Your web browser is out of date. Update your browser for more security, speed and the best experience on this site.

Update your browser
CapTech Home Page

Blog July 20, 2018

What Machine Learning Means for Financial Institution Risk and Compliance

Although markets have largely recovered from the 2008 financial crisis, significant increases in regulatory burden have affected the profitability of most, if not all, financial institutions (FIs). To cope with these rapidly changing regulations, many organizations have turned to RegTech, or regulatory technology, to help mitigate those problems. One of the most notable of these RegTech solutions is the application of machine learning (ML) to help sort through suspicious transaction alerts and cases.

The non-machine learning approach looks like this:

  1. Compliance staff reviews previously alerted activity for trends and anomalies
  2. They look for emerging suspicious patterns as well opportunities to reduce false positives
  3. Applying their expertise and experience, compliance teams make typically small, incremental adjustments hoping to improve the efficiency of the alerts while staying within the FI's risk tolerance threshold

This approach has multiple weaknesses:

  • The rules are typically at least somewhat arbitrary (e.g. alert all transactions within a certain dollar range)
  • They are reliant on internal expertise and experience and therefore may miss lesser known or new typologies
  • The approach is slow changing with only incremental changes to rules typically spaced months to years apart

The lack of machine learning has resulted in significant volumes of false positives which require at least some level of investigation, with many FIs averaging 90 to 95% false positive rates of their total alerted transactions. With such inefficiencies, even marginal improvements will result in significant savings, both in investigative time and overall compliance spend.

Enter ML

Firms have begun implementing machine learning solutions with most focusing on supervised machine learning algorithms as their starting point. By training supervised algorithms on prior alerted activity, FIs can fine-tune rules to reduce the number of false positives. Instead of relying on cumbersome periodic reviews, this new methodology will allow supervised algorithms to compare current rules and investigatory results to make recommended changes. This process runs continually in the background and as the supervised algorithms run, their uncertainty decreases. The FIs become more confident in their recommendation and the pace of rule refinement can increase accordingly.

For FIs on the cutting edge of RegTech, utilizing unsupervised machine learning algorithms offers even more promise. Unbiased by existing rules, an unsupervised algorithm represents the most effective tool for identifying new patterns and typologies. For example, an unsupervised algorithm may identify a subset of transactions between two specific geographies which were paid in amounts and frequencies of unusual consistencies, even if no pre-existing rule would have alerted this activity.


FIs have already begun seeing success with unsupervised algorithms. After agreeing to pay a record $1.9 billion in fines to multiple US regulators for various AML and KYC deficiencies, HSBC Holdings Plc brought in an AI firm to apply unsupervised machine learning to its transaction monitoring system. The result was a 20% drop in the false positive rate with no increase in false negatives. By applying machine learning, HSBC reduced investigatory waste without increasing risk.

Solution Maturity

To be clear, these ML solutions are not yet fully mature. To reach their full capabilities, further research, testing, and overall progress is still required. It is also important to note that as of now, RegTech is not intended to fully replace all human involvement in the relevant risk and compliance processes. RegTech is ideal for eliminating low-level, repeatable, manual processes.

The significant hurdle to adoption right now is the lack of a sufficiently skilled workforce. Although FIs employ large staffs of both compliance officers and technology professionals, for most, only a small minority of individuals in these groups have expertise in both domains. To obtain and maintain regulator buy-in for RegTech solutions, FIs will need individuals capable of demonstrating to regulators a strong understanding of how their solution functions from both a technical and risk and compliance standpoint.

FIs which implement machine learning in transaction monitoring systems will need individuals who can sufficiently explain to regulators how their machine learning algorithms work, why they alerted certain activity, and how the FI tested and validated its results. As Richard Burgess-Kelly, founder of RegTech recruiting firm Liberam stated, "There's a talent shortage in the network… There's a big shortage [of talent] in artificial intelligence, machine learning and blockchain."

Still, the question is not if these technologies will be instituted, but when. If you're with an organization that's not yet thinking about how to use machine learning within your risk and compliance department then you may already be behind the curve.