How to Set Up Powerful AML Transaction Monitoring Rules (with Examples)

Financial firms are dealing with unprecedented regulation and complexity. Regulatory announcements associated with fraud and Anti-Money Laundering (AML) have increased by more than 500% globally.

‍

Risk management teams report spending up to 10% of revenue on compliance. Organizations have invested heavily in transaction monitoring and screening programs, both in terms of technology and talent. 

‍

The effectiveness of these tools is often called into question by the regulators and the risk and compliance teams themselves.  While not intended to be comprehensive, this write-up discusses the importance of rules and reviews some of the popular ones to establish a strong foundation for AML transaction monitoring. 

‍

‍

Rule Building 101: Smarter Transaction Monitoring to Decimate False Positives 

Before proceeding, we’ll address the elephant in the room: Why should we use rules when there is Artificial Intelligence (AI)? Some newer software solutions offer black-box products with rules and aml models that leverage Machine Learning (ML) and Artificial Intelligence.

‍

‍

What About AI?

Black-box models may seem advanced and appealing, but there is little visibility into what is going on behind-the-scenes — making it difficult for analysts to explain their decisions to stakeholders and regulators. 

‍

For ML to be successful, a good database on historical data and future data streams is essential, both in terms of quality and quantity for models to learn. Such data is usually not available even in modern financial teams and will affect what AI is intended to do. 

‍

While ML-based systems can be useful and drive automation and continuous monitoring, they take away control from Risk and Compliance teams to iterate on their own rules and models. It is essential to get the basics right first: good data, comprehensive training, and careful and robust rules.

‍

OK, So A Note About the Rules…

Financial institutions oversee millions of transactions every day. While it is not possible to control each of them, they must protect themselves from financial crimes. 

‍

Teams will need to focus on analyzing that data and making informed decisions. Using Transaction Monitoring software, institutions examine the transactions of their customers based on rules. 

‍

The software generates an alarm in case of a rule violation and a compliance officer decides whether the transaction is suspicious or not.

‍

The basis of Transaction Monitoring is rule building. Rules encompass logic such as:

• Flag transactions over $20,000 coming from South Africa
• Flag individuals with transactional activity from IP 255.204.13.201 
• Flag an account with <$100 in the account at the beginning of the day as well as the end of the day but that transacts over $10,000 during the day
• Flag a business that repeatedly transacts >$25,000 in a 5-hour window

‍

Rules can be simple or complex and vary depending on the industry. An ineffective rule will not catch fraudulent transactions and suspicious actors. 

‍

Unit21 provides a no-code rule-building engine with 30 scenarios that can be customized and configured into 1,000+ tested and proven rules. This is so powerful because people on the front line of AML can manage rules and typologies and change them when needed. 

‍

These rules cover everything from High Velocity to High-Risk Jurisdictions scenarios that enable our customers to stop AML and fraud early. The Unit21 platform also allows compliance teams to test and validate rules with past data to see if they work. 

‍

‍

Before You Build Rules

Rules may sound relatively straightforward, but there’s a lot that goes into them. Below are some items to consider before building rules for transaction monitoring. 

• False Positives: The rules you build should create as few false-positive warnings as possible. While false positives are a regular occurrence, they should be minimized. 
• Simplify your Rules: Always keep your rules simple. It is better to have two separate rules than to have one rule trying to encompass an overly complex use case.
• Use Storytelling: Stories are a great technique for writing rules as they help you understand, in plain language, exactly the type of behavior you are looking for.
• Understand your Data: Knowing what data you have available is critical. You can’t write a rule to flag a new cryptocurrency if your transactional data doesn’t include the cryptocurrency’s name.

‍

Currently, most programs average more than 90% false positives, which creates a lot of work for compliance teams. Creating informed and smart rules is key. Luckily, Unit21 can bring false positives down to 15% or less. 

‍

‍

Building the Rules

Context is critical to rules. As we start building the rules, we need to ensure accuracy while minimizing false positives. 

• Pick the right Scenario: Unit21 offers 30 scenarios to choose from, you should pick the one that best fits your needs. If you are looking to flag customers that are new, the Newly Seen scenario is best for you. If you are looking to flag man-in-the-middle transactions, you should pick the Pass-through Transactions scenario.

• Customize the Scenario: Once you have selected the scenario, you need to customize it accurately. For example, if you choose a Dormant Activity scenario, then you need to decide how long a dormant period is for your product, is it 10 days? 30 days? 90 days?
• Test your Rule: Unit21 validates all rules using a customer’s historical data to ensure the accuracy and completeness of the rule logic. If you create a Smurfing rule in October, we will test the validity of that rule using transactional data from September before it is activated. Being able to test and validate is powerful and is what makes Unit21 decimate false positives. 

‍

‍

Popular and Proven Rules

While the dynamics around fraud and money laundering are changing – there are common patterns and trends. Below are the scenarios most used by Unit21 customers with success to detect anomalous and suspicious activity. 

‍

• Simple Statistics: The Simple Statistics scenario can create rules such as “Flag a business or individual that transacts 25% more than their average of the last year.”

• Simple Count: The Simple Count scenario can create rules such as “Flag a business or individual with more than X transactions in Y period.” 

• Simple Filters: The Simple Filter scenario can create rules on the specific transactional and user details such as “Flag transactions of type ‘ACH’ where the receiver is ‘Bank XYZ.’”

Advanced Transaction Monitoring Rules 

Let’s give you a taste of 102. How can you bring down those false positives further? Here are a few rules:

• Tags: Unit21 scenarios can be customized using tags that can be used to further depict a transaction or an entity such as “Flag transactions > $10K where the transaction involved the stock AMD.”

• Chainalysis: The Chainalysis Alert Risk Level scenario can create rules from Chainalysis such as “Flag transactions with chainalysis risk level X.” Chainalysis tracks movement through blockchain channels. 

• NFTs: Our Dynamic Model Builder which is a fully customizable rule builder can be used to flag NFTs. Unit21’s dynamic model builder is a powerhouse for rules, giving teams the control and flexibility to get very specific with anomaly detection. 

Creating Smarter Rules

Rules need to be customized to your needs. Create them based on patterns and events happening on the field. Regulated financial organizations need to know the following to improve their rules.

‍

• Build your own Rules: Compliance teams usually know what rules they’d like to implement, don’t just follow the basic rules –  set rules that you know work and are necessary based on your experience.
• Generating too many Alerts: If you are generating too many alerts, you’re capturing noise instead of meaningful information. This means you need to change your rule details and thresholds, and even consider using an alert scoring engine that uses machine learning. For example, a rule that’s looking at users that have transacted more than $15k in a month creates 20k alerts; unfortunately, the rule is futile because it’s impossible to review that many alerts. Instead, you refine the rule to users that have transacted more than $15k in a month via “check” and “atm withdrawal” payments; this might return 100 alerts since it was refined to specific payment types.
• Use Sandbox: The Unit21 sandbox allows organizations to create new rules in the system or to change existing rules. Within the Sandbox, compliance officers can test the new rules. If they want to make changes to an old rule, they should test it on Sandbox. 
• Use Shadow Mode: Unit21 allows users to continuously test rules using shadow mode whereby a rule is live and acting on new transactional data but does not create alerts. Shadow mode provides helpful insight into how to define rules. 
• Update the Rules: Compliance departments must keep their rules up to date. The rules may need to be updated as there is a constant flow of new customers in financial institutions. Compliance officers need to check if the rules are working and add new ones where necessary. Bad actors are changing up their method – you need to too. 

‍

‍

Rules Should Evolve

We provide a basis to start building rules for effective compliance. Teams need to continue developing their rule sets for transaction monitoring. Having good workflows in place helps make sure your rules deliver more.

‍

• Conduct regular Reviews: Frequent re-evaluations of your rules reduces your compliance costs and efforts as the market and regulations change. This is imperative.
• Create new Rules: Rules should be updated quarterly as laws change and scams evolve. In a matter of months, your product might mature and you may need to cater to new customers or new currencies in the market. It is important to be proactive and not reactive to AML and fraud.
• Review as a Group: Regular reviews of your rules are necessary and are even more effective when reviewed as part of a larger group. Agents and compliance officers can share their learnings and identify any potential updates based on changes in behavior, data, or feedback from the business.

‍

Money laundering continues to increase in scale, speed, and sophistication — threatening the revenue and growth of financial teams. A good compliance program is only as strong as its weakest rule. 

‍

It’s important to create strong, logical rules that cover the gamut of fraudulent activities. New scams are born every day and old scams evolve; it is up to your compliance program to stay ahead by constantly updating your rules.

‍

An easy-to-use and dynamic platform can help teams build robust rules to meet changing risk and compliance priorities. Contact us if you are interested in seeing our transaction monitoring solution in action.

‍

Unit21 is dedicated to helping our customers empower their teams to make data-driven decisions in the fight against financial crime. Discover why customers switch to Unit21.

‍

‍

‍

‍

‍