It’s easy to assume, with incredible new technologies and data modelling like machine learning (ML) and artificial intelligence (AI), that everyone should be using them for anti-money laundering (AML) these days.
Allow us to disagree.
At Salv, many of us are data nerds and have built the very compliance systems of companies like Skype and Wise (formerly TransferWise), so we know what we’re doing. We’ve been using machine learning for years, even in AML. Unfortunately, along the way we’ve discovered, in our many talks with those in compliance, that there are far more blindspots than we’re comfortable with.
So we hope this article will help clear up a few things you may not know when it comes to using machine learning and AI for AML.
1. Machine learning amplifies both the good and bad
Machine learning amplifies whatever is good in your business. And it, unfortunately, also amplifies whatever is bad, too.
If you have tons of great data, great processes, and a strong team with just the right skills, then ML/AI will allow you to do what was previously impossible. But, if any of those things are poor — then machine learning and AI approaches will amplify your weak points. Which means those big problems you have may become much, much bigger.
Take this quote on data wrangling alone:
“A model is only as good as its inputs, and firms must first corral and cleanse the various internal and external data inputs. This is often one of the most time-consuming aspects of a machine learning platform deployment. One large bank executive says it took his FI almost a year to get the requisite info from its core banking platform and other internal sources and cleanse it. Another executive says that for any new modelling effort, his team typically spends 80% of its time on data wrangling and 20% on the actual modelling effort.” - AIM Evaluation: Fraud and AML Machine Learning Platform Vendors, March 2019, Aite
If you, your team, and your business are lucky enough to have the perfect ecosystem, then ML/AI can work wonders. But most of us aren’t in perfect situations.
2. Machine learning gets weird tunnel vision
We’ve consulted for small, medium, and large financial companies all over Europe. For those heavily dependent upon ML, red flags usually surfaced immediately.
As an example, let’s say one of these companies was in the automotive industry. Using ML, every lime green VW Bug from 2003 that had manual window cranks and a sun roof was marked as suspicious. And, when they double checked, they were right 99% of the time! But when looked deeper, we noticed these cars comprised only a tiny piece of their business. And, because they were so dependent on ML, they didn’t notice all the other cars they weren’t checking. Which meant a vast majority of their criminals got through scot-free.
If you don’t spend a lot of time monitoring your models, it can turn into a disaster for your AML quickly.
3. Machine learning shines when you have a fairly homogenous product and stable data set
Machine learning approaches are effective when your business is stable, mature, and large. For example, if you’ve got a consumer business, a monoline product like a debit card, several million customers, have been operating in the same countries for years, and your AML team is experienced, then machine learning can definitely help. It’ll help eliminate your most tedious tasks first — sorting through millions of transactions and finding the ones that are most obviously suspicious.
But if your consumer business branches out into the SMB, for example, you’ll find that the risks are quite different — even though there are areas of overlap. The input data is totally different (beneficial owners, company structures, payment behaviours, products). And the risks are of a totally different nature.
4. Machine Learning needs huge amounts of data
You really do need a lot of data to do machine learning well. If you have fewer than 500,000 customers, for example, then it’s just not going to work. There isn’t enough training data. Supervised learning models are the most effective option, but you’ll need to have quite good detection mechanisms already in place to provide enough input to the model. Which means good ML can only follow good rule-based monitoring.
Money laundering cases are, fortunately, relatively rare. Typically, they’re just 0.1-3% of transactions flagged and far fewer reported.
Just like our earlier example, the model zoomed in on a particular behavioural pattern which was suspicious, but missed the larger picture. All of that came from highly unbalanced training data — in part because the company just didn’t have enough data to start. Unfortunately, this will always be a risk for ML in AML. Sure, there are ways around it, but you’ll need to have extremely capable data scientists who thoroughly understand your product and your AML domain so they can quickly spot the cases where your model suddenly over-calibrates for one type of behaviour and completely neglects the larger picture.
5. Even data scientists don’t understand ML/AI well
One of the main challenges is that, unfortunately, machine learning is poorly understood by most people — and that includes data scientists. Sure, you can set up an advanced ML model in 5 lines of python code — many of us in Salv have done exactly that many times. But the problem is you’d have no idea why the results are what they are. This is common — and it’s scary when it’s applied to AML. The reputation of entire financial institutions rests on AML controls.
6. AML machine learning vendors can mess things up far too easily
Vendors offering ML/AI for AML often offer to help build and maintain your models. That sounds great, but you do need to ask if these models are right for your business. The vendors are doing their best with what information they have from you, but there are a few things to keep in mind.
First, they don’t have the same incentive — extreme liability if something goes wrong. Their jobs and company’s future isn’t on the line if yours messes up. But yours sure are.
Secondly, and most importantly, they’re not talking with your customers and your unique set of criminals daily. They don’t know your product loopholes. They don’t know your risk appetite. They’re just analysing data. Though they’re probably incredibly smart, they’re still missing enormous context for making decisions. To mitigate this, you’ll need to build a strong partnership. Your financial institution will need to commit ample time building up your vendor’s data scientists’ knowledge.
There’s something better than machine learning for AML
In a majority of scenarios, the better alternative to machine learning and AI is rules-based monitoring. Why? Because, ultimately, it gives most of us the control our businesses desperately need.
It might feel nerdier and clunkier, or even outdated — but it works. And, if you have rules-based monitoring that’s designed for today’s fast changing environment, like Salv has built, then that’s actually worlds better than rules-based monitoring built 40, 30, or even 10 years ago.
Plus, you’ll have the visibility your business is going to want to have. Because, today, it’s more important than ever that MLROs are certain they understand what their systems are doing. In the current climate, if companies even get it a little wrong, regulators are far less lenient.
Rules-based systems designed today are far better than you’d imagine
Maybe you’re getting depressed thinking you’re going to have to revert to old technology. A mere 10 blunt rules created by a vendor when it was implemented in a bank years ago have no hope of fighting today’s organised crime. But let’s think about an everyman car like a Toyota for a moment. A new Toyota of today is brimming with technology built to keep you safe and in control, yet still comfortable. It’s almost a farce to liken them to cars built in the 80’s and 90’s.
And that’s similar with many large, legacy AML technology providers. Sure, a lot of them focus on rule-based systems like Salv. In fact, some of them even add on AI or ML to show they have adapted — but that’s a bit like throwing a high-powered engine into a wheelbarrow. It’s not any more effective.
Rules-based systems built today, and rules-based systems built 20-30 years ago are worlds apart. Legacy providers didn’t build for navigating the obstacles of today’s environments. Salv did. We can even see some of the evidence as we all watch helplessly as bank after bank, often using legacy providers, are being hit with AML scandals. They just weren’t built to keep up with the fast-paced criminals of today. Salv was.
Use your team’s intelligence to create a lot of narrowly-defined rules
As a data lover myself, it pains me to say so, but I firmly believe that the AML space just isn’t ready yet for ML/AI. Many narrowly-defined rules, encoded with tons of compliance intelligence from the humans closest to your product and the criminals using your system is what works best in today’s compliance.
What trips many companies up is that they don’t have enough rules. Someone, somewhere, long ago created a small set of rules for an AML department to use and then left it. We’ve heard horror story after horror story of teams struggling for months, and sometimes a year, to get a vendor or someone from their IT department to change or create a new rule. That clearly won’t work.
Your team needs many, narrowly defined rules. If your rules are too broad, your team gets killed with pointless false positives. So they’ll need to be overly specific. And you need a tool with the ability to change and adapt them fast so your team can keep apace with the crime out there.
At Salv, we’ll use machine learning when it’s time
We’ll use ML/AI when our customers are ready for it. We’ll use it when we’re confident we can introduce it and have the compliance team themselves fully manage it.
There are AML areas that are safer for ML/AI approaches and we’re implementing those first. For instance, in the sanctions world, we’re already far down the path of using ML to automate the repetitive, obvious false positives. We’ll soon launch techniques for suggesting new rules or tweaks to thresholds that will take advantage of 80% of the benefit of ML/AI, yet still allow the compliance team to stay firmly in the driver’s seat.
There are safer, innovative technologies that can help
In the summer of 2019, Salv, in partnership with Sharemind Cybernetica, built an advanced piece of technology — as a part of the UK’s Financial Conduct Authority’s (FCA) 2019 Hackathon. With time, it developed into something bigger, stronger, something with a potential to change the AML industry forever: AML Bridge.
The platform allows financial companies to anonymously and safely share necessary data internally and between other financial institutions in the interest of detecting money laundering. The system is GDPR-compliant, and there’s some incredibly groundbreaking cryptographic technology behind it that means data becomes impossible to leak and trace.
A few final words
At Salv, we believe AML isn’t quite ready to depend fully on machine learning. Although, in the right circumstances with the right people, it can help some — as long as you have a team who knows both ML/AI, the AML domain, and your products really really well. And if you use it in small doses with close supervision. But it’s not an end of itself.
If you’re like us and want to jump in deeper on this topic, read our full article on AML machine learning and AI.