New banking methodologies have enabled customers to access and move their funds more easily than ever before. As with any well intended innovation, this has also presented ways for nefarious elements or bad actors to transfer ill-gotten gains across accounts, states and countries. This new reality is forcing Financial institutions across the world to struggle to account for the risks, and threats posed by new and innovative ways of money laundering. It therefore goes without saying that new risk indicators need to be included in the anti-money laundering (AML) framework and necessary mitigation processes developed to ensure financial institutions follow the regulations.
While historically, there are a myriad of variables that are evaluated in determining where a customer fits within the risk appetite of a financial institution, the underlying theme is rooted in the industry recognized term of Customer Risk Scoring (CRS), which is a score or band assigned to a customer based on perceived financial-crime risk derived from parameters such as the customer’s residence, accounts, and product holdings. The challenge is that while this terminology is favored by the industry, it is not a panacea in that the aforementioned static parameters do not always help establish the correct risk score because of factors such as frequency of change in customer behavior, known associates, and transactional data. Additionally, the fact that some parameters may not vary with time, so customers could remain in the same risk band irrespective of their current behavior. This is a significant drawback of the current CRS model, which could necessitate due-diligence and cause firms to focus on non-risky customers. As a result, in the AML framework, this undoubtedly leads to higher false positive rates and impacts a firm’s operational efficiency.
While there is no “silver bullet” to addressing these concerns, the aim of this white paper is to highlight the solutions for designing a CRS model that holistically capture the financial-crime risk of a customer. To minimize the impact of the risks and problems mentioned above, OmniLabs proposes a dynamic customer risk rating or score, which is a consolidated risk number summarizing a customer’s intrinsic risk to the bank and is updated on the basis of parameters, both static and dynamic.
The risk spoken of here is a collective assessment and review of transactional attributes gleaned through the customer’s transaction behavior, and non-transactional attributes are determined through customer information file, past alerts data, and analysis of past financial crime-related activities.
On June 9th, 2018 the fifth anti-money laundering directive (5AMLD) went into effect. It places a significant requirement on financial institutions in the identification of ultimate beneficial ownership. Up to date accurate, complete and actionable information on ultimate beneficial ownership helps protect banks from money-laundering risk. If the 5AMLD is successfully integrated with the fourth anti-money laundering directive (4AMLD) which places stringent requirements on financial institution to explain the rationale behind customer risk scoring done by the institution. In order for the 4AMLD to have been effective, it relied on financial institutions to adopt methods using available data sources to come up with intuitive risk ratings and justify their risk rating of a customer. At which point Customer due diligence (CDD) and enhanced due diligence (EDD) would be applied based on the changing risk rating (point-in-time risk) and making the monitoring more effective.
The changes mentioned are mandatory for financial institutions to implement in the ongoing monitoring process. Incorporating the changes in the CRS will empower banks to rationalize their risk rating methodology and hence improve transaction screening.
1. Define a dynamic CRR framework based on transactional and key non-transactional attributes.
2. To incorporate the key changes of the new AML directive in the CRR model. This includes proposing key databases and data elements for building the framework. We recommend the application of alternative self-learning or machine learning methodologies as challenger models. We list the key parameters for validating the outputs and verifying whether the final solution is implementable.
Increasing regulatory pressure to use more scientific statistical and machine learning procedures in the Bank Secrecy Act (BSA)/ AML compliance space is pushing financial institutions to replace their heuristic, rule-based CRR models with well-established, academically supported and statistically based models. Many machine learning methods are available for quantifying the risk of customers based on their attributes. Among the alternatives, the best-suited method is the one that can cover the available typologies in the database and/ or identify potential new typologies. The holistic view of customer risk will keep a check on false positives without compromising scenario coverage.
The CRR approach can be decomposed in the following stages:
- Feature Engineering: Feature engineering is an important process required to make machine learning algorithms work. Algorithms with smart features yield smart results, and feature engineering should bring mathematical value to subjective knowledge. For example, a network of accounts with suspicious cases should be defined objectively in the feature engineering step. Many features can be created based on the evolving money laundering typologies.
- Model Development: Statistical machine learning-based models are founded on well-established statistical methodologies and approaches that have been vetted, reviewed and published in academic journals. Most of the statistical models that financial firms use for CRR are predictive, such as linear regression, binary or ordinal logistic regression, decision trees (all types) and neural networks. The application and risk rating objectives determine the model that the firm selects. For CRR, binary or ordinal logistic regression models are the most common.
- Logistic Regression Model: Logistic regression is a well-known supervised machine learning algorithm to model the relationship between categorical outcome and one or more independent variables. It is a probabilistic classifier, and outputs a probability score of occurrence of event of interest (e.g., money laundering cases in AML framework).
- Artificial Neural Network (ANN):ANN is a supervised deep-learning technique to unearth patterns in data. It has the capability to update the weights/ coefficients on its own. ANN is a powerful technique to learn complex, non-linear relationships and provides accurate results. Its only drawback is that the final model is not visible.
- Clustering: Clustering is an unsupervised machine learning technique that helps discover natural groupings in data. It can be used to define risk banding based on characteristics of the cluster and distribution of the existing customer risk segment. Majority class is assigned as a risk band for the cluster.
- Feedback loop: A critical element of the dynamic risk rating framework is that the algorithm learns over time. It increases the risk score of customers whose behavior it perceives to be aberrant and reduces the risk score of customers who might show risky behavior but in a one-off case. The diagrammatic representation of the entire feedback loop shows the information harvested from existing data tables and the risk ratings being calculated. The individual risk parameters (e.g., transaction, link, and KYC) each send the latest information to the model to assign a risk score to the customer. The risk ratings can be constrained depending on operational limitations. For example, the number of high-risk customers should not exceed 20% of the total customer base.
CRS should be accurately defined for the historical time period before the model development process. If the current customer risk does not reflect the correct risk rating, sample should be drawn from population where risk rating is correctly assigned. The sample taken from the population should be large enough to generalize results of the model to the entire customer base.
Different data sources can be used for the CRS model such as transactional data, customer information file, financial crime network data, and performance data. Data integrity checks should be applied to ensure the quality and completeness of the data. Variables available in the data sources include history of case filings, number of address changes, number of dormant accounts, and transaction activities in high-risk geographies. In the CRS model, many features are created to cover different risk areas within a bank.
In most transaction monitoring frameworks, risk rating plays a key role in determining whether an alert will be sent for investigation. However, many false positives occur because CRS does not truly reflect a customer’s risk profile. A closer analytical evaluation of customer risk will make monitoring process effective and efficient. A key step towards this is the inclusion of attributes that reflect the customer’s true risk profile. This will not only help in targeting customers who are high-risk, but also lower the risk score of customers who are perceived as low-risk. Operational teams will be able to perform efficiently, and regulatory norms can also be met.
The evaluation of CRS of banks and other financial organizations is challenging because of the opaqueness of the banking sector and high variability in the sector’s customer risk. Risk evaluation is, however, important because of the growing number of regulations, policies, and penalties. The magnitude of loss in terms of goodwill, reputation, and fines has a cascading effect on the entire financial system and economy.
The proposed CRS approach can be applied to develop an accurate and objective CRS model. The model will enable financial institutions to rate their customers on a proactive basis at a desired frequency and respond to the needs of developing internal CRS systems. The proposed model’s role as an early warning system is extremely critical in view of the following:
- The financial costs incurred by banks in case of policy and regulatory violations.
- Continued failure of banks in identifying and deterring money laundering activities over the last 30 years.
- The risk of spill-over across the financial system and economy (from terror financing, drug syndicates, and child trafficking activities).