Fewer Alerts, Fewer Fines, More Compliant

Prevent fines and reduce workload by applying an alert shaping process.

Rising Expectations

Regulatory fines in the financial industry spark an action-reaction process. A financial institution – most commonly banks – receive a fine for not upholding regulatory compliance, then suddenly financial institutions everywhere raise the budget for their compliance department, or at least begin taking additional measurements to improve the department.

Regulators have high expectations of financial institutions nowadays. They require them to fight against crimes, such as money laundering, terrorism financing, insider trading, et cetera. On top of that the regulators also expect financial institutions to enforce sanctions. Should any financial institution fail in these requirements, they can anticipate hefty fines.

Duct-Taped Solutions

Let’s say another bank is slapped with a fine for failing in their anti-money laundering duties. The financial industry panics – no one wants to get hit with a fine (again). However, a lot of financial institutions are been lacking in their AML processes, which in turn, causes a gigantic backlog of alerts in their compliance department. A backlog in the compliance department poses a significant risk for a financial institution.

While burdened with the panic and pressure of potential fines, along with a backlog – banks tend to come up with duct-taped solutions. A few common patch-up solutions are:

  • Sharpening transaction monitoring rule parameters to generate fewer alerts
  • Separating handling and assessment of alerts from investigations to reduce lead time
  • Increasing the number of staff working on and processing alerts

Given the immense pressure from regulators, the most logical option would be for financial institutions to find a solution that is future-proof and to keep their workload manageable. Instead, financial institutions continue to come up with these patch-up solutions to keep their outdated systems and way of working alive.

Imagine your car bumper fell off. You could use duct-tape to keep the bumper in place. It looks like it will do the job, but it is not pretty and it is not as safe as having the bumper replaced. In addition to that, when the duct-tape starts to lose its stickiness, it can create some dangerous situations.

Patch-up solutions applied by financial institutions tend to backfire. We saw the last patch-up solution play out recently, when news came out that Nordic banks plan to cut a significant amount of jobs, namely in compliance. Banks are, often, unable to carry the extra costs of added staff –because it is, simply, too expensive.

Generating Alerts

So how can you uphold that banking compliance the right way and the efficient way? We believe one of the most crucial parts of your transaction monitoring is generating relevant and qualitative alerts. We aim to make your transaction monitoring process as efficient as possible by applying the process of alert shaping.

From a risk and compliance perspective, you can monitor events – be it transactions, claims, or any other type of event – based on a set of direct rules, a matching algorithm, or both. Though, you can only do so much in environments where high volume and performance are applicable.

That’s why the first set of rules should not be the complete set of rules. The first set will generate signals. However, we find that at a later stage, usually overnight, you can run a second round of monitoring with more and advanced monitoring mechanisms.

The second round will also generate signals. During the second round of monitoring, the alert shaping process is introduced. It combines the signals that are generated and shapes them into qualified and relevant alerts. Once the alerts have been validated and prove to be relevant – it’s time to start investigating.

Alert Shaping

We derived our vision on the alert shaping process, which is simply shaping signals into alerts, from one of our clients that found themselves processing over 300.000 alerts per year. All 300.000 alerts were processed as cases. They needed 100 fulltime staff members to do the elaborate investigation of all those alerts, every year.

At the end of the year, they ended up with 4.000 true positives they needed to report. That meant 98.7% of all alerts were false positives.

So, what did we do to fix this? A number of steps were taken to reduce the amount of alerts generated. BPM tools were applied, Excel was applied, some mass close actions were inflicted, and an agile forms handler was introduced to process the alerts more efficiently. With all these actions, it resulted in the company working elaborately  approximately half the number of those cases, for which only half the staff was needed. However, looking at the false positive percentages, 97.4% was still unacceptable.


So, we set a target. Based on our new target, we wanted to reduce the number of cases investigated to 4.800. To realize this, we needed to make a well-founded selection. We looked at previous years, and at the 300.000 alerts that were raised. Only now, we stop referring to them as alerts, and classify them, instead, as signals. We imposed this intermediate step of alert-shaping where we derive the alerts from the signals we had.

Next, we added a scoring mechanism and ranked the alerts that were derived. We ended up with a number of objective alerts, and some high ranking, highly relevant subjective alerts.

Once that was done, we started to run several additional processes. We looked at multiple internal data sources that could be used to enrich the data. We also began to consolidate signals that were triggered by the same account or that had the same contra-account. We proceeded with profiling the signals to see if we could identify behavioral patterns, not only among the transactions, but also among signals. This resulted in a list of additional alerts that needed to be investigated.


In this specific case, we even identified an amount of potential false negatives that were missed or disqualified without the consolidation and enriching of data we included in this part of the process.

In the end, we achieved a significantly smaller batch of alerts that required thorough investigation. Additionally, we tested a batch of the remaining alerts that were not investigated, and found no false negatives that may have been missed in the deselection of those signals.

Solution Architecture

If we look at the solution architecture of most financial crime suites, we see there are multiple pillars. There is a pillar for signal detection, automating the generation of signals. There is a pillar for providing you with manually reported incidents. There is a pillar for conducting analysis and investigations, which leads to the final pillar: your forensic history. The forensic history pillar holds a wealth of forensic knowledge you would like to, and should, re-use in future investigations.

And, that’s where alert shaping comes in – the process that connects the four pillars. It derives relevant information, regardless of the maturity of your investigations, and provides a holistic view of the customers who pose the greatest risk to your organization,. It also helps you uncover which risk scenarios are most present in your organization.

To complete your solution architecture, you need data sources to enrich your case files, and you need connectivity with sources and registries to commission risk mitigation measures.

Making Better Sense of your Data

Creating safer and more compliant environments in banking, financial services, and insurance is one of our ways of helping customers make better sense of their data.

Today’s world does not allow for financial institutions to fall behind on their compliance tasks. Backlogs and false positives form risks that can result in financial loss, reputational damage, and dissatisfied clients.

Most systems being used by financial institutions do not meet current standards anymore, neither do the attempts to patch up those systems. If banks, insurance companies, and other financial institutions choose to adopt more future-proof solutions, they will be better equipped to combat criminals, and will no longer have to worry about fines. These institutions will gain their clients’ trust, and their employees will be less stressed because their workload will decrease. The reduced backlog and workload may also result in operational savings for financial institutions. In the end, the level of compliance achieved will turn into being in control and feeling confident about the future.

Do you want to discuss how we can help your company reduce alerts, avoid regulatory fines, and more? Contact us here.


Darrnell Chotkan

Darrnell is the product marketeer of BusinessForensics. Two notable dreams of his are seeing ForensicCloud being used worldwide and reaching his goal of being a specialist in the world of financial crime prevention.