Reducing the instances of False Positives when screening client data against risk registers can make an enormous difference to the amount of time and effort that is required for manual intervention, typically cutting costs by as much as 70%. Simon Pearson, Director of Sanctions & PEP Screening at Datanomic, explains how.

False positives are the scourge of the Money Laundering Reporting Officer (MLRO) responsible for protecting the reputation and security of a financial institution. Every occurrence of a client record matching to a name on a sanction, risk or PEP register has to be investigated; the review and research of false positives costs institutions time and manual effort. “Fuzzy” techniques are essential to find inexact matches, but they often produce large numbers of records for review and the vast majority of these will be false positives.

With some institutions swamped by the volume of false positives, the temptation to tighten match rules can be irresistible. But whilst this might reduce the immediate pain of so many false positives, it often increases the probability of a more insidious risk, that of false negatives. Whilst false positives cost time and effort, false negatives allow criminals access to the financial system and can result in fines for the institution, the individual MLRO, as well as a loss of commercial reputation.

The use of multiple identities is common in the criminal world and Al-Qaeda’s own training manual requires its operatives to use false identities to hide their terrorist activities. Exploiting variations of a criminal’s real name is, perhaps, the simplest way of acquiring a new identity. Typical approaches are to use name variations (e.g. Robert using Bob, Bert or Bobby), or switching the order of names so that Thomas Howard becomes Howard Thomas and James Richard Smith becomes Richard James. Other data, such as dates of birth may also be simply manipulated by transposing digits, so that 12/11/1956 becomes 11/12/1965.

Commercially available risk registers from suppliers such as Dow Jones and World-Check include known pseudonyms, but MLROs need a reliable way of applying these to their data and the ability to identify manipulated identities that have not previously been recorded.

Financial institutions are instructed to take a risk-based approach to anti-money laundering (AML). But the regulators have also shown that they are willing to flex their muscles if they judge that an MLRO is failing to take adequate steps to implement adequate AML procedures, including the accurate screening of clients. No screening system can produce perfect results, so the challenge facing the MLRO is to implement a solution that produces minimal false positives without increasing the risk of missing genuine matches.

With simple matching approaches, there is a direct relationship between the number of false positives and the number of false negatives; decreasing one leads to an increase in the other. Thankfully, there are ways of decreasing the number of false positives without increasing the risk of false negatives. And the burden of false positives can be further alleviated by adopting an approach and process that focuses effort on the highest areas of risk and removes wasted effort.

Most customer matching technology was originally developed for marketing purposes, where the key driver has been to maximise matches and False Positive matches have been an accepted side-affect. Screening client records for regulatory purposes demands a much higher level of accuracy to reduce False Positives without increasing the risk of False Negatives.

Some vendors of matching software describe their software as either Probabilistic or Deterministic and make claims about the virtues of one over the other. Probabilistic matching compares two records and returns a percentage indicating the likelihood (according to the algorithm) of a match. Probabilistic matching systems weight scores based on the frequency and uniqueness of data and require/allow little tuning or configuration.

Deterministic matching uses a combination of comparisons and business rules to determine when records match; a rule might, for instance, require a match on the client name and year of birth. The result from the comparison of records is either a match or a no-match according to business rules that have been defined by the user.

Both Probabilistic and Deterministic matching have their virtues and the two approaches can be used together to offer an optimal solution. Probabilistic comparisons, using fuzzy techniques, can be used as part of a Deterministic scheme that provides the user with full control. Identified matches can be ranked according to the user’s business rules and report potential matches as well as definite ones.

The high-level AML threat is the same for all financial institutions and the reference lists available from both government sponsored bodies and commercial suppliers are common, yet each institution faces a unique challenge – that of their own data and risk profile. A “black box” solution, where the rules are completely pre-defined, does not allow for these factors to be taken into account. Instead, MLROs should look for a solution that includes a set of proven, pre configured rules, but is also easily tuned to meet the particular data and needs of their institution.

Data profiling and analysis delivers rapid insight into the population levels and quality of every available attribute. This discovery exercise can help to identify the fields that can be used to screen client records accurately against the prescribed risk register. It will also reveal any requirements for preparation of the data prior to or during matching.

The matching process itself should be able to handle some level of data transformation. For instance, when comparing business names, it should be capable of ignoring less significant words, such as business type (Ltd., Limited, plc, & sons, etc.) and allow for words to be standardised for matching. More complex data preparation (such as parsing names to split them into title, first and last names) requires a data preparation phase before the match process. Consequently, a complete client screening solution should include the ability to profile, analyse and transform data as well as a sophisticated matching engine.

Every client record that is matched to a record on the risk register needs to be reviewed and a decision made – is your client the same person recorded on the register? The majority of matches will be False Positives so once they’ve been reviewed there should be no need to look at them again unless something changes. This can make an enormous difference to the amount of time and effort that is required for manual intervention, typically reducing costs by as much as 70%, yet few screening solutions provide support for the review of potential matches and even fewer remember the decisions that are made.

Whether a review tool is included as part of the screening solution or not, the MLRO must be able to record an audit trail about every manual decision; this should include a note of who made the decision, when it was made, the information they had available from the client data and risk register, plus any supporting notes for their decision. An integrated review tool should incorporate this audit trail in an automated fashion.

Five Points to Remember
1. False Positives cost time and money; False Negatives could cost your reputation.
2. It’s possible to reduce the number of False Positives by deploying appropriate matching technology and business rules.
3. The cost of reviewing False Positives can be reduced by as much as 70% by using a review tool that records an audit trail and learns from the decisions that you make.
4. Match Keys do not provide the matching accuracy that is required for AML screening, but they should be used to cluster records for detailed comparison.
5. Fuzzy matching techniques can help to identify matches, but none of them should be used exclusively. Combining them into a match pattern allows for greater precision and accuracy. A rules template provides a fast start position, but it is essential that you can tune the rules for your data and risk profile.

Simon Pearson is Director, Sanctions & PEP Screening, Datanomic Ltd.