Banks are investing heavily in artificial intelligence for risk reduction, namely fraud detection, compliance and cybersecurity. In machine learning terms, these are applications of anomaly detection techniques.

We will look at how three banks — HSBC, JPMorgan and Danske Bank use AI to combat fraud, comply with anti-money laundering (AML) regulation, and shield against cyber threats. We then look at specific machine learning techniques used for anomaly detection. Finally, we consider key takeaways for banking executives tasked with implementing AI-based risk reduction tools.

Banks Prioritize Risk Reduction

Chatbots and customer-facing AI projects receive plenty of hype. Banks frequently publish press releases trumpeting their latest and greatest chatbots. However, press releases are brand building exercises and don’t necessarily indicate actual AI investment or development.

Banks’ crucial AI investments in anomaly detection receive little publicity, even if this is where the money is going. Research suggests that of the $3 billion raised by AI vendors in the banking space, over 50% was raised by vendors specializing in fraud, cybersecurity, compliance and risk management.

Prioritizing AI for risk reduction makes sense for three reasons. First, failing to detect fraud and money laundering is costly. In 2019, US and UK regulators handed out fines totaling $8.14 billion for anti-money laundering violations.

Second, good risk detection systems put banking customers at ease and improve the bank’s reputation. Customers are more likely to use banks with a track record of preventing cyber attacks, for instance.

Third, banks will realize significant time & cost savings by using AI to automate certain compliance, fraud detection and cybersecurity activities. Today, this requires significant human effort and current rules-based anomaly detection systems leave much to be desired (more on this later).

While banks have in-house data science teams and don’t always publicize internal AI initiatives, they also work with third-party AI vendors to develop tailored anomaly detection solutions. We can look at how banks work with these vendors to understand how they are using AI to combat risk.

Compliance: HSBC Combats Money Laundering using AI

HSBC has partnered with Ayasdi, a machine learning software company, to develop an AI-powered anti-money laundering (AML) solution.

The software was collaboratively developed by HSBC’s internal IT team and Ayasdi’s data scientists to identify patterns in historical data that suggest money laundering. When fed current payment data, it can identify fraudulent patterns and alert staff to block these payments. The software analyzes the source and destination of payments, among other factors, to identify deviations from normal behavior.

HSBC’s IT staff helped Ayasdi understand internal AML data and HSBC’s modeling team helped Ayasdi create accurate customer behavior models. This collaboration meant that HSBC could easily use and integrate Ayasdi’s models to their own business practices, thereby overcoming a common challenge of plugging in a vendor product.

Traditional rules-based detection systems often produce false positive alerts where innocent transactions are mistakenly flagged as suspicious. Investigating these alerts is time intensive for staff. Ayasdi claims that their software has helped HSBC reduce false positive investigations by 20% without relaxing compliance standards.

Cybersecurity: JPMorgan Chase Develops Early Warning System for Phishing and Malware

Researchers at JPMorgan Chase have used deep learning and other AI techniques to develop an “early warning” system that detects malware, Trojans and phishing campaigns. This detection system allegedly identifies suspicious behavior long before phishing emails are actually sent to employees.

Deep learning techniques for anomaly detection can learn what constitutes normal behavior and identify abnormal activity that hasn’t been seen before. The researchers say that it takes normally around 101 days for a Trojan to compromise company networks. An early detection system would provide ample warning before the actual attack takes place.

The system can reportedly identify mass phishing campaigns created through domain generation algorithms. It can also identify malicious URLs by comparing them with known suspicious traffic patterns, jumbled URLs and spelling mistakes characteristic of phishing campaigns.

While the system was trained using public datasets of phishing URLs, the researchers claim in a paper that its deep learning algorithms enable it to detect threats better than traditional security systems. It can also alert the bank’s cybersecurity team as hackers prepare to send phishing emails to employees with malware to infect the network.

Fraud Detection: Danske Bank Uses Deep Learning to Combat Fraud

Danske Bank, Denmark’s largest bank, partnered with analytics firm Teradata to implement a deep learning-based fraud detection system.

According to a case study by Teradata, Danske Bank’s old rules-based fraud detection system only had a 40% success rate and generated 1,200 false positives per day. What’s more, 99.5% of suspicious cases the bank investigated turned out to be not fraudulent. These dead-end investigations require time and resources that could have been used to combat actual fraud.

Danske Bank worked with Teradata to implement a deep learning tool that increased fraud detection capability by 50% and reduced false positives by 60%. The system also automated many decisions while routing some cases to human analysts for further inspection.

The case study mentions that the system uses a ‘champion/challenger’ methodology to detect anomalies. Each model (challenger) learns transaction characteristics indicative of fraud and is fed additional data such as customer location to improve accuracy. When a model beats other models, it becomes the ‘champion’ and helps train other models. This process of improvement likely repeats.

Machine Learning Techniques used for Anomaly Detection

Banks and their preferred vendors rarely advertise the specific machine learning techniques behind their anomaly detection tools. However, we can infer that they use some combination of the techniques below. This is not meant to be an exhaustive analysis, but a general overview of some relevant techniques.

Classification

Classification algorithms label records as belonging to certain categories. When applied to anomaly detection, algorithms can label a transaction as ‘suspicious’ or ‘legitimate,’ for instance.

K-Nearest Neighbor (KNN) is a popular classification technique for anomaly detection. It classifies transaction records using the most similar record in its dataset (i.e. the nearest neighbor). If the new transaction shares traits with a previously known suspicious transaction, it is also classified as suspicious. Similarity is determined by the distance between two data points on a graph, with similar records being closer together.

KNN is easy to implement and performs well when given ample training data. However, it becomes slower and computationally intensive as more data is introduced. This drawback makes using KNN alone impractical for rapid classification, such as needing to detect fraud among thousands of incoming transactions. Banks may therefore combine KNN with other algorithms.

Logistic regression is another popular classification technique. It is a binary classifier that labels an observation as belonging to one of two groups with a certain probability (e.g. fraud/legitimate). It could be used to detect suspicious network traffic and malware, for example.

Clustering

Clustering techniques group records into ‘clusters’ so that records in a cluster are more similar to each other than to records in other clusters. k-Means is a popular clustering technique that clusters records into ‘k’ number of groups. Records that fall outside these groups are marked as suspicious.

Other clustering techniques for anomaly detection include DBSCAN and Gaussian Mixture Models.

Clustering techniques are especially powerful because they are unsupervised learning methods. Unlike classification techniques, where humans must label training data as belonging to one category or another, clustering techniques automatically group data points based on similarity. This allows clustering algorithms to identify relationships that human analysts may not see.

Neural Networks

Neural networks try to mimic the human brain’s approach to classifying objects and detecting patterns. When used for anomaly detection, neural networks can classify financial transactions or network traffic patterns as ‘normal’ or ‘suspicious’.

The basic structure of a neural network contains an input layer, one or more processing layers, and an output layer. Deep Learning refers to neural networks with many processing layers since more layers enable more complex problem solving.

Autoencoders are a type of artificial neural network. They take input data, deconstruct it, learn the key dimensions that make up the data, and then reconstruct it using this simplified understanding.

When fed regular (non-fraudulent) transaction data, autoencoders accurately reconstruct the initial transaction data since it understands the structure and components of regular transactions. When fed irregular (fraudulent) transactions, the reconstruction will be flawed, which alerts analysts to investigate the suspicious transactions.

Other neural network and deep learning techniques such as Convolutional Neural Networks could also be used for fraud detection.

Decision Trees

Decision trees use a sequence of IF-ELSE statements to classify a record or predict an outcome.

Of the many decision tree techniques, we will look at Isolation Forests and the XGBoost tree algorithm for anomaly detection.

Isolation forests are similar to random forests, which build many decision trees and take the classification that appears most often in individual trees. Isolation forests, however, are constructed using an ensemble of binary decision trees to identify anomalies instead of profiling regular observations. They can handle large datasets with many variables, making them useful for identifying anomalies in financial transactions.

XGBoost is a powerful decision tree technique designed for speed, efficiency and performance. It allows for parallel tree construction using all CPU cores while optimizing hardware usage. It also handles missing values, avoids overfitting, and reduces tree length without sacrificing classification ability.

The end result is strong predictive power coupled with very relatively low training time, making XGBoost a good choice for detecting fraud or anomalies in very large transaction datasets.

Machine Learning Libraries

Luminol is a Python library used for time series analysis. It looks for anomaly causes, determines a time window in which an anomaly occurs, and tracks anomalies over time. This makes it useful for analyzing flows of transaction and network data, for instance.

The Apache Spark machine learning library (MLlib) contains algorithms that can be used for anomaly detection such as decision tree and clustering algorithms. Spark works well with large datasets and can be used in Scala, Java, Python and R, making it a popular choice in large companies.

Takeaways for Banking Executives

Banks cannot take shortcuts with fraud detection, compliance and cybersecurity. The penalties for failing to detect launder money are high and the reputational loss from getting hacked is significant.

With bad actors using increasingly sophisticated techniques, major banks are adopting AI to increase their anomaly detection capabilities. The goal is to achieve high accuracy while minimizing manual intervention. Human effort can then be deployed to more profitable or non-routine activities.

Build or Buy?

Should banks build their own AI tools or buy a platform from a vendor? While building internally requires time and dedicated data science talent, the final product is tailored to the bank’s needs. Buying from a vendor can be faster and cheaper, but the product may not be fully compatible with the bank’s processes and data. Creating new processes and mapping data to fit the system is also effort intensive.

A hybrid approach makes more sense. Banks can work with vendors to build customized solutions, like HSBC did with Ayasdi in the example above. This will speed up implementation while still creating a product tailored to the bank’s needs. Eventually, a bank may choose to develop a product internally using their own data scientists, developers and research teams.

Whichever path banks choose, they have every reason to invest in AI to better deal with compliance, fraud and cyber risks.