Alert Management

In the context of financial crime prevention, alert management (or alert handling) refers to dealing effectively with suspicious activity alerts from anti-fraud software. This includes how to assess and prioritize an alert, take appropriate action on it, and keep an eye on the situation for updates.

‍

In another sense, though, handling alerts effectively is about properly writing the rules that cause alerts to be triggered. If triggers for alerts are set poorly, it can cause “false positives,” an incorrect classification of a customer's legitimate activity, which appears to be suspicious, and also cause alert backlogs.

‍

‍

Fraud Alert Management & Why It’s Important

Fraud alert management is the process by which financial institutions handle alerts from anti-fraud software that point to customers attempting fraud or another form of financial crime. This is important because it protects the FI from having money or sensitive information stolen, losing customer trust, and potentially being penalized by regulators for non-compliance.

‍

However, there’s more to it than that. Anti-fraud teams need to know what kinds of activity are suspicious, and how likely each activity is to actually point to financial crime. And they need to know how to properly set up anti-fraud software to look for the relevant indicators. Otherwise, two major problems can happen.

‍

One is an alert backlog. This is when an FI leaves alerts uninvestigated, either because it’s swamped with false positives or because it doesn’t have enough resources—human or otherwise—to handle the normal volume of alerts. The other is false negatives: where rules, review procedures, or both are too loose and indicators of fraudulent activity go unnoticed.

‍

Both problems can lead to legitimate cases of financial misconduct going unchecked. And this can cause an even further strain on an FI’s resources, as these issues are almost always more difficult to fix after the fact than to detect and prevent in the first place.

‍

For financial institutions, managing alerts effectively starts with knowing how to set up the anti-fraud software that issues the alerts. From there, it’s about knowing how to interpret alerts and take the right action on them.

‍

‍

1. Consider the Relevant Data Points

The first step is to understand the types and qualities of financial activities that may make them suspicious and warrant an alert. For instance, which locations and/or digital devices are they being initiated from? How frequently are they being initiated? What is the user actually doing in each transaction? How similar is it to actions the user has typically taken in the past? How recently has the user opened an account? How much is each transaction valued at?

‍

As you can clearly see, there are many different factors that, when combined, may point to suspicious financial activity—or not. So anti-fraud teams need to understand the basic patterns of fraud in order to determine which combinations of data points, and in what values, indicate potential illicit activity. This can be difficult and time-consuming, as fraud can be accomplished using many different techniques.

‍

‍

2. Build the Rules

Next is to actually set the rules that will determine whether an alert is triggered from a transaction. This can be a delicate balance: if rules are too broad, they can cause an FI’s anti-fraud team to be overwhelmed with alerts—many of which are for activity that wasn’t all that suspicious anyway. But if the rules are too specific, the FI risks potentially suspicious activity slipping through the cracks that could, for example, end up being part of a new type of fraud scheme.

‍

Many anti-fraud solutions have starter rule sets built in that handle the most common scenarios. But many financial institutions will have to eventually modify rules, or even develop custom ones. This is because each FI’s overall risk profile is different, and can change over time—as can regulatory standards regarding which metrics need to be tracked, and how closely.

‍

Therefore, FIs should be able to create and test rules quickly to guard against the latest threats. Unit21’s Transaction Monitoring solution provides a no-code environment that makes this possible.

‍

‍

3. Assess and Prioritize Alerts

Not all alerts have the same value, as some threats can have a much greater impact on your organization than others. It’s imperative that your risk management team can adequately assess alerts and prioritize them according to their risk level.

‍

But this is easier said than done. Effectively managing alerts is one of the most challenging components of an alert handling process. The more rules a team has active, the more alerts will be generated. If teams are handling those alerts manually (or ineffectually), there is almost sure to be an alert backlog—and fraud losses as well.

‍

The best alert management systems help with this prioritization by automatically analyzing a transaction and, based on its attributes and contextual information, assigning it a risk score. This is a numerical measure of how likely the transaction constitutes suspicious activity. Unit21’s Case Management solution uses machine learning to achieve this by not only analyzing past alert resolutions, but also adjusting based on new alerts that are produced.

‍

‍

4. Take Appropriate Action

Finally, fraud team members need to decide what action(s) will be taken on alerts, if any. They can simply mark the alert as risky activity to be followed up on later. They can refer the alert to a senior team member for manual review. They can launch a more in-depth investigation into the transaction (and related ones) for signs of more widespread fraud. Or they can move to directly block certain actions from being taken on the customer’s side.

‍

With some alert management software, rules can be configured to automatically take actions on alerts based on their type and level of risk.

‍

The overall point of a financial institution having a system that produces alerts is so risk team members can be aware of fraud attempts and block them. Better handling of this process provides an FI with better protection for itself and its associates in terms of money, information, infrastructure, reputation, good standing, and so on.

‍

Here are 5 more specific reasons why an alert handling system is a must:

‍

• Appropriate and timely reactions: Knowing in advance how to properly prioritize alerts allows for prompt and proportionate responses to the most serious and immediate incidents. This mitigates the damage an FI sustains when time is of the essence for catching bad actors.
• Fewer false positives: Properly-configured alert rules can make alert handling easier by reducing the number of false positives. This results in fewer alert backlogs by avoiding alerts that are least indicative of suspicious activity.
• Fewer false negatives: On the other side of the ledger, well-crafted alert rules will also cast a wide enough net to prevent true instances of financial misconduct from going unnoticed. This saves FIs the trouble of cleaning up these incidents after the fact by stopping them before they start.
• Conserving resources through automation: FIs can sometimes set up suspicious activity detection rules to automatically make decisions and execute actions, depending on what the system encounters. This frees up time for risk professionals to work on cases that may require manual review, or other projects.
• Minimized vulnerability window: Proactive monitoring & alert management makes it easier for FIs to adapt their detection systems to new screening regulations, as well as new trends in how financial crime is carried out. This limits the amount of time an FI can be caught unaware by a new fraud technique or non-compliance with a new law.

‍

The main takeaway is that effective incident alert management better safeguards a financial institution, while also taking pressure off its anti-fraud team in figuring out where and when to act.

‍

‍

‍

Get Centralized Alert Management on Unit21’s Platform

Managing anti-fraud alerts effectively is easier with the right alert management system. Unit21 delivers with our codeless rule creation, AI-powered alert scoring, and action automation capabilities (including for report-filing). Fully customize rules without needing any engineering support, allowing risk teams to act quickly and implement rules immediately as new threats arise.

‍

See our tools in action by contacting our team for a demo.

‍

‍