Money laundering makes large amounts of money that have been obtained through illegal activity appear as if they have come from a legitimate source, and avoiding this is a top priority for auditing teams. The key element in detecting money laundering is understanding known vs unknown patterns.
Senior auditors at Rabobank are first interviewed to understand what identifies the behavior of people with wrong intentions. Those hypotheses are then translated into a set of defined business rules. KNIME helps significantly by defining these rules and applying them to the entire portfolio. This is one of the biggest wins as it increases quality assurance. This is because instead of a sample of twenty, it’s possible to test, approve, and show across an entire population to uncover known patterns.
However, in money laundering, unknown patterns are more interesting. The chances of missing something are also much higher because individuals with bad intentions quickly learn how to avoid patterns that are already known. Anomaly detection, cluster analysis, and text mining are a few ways to find unknown patterns. With machine learning, it’s possible to learn what the currently unknown patterns are.
This machine learning approach was applied using KNIME and needed to be made available to all 300 auditors - most of whom were non-tech. A KNIME workflow was developed, which is reusable and easy to handle for those who have even just a small amount of KNIME knowledge. The basic steps include accessing and inspecting the data, conducting anomaly detection, creating a visualization, and exporting and storing the output. The Data Explorer node enables users to first inspect the data and better understand it, which, in the case of anomaly detection, is essential. Under the hood of the basic KNIME workflow, which is largely made up of KNIME components, are many more KNIME nodes. This approach is valuable because it hides the data science complexity, but still makes it possible to adapt, reuse, and share the workflow as needed.
Rabobank management recognizes that the digital world is changing rapidly and is becoming more and more data driven. This is having a profound impact on the auditing profession, auditing services, and on the auditors themselves. Three data-driven targets were therefore set, and the message from management was clear: just get started!
About 90% of what Rabobank does is basic analytics, which is already creating a significant impact with, for example, descriptive analytics, dashboarding, data quality profiling and reconciliation, benchmarking, as well as translating knowledge of senior auditors into business rules for testing. The remaining 10% is more advanced. For example, trend analysis, process mining, anomaly detection, cluster analysis, and text analysis.
It took approximately one year to understand that it’s not just about hiring a data scientist to do data analytics. The Audit team therefore uses a target operating model to embed their own way of working with data. Rabobank adopted an innovation cycle, and in two days all 300 auditors were trained to become data literate and to start using KNIME themselves. Whilst it was recognized that they might not be the ones ultimately doing the analysis, emphasis was placed on the importance of being able to see and understand the potential in the data and how it can be used. Through this, the culture has become more and more data driven. The team’s unique technical architecture includes KNIME as one of the key tools for data analysis.
The approach at Rabobank has been to start small and scale fast. To test the value of data in audit the first year consisted of seven use cases. In the second year this increased to 13, in the third year 35, and in 2020 there were 57 auditing use cases taking advantage of data analytics - which was only possible via empowering the auditors to do their own analyses.