Within the payments industry I see an unsustainable model forming. Volumes of payments that need to be scanned are on the up. There have been several new regulations recently such as those set out by NACHA in the US, SEPA in Europe and similar schemes in
Canada and elsewhere around the globe. These will force many banks into having to scan new transactions types such as foreign domestic traffic. This can result in hundreds of thousands of additional payments needing to be scanned each day. The volume of domestic
payments is between 10 and 100 times greater than the number of cross-border ones.
Here’s where the model is flawed - most banks view payments filtering activities as a regulatory requirement rather than one that drives business growth. Compliance budgets are always stretched at the best of times. Therefore, if banks are to control the
cost of compliance, they have two options. They can either reduce the sensitivity of their filtering systems and increase the coverage to include foreign domestic traffic, or get hit with a massive increase in people costs.
Risk-averse global financial institutions will scan hundreds of thousands of payments on a daily basis. Their filtering systems will typically identify somewhere between 4% and 7% of transactions as hits against the sanctions lists. Then after manual investigation
(which in the case of larger institutions will be carried out by team of hundreds of people), at least 98% of payments originally identified as high risk will turn out to be false positives. An institution scanning 200,000 payments daily could therefore have
over 14,000 false positives to deal with in one day alone!
All too often, when banks take measures to reduce the volume of false positives, this comes at the expense of effectiveness. The art of payments filtering is not a black and white one, as true positives can still be missed - even with the most diligent efforts.
The smart banks will be those that couple real-time scanning of each aspect of the payments message, with measures that reduce false positive alerts without impacting the effectiveness of their approach.