How do you find something that doesn’t want to be found? This is the fundamental challenge when it comes to identifying data anomalies, particularly when tracking down instances of financial crime or market abuse. With cyberterrorism on the rise, concerns about global terrorist financing and increasing incidences of illegal trading activity, financial services firms (perhaps more than ever) need to leverage the power of automation to identify and stop issues in real-time.

Money-laundering, in particular, continues to be a topic de-jur, with Aite Group estimating in a recent report that the Global AML Software Market will grow to $1.56 billion by 2019 and year-over-year spend consistently on the rise to meet the need for AML suspicious activity monitoring technology and profile solutions. As banks and financial institutions are held increasingly accountable for addressing financial crime or market abuse, they must overcome the challenge of defining a ‘behavioral anomaly’ in order to then detect it and act on it.

Defining the problem

Merely defining an anomaly is a challenge – what is it, and how can it be programmatically identified can be more difficult than it sounds. This requires significant expertise, human resources and time and cannot be scaled to cover scenarios across larger population domains. In addition, more data and more sophisticated applications bring levels of analytic complexity that are immensely intricate.

To find an anomaly, firms need a technological process capable of ‘learning’, adapting and defining the ever-changing shape of ‘normalcy’ in order to reliably detect an anomaly.  As the research shows, banks are increasingly using automation, or “automation with a human touch,” a term coined in 1988 by Toyota; to monitor for certain conditions and stop activity automatically or based on human intervention in real-time or near real time, when an anomaly is detected.

Technology must be capable of identifying the anomaly in the shape of normalcy and operate under the premise that what you seek does not want to be found.  This will only ever be feasible if it is able to autonomously acquire and integrate data across all structures, combining sources in order to build logical knowledge bases around the behavioral phenomena it identifies.

Suspicious activity reporting and reliable anomaly detection is a huge issue for tier one banks, regional banks and intermediaries alike and surveillance technology is critical to modern security programs. Next-generation surveillance tools can automatically weed out false positives by looking at each data element in relation to what is considered normal. This is extremely powerful when compared with behavioral analysis systems of the past.  Having the ability to detect true anomalies will allow compliance teams to more rapidly resolve issues and shore up controls so that the aberrant behavior does not persist.

Autonomous & Self-Assembling Machine Intelligence

The key to engineering an autonomous process capable of performing such tasks lies in the ability to programmatically define the anatomy of behavior and intent.  A person’s actions, as random as they may appear when viewed individually, may actually be highly predictable when defined within proper behavioral context.  This requires the ability to define the singular relative to its adjoining collective, the individual relative to their surrounding network, i.e. the microscopic relative to layers of macroscopic texture in which it resides.

An overt anomaly has a unique or uncommon relationship with its contextual background.  A covert anomaly’s relationship is too harmonious with its surroundings when viewed in conjunction with the organic ‘noise’ of normal life.  However, real world application quickly demonstrates that anomalies are not binary, and the many shades of behavior cannot be pre-classified.

A pattern, by definition, is an occurrence that can be mathematically represented in fewer numerals than its original form. Using sophisticated compression algorithms, we’re able to find the relationship between pieces of data and then build relationship clusters. One of the greatest challenges facing financial institutions when identifying patterns is false positives. By combining environmental context with behavioral intent and filtering those findings against ‘look-alike’ data, firms can better identify fraudulent activity and minimize false positives.

Active Detection – You know what you are looking for but don’t know how it will happen.

Firms need the ability to generate predefined threat scenarios designed to identify commonly misaligned intent (e.g. money laundering, unauthorized transfers, error cover-up, etc.) without requiring predefined patterns in activity or transactions for successful detection.  This is scaled to cover millions of actions taking place inside an organization, with the capability to analyze each individual transaction as to its wider behavioral context.  Misaligned activity does not come about randomly, yet it most often remains undetected in the complexity, chaos, or apparent randomness of the many events and activities around it.

Passive Treat Detection – You don’t know what to look for, until it’s too late.

New threats or highly compromising incidents usually strike from an entirely unanticipated domain or vantage point.  This requires a different paradigm of anomaly detection.  One that specifically focuses on the assumed presence of an anomaly itself, not its structure or any predefined notions of intent.  In simplified terms, a passive anomaly is either an activity towards which no adequate intent probability can be established, or one which always perfectly intersects with highly common intent.  Additionally, passive detection reliably identifies repeated occurrences of unintended mishaps, waste, inefficiency, liability, or professional incompetence, otherwise undetected.