There is a legitimate debate as to the value of a large amount of something versus a smaller amount of higher quality. In relationships, we talk about quality time yet some argue that children, in particular, need a large quantity of time from parents. Just being there, showing up for the mundane, has great value.
Similarly, in World War II, German tanks were famous for their strong armor, powerful guns, and reliability. Yet lighter armored, cheaper to produce, and more maneuverable Sherman tanks won the battlefield. Sheer numbers overcame quality.
How then shall we discuss the vast trove of information, some of which might actually be intelligence, that is FinCEN's Suspicious Activity Report (SAR) database? My own writing of SARs and the vast hours I've spent teaching or listening to others teach on the subject leads me to believe that the goal of financial crime reporting is to produce actionable intelligence for law enforcement. Quantity, in this case, can make more of a mess of things than it helps; what we need is a better way to find and report real suspicious activity.
What is Intelligence and How Does it Relate to AML Investigation?
Let's back up a step and define what it means to provide intelligence. In the military and geopolitical sense, intelligence is the reporting of analyzed information. We ask a question, we gather information about it, we analyze this information, then we report it to those who need to know. That is also known as the intelligence cycle, and you may recognize some parallels to the scientific method. We're all doing the same thing: record what we observe, try to understand what it means, write about it, collect more data.
Essentially, this is the same cycle that anti-money laundering and anti-financial crime solutions are using. Whether they realize it or not, transaction monitoring poses a question, "which people in this population are doing something criminal or trying to cover up a form of illicit activity?" Transaction monitoring programs gather statistical anomalies into events, then investigators collect and analyze data about these events, and write reports when the activity becomes egregious. The problem is that, in reality, this process involves a lot of self-feeding churn. The teams often write suspicious activity reports because investigators can’t exactly explain something as legitimate, not because they thought it was truly money laundering. Each report then generates ‘ongoing activity’ SARs if the activity continues after a 90-day review.
Challenges in Establishing a Legitimate Baseline: The Dilemma of AML Investigations
This problem arises because few people can accurately estimate a baseline for legitimate activity in every situation. Most investigators don’t have a standard to measure against but instead guess at it - with the result left up to each investigator’s knowledge and savvy. There are too many reports filed purely defensively: because to ‘not file’ without a solid explanation is to invite further scrutiny. To say the least, the process is laborious and produces very little in the form of useful reporting, or what those in the Intel community would call ‘actionable’. Law Enforcement can’t take action on it if there’s no probable cause.
Searching for real leads in the SAR database must be like panning for gold in California in 1849. Lots of dirt, some flakes, no nuggets. To put it another way, a lot of sizzle and very little steak. There are so many analogies… even finding the right one is like a needle in a haystack. AML has about a .030 batting average when it comes to finding real bad guys. How do we like that, sports fans?
In the AML investigation world, people feel like they are digging holes with shovels, and somebody seems to be filling the hole back in behind them. I feel like I've seen this before, on an Army first sergeant's list of punishments. AML people are overworked, and everybody is looking for a career "next step" to get away from the drudgery. Let's make investigating fun again shall we? Given the tools and the time to adequately research a full case, I am confident that investigators would create meaningful results. They want to write a report that goes to law enforcement and helps nab someone doing very bad things on the street. So why do we settle for such a high quantity of suspicious activity reports?
Currency Transaction Reports (CTR) and Structuring: Criminals vs. “Regulatory Avoiders”
Repeatedly, we file on things like Currency Transaction Report (CTR) evasion, i.e. ‘structuring’, without notifying the customer. There is literally a government-approved pamphlet for delivering to people. Instead, financial institutions kick people out, people who are legitimately trying to be entrepreneurial and make a good living, without really understanding their life story. I was speaking to one of the leaders of a SAR review team on the East Coast, and he said that he divides structuring into “real criminals” versus “regulatory avoiders”. Clearly, there’s little interest from law enforcement in going after purely regulatory avoiders. Those people would benefit from being educated. Getting rid of regulatory avoiders would dramatically reduce the workload, so why don't we have many solutions to help? Maybe educated customers would stop trying to evade or avoid the CTR requirement. We in the industry know that the law is basically designed for criminals to try to evade it, and thereby initiate investigations. But the system doesn't work when everyone and their dog is afraid of sending information to the IRS.
My point is that in any operation, you want to clear away the noise in order to hone in on the real goal. While there can be value in gathering big picture insights from a huge volume of data, the SAR and CTR databases aren’t useful for that purpose. We are not seeing great insightful works of data analysis come out of all that’s been gathered. Why? Because it is too noisy with defensive filing, “no identifiable business purpose” (which is code for “I don’t know what this is”), and repeat filings on regulatory avoiders. It’s just a huge volume of information without real correlation to its intended purpose. Relatively few reports actually point to money laundering or even probable financial crime. If we had that, if we had the confirmation, it would be more like an anti-fraud regime.
Anti-Money Laundering Has More In Common with Intelligence than Anti-Fraud Does
In the anti-fraud world, folks understand that a crime has been committed, and they try to gather evidence to support the assertion and obtain a conviction. In the money laundering world, the work is more closely aligned with the mission and methods of intelligence.
Intelligence relies on secretive sources, smart assumptions, analysis, probability, etc in order to find vague connections. These hopefully lead to something, but often they do not. In a world where these vagaries are known to exist, the existing AML regime is making the problem much, much worse. The field of potentially useful information is clouded with reports that are essentially meaningless. By the way, this causes the end user (the law enforcement agent) to ignore the tool and miss out on valuable information. So, whether it's “I can’t explain it” SARs, or regulatory avoiders adding to a pile of legitimate people making avoidable mistakes, if we cleared out that noise, law enforcement could be more effective in their jobs. That’s what we all want, right?
How can teams Clear the Noise for Effective AML Investigations?
The question then is, how do we get there? While there are many answers to that question, what I tend to see in this industry is “better and better mousetraps.” I started as an AML analyst/investigator in 2008, and since then the rules-based approach has not gone anywhere. Though the models have improved over time, there is very little refinement on top of the output to sort what’s valuable and help investigators deal with the inefficiencies of the old approach. Even switching rules to what we call “behavior based” models is not necessarily as effective as we’d like. Behaviorally, the industry still does not understand what legitimate people do, as a baseline, that triggers AML alerts.
Clearly, the community needs new tools, fresh approaches, in order to combat the problems facing modern AML Investigation departments. One of the biggest lags is that criminals are one step ahead because they are early adopters. Financial institutions, especially larger companies, are incredibly slow at adapting and changing. Therefore, criminals remain able to exploit things like paper personal checks or cash reporting, even as most of us have moved to the digital age.
AML Teams are Buried Under Unproductive Alerts
AML officers find their teams buried under a mountain of non-productive alerts. Even with newer behavioral approaches to monitoring, sometimes the sophisticated models end up creating more risk than they remove. People are still using shovels to dig themselves out. Someone needs to bring in a virtual backhoe to remove the mountain. Then investigators can repurpose those work hours and get back to conducting meaningful, deep investigations that truly support the mission of the AML profession.