• 5 min read

Reduce false positives, become more efficient by automating anti-money laundering detection

In our last blog post Anti-money laundering – Microsoft Azure helping banks reduce false positives, we alluded to Microsoft’s high-level approach to a solution—which automates the end-to-end handling of anti-money laundering (AML) detection and management.

This blog post was created in partnership with André Burrell who is the Banking & Capital Markets Strategy Leader on the Worldwide Industry team at Microsoft.


In our last blog post Anti-money laundering – Microsoft Azure helping banks reduce false positives, we alluded to Microsoft’s high-level approach to a solution—which automates the end-to-end handling of anti-money laundering (AML) detection and management.

  • AML ≠ Anti-fraud. Anti-fraud is immediate identification and halting of transactions.
  • AML pursues the identification of suspected money laundering or other crimes.
  • Failure to have an “adequate Transaction Monitoring System” can result in substantial fines.

Due to the growing number of fines issued, there is now an increased drive to hold compliance officers, senior executives, and board members personally liable for failing to have an adequate AML program and transaction monitoring system (TMS). Any alert generated and not closed by the TMS must be reviewed by a human. Current technologies cannot assess a transaction in context. Without human intervention, it is difficult, almost impossible to adapt to the rapidly evolving patterns used by money launders or terrorists. We have many partners that address bank challenges with fraud. Among that elite group, Behavioral Biometrics solution from BioCatch and the Onfido Identity Verification Solution help automate fraud detection through frictionless detection.

Yes or no? The false positive problem

The rules use fixed risk scores of the customer, product, and geography involved. Based on the risk score, different dollar thresholds are applied within the same rule.  Aggravating these limitations, data silos (across banks) require significant data manipulation to format the data for use in TMS. This results in limited contextual information entering the TMS. The result: TMS systems are generating huge numbers of false positive alerts. Each alert must then be reviewed by a human investigator within strict timeframes. Most banks are experiencing a “false positive” rate of about 95-99 percent.  This means that only between 1 percent – 5 percent of all alerts result in an actual filing of a Suspicious Activity Report (SAR). Yikes!

Banks have generally grown through mergers and acquisitions. As they grow, promises are made to consolidate the different systems; however, in reality, those promises are rarely kept. As banks continue to grow, the problems with siloed systems are exacerbated.

Regulators require each alert to be reviewed within 60  days of generation, and a final determination must be made within 90 days. Within 30 days of determining a transaction is suspicious, a SAR must be filed. Failure to regularly meet these time frames can be grounds for regulatory action. This time pressure causes additional problems as the bank must make arbitrary decisions to meet the deadlines.

You’re missing the context

Even in cases where the bank makes the deadline, and the rules are working correctly, there is another problem: they have inadequate information because they are detecting fraud without additional context.

One type of missing context: location of the customer. For example, a customer attends a meeting in Germany while the transaction originates in London. Another type of missing context: social data. For example, social media information can reveal that a customer owns a small business where his or her presence can be confirmed.

The filing of a SAR does not mean the transaction is illegal.  However, to avoid the huge fines and costs from losses, banks start over-filing SARs. The result: legitimate customers are incorrectly flagged as having engaged in suspicious activity and thus subject to closer monitoring. More recently, such customers become subject to de-risking, i.e. closing an account to a perception of high risk. Siloed systems require investigators to access multiple systems to gather information on the customer and their transaction history to determine whether a transaction is suspicious. Additionally, the investigator must create a written record as to why the alert was closed.

Banks over-file out of an overabundance of caution and thus weaken the value of SARs to law enforcement—who are also overwhelmed with false positive SARs. These technological and data limitations are well known in the industry. Money launderers and terrorists are also known to exploit these weaknesses.

Figure 1 shows a simple illustration of the problem: 10 cash transactions are logged, and every transaction is for $9500. Only one of the ten is an illegal transaction. There is a rule that requires the reporting of all cash transactions over $10,000. The rule is intended to identify customers that are breaking up their cash transactions “structuring” to avoid the reporting of all cash transactions over $10,000; in figure 1, the rule identifies all cash transactions by customers that are between $9,500 and $9,999 over some period.


Figure 1

When viewed in full context, only 1 of the ten transactions is truly suspicious. Existing rule-based systems, without context, generate alerts on all ten transactions. Thus, a human must review all ten transactions. In this example, the false positive rate is 90 percent. The size of the problem becomes apparent when you consider that a TMS in small to medium-sized bank would have 20+ rules, with at least three variations per rule to address different risk-based thresholds.

As bank products and services become more complex, the more rules they will have. Can the rules in a TMS be fined tuned? Yes, from a technical perspective it is possible to refine the rules. Regulators expect banks to validate the effectiveness of their rules periodically. However, with limited contextual information, the banks are reduced to conducting simple above and below the line testing. Each time a bank tunes its rules to reduce the number of false positives, they run the risk of missing truly suspicious activity and being subject to regulatory action. Result: the blunt force approach is the status quo. Banks are forced to process the high number of false positives. And the usefulness of SARs to law enforcement is reduced. This makes TMS technology ripe for disruption through the application of machine learning and artificial intelligence (ML/AI).

Reducing false positives demands a 360 degree view for more context

Banks will eventually embrace the cloud across the majority of their technology, but for right now they need a true 360 degree view of customers across all the banks platforms/systems based on the banks full data sets. When the 360 degree view exists, true customer insights and context become more readily available; risk and compliance can be made more robust while driving down costs; and deep analytics on a bank’s dark data, customer base, and products becomes available. It also lays a strong foundation upon which to build a Know Your Customer (KYC) solution and utilizes Microsoft Dynamics (customer relationship management system) and Microsoft’s mixed reality product called Hololens to improve the bank’s employee effectiveness and speed to resolution.

Currently AML investigators typically access three to five or more systems to gather the information need to investigate the alert. Imagine through Hololens, AML investigators being able to see visualizations of networks of transactions and drilling down into the data by reaching out and selecting a node, applying predefined PowerBI dashboard templates to further interrogate the selected data; keeping multiple windows open into other systems; or enabling two or more investigators to simultaneously view an investigation and related data to reach a collaborative decision. Such a system would help banks overcome their resistance to the cloud for customer information while simultaneously meeting regulators demand for a complete 360 degree view of customers across all a bank’s platforms thus enabling better customer insights and compliance and risk management. 

Recommended next steps

To cut through the overwhelming amount of information, and to provide a path for your company, we just released the Detecting Online and Mobile Fraud with AI use case.  Here you can learn more about new types of attack vectors, types of emerging fraud every day, and how detection systems need to respond faster than ever leveraging Azure machine learning and AI solutions.

We would love for you to engage with the author and guest contributor on this topic. Feel free to reach out via the comments below.