top of page
Writer's pictureNguyen Nguyen

Wolfsberg MSA Guidance: Practical Approaches to Monitoring Suspicious Activity

Updated: Oct 14



On the 1st of July, the Wolfsberg Group issued a Statement on Monitoring for Suspicious Activity. In line with the Wolfsberg Factors from 2019, this most recent publication looks into how the Wolfsberg Factors can be interpreted and turned into effective strategies for Monitoring Suspicious Activity (MSA). 


At Complidata, we looked into what this means for our clients - large, global banks worldwide.


The key strategies:

  • Risk-Based Approach (RBA): FIs should focus on material typologies and observed risks, allocating resources to mitigate crystallized risk rather than theoretical risk, without implementing blanket approaches which result in high levels of inefficiency.

  • Emphasis on the usefulness of the information generated: instead of the technical compliance of the MSA program, banks still often file ‘defensive’ SARs, unlikely to provide useful information to law enforcement.

  • Integration of technology: leverage new technology to improve effectiveness and operational efficiency.


In short, the Group emphasised detecting crystalised, real risks, and productive filings with useful, understandable information with the help of advanced technologies. As they put it, “traditional MSA platforms have reached a point where new technology can significantly improve effectiveness, operational efficiency, as well as compliance with regulatory expectations.”


What the technology can do


Indeed, advanced technologies, such as machine learning (ML), Generative AI (GenAI), and large-language models (LLMs) can be powerful tools to help the FI strengthen its financial crime risk mitigation programs. 


Screening tools with enhanced explainability, such as Complidata’s Financial Crime Risk Reduction suite of models (FCRR) have been helping FIs leverage the evaluation of the quality of their SARs, and their understanding of the alerts generated. Not only does the tool detect hits based on how alerts have been previously investigated by the FI, but every hit generated is also given a prediction score with an explanation of that score. The score predicts the outcome of a given alert and the narrative explains which elements have incremental or decremental effects on the given score. The alert is then allocated to the appropriate level based on its score. 


In addition to that, FCRR has taken explainability to the next level. The system automatically generates expert-style intuitive remarks on each feature value and its risk contribution, to support explanations of AI risk score. This is a new level of explainability that assists with both effectiveness and explainability. 


Huron’s Alan Morley on the importance of explainability in screening tools. Full video here.


Hesitancy to adopt & Wolfsberg recommendations


Many compliance professionals are sceptical of new technology for the reason that regulators may not accept AI/ML recommended decisions.


Clear explainability in AI-powered tools is essential to address this. Banks can only convince regulators of the legitimacy of AI/ML decisions if these decisions are backed by clear step-by-step explanations. When regulators can see and understand the processes behind algorithms, they are more likely to trust that the technology is functioning effectively and compliantly.


The Wolfsberg Group calls for more collaboration between banks and regulators, to better adopt the new technologies. Thankfully, this has been increasingly the case. The Financial Action Task Force (FATF) together with other multilateral as well as regulatory bodies have issued guidelines on the use of AI/ML in the financial sector. The Wolfsberg Group also recognised the difficulties and concerns that may arise when adopting new technology, however, they urge banks and regulators to have patience, and understand that innovation is a long-term process, that could take years before it bears fruits. The bank could consider focusing on some lower-hanging fruits, such as optimising case management systems, or leveraging external data sources.


In addition, prioritisation is key. Another example of this is the trade-off between catching as many known risks as possible, while being accurate. In this case, the recommendation is to focus more on accuracy, as accurately detected and investigated cases could provide a valuable foundation for future predictions, helping banks investigate more cases, more accurately. A ‘no SAR left behind’ mindset is likely to lead to an ineffective system. 


90 views
bottom of page