How machine learning technology is making rules-based systems obsolete in anomaly detection: Jim Heinzman interview

By Alex Hammond | 3 March 2017

In an exclusive interview with bobsguide, Jim Heinzman, Executive Vice President-Financial Services Solutions at ThetaRay, explains why the emergence of omnichannel banking and regulatory burdens are neccesitating an evolution of anomaly detection technology, and why he expects to see more banks partnering with fintech companies in order replace their legacy cybersecurity systems.

What is your background in the fintech industry?

I’ve worked in financial services and fintech for about 25 years, across a number of departments including compliance, trading, and operations. I’ve worked for a number of big investment banks including Bear Stearns, where I was the managing director and responsible for supervision and surveillance for the global equities division.

I’ve also worked for NICE Actimize, the market leader in financial crime software. I started with them in the early 2000s and was one of their first people in the U.S, so I was involved in helping the company design most of their surveillance algorithms for the U.S financial services market. I was then EVP, risk and compliance for SunGard, including during the acquisition by FIS.

So I’ve got experience both working at banks and using technology to solve their business problems, and also on the vendor side developing solutions.

How do you think the way that financial services have approached tackling cybercrime has evolved during your time in the industry?

The world has changed a lot in the last two decades. How markets work has changed, and as a result many of the banks are going through a transformation, including throughout their back offices and systems, which includes adding infrastructure to address developing mobile channels and other digital possibilities.

The banks have also struggled somewhat from a revenue perspective, in part because of a heavier regulatory burden. The costs of doing business have increased dramatically, meaning that the banks currently have the challenge of meeting their obligations and satisfying customers, but trying to do so as efficiently as possible.

And with the emphasis currently on AML and some aggressive enforcement in this area, there is also more pressure on banks to protect their brands than ever before. Banks really don’t want to be in the headlines, so they don’t want to be hit with these big fines that we’ve seen.

Do you think that there is more emphasis needing to be put on the security of all channels of omnichannel banking outside of web e.g. mobile banking technology?

Bad actors are getting more sophisticated, and they are accessing the banks through multiple channels. When we start examining the complexity created by different products across multiple channels being used in tandem to launder money or commit fraud, combatting that becomes a much more daunting task.

A lot of the legacy technology that the banks have used for monitoring the activity within their institutions rely on a rules-based system. But when you’re profiling customers’ behaviour, a rules-based system will not give you the precision you require in terms of detecting anomalous behaviour. The result is that a lot of false positives are reported to the bank, or even worse some false negatives. This means the banks are missing anomalies they should be detecting, and at the same time are deluged with tens of thousands of false positives that they have to investigate, which is very expensive.

As someone who has sat on both sides of the fintech/bank discussion table, do you think that the best way for banks to solve their cybersecurity issues is to build systems internally, or is collaboration with fintechs the way forward? Or as a third option, do you think we’ll see more M&A activity and the banks go down that route to solve its issues?

Most of the banks now have development labs and are setting up accelerators in order to partner with technology start-ups. The banks are looking for the new technology that is going to provide the next generation of protection. These partnerships are developing the next generation of banking platforms, but currently the tools they have to protect and defend themselves are legacy systems.

Most of the systems that the banks are using currently run off 1990s technology if they’re lucky, which is why they are searching for that next technological wave. How they find it will be a combination of processes.

The banks understand their business, they know the processes, and they know their customers, but with the new banking channels opening up, the banks’ relationships with their customers are changing. Previously, in most transaction cases, banks would know the customer. They’d see them in the bank, and their employees would have interactions with the person. Now everything is done via the web, and a lot of the processes for reviewing and approving applications or transactions are automated. Because there is a lot less human interaction, banks have to rely on detection capabilities more, which requires more sophisticated technology.

So I think the banks are looking at partnering with technology firms for that reason, and I really view that relationship as a partnership. A lot of the banks recognise that they are very good at conducting financial transactions but they’re not software development houses; that’s not their core competency. And so it makes sense to partner with someone whose core competency it is.

Is that the role of ThetaRay in the market?

I don’t think of our relationship with our customers as a client and vendor relationship; I see it as a partnership. Our mission is to provide the best anomaly detection capabilities on the planet, and our main focus at this moment is tackling financial crime.

We want to work very closely in partnership with banks. We bring subject matter expertise, domain expertise, and a broader view of the industry that a bank can’t ascertain purely by looking at its own data. We’ve also developed the best technology in the market with unsupervised machine learning capabilities, which means we really are able to help the banks identify things that are unknown unknowns –anomalies that they wouldn’t know to look for.

The problem with rules-based systems is that systems are only as smart as the people that write the rules. There are a lot of smart people writing rules, but they are unable to react to data they haven’t yet seen. So if there is a new cybercrime scheme attacking a bank’s system, by the time that the rule writers discover that and write a new rule to put into production, that scheme is already old news; the cyber criminals have moved onto the next scheme. So you are always behind.

With the type of anomaly detection that we bring, it is possible to discover the unknown unknowns, which really is the crux of anomalous behaviour. We find on average that we detect anomalies 70 days before they are detected by the banks’ legacy rules-based systems. We’re also detecting things that are never detected by the rules-based systems.

What other benefits does a machine learning system have over a rules-based system in combatting financial crime?

A characteristic of rules-based systems is they have a lot of settings and parameters that create and complement their rules. So having too many rules is going to be very difficult because you have hundreds of thresholds, parameters and settings that you have to tune in order to detect the anomalies that they are designed to detect. The problem is that the shape and the texture of the data changes. You have new products, and as the complexion of your business changes through new channels and new types of transactions, you have to retune the systems. Essentially the data is dynamic but is being measured against static parameters. So you have thousands of these parameters that you have to adjust continuously to make the system perform.

By the time you do your tuning, make adjustments to your system, and move the new set of rules to the production system, they are already stale, so getting these systems to tune is almost impossible.

The new generation of technologies dynamically tune to the data; they don’t have any rules, settings or parameters, and the tuning is done dynamically to the data as it is processed. It really is a new paradigm in terms of how banks can tune their systems and actually catch things that are relevant and reduce false positives.

What do you foresee as the major ways that financial crime and the combatting of financial crimes are going to evolve in the coming years?

I think there is a real movement towards new technologies. I think that rules-based systems worked when systems were less sophisticated, but now the banks realise there needs to be an evolution, which means identifying and employing modern technologies. There is a growing understanding that unsupervised machine learning is the way things are going in the future.

It is imperative as a bank that you have a system that will be able to detect those things that you can’t anticipate. And you have to stay ahead of the curve in terms of developments in financial crime.

Finally, banks will continue to examine efficiencies as well as levels of protection, which in a cybersecurity sense means only detecting the right issues, and eliminating false positives.

How much deregulation do you foresee during the Trump administration and what impact is that going to have on financial services?

I think it’s really hard to look into a crystal ball with this administration and predict what they are going to do. But I do think there has been something of a clear message on deregulation, which means that there may be some easing. Potentially a lot of Dodd-Frank will be rolled back.

I think that around financial crimes, although there are some regulatory components, there is a motivation for fraud prevention outside of regulation, including to protect your brand. So deregulation won’t have a significant impact in this area.

On the AML side, there’s a possibility we could see a lot more regulation; I certainly don’t think AML regulation is going to get any less stringent. In cases such as potential terrorist financing and human trafficking, regulation is going to be at least as rigorous as it is now. I think the administration has sent clear signals in the marketplace that those are areas where they want to keep controls in order to fight terrorist financing and money launderers, so that’s an area where we are going to continue to see robust regulation.