M, L) and think of further customer segmentation – (e.g. a customer with “High Wire Low Cash” activity should be in a different segment than a customer with “Low Wire, High Cash” activity) Leveraging new machine learning tools customer segments can be dynamic as well

Advanced Data Analytics With Link Analysis• Rely on advanced data analytics, including Link / Network Analysis to strengthen KYC program and

obtain a holistic understanding of customer.

13

Eliminate duplicative entries, standardize data and consolidate sources to simplify complex data gathering efforts.

Enrich traditional KYC information by leveraging all data that exists across the institution, including cell phone numbers, user names, Mac and IP addresses.

Identify ‘hidden relationships’ through link/network analysis to obtain a holistic view of the customer and establish an informed customer risk rating.

Alert Management

Alert Quality Needs An End to End Approach

Kamil Kaluza

Chief Revenue Officer

QuantaVerse


Alert Management

Alert Quality Needs An End to End Approach

Table of Contents

1. Data Quality

2. Natural Language Processing

3. Unsupervised Learning

4. Supervised Learning

5. Case Study - Data Quality

Case Study – Correspondent Banking

Case Study - Retail Banking


End to End Approach to Alert Quality


Pre-Detection Work

Better Detection

BetterInvestigations

▪ Visualization▪ Automated

narratives▪ Auditable▪ Validation

processes

Post-Investigative Work

▪Normalization, standardization, of existing data

▪Data enrichment and augmentation

▪ Consider all observables

▪ The whole is greater than the parts

▪ Automated “decision” engines

▪Network relationship analysis

▪ Transactional and non-transactional

▪ Identify non rules-based risk-bearing typologies

▪ Client and pseudo-client risk detection

Expand the quality and quantity of information

Find risks beyond rules’ capabilities

Draw and support a conclusion

Facilitate human understanding and final adjudication

1. Data Quality Drives Down False Positives


Internet, Open Source, and Private

External Data

Field Value Value Value

ID Number ABC 123 XYZ

NAME_INTERNAT HAL Holding N.V. Campina Melkunie B.V. Electricite De France

NAME_NATIVE HAL Holding N.V. Campina Melkunie B.V. Electricite De France

Street, no .,1 Venecolaan 17 22/30 Ave Wagram

Street, no.,1 (native) Refer To Parent

Street, no., 2 Register

Street, no., 2 (native) 5, Avenue des Citronniers Register

Street, no., 3

Street, no., 3 (native)

Street, no., 4

Street, no., 4 (native)

Postcode 98000 9880 75369

City Monte Carlo Aalter Paris

City (native)

Country Monaco Belgium France

Country ISO MA BE FR

QuantaVerse

This text represents QuantaVerse discovered data field

AI agents scrape the internet, i.e. business websites, then search 3rd party data

2. NLP Connects More Dots


Reading and Understanding Using NLP• Web parsing• Named-entity extraction• Sentiment analysis

Leads to interpretation of data and relationships in structured format

# Construct Value Relationship

1 Concept closing share price 3, 4

2 Location OSLO, Norway 1

3 Company Fast Search & Transfer ASA 1, 2

4 Date Jan 4 2008 1

5 Amount $1.2 Billion 3

3. In-Depth Behavioral Analysis


Suspicious Value Transfers Can Be Found Using NAICS Codes And Transactional Data

Originator Industry: Electronics Beneficiary Industry: Casino

4. Decision Engine Finds Risk, Avoids Noise


Economic Purpose:

Supplier Payment

Originator Industry:

Electronics

Beneficiary Industry:

Casino

Payment Value:

$20,000

Suspicious?Not SuspiciousSuspicious

21%

79%

Economic Purpose:

Supplier Payment

Originator Industry:

Cement

Beneficiary Industry:

Gravel

Adverse Media:

None

Payment Value:

$19,288

Suspicious?

▪ Financial crime investigators

train decision making

algorithms by presenting them

with red flags and

suspicious activity,

alongside with the decision

they would have made

▪ Once, trained, the neural

network acts like a static

model. Combinations of inputs

result in output with a natural,

measurable error rate

Not SuspiciousSuspicious

95%

5%

5. Automate Investigation


Pre-defined Templates

and Phrases

Observed Data

# Principal Relationship Acct

1 Mr. X Beneficiary 1234

2 Mrs. Y Beneficiary 5678 QuantaVerse

• The following report documents the activity of Mr.

X and Mrs. Y, account number 1234 and account number 5678.

• Between October 11, 2017 and October 26, 2017, Mr. X received 46 transactions totaling $1,046,131.

• Between October 13, 2017 and October 31, 2017,

Mrs. Y received 32 transactions totaling$484,449.66.

• The presence of Crypto risk and Jurisdiction risk red flags prompted further investigation by the platform.

# Etc

1 ABC

2 XYZ

# Red Flag

1 Jurisdiction

2 Crypto

External Data

Mr. X address is 123 Main Street United States

Investigator’s Report

Case Study – Data Quality


What We Found Why It’s Important

AI agents identified unique name / address / account combinations of Originators and Beneficiaries that should be a single entity.

• Poor entity resolution removes ability to know and track customers. Understanding of client, originator and beneficiary country codes is an fundamental risk mitigation data point.

• Not being able to identify that slightly different names or addresses are in reality the same entities means that it is easy to by-pass many KYC and AML controls.

225,010Total

Entities

169,014Unique Entities

of originator and beneficiary country codes identified by AI agents

85%

204,035Total

16,525 Total

Banks

11,472Unique Bank Entities

AI agents identified unique name / address combinations of bank clients that should be a single entity.

16,525Total

81% of bank country codes identified by AI agents

BEF

OR

E

AFT

ER

BEF

OR

E

AFT

ER

Case Study – Correspondent Banking


displayed sets of questionable transactions and end-clients, including some with connections to Mossack Fonseca, 6 months before Panama Papers

All 13 correspondent banking customers 5 correspondent banking customersshowed significant transaction risk factors.

The system identified

1,834 pseudo-clients

Of those 5,

34 pseudo-clientsdisplayed significant transaction risk factors.who had participated in transaction(s)

indicative of a money laundering technique.

▪ Bank customers were found to be transacting with risky jurisdictions including known war zones like Syria

▪ Transactions from the Tri-Border area of South America to the EU appeared to be linked to Hezbollah financing

▪ Significant numbers of bank customers transacted with cryptocurrency exchanges. While some were registered exchanges, these transactions often demonstrated money laundering attributes that represent significant transactional risk to the bank.

▪ Broad instances of risky transaction typologies such as structuring, round dollar transfers, keyword risk, one to many, and invoice anomalies such as multiple invoicing

▪ PEPs (politically exposed persons) were large sum, round dollar beneficiaries of bank customers from transactions with no detail or derivable economic purpose

▪ Within the supplied transactions, the bank’s TMS was alerted only 31 times.

▪ Through QuantaVerse’s automated investigation process, it was found that the TMS alerts were all of insignificant risk, while the CCO Checkup uncovered more than 800 risky entities that previously went undiscovered by the bank.

Case Study – Data Quality

Investigation Management

Technology Strategies for Investigations

Creating an efficient process

Brian Ferro

Global Head of AML/BSA Compliance Product Management

BAE Systems


Why this is Important?˃ Understand the risks

Improved Consistency

Reduction in Human Errors

Audit Trail

Facilitate Risk-based Activities and Decisioning

Traditional Investigation Cycle

Alert Review

• Who?

• Why?

Exposure

• Related Entities

• Accounts

• Transactions

Research

• Negative News

• Corporate Structures

• RFI

Disposition

• Suspicious

• Not Suspicious


New Technologies˃ What do all these mean?

Big Data Technology

Machine Learning and Artificial Intelligence

RPA / IPA

Visual Tools

Network Link Analysis

Enhanced Investigations

Enrichment

• Consolidate Alerts

• Resolution

Scoring

• Prioritize

• Hibernate

Visual Tools

• Interactive Graphs/Charts

• Analyze Data

Data Integration

• Enhance core data

• Lower overhead

Link Analysis

• Follow the money

• Suspicious patterns


Combine open source technologies, analytics and automation with the power of human intelligence to create focused investigations with a more refined outcome

Enrichment


Collect alerts from different detection engines, parse and verify data fields in order to identify gaps. Add missing information and consolidate at entity level

✓ Core banking✓ External data providers and ✓ Display in single system for

customer centric investigations

✓ Reduce alert volumes by 20%

Scoring


• Customer centric investigations

• Score Customers automatically based on detected levels of suspicion

• Prioritization and hibernation are key additions at alert level

Visual Tools


Pain points:

• Thousands of alerts per month across both AML and WLM

• Investigators can spend up to 10 minutes per alert

• For better results, FIs need more investigators but these are hard and costly to find

Data Integration


Reduce effort and triage times

Single Customer Investigation with cross domain / data integration✓ Anti-Money Laundering✓ Name Screen✓ Know Your Customer

Example✓ UBO data integration into

customer risk scoring and name screening

✓ Risk score entire complex UBO structures

On avg. Investigators spend 70% of their time gathering data

Link Analysis


Identify and investigate

suspicious patterns and extended

linkages within data which are not obvious when

reviewing raw data

Information Technology Management

Dan Soto

Chief Compliance Officer

Ally Financial Inc.



BEF

OR

E

AFT

ERBudget

• Project timeline• What is sustain vs what is project• Staffing at the IT vs Compliance

level


When and how to

integrate with other

AML technologies

• Requirements for integration• Considerations outside

Compliance• Physical vs virtual integration• Staffing evaluations

BEF

OR

E

AFT

ER


Sunsetting

• Setting expectation up front• Minding the store• Pulling the plug

BEF

OR

E

AFT

ER


Developing

strategies for next

generation of

improvements

• First mover vs fast follower• Revenue generator vs cost

center• What does this mean for

organization structure?• Change approach

BEF

OR

E

AFT

ER

Take Aways

• Socialize your budget early and often!

• Decide at the beginning if you wish to be a first mover vs a fast follower

• Don’t forget that politics plays a big role in developing your technology strategy


Documents

Using Technology to Improve the Quality of your AML Programfiles.acams.org/.../Using_Technology_to_Improve... · Using Technology to Improve the Quality of your AML Program Agenda