Alert Investigations: Navigating the Monitoring and Detection Haystack

Francisco 'Paco" Mainez, Professional Services, Principal Business Consultant, NICE Actimize
Monitoring and Detecting in Alert Investigations

The process of identifying suspicious financial activity, either at customer or transactional level, is one of the current biggest single challenges faced by financial institutions (FI).

Investigating an increasingly larger volume of alerts generated by multiple monitoring systems across different compliance areas e.g., money laundering, sanctions, fraud, is not only a regulatory requirement for FIs but a very expensive part of their compliance programs. 

FIs typically deploy large teams to perform these activities, under the generic name of Financial Crime Operations. These teams spend most of their time working across different systems, following carefully designed checklists, trying to maximize not only time and budgets, but also more accurate decision-making with the ultimate goal of determining if the alert in question should be escalated for further investigation or discarded as a false alarm or in the industry’s terminology: false positive. 

However, many institutions perceive these labor-intensive processes as getting in the way of their fundamental business operations. Additionally, structural silos have been built around specific activities e.g., KYC, Transaction Monitoring, Fraud; with teams that do not communicate with each other as often as they should. 

Luckily, change is on the horizon. Thanks to advanced analytics and better data management practices, FIs are increasingly turning to approaches (often through outsourcing arrangements) that combine technology solutions with better processes and crucially, highly specialized investigative teams to drive efficiencies, lower costs, enhance decision-making, and more effectively manage risk. 

Alert Management Challenges: Triage Room or Bulk-processing? 

Despite its criticality, Alert Management processes are in most cases just designed to minimize costs in the seemingly impossible task of climbing an ever-growing mountain of alerts. On top of the described high volumes, other challenges typically include: 

  • Legacy technology: Outdated systems that are badly or just non-integrated within the existing architecture. This is also exacerbated by significant data inconsistencies, resulting in analysts having to navigate multiple disconnected systems.
  • Frequent interactions with other teams or customers seeking further context and clarification, with the subsequent risk of miscommunication or even leaks.
  • High staff turnover rates are pushing FIs to increase costs to acquire and retain talent.
  • Lack of capacity needed to absorb the impact of unexpected events or sudden peaks in transaction or customer activity, resulting in backlogs and potential regulatory action. 

In the resulting current environment, FIs find themselves trying to capture, collate, analyze, and make sense of alerts often coming from multiple systems too. The risk of a system becoming crippled under the weight of large volumes of alerts is rising and both firms and providers are looking at different approaches. 

Alert Outsourcing 

While FIs have actively outsourced a wide range of business operation services and processes since the late nineties, the compliance function has traditionally remained part of the core services performed in-house by institutions. The process of identifying suspicious activity, either at customer or transactional level, is one of the current biggest single challenges faced by FIs. 

However, the costs associated with the execution and maintenance of these services have not ceased to increase. When analyzing the actual cost, it is not as simple as the sum of the employees’ salary compared to the cost of purchasing software or an outsource solution. Other factors including IT involvement, employee turnover and opportunity costs must be considered. In terms of opportunity costs, for example, outsourcing alert management could enable staff to be employed in analyzing more complex cases where automation is not an option yet. 

While the decision to outsource such a critical element of a compliance framework should be carefully evaluated, it also brings significant advantages, especially where typologies, risks and risk appetite have been clearly defined, and where robust governance and oversight frameworks has been established, including escalation paths, clear communications, and quality assurance. 

Outsourcing requires both parties, the FI and services provider, to have strong and effective controls and a management reporting framework to provide senior management full transparency over the outsourced function. It also opens a range of possibilities to bring about material cost reductions and more flexible opportunities for management and workforce alike. 

Delivering Productivity and Quality

Aside from semantics and definitions, it seems clear that current models, based on large teams, subject to high attrition rates, and not often enough equipped with technology fit for purpose is not a sustainable approach. 

Increased complexity in financial crimes (that is, those typologies the industry is aware, not including the much-dreaded “unknown-unknowns”) requires not only greater efficiency but also better effectiveness, translated in the ability to draft Suspicious Activity Reports (SAR) that can truly provide intelligence to the public sector: law enforcement agencies and financial intelligence units. 

The ability to contextualize alerts, using adequately calibrated tools and adding further sources, cross-check and combine them has a direct impact on both reduction of false positive alerts and increase of overall levels of quality in investigations and subsequent SARs. This means taking financial crime operations from a traditional “alert ticking-box” approach traditionally measured in terms of how much it can save to the organization into an intelligence-driven output activity that effectively helps closing the gap between predicate and economic crimes. 

Impact of Skills and Training on Compliance

While virtually no compliance problem can be fixed through a single-factor solution, it seems clear that the right combination of training, skills and technology can make a difference: we could easily see in the near future how outsourced teams equipped with Generative Artificial Intelligence (Gen AI) powered solutions coupled with predictive analytics, better integrated with existing systems and making extensive use of data can effectively transform the manually intensive operations processes FIs currently use.

Specialized teams may also transform the way operations are performed today by: 

  • Minimizing manual data gathering efforts across multiple internal and external sources
  • Perform intelligence-driven analysis and risk identification
  • Enhanced granularity through upskilling teams, e.g., country-typology processes instead of following a one-size-fits-all approach
  • Establishing and enhancing feedback loops with the relevant parts of the business, increasing cross-functional visibility and cooperation

These are just examples of how activities could be executed differently, without attrition concerns, while supporting more efficient investigation and resolution processes, enabling resources to focus on the highest and most complex risks.

In the future, a smaller number of more highly skilled individuals will function as a force-multiplier, driving organizational change across traditional structures. The current “factory/assembly plant” model should be progressively phased out in favor of analysts operating across integrated teams, assessing several types of financial crime risks across the whole of the customer life cycle. In the increasingly complex world of operations, cost efficiencies and higher quality might be found by looking back into the past and following an approach that has served the industry very well over the last 30 years.

Speak to an Expert