Data Analytics for MSBs to Detect Money Laundering
In a past presentation, Andrew Simpson, Chief Operating Officer, delivered key tips targeted to retail stores considering expansion into money services businesses (MSBs). His advice looks at how data analytics and technology can improve processes, detect common money laundering scenarios common to MSBs, and fulfill anti-money laundering (AML) compliance requirements.
Having staff complete regulatory reports and watch for suspicious behavior is both time-consuming and costly for MSBs. And chances are, if reporting is completed manually then data entry errors are being made and reporting deadlines may be missed, which can lead to expensive penalties from regulators.
To reduce the workload that comes with regulatory reporting and to avoid fines and penalties, MSBs need to consider a mix of analytics, end-to-end automation and case management to detect money laundering.
Life as an MSB
The nature of the MSB market involves vast amounts of inaccurate information: clients may not be who they say they are, information may be incomplete, or the same ID could be assigned to multiple customers.
Analytics look closer, helping ensure that the data is complete. Once the data is accurate and complete, it can then be refined by parsing, standardizing and using fuzzy match. This makes aggregating and correlating the data easier when searching for criminal activity.
With end-to-end automation, businesses can complete 70%–80% of their reporting without involving staff. Analytics can identify reportable transactions, aggregate data, pre-populate and validate reports, submit and then confirm report submissions. The automation also retains evidence, allowing the company to demonstrate it is taking steps to comply with regulations.
Some of the crimes associated with MSBs include human smuggling, narcotics trafficking, terrorist financing, elder abuse, mail order brides and heavenly offerings. These crimes have unique data patterns, which analytics can detect by mining the intelligence.
If suspicious activity occurs at an MSB with multiple locations, a case management system and analytics can trace it back to where it originated. This both reminds staff that an automated system is in place to track transactions and their activity, and it also relieves the burden on the compliance officer by providing insight into why something went wrong. These insights into the root cause determine whether internal controls working, if more staff training is required or whether the right staff are being notified when certain activity happens.
By making regulatory reporting more efficient and routinely examining their analytics, MSBs can dramatically improve the effectiveness of their compliance programs.
Start of Analytics for MSBs
When looking at transactions, here are some analytics that MSBs should consider implementing:
- Transactions from a single customer that when combined breach an acceptable threshold
- Customers that are receiving payments from many sources
- All transactions completed by a blacklisted customer
- Customers that regularly complete transactions from multiple locations
- Transactions that happen immediately after a receive transaction by the same customer
- Different customers using the same addresses or ID numbers
- Multiple customers sending wire transactions from within the same city to shared receiver(s)
- Individuals with debits or credits in excess of $10,000 over a 24-hour period at any location
- Aggregate transactions by a single sender or to a single receiver exceeding a set daily/weekly/monthly threshold
When looking at MSB customers, here are some analytics that are worth implementing:
- Customer uses false identification
- Two/more customers use similar IDs
- Customer alters spelling or order of his/her full name
- Two or more customers working together to break one transaction into two or more transactions in order to evade the BSA reporting or recordkeeping requirement
- Customer uses two or more locations or cashiers in the same day in order to break one transaction into smaller transactions and evade the BSA reporting or recordkeeping requirement
- Customers attempt to hide the size of a large cash transaction by breaking it into multiple, smaller transactions by conducting smaller transfer at different times on the same day, with different MSB cashiers on the same day or different days and/or at different branches of the same MSB on the same or different days
Beyond the above analytics, there are may other scenarios where technology can be used to alert of suspicious activities. Looking at FINTRAC’s money laundering and terrorist financing indicators, here are some cases where AML technology can be used to reduce the burden on compliance teams.
ML/TF indicators related to identifying the person or entity
- There are inconsistencies in the identification documents or different identifiers provided by the customer, such as address, date of birth or phone number.
- Customer displays a pattern of name variations from one transaction to another or uses aliases.
- The customer provides only a non-civic address such as a post office box or disguises a post office box as a civic address for the purpose of concealing their physical residence.
- Common identifiers (e.g. addresses, phone numbers, etc.) used by multiple customers that do not appear to be related.
- Common identifiers (e.g. addresses, phone numbers, etc.) used by multiple customers conducting similar transactions.
- Use of the same hotel address by one or more customers.
ML/TF indicators related to customer behavior
- Customer conducts transactions at different physical locations, or approaches different employees.
ML/TF indicators surrounding the financial transactions in relation to the person/entity profile
- The transactional activity far exceeds the projected activity at beginning of the relationship.
- The transactional activity is inconsistent with what is expected from a declared business.
- The volume of transactional activity exceeds the norm for geographical area.
- Large and/or rapid movement of funds not commensurate with the customer’s financial profile.
- Rounded sum transactions atypical of what would be expected from the customer.
- Size or type of transactions atypical of what is expected from the customer.
- Conducting transactions when the customer’s address or employment address are outside the local service area without a reasonable explanation.
- Sudden change in customer’s financial profile, pattern of activity or transactions.
- Customer uses notes, monetary instruments, or products and/or services that are unusual for such a customer.
ML/TF indicators based on atypical transactional activity
- Suspicious pattern emerges from a customer’s transactions (e.g. transactions take place at the same time of day).
- Atypical transfers between the customer’s products.
- Atypical transfers by customer on an in-and-out basis, or other methods of moving funds quickly, such as a currency exchange followed immediately by a wire transfer of the funds out.
- Funds transferred in and out on the same day or within a relatively short period of time.
ML/TF indicators related to transactions structured below the reporting or identification requirements
- Structuring of wire transfers at multiple locations.
- Multiple transactions conducted below the reporting threshold within a short time period.
- Customer conducts transactions at different physical locations or with different representatives.
ML/TF indicators involving wire transfers (including electronic funds transfers)
- Customer frequents multiple locations utilizing cash, prepaid credit cards or money orders/cheques/drafts to send wire transfers overseas.
- The customer sends wire transfers or receives wire transfers to or from multiple beneficiaries that do not correspond with the expected activity of the customer.
- Multiple individuals are sending wire transfers that are similar in amounts, receiver names, security questions, addresses or destination country.
- Customer utilizes structured cash transactions to send wire transfers in an effort to avoid record keeping requirements.
- Multiple customers have sent wire transfers over a short period of time to the same recipient.
- Large and/or frequent wire transfers between senders and receivers with no apparent relationship.
- Customer sending to, or receiving wire transfers from, multiple customers.
ML/TF indicators related to transactions that involve non-Canadian jurisdictions
- Transactions with jurisdictions that are known to produce or transit drugs or precursor chemicals or are sources of other types of criminality.
- Transactions with jurisdictions that are known to be at a higher risk of ML/TF.
- Transaction/business activity involving locations of concern, which can include jurisdictions where there are ongoing conflicts (and periphery areas), countries with weak money laundering/terrorist financing controls, or countries with highly secretive banking or other transactional laws such as transfer limits set by a government.
- Transactions involving any countries deemed high risk or non-cooperative by the Financial Action Task Force.
- Customer makes frequent overseas transfers, not in line with their financial profile.
Using Advanced Analytics
As an MSB’s compliance program evolves, there is an opportunity to implement more advanced analytics to detect anomalies. Segmentation will also allow MSBs to break customers into groups and verify that they are behaving similarly. Attributes such as the frequency of transactions, location, time/day of transactions, source and destinations are areas where anomaly detection models can be built to find transactions.
With good detection, once a transaction or outlier is found that doesn’t match the normal behavior, the MSB is alerted and can examine the transactions to determine whether the behavior is abnormal.
Strategies for Detecting Anomalies or Suspicious Transactions
Some of the models that MSBs can implement to improve their anomaly detection include the following:
- Network Linking – Network linking improves risk model construction. This strategy detects customers that may not have exhibited suspicious behavior but are linked to a high-risk person. As a result of this relationship, that customer should inherit some of their risk, causing their own risk score to increase.
- Predictive Analytics – Predictive analytics use machine learning to train models and predict outcomes. By remembering the patterns or suspicious activity around customers, the model can predict future outcomes about that customer. With a case management system, staff are alerted to look at the pattern and flag it as positive (confirming suspicious activity) or as a false positive, and correct the model to improve future predictions.
- Merging the Models – This approach merges rules-based models, scenario-based models, anomaly detection and predictive analytics, and is then leveraged by the risk-scoring engine. With this model, make sure to look at the customer’s cumulative score and behavior rather than only one analytic on a particular transaction. A customer may have multiple lower-risk transactions that may cumulatively amount to a high score.
The risks and rewards in the MSB business are big. While MSBs can be profitable for retail stores, it’s important to be aware that the space is often targeted by criminals because there is such a large volume of transactions—making it easier to disguise money laundering.
Advanced analytics help MSBs get ahead of risk by drawing attention to behavior they did not know they should be watching for. When combined with case management and automated regulatory reporting capabilities, MSBs can fulfill their compliance requirements and be on the path to a lucrative business.