Aite Group recently published a new report - Anti-Money Laundering Technology: Automating the Haystack Search. Sadly I don't have access to the report but I wanted to take a moment to discuss AML. In the interests of full disclosure I would also say that the report did not include Fair Isaac as we do not offer a specific AML solution. The report expects an increased emphasis on money laundering compliance and notes that AML vendor offerings are improving as emerging needs are identified.
No-one doubts money laundering's potential to impact institutions nor that regulators will continue to look for signs of criminal behavior. The question is how should institutions respond to the problem - by making better use of existing systems or by buying new ones? Personally I think most organizations have the data and systems they need and should be focused not on adding another system but on applying consistent decisioning to their existing systems.
Let's break the AML problem into its two parts - ensuring that one is compliant with the rules (whether or not they catch the crooks) and actually catching crooks/preventing money laundering. On the first point, Eva Weber of the Aite Group said
"Institutions should be asking themselves the same questions that regulators are asking: Am I consistently applying AML policies and procedures? Are those policies and procedures appropriate to the risks my business faces? Can I demonstrate compliance fairly readily?" and
"Regulators are unlikely to penalize institutions for isolated oversights, as long as those institutions have given appropriate thought to their anti-money laundering programs."
So the key issue in compliance is being able to demonstrate that a program has been implemented, that the procedures being followed are appropriate and that the procedures are followed for every transaction. This is clearly a job for a business rules management system - I have written elsewhere on the role of business rules in compliance and this need to demonstrate compliance is a perfect use of business rules and decision automation rather than manual processes or traditional code.
The second problem, actually preventing and catching money laundering, is a little more complex and more akin to a traditional fraud problem. One might use business rules for some of this but one is also likely to build predictive models to enhance them. Neural nets are particularly good at this kind of detection as they learn what is normal and what is not.
To be honest most organizations are letting the government define the rules and then focusing on compliance so this is less of an issue.
If we consider the key AML functionality they list it includes such obviously rule-centric functionality as list checking (something rules can do in batch on interactively) and transaction monitoring (a form of business activity monitoring).
I do not believe there is a single answer when it comes to AML and that it possible to spend a lot of money or a little. I do believe that more organizations should think about applying a decisioning mindset to this problem rather than just buying another application.
I posted in response to an article on AML in insurance recently too.