5 Takeaways from The Wolfsberg Statement on Monitoring for Suspicious Activity, Part II

Wolfsberg Statement Takeaways

The Wolfsberg Group recently published its Statement on Effective Monitoring for Suspicious Activity, Part II. Building on their first paper's recommendation to move from transaction-focused rules to activity-focused detection, this second paper provides a practical transition framework built around three key areas: 

  1. Transition and validation
  2. Model risk balanced with financial crime risk
  3. Explainability to demonstrate transparency in coverage and effectiveness 

1. The end of the "drag net" approach 

The second paper reinforces the message from part one, which is that while sophisticated MSA systems might miss activity the old system flagged as suspicious, they will provide better quality leads to law enforcement and discover new risks the old system couldn't find.  

This represents a fundamental shift away from what Wolfsberg calls the "drag net" approach — casting the widest possible net to catch everything, resulting in thousands of low quality, barely suspicious reports that overwhelm law enforcement and provide little investigative value. 

The transition to mature MSA systems begins with acknowledging that legacy approaches are nearing the limits of their efficacy. In some cases, the old system flagged activity as suspicious simply because it didn't have enough information. With more data sources (customer behavior, account history, etc.), mature MSA systems realize those activities are actually normal and explainable. 

Banks must be prepared to articulate this change to supervisory authorities: quality matters more than quantity, and mature detection programs move away from the "catch everything" mentality that produces reports with little investigative value. 

2. Contextual and nuanced detection 

The alerts produced by advanced MSA programs are more complex in nature, usually a combination of a number of factors and trends. Unlike traditional alerts generated when activities breach simple thresholds, AI-generated alerts are triggered by multiple complex factors working together, not just one simple rule. This puts a renewed focus on investigative skills and opens the door to use of Large Language Models (LLMs) to help investigators understand more contextual and nuanced detection. 

3. Model risk vs financial crime risk 

A critical barrier to innovation is how regulators and banks treat financial crime models the same way they treat models for financial risk. This "one-size-fits-all" approach is inappropriate and can lead to poorer outcomes because institutions can't keep pace with the latest financial crime priorities, trends and typologies. 

Criminal methods change fast, so banks need to quickly add detection for new typologies and remove detection for outdated ones. The formal processes for managing AI model risks often slow down banks' ability to innovate their detection systems. And since new techniques develop fast, these rigid validation processes make banks less effective at catching crime. 

It's counterproductive to spend too much time validating aging models to deliver minor incremental improvements. That effort would be better spent improving how new AI models identify risks and training them faster.  Financial crime models should have different, more flexible model risk management approaches that allow the "trial and error" culture needed for effective crime detection. 

4. Hybrid approach to MSA 

The Group endorses the use of supervised and unsupervised techniques as a hybrid approach to MSA. Still, the paper acknowledges that simple rule-based systems continue to work well for clear-cut risks and regulatory requirements that can be automated. This reflects a sophisticated understanding of different detection methods' strengths. 

  • Rules-based systems: Effective for well-defined risks and certain reporting requirements
  • Supervised AI: Works well when you have clear historical cases showing what is/isn't suspicious, emphasizing the importance of high-quality training data
  • Unsupervised AI: Essential for discovering new, unknown criminal methods and emerging crime patterns 

The recommendation is to use all three approaches together, leveraging each one’s strengths to ensure comprehensive risk coverage. 

5. Visual explainability 

As detection systems become more sophisticated, the need to explain them clearly is both important and challenging. Traditional rule-based alerts tend to be easier to explain, whereas AI alerts often require explanation of how multiple variables combined to create suspicion. The Group highlights the need for visual aids to help investigators understand the combination of attributes and behaviors that contributed to a model flagging activities as suspicious. The paper suggests visual tools (charts, graphs, dashboards) to help analysts see how different activities combine to create suspicion. When analysts get AI-generated alerts, they need to understand not just what the AI is telling them, but why it's telling them that, so they can investigate effectively. 

 

Hawk’s  technology for monitoring of suspicious activity 

Hawk’s technology features customer risk rating, entity risk detection, transaction monitoring, payment screening, customer screening, and transaction fraud prevention capabilities. Our holistic platform empowers banks to detect and respond to risk in transaction and customer data. It complements banks’ risk-based approaches, helping them better comply with regulations and mitigate genuine money laundering risk.  

To learn more, request a demo of the Hawk MSA platform here

Share this page