Addressing the false positive problem
By Jonny Bell, director of financial crime compliance and payments, LexisNexis Risk Solutions
False positive alerts rank as one the top three issues for institutions conducting know your customer (KYC) and screening checks, according to a recent digital payment fraud report on high-growth markets that included South Africa. False positive alerts occur when an anti-money laundering (AML) screening solution flags a legitimate customer as suspicious, either during customer onboarding or throughout the transaction life cycle. Such events are time-consuming to investigate, a drain on productivity and impact compliance operational efficiency.
With billions upon billions of transactions occurring daily, organisations need to mitigate the impact of false positive alerts on their business in a way that is beneficial and not disruptive. This is important because systemic changes mean the volume of such alerts is unlikely to reduce in the medium-term. Those changes include unprecedented updates to sanctions regimes resulting from the war in Ukraine along with a recent accelerated shift to digital transactions. AML and compliance teams are struggling to do more with less.
Some businesses are responding to these challenges by increasing investment in human capital. The total projected cost of financial crime compliance in South Africa increased by 65% between 2019 and 2021, from $2.3 billion to $3.8 billion. This is not a sustainable approach given the unrelenting increase in alerts and current economic pressures. Worldwide, the rising cost of financial crime compliance is currently estimated at $274.1 billion, up from $180.9 billion in pre-pandemic 2019.
A significant portion of these costs is driven by investment in human capital. However, hiring more staff does not solve the foundational problem of too many false positives.
Meeting the challenge
Companies should also review their legacy technology. Traditional systems that rely on fuzzy matching and rules-based screening are struggling to keep pace with the complexity of sanctions and countless changes to watchlists. These systems are difficult to scale as a business grows and the volume of false positive alerts they create require manual review, which involves cost and ties up an organisation’s human capital.
Businesses must also look at the quality of the data they hold. Gaps and inaccuracies in data can compromise screening effectiveness. This can lead to an overload of false positives while potentially missing a false negative. Legacy systems and siloed business functions make gathering accurate, up-to-date customer data more difficult.
High volumes of false positive rates can also stem from a cautious approach to risk management. Due to the increasing fines for AML non-compliance in recent years, amounting to almost $5 billion in 2022, organisations are incentivised to invest proportionally smaller amounts to investigate additional false positives. This is certainly preferable to risking fines and potential reputational damage for missed sanctions or gaps in compliance.
It’s misguided to suggest false positives are simply the cost of doing business. An article in ACAMS Today sums it up best: “High false positive rates are not an indicator of extremely cautious screening: they are a warning signal of poor technology and potentially greater risks.”
Taking the view that high levels of false positive alerts represent good risk management is simplistic. They merely reflect an inability to tackle underlying issues with core systems within an organisation. How can firms meet the challenge head on?
The use of entity resolution
The blunt approach of legacy systems creates too many false positives, so firms should deploy entity resolution tools to look at the relevance scores for alerts. Shifting from viewing alerts through the prism of quantity to one of quality can ensure that relevance and match precision are the focus for organisations’ efforts to authenticate clients. Entity resolution involves using advanced analytics and precise entity linking to match data points and determine the likelihood that two records represent the same real-world client, company or entity. It quickly cuts through the noise to reliably identify matches and exposes hidden risk.
Entity resolution that incorporates risk scoring – ranking matches by severity and likelihood of a match – takes screening even further. Incorporating risk scoring involves a quantitative assessment of customer risk based on the strength of the match between a client’s account and a watch list entity. Priority status is then given to alerts that represent the greatest likelihood of being accurate. Human resources to investigate such alerts are then intelligently deployed on those which may pose the most significant risk.
Technology and data: A powerful duo
Entity resolution’s strengths stem from its ability to mine structured data, such as sanctions lists, and unstructured data, including news stories. It then provides accurate, high-quality insights for know your customer (KYC) and anti-money laundering (AML) compliance requirements. That’s especially important when data from global risk sources must be continuously updated to incorporate new sanctions, a changing population of politically exposed persons (PEPs), beneficial owners and changes to other entity lists.
This combination of technological approaches to structured and unstructured data must also be mirrored in how organisations evaluate the quality of their own input data at the very front of their compliance processes. Conducting an internal data quality assessment is a critical first step to ensure that systems do not fall victim to the “garbage in/garbage out” problem.
South African-based businesses that modernise their screening systems to deploy the latest technology and high-quality, dynamic global data sources will be rewarded with a solution to their false-positive problem: greater match precision and prioritised risk ranking.
Given recent developments regarding South Africa’s Financial Action Task Force (FATF) status, the need for forward-thinking approaches to screening and authentication is clear. Entity resolution can help South African organisations achieve the seemingly once-elusive goal of harmony between increased compliance posture
 LexisNexis Risk Solutions: The True Cost of Financial Crime Compliance in South Africa (infographic, 2022
 LexisNexis Risk Solutions research