Consultancy of the year: KPMG

OpRisk Awards 2020: Firm’s machine learning-based sanctions tool helps HSBC cut false positives by 80%

Robert Dean
Robert Dean, KPMG
Photo: KPMG

OpRisk Awards 2020: Firm’s machine learning-based sanctions tool helps HSBC cut false positives by 80%

In 2016, HSBC had a problem. The bank had been fine-tuning the systems is used to flag up cross-border payments that could break international sanctions rules, but about 95% of the transactions its software signalled as problematic turned out to be false alarms once they were manually checked by a bank employee. The UK-headquartered giant was having to hire ever more staff to screen its payments, and costs were mounting.

It’s a predicament familiar to many banks, which for the past two decades have had to check that cross-border payments do not break rules that prevent money being channelled into the hands of corrupt business leaders, politicians or into countries such as Iran or North Korea.

But for HSBC, the risk of getting it wrong was more acute. At the time, the lender was still under a five-year Deferred Prosecution Agreement imposed by the US Department of Justice in December 2012 for unrelated money laundering offences involving Mexican drug cartels, which had already cost it $1.9 billion in redress to US authorities, and an unquantifiable amount in reputational damage.

Finding sanctions breaches can be like looking for a needle in a haystack, with millions of cross-border payments made each day, but only a tiny fraction breaking the rules. Most banks, like HSBC, have traditionally relied on basic software that flag up potentially problematic payments, which are then manually checked by two bank employees.

As Robert Dean, UK head of financial crime technology and forensic data analytics at KPMG, explains, this process can be slow, expensive and produce a high number of false alarms.

“If you look back at the last 10 years and all the sanctions fines, most of the banks have responded by simply turning up protection, throwing more people at it and creating huge shared service centres full of people trying to clear some of the sanctions alerts they have been generating,” he says.

HSBC was ready to try a different approach. KPMG worked with the bank to improve its screening technology, developing a machine learning tool to trawl through years’ worth of HSBC’s sanctions data to create an algorithm that would better understand what transactions were likely to break the rules. As the algorithm was self-learning, it would keep on improving as the months went by and more data was processed.

The tool classifies 99.9% of alerts correctly, compared with 95% for the human reviewers doing an initial first-pass screening

“It was all created from scratch – there was nothing on the market we could lift and shift straight away. So it was bespoke to HSBC,” says Dean.

His team got the nod from the bank, and after nine months of development, HSBC was able to trial the new sanctions alert classifier system across payment types and in all jurisdictions in 2018, and began realising cost savings in 2019.

The results were transformative. The tool eliminated 80% of the false alarms flagged by the bank’s old sanction-screening software, dramatically reducing the workload for human reviewers. As a result, the bank was able to reduce by a quarter the amount of money it spent on monitoring sanctions and allow transactions to proceed more rapidly, cutting review time from around a minute to less than 30 seconds.

It has also proved to be more accurate than the human reviewers. The tool classifies 99.9% of alerts correctly, compared with 95% for the human reviewers doing an initial first-pass screening.

KPMG is currently trialling the product with a number of other clients. It also intends to roll out the technology to other financial crime sectors, such as name screening and transaction monitoring.

One tricky aspect of developing the new technology was making sure it met the requirements of regulators across the globe. A constant complaint from global banks is that compliance with sanctions rules is enforced by a patchwork of regulators in different jurisdictions, each with overlapping and sometimes conflicting expectations, and the costs of getting it wrong often seem arbitrary and political.

The KPMG team used open-source code, so auditors and regulators could interrogate results and understand why transactions were classified one way or the other. This has been crucial for maintaining trust, and a number of regulators, including in the UK, US and Hong Kong, have reviewed the tool with no objections raised against the new technology.

The coronavirus pandemic has thrown up one unexpected challenge for the sanctions alert classifier. As economies across the globe locked down, cross-border payments have fallen, so the tool has less new data from which to learn.

“Volumes coming down has been a challenge, as the more data we get, the better”, says Dean, who is confident this short-term blip will not affect the long-term efficacy of the tool.

Update, June 30, 2020: A previous version of this article stated HSBC had halved its spending on sanctions monitoring after implementing KPMG’s solution. In fact, the 50% cost saving refers to the bank’s prior spend on human reviewers; the overall cost saving for the bank on its sanctions monitoring spend was 25%.

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here