Advanced Risk Intelligence; How Artificial Intelligence, Persistent Sanctions Screening and Session Monitoring Re-enforce Systems Security 

Risk Intelligence is a broad term touching on a range of digital and data functions that can be measured with respect to their integrity and, as such, their demonstration of risk. We all have what might be described as a traditional understanding of digital data risk and most organisations have a range of security tools designed to mitigate the risk related to these traditional processes. An obvious and now generational risk is email and the attendant issues of phishing, scams, infected attachments and more. But the simple realisation that almost all new digital process relies very little on email brings us to a better understanding of the need for Risk Intelligence in this new environment. 

I might add that the advent of over-the-top communications across business processes; various use of messenger applications and video conferencing must also be recognised when considering this new risk landscape. Lastly, a key driver in recent years for increased Risk Intelligence is the need for increased sanctions screening. The "traditional" policy of checking participants for sanctions risk when they were onboarded is outdated to the point of serious regulatory and indeed even criminal liability. Recent moves to regulate for the checking of participants when "off-boarding" are largely regarded as failing to meet the fundamental principle of the responsibility to know, or at least to try to know, if there are bad actors already in the system. I will come back to this need for "persistent" sanctions screening later, but for now I use it to demonstrate the shift from traditional risk mitigation and screening processes from once-off (or at best ad hoc) to persistent and dynamic. 

But the need itself has changed. As communication and applications processes change from traditional email, with or without attachments, and in many instances where the applicant is known  (either directly as a result of previous engagement or indirectly as a result of an understanding of the overall geographic and business domain) to one where an applicant may be completely unknown (be from a remote territory or sector, and may have little or no reference point against which risk can be judged), then so too does the need for Risk Intelligence change and increase. 

Importantly, this change relates to the relative lack of transparency from a human perspective of the digital process in contrast to the potentially stark availability of digital risk indicators deep within the process itself. Such examples are many and varied and range from correlation of applicant IP addresses to assessment of applicant truthfulness by measurement of use of language and other monitored aspects of the process. This monitoring takes place at the periphery and risk scores are made available to the applicant data handler in real time so that they can either accept, reject or escalate the application based on the agreed score (or simple Red/Amber/Green traffic light) visible to them. The human data handler need not know that the stated educational or language ability of the applicant does not match the content provided, they need not know that the geographic origin of the application is not as stated in terms of IP or that there is a suspicious use of virtual private networks in the process. Such knowledge would be almost impossible to provide without having the IT department on the shoulder of each and every applications process and activity. However, by using advanced Risk Intelligence, meaningful and logical risks can be presented in a manner that speaks to the human and the process and the natural workflows and escalations to senior staff within the organisation. Add to this the embedded use of AI to assess document or other file uploads and to provide inferences as to the reliability and consistency of these documents and notably errors of language and naming conventions and you start to see how advanced Risk Intelligence is both powerful and necessary for advanced applications processes within the financial services industry globally. 

Persistent Sanctions Screening falls within the demanding and immediate nature of advanced Risk Intelligence. Unlike traditional batch querying of individuals, assets or entities within an organisation, Persistent Sanctions Screening address all assets, entities and individuals within the system all of the time and builds a corpus of additional data based on third-party and web data, but also, importantly, based on individual organisation experience of risk, often gained over generations. 

The resulting internal grey, white and black lists are available to a persistent process in a manner that allows the organisation to identify risk and threat at the periphery, at the edge of the process and before the risk becomes embedded and potential impact becomes much more significant.  

What this means is that global sanctions lists - OFAC, EU, UK, UN and more - which act as an over black list are queried in real time against organisations list and, in addition, augmented by data correlated from other sources including structured lists like LEI and unstructured data gleaned from the web. This, combined with internal white and grey lists, provides a powerful addition to all forms of issuance and data management from listing to fund management across the organisation. 

There are multiple measurements that relate to the verification and the validation of truthfulness and trustworthiness in advanced Risk Intelligence for any online process and the use of AI, Persistent Sanctions Screening, IP and Session Monitoring are just examples of aspects of the overall Risk Intelligence algorithm needed to give organisations an over-the-horizon view. This ability to codify risk in an algorithm that is aligned with a process, but that can be tuned to effect the strongest security for optimal efficiency is key to success. 

Risk is not static and additional data in particular can impact a process and risk score in a manner that needs careful measurement. The use of AI is also growing rapidly as it extends from document analysis into session monitoring itself and all aspects of KYC/AML and Sanctions Screening including sentiment analysis, identity verification and entity definition. 

In addition, AI is becoming a key aspect of staffing with FTE metrics demanded in many new automation solutions. Use of AI within the core data-handler environment also now allows for automated escalation to experienced human staff within the organisation in a manner that would have seemed futuristic relatively recently. This ability to identify risk in a non-linear digital world, where there is a myriad of data points in a process and which is managed by relatively linear human understanding, often of one aspect at a time, is essential. It is needed for high-value applications processes and transactions and perhaps even in our daily lives. 

pTools is a leading provider of market information services for stock exchanges and related organisations including LOUs, NNAs, CSDs, CCPs and central banks. pTools provides packaged software, bespoke solutions, outsourced and support services for applications including Risk Intelligence, Persistent Sanctions Screening, LEI and ISIN issuance, corporate actions and announcements, ESG validation, asset tokenisation and listing. With offices in Dublin, London and Bangalore, pTools’ clients include LSEG, Qatar Central Bank and Strate South Africa. pTools works across technologies with specific capability in AI and NLP, blockchain and notarisation, digital risk mitigation/sanctions risk scoring and data quality management. pTools delivers solutions on-Premise, on-Cloud and as-a-Service. pTools is a long-term partner of the World Federation of Exchanges and has additional partnerships with global technology providers IBM, AWS, Microsoft and global eLearning provider Intuition. 

---

For more information, please get in touch with: Suraj Pandey, Business Development Manager, pTools Software and LEILex - [email protected]

To gain insights on our solutions, please visit: https://www.ptools.com/