Measuring Efficiency, Effectiveness of Compliance is a Vital Effort

Compliance functions build robust compliance programs that enable them to answer the board of directors' basic question: how do I know I am in compliance with applicable laws and regulations?

As part of such laws and regulations, anti-money laundering (AML) and combating terrorist financing (CTF) are positioned as a core responsibility for compliance functions. Mitigation of AML/CTF risk implies adopting a risk-based approach aiming at identifying, monitoring, and when necessary reporting suspicious activities.

With huge volumes of transactions, continuous changes in regulatory requirements, including scanning against enormous number of sanctioned entities and PEP lists, in addition to the complicated nature of money laundering activities, AML/CTF technology becomes a basic need for every compliance function as human approach is deemed ineffective and inefficient.

Consequently, compliance functions, in an effort to optimize their processes, need an effective, efficient solution to mitigate AML/CTF risk. That can be interpreted through the rate of false positives and false negatives.

A false positive is basically a false alarm, but it still requires investigation by a compliance specialist, while in reality the scanned name is not the same blacklisted entity. The false positive rate reflects the efficiency of the system. Every false positive requires costly human resources time spent on investigation, as well as the time any transactions have been blocked. The price of the AML/CTF software becomes negligible in comparison.

A false negative is the case where a transaction is related to a sanctioned entity, but is not being detected. The false negative rate reflects system effectiveness.

The ideal scenario is to reach the least false positives possible and avoid false negatives. This can be achieved through the utilization of several techniques embedded in AML/CTF solutions.


False Positive Reduction

In list screening solutions, false positive reduction efforts can be divided into two axes: appropriate configuration of the solutions and appropriate contextualization of the scanning process. Appropriate configuration includes limiting scanning to the required lists and using an appropriate scanning rank. Appropriate contextualization means introducing a context to the scanning process, whether on list entity level (white-listing) or on a transaction flow level (business rules).

For multi-geographical and multi-functional environments, use multi-dimensional solutions that reflect organizational structure, and provide the ability to choose list sets to scan against in each geographical or functional area.

Scanning processes compare scanned text with the blacklisted entities. The matching engine uses algorithms to overcome spelling mistakes, glued or split words, different methods of writing words, soundex, etc. The engine grants a penalty to the match rank for each difference between the scanned text and blacklisted entity. When scanning, a user can define a rank which represents the minimum match score to be returned to the investigator.

There is no magic potion or one-size-fits-all solution when it comes to defining such rank. Adopt a methodological approach in which a representative sample is scanned with several different ranks, and the results are analyzed to identify the optimum score.


Appropriate Contextualization

If the matching engine's algorithms recognize different ways of writing a name, then a probable side-effect may involve the engine mistakenly matching a name (scanned text) to an entity in the blacklist. If blacklisted entities are mistakenly associated to customers that perform frequent transactions, consider exempting them by white listing them in future scans. The exemptions should be associated to specific entities in particular lists, and contextualized. Consider the members "good guys" in the context of their date of birth, country of residency, address, etc.

The objective of linking a good guy to a specific entity in the list is to avoid a false negative when this same good guy turns bad and is blacklisted. If the customer is considered the good guy for the first entity, this won't be the case for the second.

Another way of contextualizing the scanning is the addition of specific business rules on some transaction flows. These rules could tackle the currency of a transaction, the country of origin or destination, a threshold or another applicable rule.

Minimizing false positives of AML/CTF solutions has become a fundamental activity for compliance functions due to the cost of human intervention. With the appropriate mechanisms implemented, an optimization can be achieved.

Nasser J Sweileh is senior product manager with EastNets. For info: www.eastnets.com.