Financial Fraud & Money Laundering

Financial fraud and money laundering pose immense challenges to financial institutions and society. It is estimated that the aggregate lost turnover for companies, governments and individuals as a result of financial crimes is valued at €40 trillion, according to a report revealing the true cost of financial crime.

Despite the best efforts by regulators and banks, existing techniques to identify and stop money laundering have been shown to be inadequate. Traditional approaches to identifying financial fraud and money laundering often rely on databases of human-engineered rules that match suspicious patterns in financial transactions. However, due to the increasing complexity of fraud and money-laundering schemes, existing approaches for detecting fraud and anti-money laundering (AML) quickly become outdated and ineffectual. Existing rule-based approaches are also extremely costly, with costs of compliance having increased more than 60% since 2008. They generate large amounts of alerts, with increasing amounts of false positives and are always playing catchup with newly emerging fraud schemes.

To overcome those limitations, we have developed a state-of-the-art anomaly detection model that combines conventional rule based systems with deep anomaly detection to provide decision support for fraud and AML investigators. Our method presents a viable and inexpensive solution to create a fraud detection system with deep learning that does not require regulation and improves productivity immediately. This solution has been tested and approved by leading financial institutions, and results show to be 100X more accurate than existing rule-based systems in identifying patterns of fraudulent financial transactions. In simpler terms, this solution enables building and operating machine learning (ML) models that make it harder for fraudsters to avoid detection while still ensuring compliance with existing regulations.

Key Considerations for Fraud and AML Systems

“It is now expected by regulators that compliance programmes are not only effective but can be demonstrated through data to be effective.”

Tapan Debnath, Head of Integrity, Regulatory Affairs & Data Privacy at ABB

Regulatory Frameworks

In January 2020, the Anti-Money Laundering Act 2020 (AMLA) became law in the United States, adding significant pressure on financial institutions to improve fraud detection and AML systems. The AMLA emphasizes the usage of innovative approaches such as machine learning or other enhanced data analytics processes. Similarly, in June 2021, the European Commission presented the Anti-Money Laundering Legislative Package aiming to improve the detection of suspicious transactions and activities. Those regulations have three common pillars that should be addressed by organizations when introducing fraud and AML systems: security, compliance, and governance.

3 Pillars for an AML Framework

Security

Private network access, encrypted customer, and data access control.

Regulatory Compliance

Legal framework and compliance for specific AML regulation and Data regulation (GDPR, CCPA, HIPAA) .

Data Governance

Roles, policies, standards, and processes embedded in both the organisation that uses the framework and the service(s) provider.

Cost and Compliance Problems of Rules-Based AML

“Traditional technological approaches to combat [...] evolving threats are meeting with less success resulting in large numbers of “false positives.”

Radish Singh, AML Specialist at Deloitte Forensic

Existing approaches to identifying fraud and money laundering rely heavily on databases of human-engineered rules that attempt to match patterns that are indicative of fraud. As new fraud schemes are identified, new rules are added to the rule engines (Rules-Based Fraud Detection). For example, in money laundering, smurfing is a well known attack, where lots of private accounts aggregate money using small, under-the-radar transactions at hubs for later extraction.

Suspicious customer fulfils certain predefined limited criteria:

  1. Number of transactions
  2. Amount transferred
  3. Bank quality score
  4. Country quality score

Transaction is flagged

Flagged items are added to a list

  1. If the criteria are too loose there are too many items on the list
  2. If they are too narrow, they are too few.

Investigators have to review items on the list.

  1. Most of the time they are unable to differentiate between high and low priority items.

In the Rules-Based Fraud Detection code example below, you can see the rule-based approach to identifying suspicious financial transactions. Here, you define a large set of rules that are applied to all financial transactions. If a financial transaction matches any of the rules, an alert is triggered. If the alert was incorrectly triggered (false positive), it induces costs. If no alert was triggered, but one should have been (false negative), you must design a new rule to identify the fraud scheme (if possible). Companies maintain these rule databases and routinely ship updates to customers.

Rules-Based Fraud Detection
# Rule 1
IF transfersLastDay > 10 && amount > $5k
THEN
alert
END

# Rule 2
IF country is LISTED && amount > $1k
THEN
alert
END
--

# Rule N

--
Train Fraud Detection Model
dataset=tf.data("financial_transactions")
model = ...
model.compile(...)
model.fit(dataset, ...)

Detect Fraud with Model

IF model.predict(amount,transfersLastDay,
country, ...) == TRUE
THEN
alert
END

Figure 1. Rule-based vs Model-based Detection Systems

The problem with Rules-Based Fraud Detection systems is the huge number of false-positive alerts that take time and money to run down. In addition, they are not capable of detecting changing threats, as the rules are not able to generalize to capture similar but slightly modified threats. More alarmingly, threats that involve patterns across many related transactions , such as smurfing, cannot be identified using existing rule-based systems.

AI-Accelerated AML

To overcome those challenges, we have developed a new state-of-the-art solution for identifying suspicious activities based on semi-supervised deep learning and anomaly detection.

The key insight with anomaly detection with deep learning is that it can generalize from training data to identify anomalous patterns in transactions that are indicative of fraud. Deep learning loves large amounts of data, and the more examples of “normal” financial transactions you can train a model with, the more accurate it becomes.  The result is an anomaly detection engine that makes it harder for money launderers to make small changes in how they launder the money to stay undetected.

New fraudulent transactions feed the model to improve accuracy and discover new fraud strategies.

The model is trained on historical financial transactions, including examples of fraud and non-fraud.

In real-time, a model predicts a transaction is fraud.

It is flagged.

Graph visualisation allows investigators to explore relations and flagged items.

In the Train Fraud Detection Model code snippet below, you can see that you must first curate a labeled training dataset: financial_transactions. With that dataset, you can train the model and then the trained model can then be used on new financial transactions to predict if they are fraud or not-fraud. An alert is sent if a financial transaction is suspected of fraud.

Rules-Based Fraud Detection
# Rule 1
IF transfersLastDay > 10 && amount > $5k
THEN
alert
END

# Rule 2
IF country is LISTED && amount > $1k
THEN
alert
END
--

# Rule N

--
Train Fraud Detection Model
dataset=tf.data("financial_transactions")
model = ...
model.compile(...)
model.fit(dataset, ...)

Detect Fraud with Model

IF model.predict(amount,transfersLastDay,
country, ...) == TRUE
THEN
alert
END

Figure 2. Rule-based vs Model-based Detection Systems

Generative Adversarial Neural Networks (GANs) are a natural choice for financial fraud prediction as they can learn the patterns of lawful transactions from historical data. For every new financial transaction, the model computes an anomaly score; financial transactions with high scores are labeled as suspicious transactions.

GANs Model Training and Testing Principles

GANs have a reputation for being both complex to understand and difficult to train. During the training phase, the generator is trained to mimic real transactions, the encoder learns to recognize what is a real transaction, and the discriminator classifies real and fake data.

Figure 3. GAN Model Training Principle

As each part of the pipeline improves and is compared with real transactions, the whole system essentially is trained at being better at creating and identifying real transactions. The goal being to get as close as possible to the patterns that can be seen in a real environment. 

During the serving phase, both generator and encoder have fixed parameters and the discriminator is discarded. The real transaction is encoded and compared to a reconstruction from the generator and the encoder; the anomaly is what the system interprets as being the difference between what a normal transaction looks like and what a generated transaction looks like. The threshold level for triggering an alert is configurable, and the anomaly score itself can be interpreted by investigators. Currently, deep learning approaches are not approved by regulators for identifying money-laundering, so our approach is currently used as a decision support system, where it runs alongside a classic rules based system, but enables investigators to be more productive by helping them prioritize the investigation of alerts. That is, those with the highest anomaly scores should be investigated first.

Figure 4. GAN Model Testing Principle

GANs are challenging to both train and deploy in production, needing GPUs and parallel hyperparameter search as well as distributed training support when training on large volumes of data.

Understanding Fraud using a Graph Representation of Entities and Transactions

To detect fraudulent patterns and trigger alerts, you can use graph and tabular features as input features to the GAN techniques described earlier. Graphs consist of nodes and edges. In financial transactions, the nodes represent businesses and individuals, while an edge represents a financial transaction between two nodes.

To show the utility of graphs, here’s an example. Mark the businesses and individuals with different titles: businesses are marked as “Corp” and individuals are marked as “Indiv”. The edges are used to represent transactions with associated dates and amounts and the directed edges represent the direction of transactions.

There are various expected graph patterns, such as a normal scatter pattern, also known as a dandelion, that happens when an organization pays salaries. Such a pattern occurs on certain dates, salaries are relatively fixed, and the money flow is outbound from a single payer. An anomalous scatter pattern has a sudden burst of transactions that has never been seen previously for involved nodes or bidirectional money flows.Figure 5 shows a gather-scatter pattern, where money flows initially inbound to the central node in the month of January. These flows are subsequently outbound to other nodes in the month of February. In the world of money-laundering, this gather-scatter pattern is used to hide the distribution of funds from financial institutions. Similarly, Figure 6 shows a scatter-gather pattern that again has a bidirectional flow of money on different dates. In this case, the source and destination of the money are two different central entities.

Figure 5. Gather-scatter pattern through a central entity
Figure 6. Scatter-gather pattern through two central entities. Outflow occurs before August 17 and inflow thereafter.

Based on tabular features as well as graph features, GAN methods can detect such fraud patterns. Such methods coexist with rule-based techniques to lead to better results, accuracy, and a confusion matrix.

Challenges in modelling fraud as a binary classification problem

Figure 7 shows the confusion matrix of a financial fraud binary classifier. For problems such as money laundering, false negatives should be weighed significantly higher. Use a variant of the F1 score to evaluate models: precision, recall, and fallout should not be weighted equally.

True Positive
Reality: Fraud
Prediction: Suspicious activity predicted
Result: Good
False Positive
Reality: Not Fraud
Prediction: Suspicious activity predicted
Result: Unnecessary costs and operational inefficiency
False Negative
Reality: Fraud
Prediction: Unsuspicious activity predicted
Result: Non-compliance and induced costs for the bank and society
True Negative
Reality: Not Fraud
Prediction: Unsuspicious activity predicted
Result: Good
Figure 7. Confusion matrix of a financial fraud binary classifier.

There are other challenges in detecting money laundering patterns:

  1. Massive class imbalance—Transactions labeled as suspicious may be less than 0.0001% of total historical transactions.
  2. Non-stationarity—New money-laundering schemes are constantly being invented. To identify new patterns as they appear, techniques must be able to adapt themselves or be easily adapted.

We, have published as open source a full end-to-end example for detecting fraud:

  1. A sample raw dataset of financial transactions
  2. Feature engineering programs to compute complex features such as graph embedding and store them in a feature store
  3. Notebooks to find good hyperparameters for the GANs
  4. Distributed training of a GAN using many GPUs.

The code can be reproduced on any Hopsworks cluster, including managed Hopsworks clusters available on AWS, Microsoft Azure, and on-premises installations of Hopsworks. Hopsworks clusters can manage up to hundreds of GPUs and allocate them to applications on-demand.

Industry Example: Swedbank Improves AML Detection Rate and Save Millions of Dollars per Year

Swedbank is the largest financial centre in Scandinavia offering retail banking, asset management, and other financial services for 7 million private customers and 546,000 companies. The company’s main challenge was to increase the detection rate and reduce costs of transactions associated with financial crime.  We have helped them to introduce our model-based approach for AML using the Hopsworks platform.

Swedbank employs a rule-based system that generates up to 99 false-positives for every 100 alerts. The financial institution leveraged our deep learning for anomaly detection approach with  more than 40TB of training data in the Hopsworks Feature Store, and models trained on GPUs. In pre-production evaluation, the company was able to reduce this to only 1 false-positive for every 2 alerts (99% reduction).