Enhance AML Transaction Monitoring

Enhance AML Transaction Monitoring


Many financial institutions expend considerable time and money reviewing customer and transaction alerts that ultimately are deemed to be of little real value. One of the key contributors to false positive alerts is ineffective threshold setting and tuning based on flawed customer segmentation methodologies.

Threshold setting and tuning is one of the phases in the overall transaction monitoring system development lifecycle. Typically in this phase, the focus is on identifying relevant threshold values (limits) for the scenarios used to capture activity conducted by customers that is outside of the normal or expected activity (outliers). Identifying the normal activity is a challenge many institutions face during this phase. Poor customer segmentation leads institutions to use an approach that derives a threshold value of a given attribute (i.e., transaction channel) based on the activity exhibited by the entire customer population. This approach may not be efficient and can lead to high volumes of false positive alerts, which result in higher operational costs, can cause potential suspicious activity to go undetected and may provoke regulatory criticism.

Challenges and Opportunities

Organizations face multiple challenges with respect to the initial and ongoing threshold setting of scenarios for AML transaction monitoring systems because of poor customer segmentation. Some of these challenges include:

  • Activity-focused thresholds: Lack of data analyses on the customer base and product usage leads to thresholds being based on the transaction activity exhibited by the institution’s entire (in scope) customer base. For example, customers might be segregated irrespective of their type (e.g., large corporations, middle market companies, sole proprietors) or transaction activity might be aggregated without regard to the transaction channel (e.g., ACH, wire, check) to identify the thresholds for a given scenario rather than analyzing the transaction activity at the customer type and channel level to determine the thresholds.
  • Inaccurate Know Your Customer (KYC) data: Lack of accurate KYC data inhibits leveraging KYC information such as the customer’s occupation, demographics, expected level of transaction activity, etc. When these attributes are not readily available, segmenting customers into meaningful buckets that group together customers with similar traits becomes challenging, if not impossible.
  • Increase in customer volume: As the customer base of the financial institution grows, the thresholds identified based on the transaction data of the older customer base may not be relevant. If the financial institution does not re-segment its customer bases, there may be orphan customers, or customers may be grouped into incorrect segments, resulting in inadequate monitoring compared to peers.
  • Addition/modification of scenario logic: As time progresses, deployed scenarios may undergo a logic change whereby a particular channel may be added for monitoring or migrated from the current scenario to a new one. In any such situation, the existing thresholds will need to be modified to reflect the change so that the new thresholds are relevant to the deployed scenario logic.

Despite these challenges, a customer segmentation-focused threshold-setting approach, when properly conducted, yields opportunities and favorable outcomes, including:

  • Targeted thresholds: By implementing a systematic customer segmentation methodology that is based on transaction channel activity and customer type rather than a customer’s aggregate transactions, the institution is able to identify unique groups of customer behavior and, therefore, establish thresholds that are more targeted. For example, identification of segments of a customer’s exhibiting distinct wire, ACH and check activity will promote a more targeted threshold for wire scenarios versus setting a threshold based on the activities of all customers.
  • Deeper understanding of the customer and the corresponding product usage: Apart from threshold setting, the customer segmentation effort yields meaningful insight into customer behavior and the frequency of the customer’s product usage. This information can be leveraged not only from an AML standpoint by using it to drive future scenario development, but also from a marketing standpoint to determine new product selling opportunities to existing customers or identify a customer base that the financial institution is lacking and may want to target. Furthermore, in instances where certain KYC information is missing, the institution may see opportunities to enhance the customer onboarding process to collect additional KYC information upfront that would allow for better segmentation and even enhance the factors used to determine the customer’s risk rating.
  • Decoupling of customer risk and transaction activity: As the customer segmentation is based purely on a customer’s observed transaction activity, it is agnostic of the customer’s risk rating. This decoupling of the customer’s activity and risk promotes independent and, therefore, parallel model development of both aspects, but still allows coupling by merging the identified customer segments with all customer risk levels. For example, if it is determined that there will be five customer segments that capture all activity types and that there are three risk levels, then there will be a total of 15 customer segments where each customer segment is split into three risk levels.

Our Point of View

Significant effort is needed to determine unique customer segments that will prove to be effective. There are a number of important considerations that should be addressed to implement a data driven customer segmentation methodology successfully.

Attribute identification: This task includes identifying various customer types served by the line of business based on the provided KYC information and the type of transaction channels that can be used by customers. KYC information such as customer type, occupation, salary and net worth may be used to segment the customer base initially. Transaction channel usage can then be utilized to segment the customer base further. For example, in the case of an individual customer (type), if the customer has a checking account and uses direct deposit for his/her paycheck, writes checks for bill payment and withdraws monies via ATM, then the activity types will be ACH (paycheck deposit), check and ATM activity.

Once the customer and the activity type attributes are identified, transaction data can be extracted from the warehouse in the data structure that has been determined by the chosen attributes. In the event of high transaction volumes, a statistically valid sample may be extracted for further downstream data analyses.
Segment identification: Effective segment identification is multiphased:

  • Algorithm identification: In this step, the clustering algorithm that will be used to perform customer segmentation is identified. The key consideration points in selecting the algorithm are the data analyses results from the attribute identification step, data volume and the level of data transformation required before data can be supplied to the chosen algorithm.
  • Membership analyses: After the execution of the selected segmentation algorithm, the created segments are analyzed for their constituents. This is necessary because the existence of highly polarized segments (one segment having 80 percent of the customer population, for example) will not allow for targeted threshold setting. Additionally, this step enables the institution to classify the collection of customers based on their exhibited transactional activity.
  • Multiple iterations: If, after the execution of membership analyses, the segments are highly polarized, then there may be a need of re-executing the segmentation cycle on the polarized segment. This will further break a “lumpy” segment into more granular segments.

Implementation approach identification: As the customer segmentation exercise leverages advanced statistical algorithms, a detailed process describing how customers will be assigned to the identified segments needs to be articulated and implemented on the institution’s technology infrastructure. This process should also describe how often the customer segments will be refreshed (due to addition of new customers, products, etc.) and the process to assign existing segments to new customers.

How We Help Companies Succeed

Our Risk and Compliance professionals focusing on AML technology, teaming up with the experts from our modeling team who include Ph.D.-level professionals with deep quantitative skills, can help your institution articulate and maintain a sound and robust customer segmentation model. We help financial institutions implement a customer segmentation strategy that is closely tied with the critical downstream phases of threshold setting and tuning of AML transaction monitoring systems on various platforms such as, but not limited to, Actimize, Detica NetReveal AML (Norkom), Mantas and SAS AML, as well as a number of home-grown systems, and can therefore help you in any or all of the following service areas:

  • Developing a customer segmentation methodology and approach that will enable institutions to group similar customers together based on a combination of available KYC data and the customers’ transactional activity such that it can be leveraged at the threshold-setting phase
  • Identification of attributes using advanced statistical analyses such that the attributes can be leveraged for a sound customer segmentation approach
  • Grouping of transaction types in order to allow more meaningful analytics (e.g., cash together with cash equivalents, checks together with remote deposit capture transactions, etc.)
  • Determination of optimal customer segments that are based on the exhibited transactional activity of the customers
  •  Implementation of customer segments on transaction monitoring system infrastructure


A large global bank sought our assistance to comply with the requirements of its regulators following an independent review related to enhancing its current AML transaction monitoring systems. As part of the project, the global bank also sought our assistance in implementing a new transaction monitoring system for its capital markets division, as well as in tuning existing systems for its retail, private banking and wealth services divisions.

During the course of the project, it was noted that effective thresholds and scenarios could not be implemented due to poor customer segmentation. Together with the bank, we developed a strategy and implemented a methodology for initially and continuously segmenting the customer base. This was achieved by:

  • Grouping of transactions (cleaning up transaction codes)
  • Developing a segmentation model using existing KYC and transaction channel activity data
  • Enhancing the system architecture to be able to filter/group customers based on similar customer data (occupation, annual turnover, size of entity, etc.)
  • Ensuring the segmentation model could be easily customized when future KYC data or industry knowledge became available

We were able to use the transactional analyses and available KYC data to segment the customer base in a meaningful manner. Once segmented, we set effective thresholds and design scenarios for capturing outliers that were representative of potentially unusual activity. Through our efforts, the bank was able to demonstrate to its regulators that it was taking corrective action in implementing strong AML controls with respect to its transaction monitoring systems. 


Carol Beaumier
Managing Director
[email protected]
Andrew Clinton
Managing Director
[email protected]
Bernadine Reese
Managing Director
[email protected]
Carl Hatfield
[email protected]
Chetan Shah
Associate Director
[email protected]
Luis Canelon
Senior Manager
luis.canelo[email protected]

Ready to work with us?