If there is a lesson from former New York governor Eliot Spitzer’s scandal-driven fall (aside from the most obvious one), it is this: banks are paying attention to even the smallest of your transactions.
For this we can thank modern software, and post-9/11 U.S. government pressure to find evidence of money laundering and terrorist financing. Experts say that all major banks, and even most small ones, are running so-called anti-money-laundering software, which combs through as many as 50 million transactions a day looking for anything out of the ordinary.
In Spitzer’s case, according to newspaper reports, it was three wire transfers amounting to just $5,000 apiece that set alarm bells ringing. It helped that he was a prominent political figure. But even the most mundane activities of ordinary citizens are given the same initial scrutiny.
“All the big banks have these software systems,” says Pete Balint, a cofounder of the Dominion Advisory Group, which helps banks develop strategies for combatting money laundering and fraud. “Depending on their volume, they might have thousands of alerts a month.”
Most of the systems follow fairly simple rules, looking for anomalies that trigger heightened scrutiny. Software company Metavante says that its software, for example, contains more than 70 “best-practice” rules, covering a wide variety of transaction types ranging from cash deposits to insurance purchases. The simplest rules might flag large cash transactions, or multiple transactions in a single day.
In Spitzer’s case, the three separate $5,000 wire-transfer payments reported by the Wall Street Journal would likely have triggered one of the most obvious of these rules, without any recourse to more advanced capabilities.
Banks are constantly on the lookout for activity that seems to be an effort to break up large, clearly suspicious transactions into smaller ones that might fly under the radar, a practice called structuring. Spitzer’s transactions almost certainly fit that profile, says Dave DeMartino, a Metavante vice president. Newspaper reports have identified New York’s North Fork Bank, owned by Capitol One, as Spitzer’s personal bank. A spokeswoman for the bank declined to identify which, if any, anti-money-laundering software the institution uses.
But banks, and law enforcement, are also looking for things that they can’t predict and thus can’t write rules for.
“If you’re just writing scenarios, you aren’t going to find things that you didn’t know about,” says Michael Recce, chief scientist for Fortent, another prominent vendor of anti-money-laundering systems. “About 60 percent of the things our customers find are things they knew about. The rest are things they didn’t know about.”
The simplest way to identify the unexpected is by contrast to the routine. A person who deposits just two paychecks a month for two years might be flagged if he suddenly deposits six large checks in two weeks, for example.
But software packages also group customers and accounts into related “profiles” or “peer groups,” in order to establish more-general behavioral baselines. Some software might group together all personal checking accounts with an average balance of less than $15,000, or merchant accounts with turnover of less than $100,000 per month. Some might go deeper, grouping together all business accounts specifically tied to dry cleaners or consulting firms.
The most sophisticated software packages can sort people or accounts into several categories at once: a single customer might be compared to other schoolteachers; to people who bank mostly at a single regional branch; and to people who have stable, pension-based monthly incomes, for example.
Each category is analyzed to determine patterns of ordinary behavior. Every single transaction by customers in these groups, and even patterns of transactions stretching back as far as a year, are then scrutinized for evidence of deviation from this norm using measures such as the number, size, or frequency of transactions, among others.
Gain the insight you need on security at EmTech Digital.