This is the second blog in our series on Transaction Monitoring (TM) in the context of Anti-Money-Laundering (AML). In our first blog, we introduced the topic and described common challenges. In this blog, we discuss elements affecting the efficiency of AML TM and best practices.

Most banks and some insurance companies rely for Transaction Monitoring on a vendor system based on deterministic rules. However, each financial institution has a distinct customer base with different behaviours and risk profiles. It is therefore essential to calibrate the AML transaction monitoring system specifically to the institution's customer base. This means ensuring that the system is sensitive to the nuances of customer activities, geographic footprint and products offered of the specific institution.

Start with risk assessment
The calibration process should begin with a comprehensive risk assessment. This involves identifying the types of risks the institution is exposed to, and considering factors such as the geographical locations of customers, the types of products and services offered, and the transaction patterns typically observed. A thorough risk assessment provides a solid foundation for the subsequent steps in the calibration process.

Client segmentation
Effective client segmentation is crucial for tailoring the monitoring system. Client segmentation can be approached in two ways: business-driven (top-down) and data-driven (bottom-up).

Business-driven (top-down): This approach involves segmenting clients based on business insights and strategic objectives. Typical segmentation approaches might differentiate individuals versus legal entities, in a first step. This is then further refined, e.g., by separating financial institutions (Fis), large corporates and medium sized enterprises or other categories based on the nature of the clients' activities.

Data-driven (bottom-up): This approach uses data analytics to identify segments based on transaction patterns and behaviours. It is particularly useful for identifying segments with specific behaviours, such as sole traders, commodity traders and wealth managers, even if they comprise only a small number of clients.

With both approaches, it is essential to go over metrics and tests to ensure the segments are well-defined. For example, metrics might include transaction volume, and the frequency and types of transactions. These, together with the qualities defining the segments, should be used to analyse homogeneity and overlap between segments, to understand if segments are sufficiently granular without being duplicative.
 
In addition, a segment analysis should consider the stability of the association of clients with segments. Frequently occurring switches between segments would indicate a lack of clear distinction between the segments in question.

Scenario selection based on risk assessment
Selecting the right scenarios for monitoring should be based on the risk assessment. It is important to consider whether one or more scenarios can cover the identified risks or whether additional controls are required. Scenarios should be evaluated for overlapping scope to ensure they do not flag the same transactions, which can lead to redundancies and inefficiencies.

At the same time, the selection of a vendor for a particular TM system should consider the flexibility of the solution for customising rules and scenarios.

Calibration of scenario parameters
Each scenario will come with certain parameters affecting its behaviour, typically including at least a minimum amount threshold above which an alert is generated by the monitoring rule. How these parameters are chosen will have a big influence on the number and quality of alerts generated by the TM system. Data driven calibration is therefore an important step in the setup process.

To achieve accurate and effective calibration, real data should be used that is representative of the FI’s client base and products. Ideally, this data should cover a period of 18 months or more. By leveraging such an extensive dataset, institutions can capture a full range of transactional behaviours and patterns, providing a solid foundation for simulation and analysis.

It is best practice, to create a simulation environment with historical data on clients and transactions for the calibration, separate from the live monitoring environment. This environment allows institutions to simulate results at a minimal level and generate hypothetical alerts which can be subject to statistical analysis.

Statistical sampling is a regulatory approved approach to set thresholds, based upon defined parameters and standardised interpretation of client behaviour. By meticulously analysing the dataset, institutions can determine suitable thresholds that strike a balance between sensitivity and specificity. It is essential to consider the granularity required, based on sound data-driven approaches, to arrive at initial values for the scenario parameters.

After arriving at initial values for the relevant parameters, Above The Line (ATL) and Below The Line (BTL) testing are the next components of the calibration process.

BTL involves examining transactions that would not be flagged by the AML monitoring system under the given thresholds. By examining a sample of alerts that would be just ’below the line’, it can be determined for a given threshold if more alerts than acceptable under an organisation’s risk acceptance would be missed. If this is the case, a reduction of the threshold values needs to be considered.

ATL involves reviewing and analysing transactions that would have been flagged by the AML monitoring system as suspicious, as they are ’above’ the line when applying the tested parameters. The aim is to ensure that the system is identifying potentially suspicious activities. ATL will identify true and false positives. If the number of true positives in ATL is below the risk acceptance level, consideration might be given to increasing the thresholds for triggering an alert.

This testing is typically performed based on a sample of the alerts above and below the line, the size of which should be determined by the available alerts and the desired confidence level.

After approval of the scenario parameters, the newly adjusted thresholds can be implemented in the live transaction monitoring system. Output of the different detection scenarios should be monitored continually, in particular after changes to thresholds or an implementation of completely new scenarios. The monitoring should consider both the direct output in terms of alerts per segment/jurisdiction as well as the results of the human review to detect any global shifts which might indicate issues in either data streams, the alert review process, or changes in client behaviour. Additionally, thresholds should be periodically re-assessed and adjusted as needed to ensure optimal performance. In our experience, a data-driven calibration of an AML TM system leads typically to a reduction in alert volumes by 30%.

In the next blogs in our series on AML Transaction Monitoring we will look at tailored analytics for complex cases and the role of artificial intelligence in the fight against money laundering.

Key contact

Madan Sathe, Partner, Forensic & Financial Crime

Madan is a Partner in the Risk, Regulatory & Forensic Practice at Deloitte Switzerland. He has over 12 years of experience in investigation and financial crime including extensive data analytics and technology experience. He started his career at a Big 4 in Switzerland with a major focus on financial services clients (banking, insurance clients) and the life science industry. During his career he built and lead a forensic data analytics practice and advised major financial services clients in the area of financial crime compliance and investigation around the topics of data, artificial intelligence and technology.

Email | LinkedIn 

Karl Ruloff, Director, Forensic & Financial Crime

Karl Ruloff is a Director in the Deloitte’s Swiss Risk, Regulatory & Forensic Practice. He supports his clients in protecting themselves and their clients from financial crime and staying compliant with regulatory expectations. Karl has more than 20 years of experience in the professional and financial services industries in risk, compliance and technology roles. Karl’s focus is on the use of data, technology and artificial intelligence for financial crime compliance and risk management. He has an academic background in engineering and economics.

Email | LinkedIn 

Oliver Story, Senior Manager, Forensic & Financial Crime

Oliver Story is a Senior Manager in Deloitte's Swiss Risk, Regulatory & Forensic Practice. He has specialised in Financial Crime for over 12 years either as a consultant or working in industry. Oliver’s focus has been on ensuring robust compliance that protects the business and far exceeds industry average performance by connecting siloed processes – all while reducing the cost of compliance. Oliver has a rare and exceptional blend of FCC, Technology and Data expertise. He leverages these strengths to identify weaknesses in existing process, economic improvements, and value that can created or cost savings for clients in both forensic assignments and advisory work.

Email | LinkedIn 

Konrad Schwenke, Senior Manager, Forensic & Financial Crime

Konrad Schwenke is a Senior Manager in the Risk, Regulatory & Forensic Practice of Deloitte. He supports his clients with questions at the interface of electronic data & compliance. He advised clients on the prevention of fraud and financial crime and supported his clients during and after incidents, covering investigation and remediation actions with a focus on data-related aspects. He studied physics and holds a doctorate degree from ETH Zurich.

Email | LinkedIn