How to detangle the spiders web of threat detection

When monitoring transactions, the huge amount of data being directed at companies can sometimes become too much. With such a high level of data coming at these businesses, this can lead the data to become tangled and hard to break down in a more simple, readable way.

Recent work by RegTech firm Acuminor has examined the ‘spiders web’ of threat detection, which is described as so due to so many transaction monitoring rules overlapping and become tangled. With so many different forms of threats abound, this can become hard to codify for companies and can lead to some criminals being missed by companies altogether.

Acuminor said, “When I think about transaction monitoring rules, I like to imagine a mess of spider’s webs – overlapping and tangled together. The webs are so large and tangled that they catch many flies, more than the spiders can eat. Attracted by the success of the first spiders, more build new and overlapping webs, catching ever more insects. The spiders must work hard to identify which are flies they can eat. Some flies get eaten, some don’t, some remain there rotting for some time. The clever flies, notice the fly graveyard and by-pass the webs all together. They are never caught.”

The company used this analogy to describe how the webs are the transaction monitoring rules and the flies are the criminals.

Acuminor stated that many customers and tech providers often find designing transaction monitoring to be a challenging exercise, especially when it comes to designing rules that target a particular criminal activity or threat or understanding what level of courage each individual rules gives you against criminal activity.

The firm gave the example of ‘cash deposit – large sums accumulated over time’ which span multiple threats and could be a sign of human trafficking but also BEC fraud. Meanwhile, ‘frequent and extensive payments of passenger tickets e.g rental of vehicles’ could be forced labour or sexual exploitation.

Acuminor detailed, “Imagine designing a targeted transaction monitoring rule for sexual exploitation. Some examples of transactional risk indicators could include ‘high proportion of cash deposits and withdrawals, unusual late-night activity, transfers in-coming and immediately withdrawn, high proportion of payments for hotels/serviced accommodation/transport, lack of other lifestyle payments‘. These are all potential signs of sexual exploitation but depending on how you combine these risk indicators to form detection rules, you could also be detecting illegal waste trafficking, cash smuggling, or forced labour.”

Without the mapping of the relationship between transactional risk indicators and threat type, it is hard to be completely clear on what other types of criminal activity each is picking up.

Tackling this matter can be tough, with some organisations trying to map transaction monitoring leading to the creation of complicated spreadsheets, with multiple colours and many merged cells attempting to map the many to one and one to many relationships.

Acuminor said, “To detangle the mess of spider webs, we need to be clear on the rules we have in place, and which threats they are covering.  The key is to use technology to make the link between individual transactional indicators and the threats they are associated with. There are too many connections to do this manually and it is a huge challenge to keep track of this yourself. “

Read the full post here.

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research


The following investor(s) were tagged in this article.