Not long ago, financial institutions almost solely relied on traditional, rules-based BSA/AML transaction monitoring. Like other areas of banking, the BSA/AML space has evolved in recent years, adopting new technologies to identify potentially suspicious activity more accurately and efficiently. Using leading technology, innovative BSA/AML software providers are harnessing the power of artificial intelligence (AI) and machine learning for behavior-based analysis. It is important for financial institutions to find a balance between detecting suspicious activity without being so broad that the institution is bogged down with an abundance of false positives. Both types of analysis have pros and cons, and a careful convergence of rules- and behavior-based analytics provides the most coverage for financial institutions.
Balancing Act: Applying Rules-Based and Behavior-Based Analytics in BSA/AML Software
- It's important for financial institutions to find a balance between detecting suspicious activity without being so broad that BSA professionals are bogged down with false positives.
- Rules-based and behavior-based approaches both have pros and cons when used exclusively.
- To zero in on suspicious activity, typologies can be used to more accurately assess behaviors.
The difference between rules- and behavior-based analytics
From a high level, rules analyze activity over a set period of time, while behavior logic looks at activity in comparison to a customer’s historical or expected activity. Ultimately, both rules and behavior logic rely on thresholds, but they are used somewhat differently. There is a place for both types of analytics in BSA/AML software, giving financial institutions the ability to apply strategies most appropriate to their risk profile and the suspicious activity being perpetrated.
Rules tend to fall into three different categories: volume or frequency, structuring, or velocity. These rules identify anomalies, such as an abnormally high volume of transactions or patterns of transactions falling within an institution’s internal threshold. With the right solution, financial institutions have the ability to customize their parameters to find suspicious activity that may be undetected. Many people within the industry may refer to rules as simplistic “if, then” logic that may create excess false positives. If an institution’s parameters are too rigid, it may miss fraudulent activity just below the threshold.
Behavior-based logic, as the name suggests, relies on the customer’s historical or expected behaviors. This logic looks for deviations from accepted peer norms or from the customer’s historical patterns. When used in conjunction with rules-based, financial institutions can identify potential suspicious activity and the number of false positives that come with rules. There are drawbacks to behavior logic when used exclusively. Behavior-based logic looks for fluctuations of activity. Therefore, if the customer’s activity has been fraudulent from day one, this logic will likely not catch these activities, as they are perceived as “normal” behaviors.
Both rules- and behavior-based transaction monitoring have their benefits and shortcomings, and while they are not perfect solutions when used exclusively, a multidimensional analytical approach can help BSA officers identify activity that is legitimately suspicious.
Creating balanced transaction monitoring with typologies
Both rules- and behavior-based analytics are important in identifying suspicious activity based on the parameters an institution sets, but false positives can burden BSA officers as they sift through insignificant alerts. To zero in on truly suspicious activity, typologies can be used to more accurately assess behavior fluctuations and screen customer behavior against known patterns of illicit activity. In addition to the parameters using rules- and behavior-based analytics, typologies help to provide the context and perspective for the activity. This allows financial institutions to customize specific pattern thresholds for various segments, including demographics and geography.
BSA/AML software should be transparent and flexible, giving financial institutions the ability to adjust the parameters to fit the institution’s unique risk profile. “Set it and forget it” systems may help to automate alerts, but these systems lack the transparency needed for BSA officers to easily communicate alerts and decisions to regulators. It’s important that financial institutions employ a carefully tailored approach to grow with the institution’s risk profile and leverage a combination of behavior-based and rules-based scenarios to target known patterns. As criminals change behaviors and schemes, software should, too; seek software with the flexibility to continuously adjust parameters as needed to detect new risks.