August 26, 2010

Credit Union Management’s Web-only “On Compliance” column runs the fourth Thursday of every month.

In today’s economic climate, financial institutions must address financial crime and compliance in a coordinated fashion. Those that don’t can suffer losses, regulatory censure and fines and, perhaps equally as important, increased reputational risk. But the reality is that many credit unions and other financial institutions still maintain separate efforts for anti-money laundering and fraud detection. Consider the following scenario:

Lisa Stack and Mary Hunter work at the same credit union and rarely have time to chat.

One Monday morning, Lisa, a compliance officer, grabs her coffee and digs into the latest pile of reports on her desk. A member, Fred Kiter, had a busy weekend. His activity broke rules for Lisa’s excessive cash report. She begins to investigate and notices that Fred made several large ATM deposits. She needs to determine if they are checks or cash. She makes a note to dig a little deeper and then moves on to the next case.

Meanwhile, down the hall, Mary settles in for another day of fraud investigations. As she reviews the check kiting report, Fred Kiter jumps to the front of the pile. His multiple ATM deposits, combined with several check withdrawals, seem suspicious and she delves into an investigation.

This scenario is not uncommon in the real world. Two talented and busy investigators working on the exact same case because their processes do not allow for an easy synchronization of compliance and fraud investigations.

Credit unions should consider consolidating their anti-money laundering and other compliance efforts with their anti-fraud measures, rather than relying on separate alerts and reports. Increased efficiencies, reduced costs and improved enterprise risk management are all recognized by industry analysts and government regulatory and enforcement agencies as the end result of a well-executed consolidation strategy.

Institutions interested in a consolidated approach need to be prepared for two primary obstacles:

• overcoming siloed approaches used to achieve separate AML and anti-fraud goals, and;

• removing the constraints imposed by the adoption of solutions that rely on first-generation (rules-based) technology.

Overcoming these challenges will require credit unions to move away from maintaining separate autonomous programs and unite their strategies for financial crime, compliance and technology at the organizational level. This process typically involves gaining management buy-in, improving overall communications and aligning work processes to remove duplication and improve efficiencies. However, a siloed structure often remains because the underlying technology is rules-based.

Consolidated solutions built on behavior-based rather than rules-based technology can address these challenges.

To detect potentially suspicious activity, traditional rules-based systems require users to create an ever-increasing number of customized rules to detect specific series of transactions. This often leads to an explosion in the number of rules and generates an unmanageable number of false positives.

Consider the following example of a rule that might be used to identify potential instances of cash-structuring behavior:

If a member has never made any deposit/withdrawal of more than or equal to $10,000.01, and if a member makes four or more cash deposits/withdrawals within 30 days, and if the total deposits/withdrawals are larger than or equal to $8,000 then send an alert.

If we take a closer look at this rule, it basically says that if a member makes only three deposits in 30 days, or four deposits in 31 days, or even four deposits of $7,900, no alert will be generated and the behavior will go undetected. So additional rules are needed to try and provide coverage for these gray areas. Today, it is not uncommon for some rules-based systems to run upwards of 1,000 rules, all of which require editing and maintenance to ensure that they continue to remain in line with the real-world behavior of fraudsters, money launderers and other financial criminals.

Second-generation, behavior-based analytics use a probabilistic approach to detecting suspicious activity that considers a member’s transactional history and other relevant data. This means that suspicious activity is considered along a continuum, with alerts having a higher probability of being synonymous with an increased risk of money laundering or fraud. Behavior-based systems do not rely on rules, thus eliminating the inherent problems associated with first-generation technology. They rely on advanced artificial intelligence – analyzing transactions and looking for patterns of behavior that are unusual for the member.

Second-generation fraud and AML technology can consolidate large volumes of information about people, accounts and transactions from a variety of disparate data sources – making it easier to spot the bad guys by increasing the transparency between member behavior and the risk exposure to financial crime schemes, and helping financial institutions investigate suspicious activity that is truly suspicious while reducing the investigation of activity later deemed legitimate. Focusing resources to investigate truly suspicious activity reduces the potential costs associated with non-compliance and fraud losses, and helps ensure the credit union’s resources are used to greatest effect.

In the scenario described earlier, a consolidated approach would work like this:

Mary and Lisa have changed their process. They’ve combined all alerts into a single system, which Mary reviews. She’ll work fraud alerts on her own, but when something looks like it might be money laundering, she calls on Lisa for help. This process allows Lisa to focus more on Bank Secrecy Act training and customer due diligence.

Credit unions must be willing to re-examine their strategic approach to risk-based financial crime and compliance management. While it should not be viewed as a panacea, a consolidated approach to compliance and anti-fraud initiatives can enable credit unions to respond with equal agility to these threats, while at the same time realizing significant benefits across the organization.

Jamie King is president/CEO and co-founder of Verafin, a leading provider of compliance, anti-money laundering and fraud detection software for financial institutions. He is responsible for leading product development and establishing the long-term vision of the company. King has taught computer engineering at Memorial University of Newfoundland, and has authored numerous technical publications. Prior to Verafin, he co-founded a company that specialized in robotics.