Many companies are coming to the realization that their custom-built in-house AML (anti-money laundering) solutions are no longer cutting it. Between a laundry list of needed improvements and a quickly-aging tech stack, a large portion of established financial companies are turning to external AML platforms to help save the day.
Which explains the massive interest in machine-learning for AML. If you’re going external for your AML platform, go for the latest tech, right?
If only it were so easy.
At Salv, we’ve not only gone through the ups and downs of building financial crime detection in-house at previous companies, but many of us have been experimenting with machine learning (ML) almost since its inception. And, well, to use it with AML comes with some huge risks.
How do you know if ML is right for your company’s AML? You ask yourself some pretty tough questions to help you get a better understanding of how, if, and when to use machine learning for your AML.
So that’s what this post is — those tough questions you’ll wanna ask before you get yourself entangled in what might quickly become a disaster.
A quick note on rules-based monitoring
We’re writing this assuming you know what rules-based monitoring is. But if rules-based monitoring has you scratching your head in confusion — or you want to know more why we think it’s so useful, even in this day and age — then read our full article on Machine Learning and AML. Because, to us, there’s a huge difference between an old-school rules-based monitoring approach and what you can, and should, do today.
Question 1: Do you have enough data for this approach?
- Machine Learning: It depends. If you have at least 500K+ customers, probably yes. Less than 500K customers? Then no.
- Rule-based approach: Yes, for sure. Rules work from the very first customer.
Question 2: Is your data high enough quality for this approach?
- Machine Learning: It depends. Data quality standards are extremely high. So if you’ve built up a solid rule-based system, layered on mature processes in addition to having a deep understanding of your customer base, market, and product — then ML can work. All of this data then has to go into a ‘feature extraction’ engine to ensure models can use it. You’ll typically need to extract 100-200 features to start with.
- Rule-based approach: Likely yes. Rules aren’t fussy. Rules will work even if you just have a list of customers, transactions and 10 fields in each table.
Question 3: Can you manage new products or markets from their launch with this approach? For instance, you start to offer an SMB product, when you’re a consumer-only company.
- Machine Learning: No. There isn’t sufficient data, and there won’t be for years.
- Rule-based approach: Yes. Rules work from the first transaction.
Question 4: Do you have the team needed to set up and monitor the system for this approach?
- Machine Learning: It depends. Can you attract someone among the top 5% of data scientists to come work for you, in your office, on AML in your team? If your vendor is supplying the data scientist capability, can you evaluate whether they’re in top 5%? Can you teach them the specifics of your business so they can build great AML models?
- Rule-based approach: Likely, yes. Rules are human readable. AML specialists combined with someone a bit more technical— an analyst, not data scientist— can implement, oversee, and rapidly improve the rule set. It depends on the system, but with Salv, you can manage this completely within your own team without needing support even from your internal IT team, let alone a vendor’s.
Question 5: Can you explain to your regulator or partner institution what your risk policies are with this approach?
- Machine Learning: It’s difficult. The “policies” are essentially model weights. These are barely comprehensible to data scientists, and nearly impossible for you to convey to regulators. But if you have the time and relationships to explain, it could work.
- Rule-based approach: Quite easy. It maps directly to risk policy documents. Assuming the proper audit controls are in place, the precise code implementation can be exported to a spreadsheet.
Question 6: If an AML specialist tells you a certain pattern is likely to result in a SAR, how easily can you stop it automatically with this approach?
- Machine Learning: It’s difficult. This requires feature extraction, modelling, testing, etc.
- Rule-based approach: It’s easy. As long as the rule-builder is powerful enough. Just modify a threshold or add a new rule configuration.
Question 7: Can you explain what your risk policies were on a specific date 1 year ago, and how those policies have changed vs today with this approach?
- Machine Learning: Difficult. See the previous answer. And, in addition, the underlying model data likely isn’t archived and can’t be reset to some arbitrary historical point.
- Rule-based approach: Easy. If the system logs all risk policy changes.
Question 8: Can you check for specific scenarios that your regulator or correspondent bank is expecting with this approach?
- Machine Learning: Difficult. You’ll need to hack the ML models in a way that you feed in artificial training data that would come from your partner’s expected “alert-worthy” scenarios.
- Rule-based approach: Moderate. You can type in the exact rule they expect you to run. But most likely those generic “expected” rules will create a ton of false positive alerts that you’ll need to handle manually — IF you don’t have an automated alert resolver in place.
Our mini caution on machine learning for AML
We wish it weren’t the case, but we’ve seen far too many times that, if machine learning isn’t used carefully by extremely talented AML Data Scientists, then significant risks can be introduced that you’ll discover far too late. If you do manage to get a ML/AI system set up, it will appear to work flawlessly. Until it doesn’t.
But don’t just take our word for it. From Reuters’ article “Anti-money laundering controls failing to detect terrorists, cartels, and sanctioned states”(1) you can read:
It’s also important to note, however, that the same cautions for machine learning in AML don’t necessarily apply in Fraud. For Fraud, honestly, it’s much much safer to use ML than it is in AML.
For most, there’s something better than machine learning
For most companies out there that don’t fit the bill for “perfect machine learning and AI AML environment,” the better alternative is rules-based monitoring. Why? Because, ultimately, it gives most the control our businesses desperately need.
It might feel nerdier and clunkier, or even outdated — but it works. And, if you have rules-based monitoring that’s designed for today’s fast changing environment, like Salv has built, then that’s actually worlds better than rules-based monitoring built 40, 30, or even 10 years ago.
Plus, you’ll have the visibility your business is going to want to have. Because, today, it’s more important than ever that MLROs are certain they understand what their systems are doing. In the current climate, if companies even get it a little wrong, regulators are far less lenient.
If you’re ready to have a heated debate or read more on the topic, read our short article 6 things you didn’t know about machine learning for AML or dive in deeper to the topic and read our full post on why we think AML isn’t ready for machine learning yet.
We’d love to hear from you if you need help or you want to get into a healthy discussion, so get in touch with us here at Salv. Because we’re definitely not against experimenting with new technology. In fact, there’s another piece of tech we’re working on that may help change the industry. But you’ll have to read one of the other articles to find out more.