Posted by & filed under Research & Investigation.

Missing PiecesSearch Engines have transformed people’s everyday lives.  We can instantly find the best Italian restaurant in town, directions to the airport, and what the cast of Saved By The Bell is now doing.   Search Engines are not, however, AML compliance applications.

This may sound surprising to tens of thousands of AML analysts and investigators around the world who rely on Search Engines like Google, Bing and Yahoo to find negative news information about customers, counterparties, and other people and companies they are researching and investigating.

Relying on Search Engines to find negative news information is a big problem because:

  1. Search Engines do not find all negative news information
  2. Search Engines present way too much unrelated information
  3. Search results needed by AML analysts are often buried well past page 1
  4. “Search Strings” used by AML analysts are helpful but highly limited
  5. Search Engines add time to AML work and increase costs
  6. Search Engines provide no record of work and therefore no proof to auditors or regulators

 

Search Engines Do Not Find All Negative News Information

Search Engines find information on the Surface Web, the part of the Web available to the general public.  There are billions of pages of information on the Surface Web.

When an AML compliance analyst wants to locate negative news information, a portion of these billions of pages are reviewed by whatever Search Engine they use.  Each Search Engine contains different indexes of information gathered from the web.  So Google, the most used Search Engine, does not search all the same information Bing or Yahoo search.  So just using Google means an AML analyst may miss negative risk information.

Google (or Yahoo or Bing) may in fact “find” the information that an AML analyst needs, but that important result – the one the analyst needs – may be on page 12.  In these cases, it is highly unlikely the analyst will read the first 11 pages of results, thus in effect the information needed by the analysts is never found.  Read about a real example of this here.

Search Engines combine hundreds of factors into complex algorithms that try to find information about each search query.  The problem is, no-one knows how these algorithms work – they are the closely guarded property of the Search Engines.  Not knowing the logic and computations behind a Search Engine’s algorithms puts AML users in a bad spot; analysts are left with the uneasy feeling that they may be missing key information.

 

Irrelevant Results and “Search Strings”

Search Engines are designed to show what they think you want to see.  Problem is, they don’t actually know what it is you want to see.  They don’t know you are an AML analyst looking specifically for information about whether a customer was involved in a past legal or criminal matter.  So Search Engines, using their algorithms, give you lots of information that isn’t relevant to what you want.  This means scrolling through endless results trying to find the one or two that actually matter.

These unrelated results add time to an analyst’s work, which piles up costs for each due diligence and investigation case.  Unrelated results also increase risk.  After-all, how many results can a person look at hour after hour, day after day, and not become frustrated and distracted by the monotony.  No doubt, this leads to analysts missing critical information.

To address the problem of too many unrelated results, analysts devise “search strings” of negative terms that try to reduce irrelevant information.  Search strings often do reduce results but they also create other problems for AML compliance.  Here are two of those problems:

  • Search Engines limit the number of words that can used in a search string.  What if the words not included are the words that would find the key information?
  • Search strings are not consistently used by every analyst on every search, thus creating an environment where work is done differently by everyone on every matter.  This lack of consistency leads to non-compliance.

 

No Proof of Work

Negative news searching is a critical component of AML due diligence and investigations.  Any strong AML compliance program requires work be documented and saved for review by a manager, an auditor and the regulators.  Search Engines do not provide any features that enable AML users to properly and consistently document their work.

AML procedures may mandate taking screen shots or copying and pasting the first page of Search Engine results, but in many instances this doesn’t prove much.  A screen shot won’t capture the entire search string used, or it won’t capture page 2 – 10 of the results.  It is also a mundane and monotonous process that is prone to human error.

If you are an AML compliance professional, it is important that the tools and applications you use are effective, efficient and consistent.  Using Search Engines as a way to find negative news falls short on all three of these objectives.

Posted by & filed under Research & Investigation.

There are going to be a lot of internal “fire drills” happening over the next few weeks (months?) from the recently released “Panama Papers”.  The documents are a collection of 11.5 million leaked internal records from the Panamanian law firm Mossack Fonseca, a leading firm in the incorporation of offshore entities.  The 2.6 terabytes of data includes information from 1977 through the end of 2015, and highlight possible examples of money laundering, sanction and tax evasion.

Instead of rehashing what has already been written, we will try to keep a grouping of the reported information by topic to save you time in tracking it down. Please see the topics below.

General Overviews

 

Politically Exposed

 

FIFA

 

Vladimir Putin

 

Iceland Prime Minister: Sigmundur Gunnlaugsson

 

Pakistan

 

British Prime Minister: David Cameron

 

China

 

The Americans

 

Ireland

 

Real Estate

 

Interactive and Data

 

Hope it helps!

Posted by & filed under AML General, Negative News.

compliance-data-searchHopefully you have found your way here from our new product demo; a search tool that has a zero false positive rate.  Feel free to check it out if you haven’t yet.  We’ll wait.

Happy April 1st!  As I’m sure you have figured out, the Global Compliance Data Search tool is obviously not a real product, and we were having some April Fool’s fun.  We went about it in a lighthearted way, but the issue we are attempting to highlight has serious implications for AML compliance officers.

If you ask many AML professionals what causes them the most headaches, the issue of false positives will no doubt be at the top of the list, particularly when it involves name screening, due diligence, and negative news research.  Each of these important processes runs into problems caused by false positive matches.  Everyone in AML knows it is important to attempt to limit false positives as much as possible, but there is a much more dangerous issue that rarely gets discussed False negatives.

 

False negatives are the opposite of false positives. They are results indicating that there is no match, when in fact there is.

 

Result sets with large numbers of false positives receive the most attention because the issue is prominently visible.  The abundance of work false positives create wastes time and incurs too much effort.  This waste of time and effort is far from ideal, but has been accepted among AML professionals as a necessary burden because among the dozens or hundreds of false positives, there may be a true match that must be identified.

 

false-positive-chart

 

False negatives are the opposite of false positives.  They are results mistakenly indicating that there is no match, when in fact there is.  The danger of false negatives is two-fold; first, since these matches don’t trigger any results you have no idea how much information you are missing, and second, this information is never reviewed since no one knows it even exists.  This is the stuff that should make compliance managers, regulators and executives really nervous.  What can be done to mitigate this risk?

There are three main causes of missing relevant information:

 

  1. System Shortcomings– the technology or algorithms used are not tuned to identify the relevant information

 

  1. User Error– end users are either not properly trained on system use, or enter information incorrectly

 

  1. Lack of Data– the universe of information being searched does not contain the relevant data

 

Each of the above issues pose their own unique and complex challenges.  System shortcomings is the area that garners the most attention, effort and budget.  User error issues are often thought to be resolved through training, but unfortunately many AML systems are not designed to operate easily and consistently.  The third issue, Lack of Data, is one that draws the least attention of AML managers, auditors and regulators.  It is time that changed.

Information, especially publicly available information, is growing at an extremely rapid pace and to identify risk relevant information, the AML industry still relies on techniques and systems put in place close to 15 years ago.  This is a big problem.

One of our core beliefs at TransparINT, gained from decades in the industry actually performing AML work, is that existing methods used to identify negative news, financial crime, and reputational risk information are not effective.  This lack of effectiveness leads to compliance failures.

If you are interested in learning more about the shortcomings of some AML traditional practices, feel free to check out some of our previous posts highlighting the identified gaps.

 

You Are Missing Information: Searching for Johnny Walker

How “Risk Intelligence” Databases Work (…and Don’t Work)

White Paper: Know Your Customer Screening for Negative News, There is Now a Better Way!

 

Happy April 1st!!!

Posted by & filed under AML General.

blogWhen I first got into the AML field, I remember having a very hard time finding industry related information that resonated with the work I was tasked to perform everyday.  There was no shortage of articles about the updated Wolfsberg 16th Directive on International Standards (not a real thing), but few people were talking about the practical side of performing the work that the vast majority AML and KYC professionals faced daily.

Luckily, as the industry has grown there are now more professionals willing to share their experiences and views on accepted practices drawn from years in the field.  Below is a list of five new blogs, all active less than a year, from industry insiders that are worth reading for anyone who works or manages professionals in the AML and financial crime compliance field.

 

5 New AML Bloggers You Should Be Checking Out:

 

Nick Guest Director of Risk and Operations at Cypress Resources

Nick Guest is the Director of Risk and Operations at Cypress Resources in Birmingham, Alabama.  His articles are an excellent mix of general principles and actionable best practices.

 

Leonard Shaefer Founder and Principal of Onomastic Resources

Leonard Shaefer is the Founder and Principal of Onomastic Resources, a consultancy specializing in name screening and processing for AML.  He was also a former Chief Scientist for Global Name Recognition at IBM.  The amount of detailed information regarding naming conventions for different cultures is a must read for anyone who takes name screening or due diligence seriously.

 

Frank Ewing Partner & Assistant General Counsel at Gabriel Partners, LLC

Frank Ewing is Partner and Assistant General Counsel at AML consulting firm Gabriel Partners, LLC.  Frank has seen the field from many different vantage points, and his articles have a heavy focus on the human element of AML work, which is probably the least talked about part of the job.

 

Ravon Taylor III & Theo Griffin Managing Partners at Taylor Griffin & Associates AML Solutions

Ravon Taylor III and Theo Griffin are both Managing Partner at Taylor Griffin & Associates AML Solutions and write for its blog.  It is clear from their posts that both are writing from a place of deep firsthand experience of AML issues ranging from consulting to SAR filing.

 

Keith Furst Founder & Financial Crimes Technology Consultant at Data Derivatives

Keith Furst is a Founder and Financial Crimes Technology Consultant at Data Derivatives.  More technologically focused than the other blogs, Keith puts forward some excellent ideas on using data to close many of the gaps in current AML processes.

 

Please note, the above blogs are being shared for informational purposes only.  TransparINT, LLC does not have a financial interest with any of the above individuals or companies.

 

Posted by & filed under AML Presentations, Research & Investigation.

In a previous post, we provided six free PowerPoint templates to help with AML presentations and visualizations.  While PowerPoint can be a very useful visualization tool, it falls short when there is a need to find relationships in larger data sets.  Luckily, there is an open source JavaScript library, D3.js, created specifically for producing data-driven dynamic and interactive visualizations.

If you take a look at the D3 gallery, you will quickly see how powerful of a tool it can be; the downside is that there is a fairly steep learning curve to get up and running for anyone without technical experience.

This is why we have put together the below files and instructions to allow anyone with the ability to cut and paste to create useful link analysis charts.  Below are the only requirements for this exercise.

  • Microsoft Excel
  • Text Editor (such as Notepad)
  • Modern Browser (basically anything after IE8)

 

Example Link Analysis Graph:

 

Mission

The most common use for link analysis charts in AML is to map relationships from transactional data.  For this example, we are going to assume that we have a transaction spreadsheet with a column for originators and a column for beneficiaries.

Before we get started, click here for a demo to see what what the finished product will look like.

 

Step 1: Format the data

csv_formatIn order for our D3 script to render the chart, we have to format the data in the correct way.  Attached is an Excel file that we created to help you do that.

First, you need to copy the column of originators from your transaction spreadsheet and paste them in the ‘source’ column.  Next, you need to copy the column of beneficiaries and paste them into the ‘target’ column.  Finally, starting at cell ‘C1’ you need to drag the formatting down to the last line of names.

This will create a properly structured comma separated value (CSV) list of names.

 

Step 2: Create the data file

Once you complete the above, open a text editor (e.g. Notepad) and paste everything from column C into the file. Save the file with the name of your choosing; just make sure it is saved as a .csv file.

This is an example of exactly how the file should be formatted.

 

Step 3: Link the data file to the graph file

Attached is also a file containing the D3 script to actually create the graph.  Now that the data is formatted properly, we have to adjust the file’s code to grab the data from our newly created CSV file.

This file might look intimidating, but don’t worry, there is only one line that needs to be edited.  Open the ‘graph-file.html’ file and edit the below line to replace ‘http://transparint.com/data/data.csv’ with the path where you saved your CSV file.  Save this file to your computer.

d3-edit

 

Please note, by default your computer may open this file automatically with your web browser. To edit the file, you will need to open it with a text editor though. You can accomplish this by right-clicking on it to open it with Notepad or any other text editor.

 

Step 4: Open graph file in your browser

Now just open the ‘graph-file.html’ file with your favorite browser and enjoy!  Your data should be rendered similar to this demo.

 

Link Analysis Files:

The attached zip file (Link_Chart_Files) contains the below:

  1. data-formater.xlxs – Excel file to help format data
  2. data.csv – Sample of properly formated data
  3. graph-file.html – Script to grab data and create link graph
  4. d3.v3.min.js – The graph file is set up to pull the D3 file over the web, but if your browser restricts this, the full D3.js file and be saved locally and linked

 

Conclusion

While this may seem like a lot of steps at first, once you have an understanding of the above you will be able to map out complex relationships within minutes.  This is also the very tip of the iceberg of what is possible with D3.  For example, this chart could be enhanced with transaction value labels over the links or by adding a search functionality.  Below is a list of additional resources for anyone who wants to explore these possibilies.

Additional References

Posted by & filed under Negative News, Research & Investigation.

Risk Intelligence databases, used by thousands of financial institutions as part of AML, fraud investigation and anti-corruption compliance programs, are believed to be the best way to identify public negative news or adverse media information. Unfortunately, that is not true.

What are “risk intelligence” databases and how are they constructed?

Risk intelligence databases gather negative news data from public information sources like media articles and government enforcement and regulatory publications. Database companies attempt to identify and organize this adverse media information related to financial crime risk into structured data (imagine a spreadsheet of names) lists of individuals, businesses, and government entities alleged or convicted of engaging in some sort of unlawful activity such as money laundering, fraud, drug trafficking or hundreds of other highly risky endeavors.

The Risk Intelligence database typically provides its users with what is called a “profile” – a brief summary explaining the reason a database vendor believes the person or entity poses financial crime risk.

Information in these databases must be pulled together, sifted through and selected for inclusion by people whose job it is, is read piles of publications and pick out names they believe may be of interest to AML and financial crime compliance professionals. These employees then go through a manual process of typing information, creating URL links, and categorizing the reported offenses.

Herein lies the problem.

Risk Intelligence databases are constrained by the limits of human effort, attention, and consistency.

The amount of negative news information about people and entities involved in financial crime is too large to fathom. So, database vendors must selectively choose which negative news information to review and they must rely on humans to read, record, input and create profiles. Such reliance on employees, who are scattered around the world, means error and omission occur every day (as is depicted in this article). Risk data is missed because these database companies cannot hire enough people to read the new information entering the public every day. And even in those cases were a person can read an article about an alleged financial crime, how certain can you be that all of the relevant information was identified and entered into the database accurately.

Moreover, the leading risk intelligence databases market that they have more than 2,500,000 “profiles” (i.e. list of names) but this is a claim with little meaning. Sure, 2,500,000 is better than 1,000,000, but what if the public information domain contains enough data where there should be 10 million or 20 million or 50 million such profiles?

A far better approach is for AML compliance professionals to use an application that finds all relevant negative news in real time enabling analyst to make better decisions faster and with much stronger supporting evidence.

Posted by & filed under AML Presentations.

If you didn’t get a chance to watch it last night, 60 Minutes in connection with Global Witness aired an excellent segment titled “Anonymous, Inc“.  The exposé focuses on the ease of laundering money through shell corporations and proposed beneficial owner rules. Definitely recommended viewing for anyone whose job involves any aspect of AML or KYC.

Below is a Global Witness’ undercover investigator posed as an advisor to an African minister of mines who wanted to bring millions of dollars of suspect funds into the U.S.

 

Posted by & filed under Research & Investigation.

The deep web is a topic that has been getting a lot of attention recently.  Unfortunately,  there is frequently a lack of clarity on the terms being used to describe the topic.  This post is part one of a planned series on the Surface, Deep and Dark Web.  The goal of this article is to provide a high level overview and frame of reference of these terms for future articles.

Surface Web

The Surface Web is the portion of the World Wide Web that is able to be indexed by commercial search engines, such as Bing and Google.  The Surface Web is also known as the Visible Web, Clearnet, Indexed Web, and Indexable Web.

Deep Web

The Deep Web is any part of the Web that is not indexed by standard search engines.  This may include web content contained in public databases, private web sites that require login credentials, web pages without any other sites linking to them, or many other categories.

Virtually everyone who uses the Web visits what could be considered Deep Web sites on a daily basis without even knowing it.  The Deep Web is also known as the Invisible Web, Deep Net, and Hidden Web.

Dark Web

The terms “Dark Web” and “Deep Web” are often interchangeably, but this is incorrect.  The Dark Web is a part of the Deep Web, but it requires special software to access (e.g. TOR, Freenet, I2P).  Although the most infamous of the three categories, it makes up only a very small portion of the Deep Web.

 

deep web

Additional Reading

The above is only a high level overview of a potentially complex topic.  For additional information, check out some of the more in-depth resources.

Posted by & filed under Information Security.

password_lockToday,  SplashData has published a list of the 25 most stolen passwords of 2015.  The list is based on over 2 million leaked passwords made public over the last twelve months.

It is clear that the rise in popularity of Star Wars has had an impact on the list with princess, solo, and starwars all new additions this year.  Maybe 2016 will be the year that chewbacca cracks the list.

If you are using any of the below, it’s time for an update.

1. 123456 (Unchanged)

2. password (Unchanged)

3. 12345678 (Up 1)

4. qwerty (Up 1)

5. 12345 (Down 2)

6. 123456789 (Unchanged)

7. football (Up 3)

8. 1234 (Down 1)

9. 1234567 (Up 2)

10. baseball (Down 2)

11. welcome (New)

12. 1234567890 (New)

13. abc123 (Up 1)

14. 111111 (Up 1)

15. 1qaz2wsx (New)

16. dragon (Down 7)

17. master (Up 2)

18. monkey (Down 6)

19. letmein (Down 6)

20. login (New)

21. princess (New)

22. qwertyuiop (New)

23. solo (New)

24. passw0rd (New)

25. starwars (New)

You can find the 2014 list here

Posted by & filed under Negative News, Research & Investigation.

missing_pieceNo, this is not a blog post about finding where you left your glass of Scotch.  There is a prevalent belief in AML departments that analysts and compliance officers are consistently finding all of the information relevant to the cases they are working.  Unfortunately, this is not true, and it causes a large gap in current AML and KYC processes.

Instead of discussing hypothetical information gaps, let’s dive right into an example where we are actually searching the web for information.

Everyday, thousands of AML analysts review alerts generated by alert monitoring systems and internal and external referrals.  It is an extremely challenging job, and these professionals are frequently expected to make decisions with incomplete information.  In this fictional example, we are reviewing an automated alert where a client of our financial institution received a wire outside of her transactional profile from an individual named “Johnny Walker” with an incomplete address in Michigan.

One of the main ways AML analysts attempt to identify relevant risk information is to search the web for news and adverse media using commercial search engines.  So, let’s get started (feel free to search along, as your results might differ)!

Search 1 – Broad (Johnny Walker)

It’s a good strategy to start as broad as possible.  In this case, the search engine changed our search term, and due to the commonality of the name, there is not much usable information with this search.

broad-search

 

Search 2 – Narrow with a known location (“Johnny Walker” Michigan)

To avoid references to “Johnnie Walker” the alcohol, adding quotes to the name will keep the search strict and adding the known location will filter it even more.  Still, while this type of query may help with find some identifying information, none of the results appear to increase the risk of the transaction.

name_location_quotes

Search 3 – Narrow with negative news search string (“Johnny Walker” fraud OR launder OR crime OR criminal OR terror)

Many AML groups have a standardized negative search string to help identify risk relevant information.  In this case, there are still 367,000 results returned and only about half of the first page’s results could be considered negative.

negative-string-quotes

Awesome! No negative news! Wait a minute…

At this point, all but the most diligent analysts will continue the process to disposition the alert under the belief that there is no potential risk relevant information on the web regarding this individual.  But hidden on page 8 among that 367,000 results from the “negative news” results is the below. Link to FBI Press Release

We are still not certain that this is the same counterparty to the transaction we are investigating, but the name and location are a match, and at a minimum it is a piece of information that any compliance professional would want to be made aware of before dispositioning an alert.

highlighted-result

 

How is this possible; I followed procedures!?

The issue lies in the growing volume of information continually available to investigators, and the lack of tools to harness this information.

After attempting to find this information on the web, you may have searched your department’s curated risk intelligence database and gotten a match.  In fact, I would be surprised if you didn’t as the above is from a highly authoritative source (FBI press release), which most risk databases should cover.  The point of this exercise wasn’t to show that the information is impossible to find, but to highlight a very real example where the coverage of information is not what many believe.  And for every piece of information that the risk intelligence database identifies, I would argue that there are at least ten that the search engine does and the database doesn’t.

For a more in-depth description on the strengths and weakness of the current state of AML tools, please check out our recently released whitepaper for good a overview.