Can AML Programs Keep Up with the Business?

Ofir Reichenberg, Director of Product Management, Data Solutions

As anti-money laundering professionals, we are tasked with keeping our organizations secure and our operations running effectively. This includes identifying risks, monitoring activity and investigating suspicious and high-risk activities and customers. Addressing all those tasks without hindering business operations is far from simple. In a previous post, I talked about some of the challenges in the AML investigation process, and in this discussion I will address what we need to do to face them to keep our BSA and compliance organizations running smoothly.

What can we do to make sure analysts are investigating the correct activities and customers? How do we partner with the business to keep up with burgeoning activity and data growth? These issues create a moving target, and create multiple fronts that need a solution:

Risks and Red Flags

New typologies and criminal patterns constantly emerge. Regulators and organizations are publishing new red flags that require special attention. Meanwhile, anomaly detection and analysis find new patterns. Some of the new typologies are variations of existing ones and can be caught by adjusting thresholds or fine tuning existing detection logic. Other typologies demand the creation of specific detection logic to identify all such scenarios.

Profiles: “Normal” Not Constant

Over the course of a customer relationship, the definition of what is normal behavior can change. Take for example, in consumer banking, a relationship can start with a young adult and as he matures, his earnings and spending power increases, and his demographics will adjust as well. Businesses change in a similar way – the way money flows, methods of payments, etc. This impacts AML in two ways. On the simpler side, looking at peer groups requires us to constantly redefine who exactly are the peers of every customer. Even the peer groups themselves change to match the current activity and risk indicators. The more complex side is that the understanding of what exactly is “normal” is not constant. What should raise a red flag is changing as the customers change their behavior.

Growing Customer Volumes

Over time, the business grows – there are more customers and even more activity emanating from those customers. This translates to more activity, and therefore more data, to track. Unless we keep increasing our standards and start to de-risk certain customers, we can expect the number of high-risk customers to grow. If we keep the same false positive rate for our transaction monitoring, we can expect the number of alerts to grow over time. Both of those may require the AML team to constantly grow just to keep up. The approach to solving problems by adding staff is far from ideal and the only way to avoid that cycle is to constantly improve the process used to approach AML – grow your technology strength to adapt to these increases, don’t just count on staff increases as your fix.

New Products and Regions

All the above scenarios are “business as usual” for the AML team. But what happens when the business introduces a new financial product? Or when the business has decided to expand into a new geographical region? In most cases, this is a much bigger challenge, because it means starting from scratch, learning the new domain and estimating the right coverage for it. Misses in those estimations means either flooding the AML analysts with false positives or missing the actual suspicious activities. Either of these results is certainly not desirable. 

Moving Away From “The Old Way”

So how do we keep up with all those changes? In the past, the only answer was periodic tuning and detection updates. It’s a costly exercise of bringing in experts to analyze the current data, review plenty of spreadsheets, come up with recommendations and then test them. In many cases, they also need to specify new logic, validate, profile and test it. Not only is this approach expensive and time consuming, but the results tend to vary wildly. Tuning usually completes when the energy or budget assigned to it runs out and not when we get the best possible results. Even knowing what are the “best results” is a challenge. This process needs to be evaluated and updated to a more streamlined approach to keep the organization up to standard regulatory and operational requirements. 

Continuous Optimization

The best way we have found to enable business goals throughout an organization without increasing risk, is by changing the paradigm. Instead of treating tuning as a necessary evil to be undertaken as a last resort, tuning should be built into the ongoing operations. This means leveraging “big data” technologies to constantly collect and review all the relevant indicators. At the very least, we need to review the overall behavior of the different peer groups as well as the detection performance and false positive rates of the detection modules.

Analyzing this information allows the operation to proactively identify the changes as they occur, and adapt the system. The AML domain requires excellent model governance, and that impacts continuous optimization – we don’t expect the system to “tune itself” or adjust any thresholds without human intervention. Rather, we expect the system to review, identify, alert and recommend to the users what to do and when. A human AML expert will still be the one to review those recommendations and act on them at the right time.

Spirit of Collaboration

Another differentiator between AML and other parts of the business is the spirit of collaboration. Encouraged by regulators and leaders in the domain, working together is the magic sauce that allows the AML team to adapt quicker and better to the changing needs. This works because collaboration in stopping money laundering, human trafficking and terrorist financing benefits all parties – it is not a competitive advantage but a better way of doing business.

The concept of “collective intelligence,” leveraging the experience of other organizations and environments, allows us much quicker responses. Instead of having to research from scratch every change and new risk, it’s now possible to prepare for it. With this knowledge, we know better what to expect and where to start tuning. The results are quicker tuning cycles and less time spent chasing changes.


Based on what I’ve seen, I think that yes – today, more than ever, it’s possible for the AML team to keep up with the business. By combining a modern, machine-learning based tuning system with collaborative knowledge and domain expertise, we can respond quickly to growing demands on the business. With those elements supporting the strategy, the AML team can provide full coverage and protection in the face of these constantly-changing challenges.

How are you dealing with the constant changes? Drop us a note at to share your thoughts.

Alert Investigations: Navigating the Monitoring and Detection Haystack

July 2nd, 2024
Francisco 'Paco" Mainez, Professional Services, Principal Business Consultant, NICE Actimize

Realizing the Potential of Operational Efficiencies in an AML Program

June 17th, 2024
Bob Hager, Lead Business Consultant, NICE Actimize & Mohit Agrawal, Senior Specialist Business Consultant, NICE Actimize

Tackling KYB challenges with perpetual KYC

June 6th, 2024
Adam McLaughlin, Global Head of Financial Crime Strategy & Marketing, AML

U.S. Corporate Transparency Act Deemed Unconstitutional

May 9th, 2024
Adam McLaughlin, Global Head of Financial Crime Strategy & Marketing, AML
Speak to an Expert