AML compliance 7 min read

Pillar 1: How to measure your crime-fighting effectiveness

For the love of metrics, how do you measure AML impact?

Ester Eggert
Ester Eggert
AML Product Lead & Former TransferWiser

AML metrics KPI

If you’ve worked in anti-Fraud, setting your KPIs (Key Performance Indicators) or measurable goals could feel like a breeze. “Reduce losses. Stop fewer legit transactions.” Boom. Done. But if you’ve ever worked in Anti-Money-Laundering/Counter Terrorist Financing (AML/CTF), your likely reaction was probably something along the lines of, “For all that is holy, how do we measure success?”

If that’s your feeling, then you’re definitely not alone. Back when I started consulting for banks and financial companies a few years back, I learned a vast majority of them had absolutely no metrics in place for their compliance or AML. It was just too hard. How do I get access to the data? How do I know what to measure?

The good news is that defining your AML impact is not only possible, but healthy for your organisation. You’ll sleep better at night knowing you have a measurable goal. And your team will have a direction to head in.

In my chats with other companies, this topic has come up so often that I realised it’s time to write something up. So this is my attempt to take creative measurables I’ve picked up over the years and put them into 4 pillars your company will want to track.

  1. Crime-fighting (this post)
  2. Customer Impact
  3. Cost
  4. Compliance

In this post, we’ll dive into the first pillar. My personal favourite, and the one I feel is most important. Measuring something that seems unmeasurable—crime-fighting in AML.

Let’s dive in!

Pillar 1: Crime-fighting KPIs

In the 1930s, the very first Anti-Money Laundering (AML) laws were enacted to combat the growing mafia influence in the US and protect society at large. Fast forward to today, though, and most AML people will stare at you like you have a third eyeball if you suggest measuring crime-fighting efficacy.

Don’t get me wrong, measuring this stuff isn’t easy because, in AML, you don’t really have a feedback loop. It’s not as if police say, “Gee, thanks for sending us a Suspicious Activity Report (SAR) on Joe McMenace a few months back. After we did some investigating, we found he’s been running a money laundering ring for years.” Which means, as AML stands currently, we can only measure what we think is crime. But the good news is that I believe we’ll experience some positive changes on this front in the coming years—at Salv we’ve already built part of the solution. And I can hope there are others out there doing something similar. But more on that later in this section. The most important thing to know is that measuring your team’s crime-fighting is doable.

KPI 1: Alert to SAR ratio

What are the % of raised alerts that turn into SARs?

Hopefully by now your team has put together a combination of basic and more complex rules and scenarios to alert your team when you think a customer or transaction is suspicious. “Joe McMenace is 104 years old and sending €12,345 from the UK to India. Alert!” Once that’s done, you can start measuring how many SARs your team submits under each rule you’ve set up. This is the only way most measure what you might call your true positives. How many of these alerts actually turned into something to escalate to the authorities.

AML_alerts_to_SAR_ratio.png

To give you an example, these are some of the types of dashboards we set up in Salv.

Okay, now that you’ve measured your true positive, how do you measure your true negative? Regional benchmarks.

KPI 2: Ratio of alerted customers by region / product (true negative ratio)

Do compliance controls equally cover all regions and products?

Originally, when I was first working in AML as an analyst years ago, a lot of our transactions in that company were coming through one particular EU country. So we got pretty good at detecting suspicious activity there. But our company was growing at breakneck speeds, which meant, over time, we saw rapid expansion in entirely different regions across the globe. That didn’t really concern us too much as we continued to actively monitor our efficacy.

Then, suddenly, one day we realised we’d never compared regional performance side by side. So I did some calculating, threw together some Looker dashboards, and we stared at the results. It wasn’t pretty. That’s when we learned that you can’t just set your controls based on criminal patterns in one particular region, you need to monitor the alert ratio in each region or country.

For example, if you’re generating alerts on 0.01% of EU transactions, then you can extrapolate that percentage to other regions to at least give you a control to benchmark. Because you’ll need to consistently compare regional performance as well as create controls fine-tuned to suspicious activity in that part of the world.

AML high risk by address country

As you can see, tracking your risk in a country side-by-side format can help you see your true negative.

Now, the good news is that these next two KPIs are a lot easier to grasp and, for most, measure.

KPI 3: Alert handling time

How fast were investigations started on transaction monitoring alerts?

If you’ve spent any time reading up on AML scandals, you’ll be familiar with the HSBC saga. Or, rather, HSBC’s failure in sufficiently monitoring their transactions a few years back. Afterwards, they had to hire boatloads of people around the globe to help them go through huge alert backlogs. I can only imagine how long that must have taken them. So it’s not a bad idea to give yourself a measurable on how fast you’ll deal with your own alerts so you don’t end up with weeks and weeks of backlogs.

Before you get too excited, a word of warning. Although alert handling time is easier to measure than many other metrics, it’s a good idea to make sure this isn’t your only aim. I’ve seen companies and agents get too focused on the goal of closing alerts quickly rather than thoroughly investigating verifiably suspicious activity. It’s a good reminder for us all the aim should be to catch and shut down criminals, not merely hit our targets.

KPI 4: SAR reporting time

How fast did you forward SARs for suspicious cases?

I remember once consulting for a mid-sized company that had around 5,000 SARs in their backlog. Think about that for a second. Their agents had done the incredibly hard work of investigating. The decision had already likely been made to offboard most of these bad actors. And clearly there’s enough suspicion that it’s clear the police should investigate further. But, if their backlog is 5000 SAR cases, chances are the company will almost never get to the bottom of that stack. Even though they’ve offboarded these shady characters, the bad guys will probably just move to another institute. And, if no other company alerts the police and this company still hasn’t gotten to the bottom of their SAR stack, then they’ve just accidentally aided criminals. Which means making sure you send your SARs through in a timely manner is not a bad metric for crime fighting.

Last up, the holy grail of AML KPIs that I believe will be in our near future.

KPI 5: Percentage alerts also flagged by other institutes (true positive)

How many other financial institutes reported this same company or customer?

If you’re in AML already, I’m pretty sure when you read this headline you thought this was some sort of fantasy. Or you just got really really excited.

Let’s say you’re investigating that particular case I mentioned earlier. Centenarian Joe McMenace is sending €12,345 from the UK to India. You open up a window, type in Joe’s name, birthdate, maybe even home country. Within a few seconds, you get a report back that shows 3 other banks have flagged Joe for suspicious activity, too.

Incredible, right?

Well, this scenario is both fantasy and reality. In the summer of 2019, Salv built an advanced piece of technology — as a part of the Financial Conduct Authority’s (FCA) 2019 Hackathon — in partnership with Sharemind. Which makes the above scenario a new reality. The system is GDPR-compliant, and there’s some incredibly groundbreaking cryptographic technology behind it that means data becomes impossible to leak and trace.

As I write this in February of 2020, we’re in the midst of finalising our first large trial customers. And, as you can already tell, this will be part of a whole new era of crime fighting.

Summing up your crime-fighting AML metrics

AML metrics for crime detection

As you hopefully can see by now, measuring your team’s crime-fighting abilities is not only impossible, but vital. And, from my experience, we have 4, soon to be 5 great ways you can do that.

  • Alert to SAR ratio
  • Ratio of alerted customers by region / product
  • Alert handling time
  • SAR reporting time
  • Percentage alerts also flagged by other institutes (true positives)

To me, crime-fighting is by far the most important thing that should be measured. Because, in compliance, we’ve been entrusted with a massive societal responsibility—protect the most vulnerable of our societies. So it’s up to us to ensure we’re doing everything we can to catch the criminals out there.

If you’re struggling under the weight of your AML processes, maybe Salv can help. Reach out and get in contact. We’ve learned the hard way, so you don’t have to.

Next post? AML KPIs on customer impact.

Salv Bridge

Investigate and solve fraud, and increase recovery rates up to 80% with Salv Bridge

Learn more
bridge product mockup
×
ISO/IEC 27001 logo
Aicpa logo
GDPR compliant logo
OWASP logo

We build security to our products and organisation from the start. We use security best practices (incl. ISO 27001, CIS etc.) to ensure that our security management system meets the highest standards.

Salv has an ISO/IEC 27001: 2022 certificate, as well as ISAE 3000 compliant SOC 2 Type 2 report.