Influential U.S. statesman, Benjamin Franklin, once said, “Nothing is certain except death and taxes.” If Franklin were a modern-day compliance officer in a bank or corporate organization, he might have added a third certainty: false positives.
False positive alerts are the bane of compliance
teams worldwide. They occur when a legitimate customer's transaction is flagged as potentially suspicious by an organization’s anti-money laundering (AML)
screening solution, only for nothing suspicious to be found upon further review. False positives are time-consuming to investigate and a drain on productivity and operational efficiency.
Compliance teams have been trying for years to reduce the number of false positives. It was a concern in 20141
and remains the top priority today, according to a recent AML survey by Aite-Novarica Group.
Solving (or at least taming) the “false-positive problem” has only become more urgent. Unprecedented sanctions
resulting from the war in Ukraine, the COVID-accelerated shift to digital transactions, greater regulatory scrutiny, and the macro-economic climate are contributing to a surge in alerts and resultant false positives – as well as an imperative to find more efficient ways of operating. AML and compliance teams are struggling to do more with less.
Adding resources may have alleviated some pressure in the short term, but it is not a sustainable approach given the unrelenting increase in alerts and current economic pressures. It is also costly. Labor is a significant contributor to the rising cost of financial crime compliance, currently estimated at $274.1 billion
, according to the LexisNexis® Risk Solutions 2022 True Cost of Financial Crime Compliance Study2 – up from $180.9B in pre-pandemic 2019
More significant, however, is that hiring additional staff does not solve the foundational problem: too many false positives.
Redefining the Problem
False positives are a given in the compliance world. They can never be completely eliminated – nor should they be. Tightening screening thresholds could overlook real risk and may also signal to regulators a relaxed compliance posture, potentially drawing regulatory scrutiny. While there is little consensus in the industry regarding what represents a “good” false positive rate, it is not unusual to see institutions struggling under false positive rates of 95% or more.4
Legacy technology is part of the problem. Traditional systems that rely on fuzzy matching and rules-based screening are struggling to keep pace with the complexity of sanctions and countless changes to watch lists. These tick-the-box solutions are also inflexible and difficult to scale. They deliver an abundance of false positives, all of which require labor-intensive manual review.
Data quality is critical as well. Incomplete or inaccurate data can compromise the effectiveness of screening, further contributing to an overload of false positives while potentially missing a false negative. Legacy systems and siloed business functions only make gathering accurate, up-to-date customer data more difficult.
High false positive rates can also be “self-imposed.” Considering the staggering fines levied for AML non-compliance over the last several years – almost $5 billion in 20225
– it is no wonder that many institutions choose to err on the side of caution by casting a wider net. Spending a few million dollars extra to investigate additional false positives is preferable to risking fines and potential reputational damage for missed sanctions or gaps in compliance. In other words, false positives are simply the cost of doing business. But this approach is misguided. An article in ACAMS Today sums it up best: “High false positive rates are not an indicator of extremely cautious screening: they are a warning signal of poor technology and potentially greater risks.”6
With this in mind, perhaps it is time to step back and look at the problem through a different lens.
Improving Relevance and Match Precision With Entity Resolution
All alerts are not created equal. And all false positives should not fall into the same bucket with no differentiation as to relative risk. Rather than solve the problem of too many false positives, what if the problem that needs to be solved is one of relevance?
Entity resolution shifts the conversation from the quantity of alerts to one of quality. It brings relevance and match precision to screening. Instead of using a rules-based approach to accept or reject matches, entity resolution leverages advanced analytics and precise entity linking to match data points and determines the likelihood that two database records represent the same real-world individual, company or entity. It quickly cuts through the noise to reliably identify matches and expose hidden relationship risk.
Entity resolution that incorporates risk scoring – ranking matches by severity and likelihood of a match – takes screening to the next level. This approach offers a quantitative assessment of customer risk based on the strength of the match between a customer account and a watch list entity. Alerts with the most severe consequences and greatest likelihood of being true are prioritized within the queue so that precious human capital can be allocated intelligently – focusing on matches that most warrant immediate attention.
The methodical, explainable and data-driven approach to risk that entity resolution affords helps to streamline investigation, substantially reduce false positives, and mitigate the risk of false negatives. In addition, it can provide valuable new attributes that can be used to automate remediation of alerts via rules or even robotic process automation, sometimes known as “AI-based digital workers.” This approach translates into greater productivity for compliance teams and overall efficiency gains for the organization.
Technology and Data: A Powerful Duo
One of the strengths of entity resolution for AML and know your customer (KYC) is its ability to mine both structured data (e.g., watch lists) and unstructured data (e.g., adverse news sources). Access to more accurate, high-quality data is critical for productive screening. Data from global risk sources must be continuously updated to incorporate the latest sanctions, politically exposed persons (PEPs), beneficial owners, enforcements, and other lists.
But the strength of external data alone is not enough. Organizations must also turn an eye to the quality of their own input data at the very front of their compliance processes. Conducting an internal data quality assessment is a critical first step, followed by seeking solutions that can improve data quality to ensure your program does not fall victim to the “garbage in/garbage out” paradigm. For example, leveraging a proprietary ID returned by a partner’s identity verification or document authentication solution paired with screening data that also contains that same ID can help enhance the quality of input data. This approach results in better match precision as well as much-needed efficiency and accuracy in downstream compliance processes.
Organizations that modernize their screening systems to leverage both the latest technology and high-quality, dynamic global data will be rewarded with a solution to their false-positive problem: greater match precision and prioritized risk ranking. The once-elusive goal of achieving harmony between increased compliance posture and operational efficiency is now firmly in the grasp of today’s forward-thinking organizations.
If you want to learn how entity resolution can support your compliance program, contact us today.
1 Regulatory Screening: False Positives and Their Customer Experience Impact (banktech.com)
2 True Cost of Financial Crime Compliance Study Global Report (risk.lexisnexis.com)
3 LexisNexis Risk Solutions research
4 Sanctions compliance - KPMG Global
5 Money laundering fines hit $5 billion in 2022 (paymentscardsandmobile.com)
6 Challenging the Status Quo of Sanctions Screening (acamstoday.org)