By Will Towning
Use cases for financial crime analytics
Payments play a fundamental role in our financial and economic systems – from the most humble of activities, such as buying a coffee or catching the underground, to the most complex financial derivative arrangements. Despite this, payments have historically been seen as the rather uninspiring, ordinary financial plumbing that facilitates big business – they are often overlooked and undervalued. But, by its very nature, the data flowing through the pipes can reveal huge amounts about the financial and economic world around us.
In this series of articles, I hope to share a number of use cases for how technology enables us to operationalise payments data to generate such insights and analysis. Some of the use cases are being executed by leading central banks, financial market infrastructures (FMIs) and commercial banks today, while others are on the horizon of innovation in supervision and liquidity management.
The analysis of payments data is crucial for the fight against sophisticated financial crime. System-level payment data, in particular, is increasingly being used as it provides a more complete view of transaction trails within the financial system. Analysis at this level – as opposed to discrete data collected at the individual financial institution level – enables analysts to uncover behavioral norms, network relationships and anomalies that are indicative of financial crime, such as money laundering, terrorism financing or fraud.
In part two of this series – The Power of Payments Data – I aim to explain how leading and innovative financial market infrastructures are tackling financial crime at the system level. I discuss why anomaly detection of system-level payments data is fast becoming a key financial crime analytics tool, as well as why graph and AI/ML-based anomaly detection is at the leading edge of this push to conduct the analysis at the system level.
Anomaly detection is a crucial financial crime analytics tool
Methods to detect anomalies in payments data have been the bedrock of anti-money laundering and combatting the financing of terrorism since these terms existed. An anomaly can be identified using anything from predefined thresholds or criteria, such as the size or frequency of payments, to advanced algorithms which analyse patterns and behaviors within the data. Anomaly detection is critical in an age where criminal strategies evolve quickly.
Anomaly detection is also effective at analyzing large volumes of data quickly and accurately. Without the help of automated tools, it would be difficult or impossible to identify patterns and behaviors through manual review.
Financial institutions and financial markets infrastructures use a variety of anomaly detection techniques for detecting financial crime. These include but are not limited to:
- Rule-based anomaly detection: This technique involves establishing a set of rules based on either historical data, patterns or expert knowledge that define what is considered normal behavior for a given entity. Transactions or activity that do not conform to these rules are flagged as potentially suspicious.
- Statistical anomaly detection: This technique involves identifying unusual patterns or behaviors based on a statistical analysis of historical data. This method relies on the assumption that normal behavior will follow a predictable pattern, and any deviations from that pattern may indicate fraudulent or criminal activity.
- Machine learning-based anomaly detection: This technique involves using machine learning algorithms, such as neural networks, that are trained to predict patterns or behaviors in financial data, helping identify activities that can be indicative of financial crime. These algorithms can adapt and improve over time as they are exposed to more data.
Graph-based anomaly detection
As mentioned above, one of the advantages of taking this battle onto the system level is the ability to gain a more holistic view of payment activity across the system. Instead of identifying anomalies on an individual account – unusual values, timing, or frequency in an individual payments activity – you can also start detecting anomalies across network relationships themselves.
Some of the leading and most innovative financial market infrastructures are doing just this, combining advanced graph or network-based anomaly detection methods with existing machine learning capabilities.
Graph or network-based techniques involve analyzing the relationship between parties and entities involved in the transaction trail to identify suspicious networks or patterns of activity. Network science has produced a wide range of network features that are helpful in analyzing networks, such as the centrality of senders or receivers, the network distance between them or the communities they belong to. As a result, graph-based methods are very effective at identifying complex and sophisticated money laundering schemes that involve multiple entities and accounts.
In particular, when combining these techniques with machine learning, these algorithms not only look at the volumes, timing and frequency of transactions but also at the network features and relationships between agents. For example, it is then possible to estimate, on the balance of probabilities, whether a link should exist or not based upon the observed network, using observed payments between accounts to measure trust relationships. Similarly, a high prominence of an account as measured by its graph centrality might indicate its reputation as a trusted counterparty.
FMIs that have added a graph or network-based anomaly detection approach to their financial crime arsenal benefit on three important fronts – the accuracy of results, resilience against criminals gaming the system and agility over time as criminal strategies evolve.
Accuracy: Graph and ML-based anomaly detection is proving to enhance the accuracy of detecting suspicious activity and reduce false positives over traditional approaches. Molloy et al. (2017) evaluated such models on a large dataset from a European bank and shows it can substantially reduce false positives in traditional fraud scoring. In 2019, FNA’s CEO Dr. Kimmo Soramaki and Lead Data Scientists Dr. Amanah Ramadiah and Dr. Riccardo Marcciolo tested our own algorithms on a real RTGS dataset of 100 banks and 385 days of transactions. They also found the use of network features sets as a complement to traditional methods increased the accuracy of detecting anomalous payments.
Resilience: Anomaly detection using a graph-based approach can also reduce the ability for any one actor to game the system. For example, some sophisticated money laundering strategies use a network of accounts – often with stolen or synthetic identities – to process frequent but small payments in an effort to obscure their financial flows. These criminals are able to go largely undetected with authorities using standard rule-based approaches that look at account-level data. But because these mule network strategies rely on the relationships between accounts, it is more difficult to evade detection under graph-based approaches at the system level.
Agility: Graph and ML-based anomaly detection approaches are also very effective at detecting changes in patterns and emerging themes in the data that could be indicative of new criminal strategies. As the economic and financial background evolves – either abruptly from events such as the pandemic or the Russia-Ukraine conflict or gradually with the advance of technology such as digital assets – new chinks in the armour are created for criminals to adapt and exploit. FMIs need to have the ability to detect these changes in criminal strategies.
Thanks for reading. In part three of the Power of Payments Data series, I will be taking a look at how payments data is being used to build digital twins of payment systems. This innovative approach is helping Central banks, FMIs & financial institutions model and test how their systems would perform under different designs, conditions or scenarios without disrupting the real-world equivalent.