Are we connected in our fight for ML/TF?

In this week’s article I will be highlighting the challenges faced by Alert Handers (or investigators) who work mostly behind the scenes but are very crucial piece in the ML/TF puzzle. Alert handling teams are spread across different countries for multi-national bank (sometimes consolidated in hubs). In smaller banks on the other hand, multiple responsibilities are assigned to a single resource, including alert handling, and they are labelled as alert handler. If you know a little bit about programming, they are your “catch-all”/“exception handlers”, but more on that later. Irrespective of the kind of alert handling teams you have, criminals will have no mercy on you and will find every possible way to leverage your vulnerabilities. You may be attacked by money mules, or sophisticated tax evasion techniques using shell companies (as exposed in Pandora papers recently) or a simple ponzi scheme. There is a well connected network of criminals who work in tandem, across banks (and FI's).

The challenge

There is a huge responsibility on the alert handlers. I have been on the ground and have worked together with them, giving trainings, designing work instructions, optimizing alerts based on their feedback and more. There are several common challenges faced by these alert handlers, irrespective of whether they belong to a large or a small bank. They do have

• ”Catch-all”/“exception handlers” - I used these words earlier so let me elaborate what I mean. Your bank may have good Onboarding process, with a robust KYC. However criminals are getting smarter and they find ways to navigate through this process. On top of it, almost 70-80% first line/business users believe performing name screening/sanction check makes the ML/TF controls complete. They completely ignore the Transaction Monitoring (post fact monitoring) piece. Of course majority of the criminal elements know about these black/white initial checks and find innovative ways to pass on. Now, identifying these good vs. bad customer falls under the responsibility of Alert Handlers. They are your last resort to bring bad customers out in open and hence they hold an enormous responsibility. For an alert handler at a smaller bank, imagine their challenge when they have to meet KPI’s for other tasks, including alert handling!

• Technology limitation - Having sat with alert handlers from US all the way to New Zealand, I can say I have seen almost all flavors. One common theme is their way of working. Even to this day many rely on Excel Pivot table as the best possible tool for analysis. One of the major reasons being, technology investments are limited to just Transaction Monitoring, reducing false positives and the like. No one bothers much about the limited to basic investigation possibilities offered by such TM tools - their core strength is monitoring whereas investigations for them is primarily a workflow (how efficiently you can close an alert or escalate a case etc.). The first thing, an alert handler does after getting assigned an alert is to get out of the TM tool and investigate the alert outside.

• Data is scattered - Adding more complexity to the problem, raw data is never useful. Information needs to be extracted from raw data and make it easy to consume and perform further analysis. This is a day to day challenge for alert handlers. Customer data is in one back-office system, Transaction/payment data in another system and the product data in third system (mostly in multi-national banks and some large domestic banks too). Alert handlers have to navigate to these systems, fetch the data, make sense out of it and then decide whether it was a suspicious behavior or not. Moreover, in most cases, they need to fetch data from outside sources. All this dilutes the holistic view the alert handlers should have while performing analysis.

• Playing catch-up - Criminals run away in a Ferrari and our alert handlers are chasing them on foot, that is the current situation in most banks/FI’s. It’s a common saying that criminals are always two steps ahead and there is a reason. Our alert handlers are not given the right tools in this fight against criminals. Also, when you chase an identify one kind of behavior, criminals will initiate something different and these alert handlers end up chasing rather than being pro-active. This brings me to the most important point next.

• Silos! If I weigh other factors to this factor alone, my experience says this weighs 90% more than all others combined! Just imagine, there can be smart ways an handler sitting in New Zealand will use to investigate a company (e.g checking the UBO, trust associations etc.). On the other hand, another bank’s alert handlers in Romania will use a completely different method (e.g. checking different companies registered at the same address). Both are doing the right thing in their own space, but imagine what we could achieve by combining these two! There is just no way to connect these best practices (this can be within the same bank for that matter). If there is a big scheme unearthed at a bank in UK, alert handlers in Singapore are not pro-actively acting upon it. Criminals on the other hand will execute a step by step copy of the scheme because they know banks are not pro-active in sharing ideas! Such silos are a major concern in the industry. We cannot continue to let this happen. Large alert handling teams are sometimes just too big to share smart ideas. They stop short of simply standardizing the end to end flow (are all the checkboxes ticked for each alert as an example). Smaller teams on the other hand have some great ideas but their insights can never benefit others because they are happy in their small island.

I raised quite a few points and there are many more but let’s limit here for now. Being in this space for over 16 years, I have seen this problem over and over. In my capacity I tried making some changes too, but from a technology perspective, as an industry, we just stop short at Transaction Monitoring and put all our energy in reducing false positives, limiting alert volumes etc. The alert handlers are completely ignored even though they hold major responsibility. This gave me the motivation to get a team of smart people together with one objective - break investigation silos!

It’s not doomsday… yet!

I am more inclined to say… connect to our SaaS platform - Alexis, and all your problems will be solved 😉. Breaking silos is the core theme of Alexis. We want the investigators to connect to each other (across banks/ FIs / within banks) through technology and share best practices. I like giving analogy so here is another one - Alexis offers you a variety of utensils/tools (same across the board) in your kitchen and it’s up to you how you want to use them and prepare some food to your liking. If there is a new spice available, Alexis will simply notify you and you can decide whether to use it or not! Now replace these utensils/tools with investigation best practices and spices with known/latest ML/TF schemes. This is how we simplify investigations and make them consistent across clients. End of the day we can only fight criminals running in a Ferrari when every Alert Handler has their own Ferrari… this is what Alexis achieves, bringing consistency (through technology) in investigations and regularly compliment latest techniques which are just a notification away. If we come across new ideas, we roll it out to everyone and you don’t have to bother about software/hardware limitations anymore…

Breaking silos is the only way we can fight this crime going forward. I am not the only one saying it, but look at TMNL (Transaction Monitoring Netherlands) and the latest MAS Singapore notification who talk about the same thing. We offer the best technology to make this happen!