Simulations in Anti-Money Laundering

Simulations are powerful tools for decision-making in various fields, including pilot training, military strategy, AI chip design and black hole physics. This article addresses how simulations can improve decision-making in anti-money laundering (AML).

Level 1 vs. Level 2

This exploration divides simulations in AML into two categories: Level 1 and Level 2. Level 1 simulations use historical data to assess the impact of different decisions and respond to factual questions with clear-cut answers rooted in available data. Data analytics is crucial for these simulations.

Level 2 simulations, on the other hand, create a model of the world in which we can imagine different histories. It ventures into hypothetical realms, letting you ask counterfactual questions such as, “what if?” These simulations are cyclical in the sense that you get answers that prompt further questions. AI is the workhorse of Level 2 simulations.

The Key Pillars of AML

Anti-money laundering involves four main functions:

1. Sanctions.
   • Financial institutions must avoid business with sanctioned individuals and entities and ensure safeguards for politically exposed persons (PEPs).
   • Financial institutions use sanctions screening and transaction filtering rules to generate alerts for transactions involving sanctioned entities or individuals. Lists are maintained by government bodies such as the U.S. Office of Foreign Assets Control (OFAC).
2. Know your customer (KYC).
   • Institutions verify customer identities and understand their behavior during onboarding.
   • Risk-scoring models identify high-risk customers to monitor for unusual or suspicious behavior.
3. Transaction monitoring.
   • Institutions monitor customer transactions for suspicious behavior, such as patterns related to crimes or deviations from expected behavior.
   • Alerts are generated for suspicious transactions using rules and models.
4. Investigations. 
   • Alerts from the above functions are reviewed by analysts and investigators.
   • Suspicious activity reports (SARs) are filed if cases are deemed suspicious, and institutions ensure their investigation teams are well-staffed and trained to respond.

Level 1 Simulations

To enhance decision-making, we shall begin with Level 1 simulations.

AML rules and models are subject to high regulatory scrutiny. Any changes, including parameters, thresholds or sanctions lists, must be vetted against historical data. Enabling inexpensive and fast simulations on historical data is key.

Level 1 simulations are critical when an institution expands to new geographies or participates in mergers and acquisitions that results in onboarding of new customers.

Level 2 Simulations

Whereas Level 1 simulations allow you to vary controllable factors such as rules, thresholds and watch lists, Level 2 simulations allow you to model external factors and assess the impact of perturbing them.

This should also help assess performance of the system in adverse situations and identify and remediate potential failure points. How would this work in each of the key AML domains?

Sanctions

An onboarding system might not accurately capture the customer’s information; the information could be tampered with or accidentally corrupted. A Level 2 simulator should be able to induce trivial or material change to details of a known high-risk entity and allow a user to measure the system’s sensitivity or resilience to these changes.

Can the system stay resilient to trivial changes while remaining sensitive to material changes? A Level 2 simulator should be able to evaluate the impact of semantic changes to a customer’s details, not just lexical changes.

Further, a Level 2 simulator should recommend appropriate changes to screening rules based on the results of such simulations. This could in turn trigger a round of Level 1 simulations to assess the impact of these recommended changes on historical data.

KYC

A Level 2 KYC simulator should be able to simulate potential changes in the risk factors of a customer and estimate the sensitivity of the risk-scoring model to each risk factor.

What if the occupation, source of wealth, date of incorporation, or country of citizenship were to change marginally or significantly? Just as with sanctions, a Level 2 simulator should be able to induce changes that are semantically similar but lexically different.

Is the model sensitive to subtle but important changes in a risk factor while remaining robust to nonmaterial changes? Are there specific combinations of parameters that the model is sensitive to?

Simulations can help synthesize adversarial examples that can expose a model’s vulnerabilities. Retraining rules or models on these synthetic samples could help strengthen KYC procedures.

Transaction Monitoring

Where a Level 1 simulator evaluates each model or scenario in isolation, a Level 2 simulator should be able to evaluate the entire transaction monitoring system (TMS) holistically. This will help reveal the overlaps and redundancies in a TMS.

It should also allow AML compliance teams to evaluate the system for performance against historical patterns derived from SARs; against expected high-risk patterns captured in regulatory red flags; and against novel, high-risk patterns from a highly sophisticated bad actor.

This necessitates the use of AI, including large language models (LLMs), to convert historical SARs to episodes of transactions, convert simple red flag descriptions to transactions, and synthesize adversarial patterns that could evade the TMS. Level 2 simulations also necessitate a flexible, high-fidelity simulator that can accept these transactions and evaluate them against an institution’s TMS.

An example is the “Red Flag Simulator,” a custom generative pretrained transformer (GPT) that I created using OpenAI’s custom GPT feature. It is able to accept any red flag, synthesize transactions consistent with that red flag and then visualize them.

Check out the video or play with this custom GPT here.

Also, consider how a Level 2 simulation might work to synthesize adversarial transactions that evade a TMS.

Using reinforcement learning, we trained an agent to move money while avoiding detection. As a benchmark, we trained a naïve agent that is incentivized to move funds from a source to a destination account while ignoring all the controls in place.

Such a naïve agent would trigger alerts as expected.

However, when we train the agent to evade the rules by appropriately rewarding and penalizing the agent, it can learn to move money without raising an alert.

Such simulations can help synthesize interesting patterns that could go completely undetected by a financial institution’s TMS and allow AML compliance teams to proactively develop controls to mitigate them.

We could also simulate how a bad actor could abuse a new product offered by a financial institution, allowing us to quantify the AML risk associated with the product.

The insights from these simulations can help optimize existing scenarios, recommend new custom scenarios and decommission redundant scenarios. This could even trigger additional rounds of simulations to determine if our decisions have exposed the system to even newer risks. Visualizing these synthetic episodes can help determine whether the simulations have uncovered material risks.

Operations and Investigation

To help with operations and investigations, a Level 2 simulator should allow the user to estimate the impact on case volumes and case backlogs of a seasonal spike in transactional activity.

What would be the impact on case volumes of new product offerings that a new model will monitor?

What if one or more investigators go on an unexpected leave or a new investigator joins the team? What would be the resulting impact on case backlogs? What if the efficiency of an investigator improves through additional training or if the case assignment system is optimized using machine learning?

Simple statistical simulations or discrete-event simulations can be used to answer these questions.

Conclusion

Simulations are an essential tool in the AML practitioner’s tool kit and can drive better decisions, resulting in lower costs and reduced risks. This article outlined some ways in which simulations can drive improvements across all major AML domains in the near term (Level 1 simulations) and in the medium term (Level 2 simulations).

All of the systems that we have considered are interconnected, and simulating each one in isolation is a simplifying assumption.

Furthermore, we have to model the dependencies between each of these systems. A change to a sanctions scoring list can change the risk level of a large segment of customers, which in turn affects the scenarios and thresholds they are subject to, which in turn affects the number of alerts and cases that are generated, etc.

Simulating these complex interdependencies lies at the frontier of what we can do with simulations in AML.