...
The Actio Financial Crime Risk Management Solution is designed to provide scalable and extensible financial crime risk monitoring and management functionality as a service to connected client systems.
Channels can be implemented to allow for:
Resource optimisation - more expensive resources to be allocated for higher priority tasks, and low cost resources for typologies that can be deferred for a few hours or
Rules simplification - for groupings of typologies such as interdicting typologies (typologies requiring an urgent Go/No Go decision)
Drawio | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Figure 1: Actio Financial Crime Risk Management Solution - Generic Service Pattern
Figure 1 illustrates the high-level end-to-end system flow for the evaluation of data for financial crime risk and management purposes. The fundamental conceptual flow is laid out in the first row (1), and the flow for the transaction monitoring service is laid out in the second row (2). In broad and generic terms:
An authorised client system will submit data to the Actio platform for review using an appropriate Actio service the Actio Transaction Monitoring Service (TMS) API and specifying the correct RESTful method (1a)
After authenticating the request, and on On receipt of the data via the appropriate secure endpoint, the Actio API will validate the incoming data to ensure it meets the minimum criteria defined for the service request (1a)
After validation and acceptance of the incoming data, the data passes through a number of data processors data preparation flow within NiFi (1b) to prepare the data for processing by:
Predominantly enriching (Optional) Enriching the incoming data with additional data from internal and/or external data sources Also transforming that support the requirements for rule processing
(Optional) Transforming the incoming data with generic routines that can be executed once up-front but utilised multiple times down-stream
Pseudonymisation of selected Personally Identifiable Information (PII)
Disambiguation of customer entities through an entity resolution process
Transformation of the incoming messages into a network of transactions, accounts and account-holders, captured in a graph database
Persistence of the enriched, pseudonymised and disambiguated messages to the transaction history database to facilitate historical data queries in support of rule execution
Once data preparation is complete, messages will be passed to a data router (1c) that will split the data among a number of function-specific evaluation the channel router and setup processor (CRSP) (1c). The CRSP will interrogate the message and determine its type and from there, determine which rules and typologies to invoke to evaluate the transaction message. The CRSP will pass the transaction message to all require rules, across any number of configured channels.
Each channel will contain a number of rule processors encapsulated in the logical channel to match the function-specific objectives of each channel. The incoming data will be routed to the relevant rule processor and through the combined effect of the rule processing (1d), the data rule results will be aggregated and evaluated against financial crime risk metrics within a typology processor. (1d)The nett effect of the evaluations (1e) If optional interdiction has been enabled and a typology alert is triggered, the output can be forwarded through an egress API to workflow services or a case management system, as determined by an implementer, for the transaction to be interdicted (blocked) and investigated.
The net effect of the evaluation of the typologies within the various channels must be determined by aggregating the channel results into a summarised result within the Channel Aggregation and Decisioning Processor (CADProc). The various channel results are then passed on for the final consolidation within the Transaction Aggregation and Decisioning processor (TADProc) where an over-arching and summarised result related to is calculated for the incoming data as a wholetransaction. (1e)
Any actions that are to be taken based on the results of the evaluations, must then be triggered by the platform. (1f)can be output to a case management system workflow or egress API for processing, and the results stored with the original transaction. (1f). In the case of the Channel Aggregator and Decisioning Processor this can also be configured to provide a go / no go decision for a transaction in a specific channel.
Transaction Monitoring for Financial Crime Risk
The Actio platform MVP will be is focused on providing a Transaction Monitoring Service for a Hub an instant payment switch Operator such as the open source software platform, Mojaloop.
In figure 1, this service (2) encompasses the components 2a through 2f as the first expression of the fundamental conceptual design (1) outlined in the overview above.
The transaction monitoring service aims to evaluate all transactions submitted by a client system, such as Mojaloop, to determine the financial crime risk associated with those transactions. Other payment systems have been factored as part of a generic and open design and architecture, but an implementation is solely focused on a Mojaloop implementation. A submitted transaction flows through the solution as follows:
...
Drawio | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Figure 2: Actio Financial Crime Risk Management Solution - TMS Channels
Figure 1: 2d | Figure 2 illustrates the layout and contents of the transaction monitoring service channels:
|
Figure 1: 2e | Similar to the Channel Aggregation and Decisioning Processor, the Transaction Aggregation and Decisioning Processor (TADPTADProc) has the following two major functions:
If interdiction is implemented, the Typology Processors will be able to generate alerts based on threshold breaches defined for each typology, but in the absence of an interdiction approach, the TADProc will review the transaction result holistically and generate a Fraud or Money Laundering alert if any of the typologies that had been evaluated for the transaction had breached its defined threshold. |
Figure 1: 2f | The final step in the transaction monitoring service process is to take any required actions that may result from the various evaluations of the transaction. These actions may, for example:
On the conclusion of this final step, the transaction monitoring service responsibility towards the client system ends, though if any risk management processes were triggered, these would now have to be managed operationally in a case management solution of some kind. |
One final note on the method of communication employed in the design, in the absence of a formal queue-based publish/subscribe architecture:
A typology processor is configured with the list of rules to execute to evaluate a specific fraud scenario and it is necessary for the Channel Router Setup Processor (CRSP) to retrieve this list of rules from the typology processors to invoke the necessary rules. Subsequently, it is not necessary for the function call to the rules to include a list of the neighbouring rules so that this information can be passed to the typology processors as a “checklist”, since the list of rules came from the typology processor in the forst place.
For the Channel Aggregation and Decisioning Processor (CADP) and the Transaction Aggregation and Decisioning Processor (TADP), the approach is slightly different. The CADP and the TADP do not know up-front which typologies and which channels are expected to be invoked. To communicate this information down-stream from the Transaction Router and Channel Router, the following approaches can be considered:
Forecasting approach: When a (Transaction or Channel) Router submits the transaction to the channels, the router can also invoke the (Transaction or Channel) Aggregation and Decisioning Processor with a list of the invoked processors and the ADP can then create and maintain a checklist to monitor the delivery of expected incoming results.
Shotgun approach: When a (Transaction or Channel) Router submits the transaction to the channels, the router will include the list of all adjacent processors in the function call. When a processor delivers its result to an (Transaction or Channel) Aggregation and Decisioning Processor, it will also supply the list of the adjacent invoked processors and the ADP can then use this list as a checklist to monitor the delivery of expected incoming results.
Polling approach: This is the current method employed by the Channel Router and Setup Processor to engage the rules and typology processors. The CRSP will determine which typologies to invoke and then request the list of rules from each target typology. The CRSP will invoke the rules and the rules will pass their results to each typology processor. The typology processors will directly the delivery of expected incoming results against the internal list of rules.
...
Case Management Solution of some kind. |