Want more Insights from SAS? Subscribe to our Insights newsletter. Or check back often to get more insights on the topics you care about, including analytics, big data, data management, marketing, and risk & fraud.
Is it case management or alert management?
Understanding the differences in AML and payments fraud
By Dan Barta, Sr. Financial Crimes Solutions Specialist, SAS Security Intelligence
Financial crimes span a broad array of functions – from anti-money laundering (AML) to payments fraud – presenting financial institutions with a multitude of challenges. Both AML and payments fraud have a need for and utilize case management and alert management solution capabilities. Both functional areas generate alerts, and each handles them in different ways.
In the financial services industry, ‘case management’ and ‘alert management’ can have multiple meanings, depending on the functional area where the terms are applied. Both AML and payments fraud utilize the terms and functionality associated with case management. Due to the generic use of the terms, it’s paramount that fraud professionals, vendor representatives and others come to a common understanding of the two terms in their conversations.
The two functions – case management and alert management – have very distinct purposes and functional needs.
The distinction in AML
For AML, the transaction monitoring systems will periodically generate alerts to identify unusual customer activity. Many organizations will aggregate or combine the generated alerts by customer to assist in the triage and review process. Organizations typically apply some prioritization process to generated alerts, which may be manually performed by the operations team or automatically through some rules-based logic in the system. Once alerts have been combined and prioritized for assignment, different operational philosophies come into play.
Some organizations assign the alerts to an analyst to review and conduct a preliminary review. If a deeper review is required, they escalate an alert to a case and assign it to an investigator. Other organizations skip the analyst level and escalate all combined alerts into cases and assign them to investigators. This is where the distinction of case management and alert management can be applied in AML.
The primary purpose of AML investigations is to determine the potential existence of money laundering to meet compliance regulations and determine the need for filing a suspicious activity report, or SAR. In some cases, AML investigations lead to account and relationship closures for cause.
AML is different from fraud detection and prevention as AML transaction monitoring (not pertaining to Sanctions) programs do not typically require a need to authorize transactions or take actions to protect the bank from loss – allowing the intervention, escalation and actions to be handled in less time-critical periods (not real time.)
Payments fraud alert management
Truly executing enterprise financial crime management through a single solution is not current reality. Instead, most financial institutions operate multiple solutions to address individual payments fraud risks presented by various transaction methods – from check writing to ACH to online banking.
Based upon risk characteristics, each solution generates alerts on customer accounts on a daily or other periodic basis. To maximize efficiency and minimize customer frustration, banks prefer to combine all alerts on a particular account or customer. This allows for a more comprehensive understanding of fraud risk and allows a single analyst to work the alerts and be the single point-of-contact with the customer in resolving the issue.
At the time of alert generation, banks haven’t confirmed whether the alerts are actually fraudulent activities or false positives. A significant function of the payments fraud detection/prevention department is determining the need to take an action to protect the financial institution and/or the customer from loss. These actions include returning a check unpaid, placing holds on deposited funds, or closing accounts to name just a few. This requires that each alert, although combined with others and assigned to an analyst, needs to provide for a separate and unique disposition. Some alerts may need actions taken while other alerts in the bundle may be allowed to proceed through the payment process. In many banks, these actions must be managed by the fraud team – potentially reversing the action if it is determined the transaction is authorized. The process of determining whether the financial activity is fraudulent, prevention actions are needed, and the subsequent management of these actions is commonly referred to as alert management and a critical capability for any solution generating and managing alerts.
The management and disposition of these alerts are critical pieces of information to payments fraud management, as the disposition information is used to optimize the core monitoring solutions.
The two functions – case management and alert management – have very distinct purposes and functional needs. It’s critical for fraud and AML professionals in financial institutions to know which functionality they need or want. The differentiation is critical to selecting the proper vendor and solution to meet the needs and requirements of your bank.
SAS provides both functionalities within its solution sets. Vendors and banks needs to have a detailed understanding and agreement as to the meaning of each to avoid confusion, poor customer expectations, and to ultimately match the best solution to the challenge being addressed by your financial institution.
For more than 30 years, Dan Barta has held numerous roles in the fraud and financial crimes arena, including Special Agent with the FBI focused on bank fraud investigations, fraud consulting, fraud operations and strategy at a large US financial institution, as well as software delivery manager, consultant and product manager with software vendors in the payments fraud area.