Detecting Anomalous Behavior in Complex Environments

Most bad behavior comes from insecurity

– Debra Winger

On 16^th December 2022, the European Union (EU) announced its latest (10^th so far) round of sanctions that will hit Russia’s military-industrial complex. In addition, the sanctions will affect people and groups attacking Ukrainian civilians or kidnapping children.

European Commission officials said the package would strike a blow to 168 designated entities linked to the arms industry, ensuring that

Chemicals, nerve agents, night-vision and radio navigation equipment, electronics and IT components that could be used by the Russian war machine cannot be freely traded... to avoid circumvention, some Russian-controlled entities based in illegally annexed Crimea or Sevastopol are included in the list.

The above statement entails a considerable effort in identifying, isolating, and assessing the level of risk for multiple entities (created to disguise/cover those in the final list of 168) located in low transparency jurisdictions. This is another step in enforcing an extraordinarily complex sanctions regime, almost coinciding with the first anniversary of the initiation of hostilities between Russia and Ukraine.

Russia’s recent withdrawal from the Strategic Arms Reduction Treaty (START) introduces another element of instability. It adds non-proliferation finance to the list of risks to monitor by Financial Institutions (FI).

However, this is not a new experience. These sanctions measures draw lessons from past instances, e.g., Post 1990 Gulf War resolutions on Iraq, in an age where technology could not even dream of having the levels of sophistication the financial crime industry enjoys now.

Ultimately, the goal still stands: deter, coerce, or correct the behavior that has led to a highly insecure geopolitical situation.

Aside from the worst conflict seen in Europe since the breakout of former Yugoslavia in the 1990s, the Russian invasion of Ukraine has caused an unprecedented energy crisis with soaring prices and inflation across the continent, not to mention the adverse effects on Russia itself.

When many FIs look at budget cuts in traditionally considered non-revenue areas like compliance, the same FIs are required to implement and enforce a sanctions regime, entailing complex screening (subject to frequent reviews), data management, and investigative processes.

Identifying entities and associated actors subject to sanctions involves ingesting and integrating multiple data sets: customer, transactional, screening, and a considerable layer of Open Source Intelligence (OSINT) analysis. Traditionally, this has been done using data from separate platforms and fusing the results into manual finished products. This approach needs to match the cost-cutting landscape mentioned above.

In such a scenario, technology has often become compliance’s worst enemy, with many legacy systems that have driven inefficient processes, duplication of resources, and unsustainable operational models. The reality is that fast-paced geopolitical events, regulatory changes, and low-cost measures can effectively grind compliance work to a halt.

When looking at operational processes, FIs are obsessed with “doing more with less.” While technology on its own cannot offer a comprehensive solution, it certainly can act as a force multiplier to achieve better efficiency levels when facing complex propositions. Smarter and faster AML technology can offer a combination of some of the proposed capabilities below:

• Graph analysis identifies complex legal structures and Ultimate Beneficiary Owners (UBOs)
• Monitoring transactions linked to dual-purpose goods, i.e., radio navigation devices and related transactions
• Sanctions behavior analysis, screening and transactional data, and identifying emerging deviations or anomalies in known patterns
• Isolating new actors against contextual data provided by multiple and often non-traditional data sources; this links directly with the use of OSINT disciplines
• Enabling investigator-centered approaches, where human analysts drive the processes that link entities with transactions and potential bad actors
• Data analysis on platforms that integrate multiple datasets in real-time

When we apply these capabilities to the challenge introduced by the latest EU Sanctions package, strong AML technology can help retrieve, analyze, and integrate different data layers for a fast, efficient response.

Starting with the classic customer records and transactional data, advanced compliance solutions like Lucinity's Actor Intelligence (see screenshot below) can provide a platform where successive layers can be easily added. Solutions such as Lucinity replace multi-tab, large spreadsheets. Rather, information is presented in a graphic display that is conducive to both quick understanding and decision-making.

Lucinity can help AML teams identify potential bad / sanctioned actors hiding under large volumes of transactions and layers of legal entities. The resulting saved time has a direct impact on cost/efficiency balance and reduction.

In addition, the use of user-friendly interfaces maximizes productivity both bringing a good user experience to the analyst/investigator and by bringing critical relevant data into a highly customizable sandbox. Having a good UI also enables analysts to identify the nature of the actor, recent activity, and risks in a matter of seconds (Fig. 2).

• Long-term compounded monitoring frameworks translate into equally complex controls. These need to be sustainable but not through processes or workforce.
• Being compliant with regulatory requirements and expectations, productive, and cost-efficient can only be achieved with a balanced use of technology-driven controls backed by flexible processes.
• Bad actors act within multiple layers of economic, social, political, and media structures; they leave a data footprint that is heavily covered to disguise their activities. Data used by analysts and investigators must reflect that cross-layered nature; it must come from multiple sources so it can be cross-checked and easy to integrate to conform to a contextual picture.
• Efficiency and productivity go hand in hand. There’s a direct correlation between user-friendly, cooperative interfaces and the ability to build a full picture of a customer.
• Technology is a constantly evolving creature. It needs to be flexible, adapt to new situations, and drive process efficiency. Legacy siloed systems only mask suspicious behavior and serve the bad actors’ purpose.