In the complex world of anti-money laundering, vigilance and proactive measures reign supreme.

For many years, compliance professionals have leaned heavily on rule-based systems to closely monitor the staggering volume of daily transactions.

Historically, these systems were crafted for a more predictable financial landscape. They thrived on setting static parameters to monitor activities, assuming that illicit behaviors would continue to fall within known patterns. This model, effective as a blunt tool for broad application, fails to account for the dynamic nature of financial crime.

Central to many of these systems is Structured Query Language (SQL) — a programming language for storing and processing information in relational databases. It allows financial institutions to look back through past transactions and data, uncovering trends that might indicate money laundering or other illicit activities.

Using SQL for Rule Building

For example, analysts can use SQL to set a rule that says, “If there are five cash transactions between $8,000 and $10,000 in the last 30 days, then trigger an alert.” These If This Then That (IFTTT) style checks are widely used by compliance teams to trigger suspicious activity alerts when predetermined conditions are met.

These detection methods are favored because of their simplicity. By setting a few distinct parameters, compliance teams can establish periodic checks to identify potential red flags in vast swathes of data, setting consistent standards for transaction monitoring across large institutions.

But while consistent, these SQL queries using IFTTT methods of checks are not without limitations. Traditional rule building has major cracks in its foundation; criminals keen on eluding these systems merely have to sidestep the rigid parameters.

The Blind Spots of Traditional Rule Building

Traditional systems might flag transactions between specific thresholds, but what if a criminal breaks down a large transaction into a series of even smaller transactions that are well below monitoring parameters? How low can you go? Or consider the timing windows set by these rules; by merely spacing out transactions, criminals could move money without raising any alarms.

Crimes like structuring — splitting large transactions into smaller amounts to skirt regulations — are easy targets. But even micro-structuring is susceptible to smaller and smaller transaction amounts. To adhere to the Bank Secrecy Act’s stringent reporting norms and shield themselves from money laundering, institutions need a multifaceted anti-money laundering strategy that can detect various patterns and amounts.

Tactics criminals currently use to break these rules involve spacing out the timing of transactions, changing transaction amounts, and other tactics.

Spacing Out Timing of Transactions

While many compliance teams set fixed daily, weekly, or monthly lookback review intervals, this approach has a glaring weak spot. Crafty criminals can exploit gaps in rigid rules, transacting outside of these intervals to avoid detection.

For example, if a system is set to flag an alert for at least two suspicious transactions within a 14-day window, a smart perpetrator would act on day one and wait until day 15 for their next move.

Such blind spots underscore the need for more adaptive systems. Monitoring only at set intervals is like checking for rain at predetermined hours. The world of finance is fluid, and our protective measures should mirror this dynamism.

Systems must break free from the confines of these fixed time intervals and evolve into continuous, vigilant systems that proactively analyze patterns without being bounded by a specific slice of time.

Transaction Amount Tactics

Basic SQL rules often flag transactions based on easily-recognizable numerical patterns divisible by $250, $500, or $1,000 with no remainder. Transaction amounts that are divisible by these common amounts are often referred to as “round”.

Criminals, noting these defined patterns, can slightly tweak their transaction values to avoid any flags. Instead of an amount divisible by a neat $1,000, they might conduct transactions for $100,007.00 or $9,875.03, effectively sidestepping basic detection methods.

Other Tactics

Illicit actors often employ subtle strategies involving the distribution of funds through different locations and accounts. These include:

• Using multiple bank branches, further trying to confuse banking systems or tip-off tellers at the same locations.
• Spread transactions across multiple bank accounts in hopes that automated monitoring systems won’t be able to link the activity back to the same entity.

Going Beyond SQL and IFFT Style Detection

While such patterns provide a foundational framework for many compliance operations, this predictability is a double-edged sword. It’s worth noting that diligent analysts often catch these nuanced attempts that automated systems miss and will include such tactics in their SARs. But, the analysts must first be alerted to the broader activity. Otherwise, they might never have the opportunity to find the nuanced activity.

Future-proofing relies on enabling nuanced, comprehensive, and layered compliance strategies. Systems should holistically assess all user activities, catering to subtle variations in timing, locations, amounts, and other factors analysts consider.

Predictability can’t be the sole strategy. Granularity is no longer a luxury; it’s necessary to effectively find the bad actors. As criminals’ methods grow more sophisticated, so must the tools designed to catch them.

How to Build Detection Systems of the Future

A generic solution won’t cut it. The design of any monitoring system should be able to be tailored, considering an institution’s unique risk profile, the services it offers, its operational geography, and its clientele. Solutions must be malleable to the imagination and insight of their users, allowing analysts to quickly build any monitoring method needed to keep their customers and businesses safe.

Discover how tools like Sandbar can simplify your AML processes and streamline compliance workflows by contacting us here.