As regulations tighten and banks struggle to tackle money laundering and financial crime, how should finance professionals decide their risk appetites when it comes to transaction monitoring and the issue of false positives?
How much are they willing to tolerate false positives to counter the risk of missing false negatives? And how do they work out a methodology that makes sense from a business perspective, while providing the necessary results?
Matching technology to processes to ensure that robust measures are put in place against financial crime demands the creation of a system that helps banks look for risks that they might not even know about yet: one of the counter-intuitive elements of AML strategy. So said Max R. Tappeiner, UBS’ EMEA Head of Transaction Monitoring Strategy, at the recent AML Forum Frankfurt, hosted by Transform Finance.
So how do you tune a transaction monitoring system for an acceptable level of error? The issue comes down to striking a balance between false positives and false negatives, he said. The challenge is that the costs associated with a ‘Type One’ error, a false positive, are a lot more obvious.
“You can see the headcount, you can count the number of alerts that are generated that don’t turn into Suspicious Activity Reports (SARs), you can count the number of people you need to work those alerts, tabulate how much you pay them, it’s very clear.
“But what people don’t think about a lot – and something we should be focusing on a lot more – is the Type Two error, the false negative. That’s the error where the system should have detected something and didn’t.
“Type One errors are primarily operational issues that turn into regulatory problems if they’re not managed well. But Type Two issues are almost always regulatory problems, so these are the things we should be focusing on.”
The challenge for financial professionals is to set thresholds that capture as many “productive alerts” as possible using below-the-line testing, where thresholds are lowered and test alerts reviewed, to see if any “productive alerts” would be missed. The firm’s risk appetite informs whether thresholds should be changed to capture them.
To make these decisions, organisations should ask themselves two further questions, said Tappeiner: what constitutes a productive alert? And are all productive alerts essentially the same – or are there degrees of productivity?
“If an alert turns into a SAR, then pretty much everyone would say that’s a productive alert,” he said. “But are all SARs the same? If it’s the first SAR on a client, then OK that’s productive. But if it’s a repeated SAR on a client, then that sounds more productive to me. […] How you answer these questions gives shape to your risk appetite.”