A Longer Lever for AML: Intelligent Alerts, Typologies and Segmentation

We have written about intelligent segmentation as the lever point for a better AML process – one that dramatically reduces false positives while simultaneously decreasing false negatives. The result is a far more efficient and effective AML process.

This approach is what delivered such exceptional results for HSBC – leading to a 20%+ reduction in false positives in a world that celebrates 2-3% reductions. This order of magnitude improvement in performance, however, is not the only application point AI in AML – there are others as well and in this post we will detail how our technology targets those areas to “lengthen the lever” and provide even more impact to this rapidly evolving area.

The timing could not be better, the European Union’s Fourth Anti-Money Laundering Directive looms, the fines continue to grow in scope and in consequence and the complexity of the problem continues to compound.

There are two additional areas, beyond Intelligent Segmentation, that we are going to focus on here – Intelligent Alerts and Intelligent Typologies.

When you think about the standard workflow for an AML process, it generally looks like this:

There are defined areas and generally different software solutions for those defined areas. As we have noted, Intelligent Segmentation has an outsized impact, acting as an AI-powered controller for the all-important Transaction Monitoring Systems but there are two other elements that make a difference:


Let’s take them in turn.

Intelligent Alerts

Intelligent Alerts is the ability to accelerate the clearing of the alerts backlog by automatically categorizing alert priority (L1, L2, etc.) and providing the reasoning for an alert’s auto-dispositioning. Alert auto-dispositioning is important is because it allows investigators to focus their attention on the highest probability items while relegating the lowest probability items to the bottom of the stack.

Here is how it works.

Like most AI problems, Intelligent Alerts uses two “patterns,” in this case hotspot detection followed by ranking. It starts with the output of the transaction monitoring system, in this case the alerts. These alerts (A1 through AN) are first grouped using Ayasdi’s core Topological Data Analysis technology based on the notion of similarity.

With the alerts placed into Groups (G1 through GN) we then move to ranking.

For each group the alerts need to be ranked according to some methodology.  Most institutions use L1, L2, L3 so we will use that but other methods work as well. For those unfamiliar with the concept, L1’s are closed (not suspicious) with little effort, L2’s are closed with some effort and L3 are filed as suspicious.

Within each group (G) the alerts will be ranked based on their probability that they will result in a suspicious filing (L3 on top, followed by L2 then L1).

While the initial groups are established using the concept of similarity, the alert rankings require backtesting. For a typical bank this is a month or so of data but is statistical in nature and will vary.

One additional benefit becomes apparent during the Suspicious Activity Reporting filing. By grouping like Alerts together, alert investigators can bundle multiple grouped and linked alerts into one SAR – providing more context for enforcement agencies and aiding them in better catching money launderers.

Overall, in using this approach, the bank now knows where to focus its efforts and in doing so, decreases the bank’s risk profile while becoming more efficient.

Intelligent Typologies

Intelligent Typologies, like Intelligent Segmentation is another way to get the most out of the Transaction Monitoring System while avoiding any costly, lengthy or complex system changes.

Both create an intelligent system where a static, rule-based one exists.

Intelligent typologies are premised on the concept that groups of like people and like companies act in predictable ways. For example, to the human eye, a pharmacy may look like any other group of pharmacies. On a closer look, characteristics like having many larger than average transactions and no health insurance payments may look unusual – something that a regular person would need to be actively looking for to notice.

Intelligent typologies draws on two patterns that dramatically improve upon this human-driven inquiry. The two patterns are anomaly detection and ranking.  Like segmentation, they work in sequence.

Since Topological Data Analysis creates networks based on the concept of similarity, it is exceptional at detecting the opposite of similarity – anomalies. It does not need to be trained on data, indeed, it doesn’t even need labeled data to identify those entities that would qualified as anomalous. Furthermore, the Intelligent Typology approach learns over time, demonstrating far more flexibility vs. traditional rule based systems.

Once those anomalies are detected, an Intelligent Typology approach then ranks the anomalies – from least likely to occur to most likely to occur. Banks will target the least likely or most anomalous first.

Going back to our pharmacy story, it turns out that this pharmacy was actually a hidden human trafficking operation. This a true story, related to us by a large financial services institution. They found it through traditional means, but alerted them to the fact that far more examples lurked in their data – and they wouldn’t be able to construct the correct queries to find them. The needed intelligence.

Only through Intelligent Typologies can financial institutions catch the ever-changing behavior of money launderers. Furthermore, Ayasdi’s Machine Intelligence Platform is able to go one step further by providing full transparency to the process by providing the reasoning behind the anomalous behavior. This, like any step is critical to winning over regulators and law enforcement.


The AML process inside of major financial institutions is increasingly dynamic. Large banks and other payment processors recognize not only the compliance risk but the moral imperative associated with money laundering. They are responding with technologies and approaches that dramatically enhance their existing technology stack.

Intelligent segmentation, intelligent alerts and intelligent typologies are three ways to generate more leverage from an existing system both from a risk perspective as well as from an economic one.