Regulators and private firms increasingly rely on technology to identify financial crimes. As detailed in a recent report by the United Nations Development Programme (UNDP), organizations can use artificial intelligence, machine learning, and other tools to prevent corruption and related forms of illicit finance. However, utilizing software to detect financial crime is easier said than done.
The UNDP report highlights some of these limitations, such as poor-quality data and the misspecification of software systems. But the report underplays the severity of these limitations and misses some additional practical challenges we’ve witnessed in our work with both public and private sector clients. There are three potential pitfalls I want to explore in more detail: Data access, error prevention, and organizational incentives.
The UNDP report correctly observes that software-driven detection systems are only as effective as the data they ingest (what computer scientists refer to as “garbage in, garbage out”). Public and private actors often obtain data through third-party vendors, often from aggregators of various sources of information. Various quality issues may impact the underlying data, including duplicates, missing names, inconsistent formats, inconsistent order, spelling mistakes, and “noise words,” or words that are so common that they undermine searches.
Each data source is managed by an organization that may or may not verify the quality of the information they collect. Firms and public sector bodies will need to independently evaluate data quality or ensure that their data vendor does so on their behalf. And unfortunately, the price of this data may be prohibitively expensive for those most motivated to detect illicit finance, including non-profits, journalists, and public sector bodies. Initiatives such as Transparency International Ukraine’s DOZORRO — an online public procurement database that uses AI to focus on contracts that pose higher fraud risks — are hugely beneficial for addressing this issue and should continue to be championed.
But data quality is only the first challenge. Organizations must also wrestle with how to design the software systems they use. Misspecifications can result in an overabundance of false positives that drown organizations in wasted time and energy. Overly narrow settings, in contrast, may generate false negatives, leading firms to miss suspicious activity. These issues are compounded when using AI and machine learning. Such models for AML transaction monitoring are trained using various types of data, including transactions categorized as normal and suspicious. This training often does not include data on internal transactions investigated internally but not reported to a regulator.
One empirical study utilizing anonymized transactional data from a Norwegian bank found that this decreases the predictive accuracy of such models. Another study found that an obscure specification of such models – the definition of an “event” – can also impact their effectiveness.
While machine learning can undoubtedly enhance our collective capacity to combat bribery and corruption, organizations must grapple with the complexities of their specifications.
Equally if not more important to financial crime detection are organizational incentives. As the UNDP Report alludes to in relation to blockchain technology, “…incentives for good behavior does [sic] not only reside in the transformative nature of blockchain for integrity and transparency, but also in the government bodies or institutions responsible for matching information with reality.” Indeed, detection systems will only work if organizations are incentivized to use them correctly. Private firms often view compliance as a cost to be minimized rather than an investment in risk mitigation that can reduce the likelihood of much more expensive fines. Worse, companies may succumb to perverse incentives to ignore bad behavior or purposefully design compliance controls to reduce their effectiveness.
Senior leadership must dedicate sufficient resources and independence to their compliance functions to properly manage this conflict of interest. This includes not just investment in technology but also staff with the experience and expertise to analyze red flags, carry out investigations, and report suspicions. Organizations must also ensure that their compensation structure does not create incentives to engage in disproportionate risks. These goals can be more easily achieved through corporate checks and balances that protect compliance’s integrity and ensure the representation of various stakeholders.
Despite these challenges, AI, machine learning, and other advanced software offer enormous potential for the effective detection of financial crime. The stakes couldn’t be higher. Correctly specified systems, drawing on high-quality data and backed by positive organizational incentives, may help prevent the next 1MDB scandal by identifying suspicious transactions earlier.