Wednesday, May 13, 2009

AML with Event processing and Rule Engine

I have to build a demo and a presentation (co -presented) for IBM WebSphere Impact 09 on how business rules and business event work together in the context of Anti Money Laundering. James Taylor did a good summary on his blog.
I promised some time ago on this blog to go through a complete example of executing ABRD on a project. So lets take this demo as a main example. Lets start with this first blog on a short description of AML and its high level process.

AML business context:

Money Laundering is the act of hiding illegally earned money from police and tax authority by making illicit funds appear as initiated from legal business. The Money laundering is a three step process. The first step, called ‘placement’, is done by depositing illicit funds in a business bank account. If one makes a cash deposit above 10000$ the bank is required to report the transaction to the government. The next step is called ‘layering’, wherein funds are moved from bank to bank and consolidated. The last step is the ‘integration’, where the funds are reintroduced to the financial system as ‘clean money’.

The first defense against money laundering is the requirement on financial intermediaries to know their customers— often termed KYC (Know Your Customer). Knowing his customers, financial intermediary will often be able to identify unusual or suspicious behaviors, including false identities, unusual transactions, changing behavior, or other indicators of laundering.
Placement rules should be able to detect deposit structuring by one or more individuals at various bank locations within a day or over time; notably this can also include ATMs. Large wire remittance customers, such as Money Service Business, will deposit cash more often and in greater volumes than typical customers.

Rules to detect large cash placements, using various methods and locations, in a single day, week, or month, would therefore be well-suited for monitoring.

Layering rules should identify bogus loans to offshore entities which never repaid the funds or the loan paid off in cash.

Current auditing happens manually where the auditor examines data output from legacy application and search for cash transactions over a period of time. The goal is to migrate to a continuous monitoring with software component which will alert auditors for suspicious activities. Banks need to be aware of all of the financial transactions that make up a ML. The critical knowledge to manage is the associations between such transactions.


The first step of a business process modeling approach is to work on the business process.

The high level process can be seen with 4 steps:

  • Detect fraud pattern
  • Analyze pattern
  • Investigate customer
  • Report on fraud


The detection of ML pattern is looking to different sources of information like the transactions, the customer accounts, the loan servicing applications, and looking at pattern of behaviors leading to potential Money Laundering. The detection of pattern is done with a time window constraint. A person making cash deposit on a yearly or monthly basis may not be a ML. A person doing cash deposit regularly without business motivation may be a fraudulent. The analysis is a sub process which aims to look at the potential fraudulent customer and search for historical information or customer data points already gathered by the system. Investigation is, as of today, a human activity performed once the system is reporting a risky customer. The investigation is to complete gathering information on the customer. Reporting Money Laundering to authority after the investigation is completed and positive.

From this process we will evaluate how to deploy event processing engine and rule engine for the pattern detection, analysis and investigation, in some next posts.

1 comment:

Anonymous said...
This comment has been removed by a blog administrator.