In the article the main principles of creating intelligent information systems for monitoring and controlling the financial sector of the circulation of funds are discussed. The conceptual foundations of the design of a flexible model of the Integrated Software Package for Preventing Abuses in Financial Practices are proposed, which uses seventeen basic scenarios as reliability criteria, which is successfully integrated with various banking products (the bank's operational day), solves the issue of multifaceted testing and detection of abuses in banking practice. A statistical approach to selecting the number of payments to check with results for different payment groups is presented.
Undoubtedly for all countries is the question of the importance of combating the illegal circulation of funds, which is a financial source of ensuring the possibility of criminal activities, such as drug and arms trafficking, human trafficking, terrorist attacks, and others. Unfortunately, the entire progressive world felt the dangerous burden of the consequences of neglecting the obvious signs of a crime, including in the field of banking monitoring, as a result of the aggression of the Russian Federation against Ukraine. Wartime conditions determine the need to apply strengthened measures of a practical and organizational nature to combat the legalization of proceeds of crime, the financing of terrorism, and the financing of the proliferation of weapons of mass destruction [1,2,3,4,5].
The global independent intergovernmental body that develops and promotes policies to protect the global financial system against money laundering, terrorist financing, and the financing of the proliferation of weapons of mass destruction is the Financial Action Task Force (FATF), which was established in 1989 to combat money laundering and terrorist financing. It is an intergovernmental agency made up of 35 member jurisdictions and two regional organizations. Ukraine is a member of the Committee of Experts of the Council of Europe as part of the FATF on the assessment of measures to combat money laundering and terrorist financing -MONEYVAL [6,7].
Ukraine strictly adheres to the important rules adopted by the European Union (EU) (officially known as General Data Protection Regulations-GDPR) regarding the collection, storage, and use of personal information, which entered into force as law throughout the EU in May 2018 and replaced the EU Data Protection Directive 1995. In terms of scope, the new provision applies equally to industries, EU organizations, and organizations of other countries that trade with the EU. Data-driven regulations focus on some specific issues, including ownership of data, explainability, trustworthiness, and transparency of algorithms that are trained or built on such data. A detailed analysis of these rules can be found in [8,9,10]. Thus, according to the data of the State Financial Monitoring Service of Ukraine, for 2022, State Financial Monitoring sent 934 materials to law enforcement agencies (of which 550 were generalized materials and 384 additional generalized materials), where the amount of financial transactions that may be related to the legalization of funds and the commission of a criminal offense, amounts to 75.7 billion hryvnias, and for 2022, the total amount of financial transactions stopped by the State Financial Monitoring and blocked funds is equivalent to 7.7 billion hryvnias [11].
Among the modern automated applications of intelligent decision-making support with the help of agents in the field of logistics and anti-money laundering are known, for example, Real-Time Exception Management Decision Model [12], multi-channel data-driven, real-time anti-money laundering systems for electronic payment cards [13], Scalable graph learning for anti-money laundering [14] and others.
As a rule, the algorithms of such software complexes are based on a sequential multi-step analysis using Simon's decision-making model. First, the data is described, and then there is a transition to the weighted assessment of transactions [15]. In [16], the authors proposed a system for identifying transactions with a high risk of illegality. The article [17] describes an intelligent anti-money laundering system that uses human agents to train and adapt such a system. The publications contain meaningful recommendations for the use of modern automated applications of intelligent decision-making support in the prevention and fight against money laundering, but they do not provide details about how the specified technology should be developed and implemented and what is the real result of its implementation.
The modern Ukrainian market already offers separate "complex solutions" for the study of financial flows for the purpose of financial monitoring. But at their core, these are financial constructors that provide only general information data that is already available in banking institutions [18][19][20][21][22][23]. In the publication [24], the authors proposed a prototype of an automated system for financial monitoring of banking operations from the design of a smart value system for business process modeling, expansion of the Business Process Management Initiative (BPMN), and software package with two complementary products: Process Modeler and BPM Suite Bizagi Studio. The proposed information system is based on the thirteen rules of potential risk: compliance of the funds credited to a bank account with the financial status of the client; regularity of receipt of funds, and further cash withdrawals; signs of evasion from the mandatory financial monitoring procedure on the part of a client; status of a beneficiary in the case of crediting funds from many individuals or legal entities; payment by the client for remote services; payment of the royalty fee, crediting foreign currency to the card account of the client; paying off client's loan for elite goods or real estate; similar IP-addresses of client transactions with other transactions; transactions exceeding 150,000 UAH. This approach allowed the authors to assess the risk of money laundering for each transaction. In the article [25] the main conceptual principles of creating intelligent information systems for monitoring and controlling the financial sector of the circulation of funds, which meets the requirements of the regulatory framework of the world community regarding the prevention and counteraction of the legalization of income obtained through criminal means are examined.
The development of information technology, increasing the rigidity of requirements for the reliability of financial transactions, defines a number of new tasks for specialists in the field of financial analytics to improve existing and develop new banking audit service software products in the areas of developing combined scenarios for solving individual problems, constantly updating algorithms (tasks) with taking into account the trends of the global financial market.
To solve the above problems that arise in banking institutions in modern conditions, a group of specialists from the Analyst-1 information and analytical company has developed and is constantly improving ISPPA in FP (Integrated Software Package for Reventing Abuses in Financial Practices -a package of integrated software for preventing abuse in financial practice. It provides automation of control over the activities of bank customers based on the analysis of banking operations performed by customers, the status of customer accounts, the risk levels of their legalization of proceeds from crime, as well as the identification of affiliated customers by their counterparties, the timeliness of updating personal data and their correspondence to real activity. 25 To write the ISPPA in FP software product, the object-oriented programming language JAVA was chosen, which provides reliability, security, and functionality and is a universal a powerful means of connecting users with various sources of information, regardless of their location. And "architecture independence" allows you to run the software on any platform that has a JAVA virtual machine installed. The main repository of information for the operation of the ISPPA in FP software is the PostgreSQL object-relational database management system. This DBMS provides high stability, fault tolerance, functionality, and speed, has a wide range of tools for storing, processing, and retrieving information, and also supports full compliance with the SQL standard. Identification of funding sources and other support, and thanks to individuals and groups that assisted in the research and the preparation of the work should be included in an acknowledgment section, which is placed just before the reference section in your document.
When tracking cash flows, the system used an innovative approach to analyse cash flows using mathematical models. This is a scoring of client risks -the identification of atypical (doubtful) cash flows using 20 multi-level mathematical scenario cases with their further ranking according to the degree of riskiness. In an in-depth study of the client, in order to increase the accuracy of identifying a dubious transaction, we also use an assessment of reputational risks, as well as simplified operational indicators. To date, we have automated the identification of more than 70 risks and indicators in order to obtain additional data for the final decision on the client.
When assessing reputational risks, information registers are used, and only those that are in the public domain. A deep professional understanding of the processes taking place in the banking sector allows us to develop and improve for our clients exactly those databases that are directly needed for high-quality financial monitoring. The gradual filling of our information platform with new databases is not our desire, this is a market requirement, because the market is developing, mutating, and unscrupulous clients are constantly looking for new and new ways to conduct dubious transactions. We, on the other hand, are on guard and monitor risky areas that appear on the market, which financial institutions need to control more deeply and carefully.
Currently, there are two ways for ISPPA in FP to interact with automated accounting systems: integration and conditional integration. In the case of interaction between ISPPA in FP and an automated accounting system using the integration method, the ISPPA in FP system is directly connected via a local network to data arrays (DBMS) formed in an automated accounting system, and in the reading, mode receives data online for further processing. As a result of data processing, templates of dubious transactions and schemes are formed that can be used by clients when carrying out transactions in a financial institution. A library of such templates is formed into a protective shield designed to prevent dubious operations or the use of dubious schemes for such operations.
The results obtained during data processing, intermediate and final forms of ISPPA in FP work reports can be used to make appropriate management decisions. In the case of interaction between ISPPA in FP and an automated accounting system using conditional integration, the ISPPA in FP system receives data in file mode -offline. As a result of data processing, templates of dubious transactions and schemes are formed that can be used by clients when carrying out transactions in a financial institution. A library of such templates is formed into a protective shield in the form of template files, which are loaded into the system to ensure the timely termination of dubious operations or the use of dubious schemes for such operations. The results obtained during data processing, intermediate and final forms of ISPPA in FP work reports can be used to make appropriate management decisions.
The financial analytical tool in the form of the ISPPA in FP software package of the Analyst-1 company, with the help of the developed "scoring ranking", allows the use of "case" indicators in order to identify risky cash flows. The presented model includes customer segmentation by type, turnover, etc., superimposed on library templates of designed scenarios for suspicious transactions of a customer or a group of customers. The complex makes it possible to carry out analysis on individual indicative indicators, such as "Financial assistance", "Assignment of debt", "Transit operations", "Return of funds", "Currency operations", etc., as well as to form mixed "cases" using the score scales. It allows you to set risk-based points of contact for scenario models to determine the degree of responsibility using the developed mechanism for establishing the categoricalness of decisions in accordance with the vertical of subordination in the structure of the financial monitoring unit.
These features help: minimizing the decision-making time for individual scenario "cases"; conducting operational analysis of selected and ranked clients depending on the number of scenario mix "cases";
conducting an early response based on the results of the consolidation of scenario criteria. The developed analytical system is based on a dynamically configured analytical platform. The use of already configured mathematical and analytical algorithms and their testing on real banking bases allow us to model the logic of clients' cash flows and understand the principles of their activities. To process large data arrays, Analytic-1 uses the latest integrated technological approaches, such as big data. The company's extensive experience in data processing has been focused on optimizing analysis methods. Thus, the use of a hybrid method of analysis, which is a combination of clear (digital) and fuzzy (textual phrases) matches, made it possible to create unified libraries of "assignments" for greater coverage of the payment "audience" and a clearer understanding of the essence of cash flows of both the client and his counterparty (s). Based on the above, the company's specialists are actively using a consolidated single platform with improved architectural and analytical capabilities, flexible configuration, and modular expansion.
We will provide a description of the basic scenario reports and their concise descriptive algorithm. Consolidated reporting is defined in a period of one month.
1. The "Financial Assistance" limitation provides for the possibility of making samples for the assignment of payments (according to the "FINANCIAL ASSISTANCE" directories) within the defined turnover and with established interest limits:
customer operations are selected according to a set of control words in the "Financial assistance" group of the assignment directory that is included in the payment assignment. Transactions that the client performs on his own within the bank (payer of MFI, the payer of EDRPOU) <> (recipient of MFI, recipient of EDRPOU) are removed from the set. We select clients in which the amount of credit turnover for the month is more than indicated in the report parameters, the amount of financial assistance is greater than indicated, or the percentage of the amount of financial assistance to the amount of credit turnover is more than indicated.
2. The "Securities" limitation provides for the possibility of making samples for the assignment of payments (according to the "SECURITIES" directories) within the defined turnover and with the established interest limits:
customer operations are selected according to a set of control words in the "Payment for goods, without VAT" group of the assignment directory, which is included in the payment assignment. Transactions that the client carries out on his own within the bank (MFI payer, EDRPOU payer) <> (MFI recipient, EDRPOU recipient) are removed from the set. Customers are selected in which the amount of credit turnover for the month is more than specified in the report parameters, the amount for "without VAT" is greater than the specified amount, or the percentage of the amount for "without VAT" to the amount of credit turnover is more than specified.
3. The restriction "Payment for goods "without VAT" implements the possibility of making samples for the assignment of payments (according to the directories) "FOR GOODS WITHOUT VAT" within the defined turnover and with established interest limits:
customer operations are selected according to a set of control words in the "Payment for goods, without VAT" group of the assignment directory, which is included in the payment assignment. Transactions that the client performs on his own within the bank (payer of MFI, the payer of EDRPOU) <> (recipient of MFI, recipient of EDRPOU) are removed from the set. We select clients in which the amount of credit turnover for a month is greater than specified in the report parameters, the amount "without VAT" is greater than the specified amount, or the percentage of the amount "without VAT" to the amount of credit turnover is greater than the specified amount.
4. Crediting to the accounts of individuals from legal entities (J--->P) allows you to identify the total amounts of turnover per month on the account(s) of an individual that exceeds the established limited threshold:
the selection of clients of legal entities that carry out operations on individuals for a total amount per month greater than/equal to the specified amount is carried out. Turnovers are taken from accounts 2600, 2650, and 2605 to accounts 2620, and 2650, excluding transactions in which the Bank is the payer.
5. Reimbursement of insurance payments involves the return of insurance payments to the client's account exceeding the total established limit of more than:
customer operations are selected according to a set of control words in the "Refund of insurance payments" group of the assignment directory, which is included in the payment assignment. We select clients in which the number of returns per month is greater than specified in the report parameters.
6. Balance at the end of the day. (In the period of one month, the client's balance at the end of the day is less than given % of the credit turnover for the day):
credit turnover and balances at the end of the day are selected to generate data on Class 2 accounts. The report includes clients whose credit turnover is greater than/equal to that specified in the report parameters, and the ratio of the average daily balance at the end of the day to the average daily turnover is less than/equal to the specified percentage in the report.
7. The restriction "Assignment of claim rights" allows you to implement the possibility of carrying out samples for the assignment of payments (according to the directories) "ASSIGNMENT OF CLAIM RIGHTS" within the defined turnovers and with established percentage limits with the exclusion of defined GROUPS of clients from the reports:
the selection of customer operations is carried out according to a set of control words in the "Assignment of the right of claim" group of the assignment directory, which are included in the payment assignment. Transactions that the client carries out on his own within the bank are removed from the set (MFI payer, EDRPOU payer) <> (MFI recipient, EDRPOU recipient). claim" is greater than the specified amount or a percentage of the amount "Assignment of the right of claim" to the credit amount.
8. The restriction "Refunds" allows the possibility to carry out samples on the assignment of payments (according to the directories) "REFUNDS (ERRORLY CALCULATED COSTS)" within the defined turnovers and with the established percentage limits with the exclusion of defined GROUPS of clients from the reports: customer operations are selected according to a set of control words in the "Refund" group of the assignment directory, which are included in the payment assignment. Transactions that the client performs on his own within the bank (payer of MFI, the payer of EDRPOU) <> (recipient of MFI, recipient of EDRPOU) are removed from the set. We select clients in which the amount of credit turnover for a month is greater than specified in the report parameters, the amount of "Refund" is greater than the specified amount, or the percentage of the amount of "Refund" to the amount of credit turnover. 9. Transfers from legal entities to individuals. (For a period of one month, the generally limited threshold of transfers by legal entities (Dt. Turnover) of funds to the accounts of individuals (Ct. Turnover) exceeds 55% of all debits from the accounts of legal entities.):
the selection of clients, and legal entities that carry out operations for individuals or FOPs is carried out. Turnovers on accounts from 2600, 2650 to 2620, 2625, and from 2600, 2650 to 2600 are selected (FOP EDRPOU>9 characters). Customers have selected in which the amount of the total debit turnover is greater than/equal to the specified amount in the report parameters, the percentage of the ratio of the number of transfers (physical persons + FOP) to the amount of the total debit turnover.
10. Foreign exchange payments (import). (Selection of all clients who transfer funds abroad under contracts with a threshold amount in hryvnia equivalent):
clients who carry out operations from accounts 2600, 2932, and 2952 to account 1500 with a currency code other than 980 are selected. At the same time, the total amount of operations must be greater than/equal to that specified in the report parameters.
11. Transit transactions (turnovers with a difference in amounts of +-5% within 60 min).
the selection of customers is formed by operations, the amount of which is greater than/equal to the amount indicated in the report parameters, which are received on the accounts of 2600, 2650 clients (operations in which the payer's EDPOOU = the Bank's EDROPOU are excluded). At the same time, these clients sent the payment to another client within an hour after receipt with the amount +the percentage indicated in the report parameters, from the amount of the receipt payment.
12. Verification of relation to Public Persons. (Selection of all clients who are public entities and who conducted transactions with their counterparties):
selected according to the client's questionnaire from OBD Bank. 13. Verification of the client's compliance with the segment. (Selection of all customers that exceed the declared segment turnover):
the report works if there is customer segmentation in relation to the amount of its turnover. For the calculation, the sum of all credit turnover on accounts with the mask "26%" is taken, minus the amount that passes through operations from "2600" to "2900" with currency code=980. The amount of the determined turnover is compared with the amounts from the Bank's segmentation guide to determine the current segment.
14. Turnovers with counterparties who had NVR or are included in the Bank's emergency situation (Selection of clients who have turnover with clients from NVR):
from the customer questionnaire, we determine the list of customers who have NVR in the calculation period. The report includes all clients who had transactions with clients from the list.
15. Transactions with counterparties from external emergencies. (Selection of clients who have turnover with clients from emergency situations.):
the bank fills in the so-called blacklist of clients. The report includes all clients who had transactions with clients from the list. 16. Receiving budget payments. (Receipts to client accounts from budgetary organizations): legal entities that had income from treasury accounts are selected, and the selection of treasury accounts is carried out according to the MFI directory. Clients whose transaction amount is greater than/equal to the specified transaction amount in the report parameters or the total amount for the period is greater than/equal to the specified total amount in the report parameters are included in the selection. 17. Grinding. "Grinding" includes a client who performs transactions, or for whom another counterparty performs transactions with a total number of >=3, for a total amount of >=450000.00 during one day. At the same time, the purpose of operations must match by >= 70 percent.
Full automation of archival activities, the creation of electronic archives is no longer a dream, but a reality of our days. All archival information, including all program libraries, should be integrated into a single program, on the basis of which it will be possible to provide information to users on many indicators. In the ISPPA in FP software package, achieving the goal of automating the processes of verification of public persons is ensured by implementing a number of interrelated activities aimed at an integrated approach to searching, ranking, collecting, and processing information. When forming the database of public, close, and related persons, the company put forward a number of requirements:
the database schema should be as simple as possible to understand without much effort; the database schema should be relatively complicated in order to build scenario "cases"; the database scheme should be filled with data of various profiles, both external and internal, which will be connected using algorithmic chains;
the scheme of the base should be adjusted depending on sectoral changes, both of a national and regional nature.
The ISPPA in FP software package implements a model for the accumulation of multidimensional information, it's processing and updating. The use of a stepwise automated mode to identify and identify the affiliation of bank customers with national, and foreign public figures and figures performing political functions in international organizations, persons close to them, or persons related to them on the basis of a valid and constantly (daily) updated database allows with maximum accuracy conduct a sample of clients of this category. In general, the functional solution of the ISPPA in FP software package allows using the developed "cases" to conduct cash flow studies on a new scenario level using a full set of algorithms integrated into the complex.
The functionality of the "Public Persons" module of the ISPPA in FP software package consists of four sections:
list of public persons; personal data; identification of public figures; service.
This section includes the following blocks: General information. The block contains a list of all public and related persons; Associated individuals. The block provides access to the list of relatives and related individuals of a particular public person;
Associated entities. The block provides access to the list of related legal entities of a specific public entity;
Search. In addition to searching by the specified parameters, you can use the filter by "Sectors of activity" and "Regions". It is also possible to view only new or changed entries. Activating the "Photo" option allows you to view photos of a public person directly when you select it.
The section allows you to view information about the institution's clients, and search for them by name or EDRPOU code, TIN. In addition, you can view a list of customers who are identified as public persons in this institution, as well as view a list of persons who are identified as non-public and are not included in automatic searches.
The section allows you to search in the bank's customer base and identify "public persons" who did not indicate in the questionnaire information about belonging to "public persons", by priority (high, medium, low). This section also displays information about the identified person from the database of public persons, with the ability to view supporting information with a link to the source of information.
The result of the samples is the formation of reporting: report on selected public persons -a summary report on selected entries; report on identified persons -a complete report on all records, indicating the place of work; list of public persons with related organizationslist of persons with related organizations existing in the institution;
another.
The tasks of this section include: work with users of the module "Public persons"; performance of other functions. Constant modernization of the ISPPA in FP complex with the involvement of leading experts in financial monitoring, operational improvements in accordance with customer requirements, and training taking into account the latest program changes are the priority of the developers.
For large and medium-sized banks, Analyst 1 specialists have developed software packages ISPPA in FP (Integrated Software Package to Preventing Abuses in Financial Practices), and for small banks,
The ISPPA in FP software product, which uses seventeen basic scenario reports as criteria algorithms, allows the creation of a flexible information model that makes it possible to quickly integrate with a variety of banking products (the bank's operating day), as well as the creation of a technological map of diverse testing of the integration with using functional analysis, analysis of limit values broken down into equivalence classes and taking into account multi-level mathematically integrated components to test the structural and functional criteria of software. Conducting multi-vector statistical and dynamic testing of the software package confirms the correctness of the mathematical model of the software product and ensures successful certification and verification. The cross-platform nature of the ISPPA in FP software package allows you to easily and quickly integrate with the environment of a financial institution. The implementation of the ISPPA in FP software package makes it possible to use: typical information search scenarios with the possibility of using "alerts"; new unified algorithms that are already successfully operating in banking institutions and developed by practicing financial analysts; the latest developments in the field of processing large data arrays and systematization of technological processes that allow you to quickly and efficiently operate information. Also, in the article a statistical approach to selecting the number of payments to check is presented. With use of described approach count of payments to check for each layer was presented.
a complex for studying individual risky assets DORA (Research of Risk Assets). Both applications are capable of handling large data sets. They can be used autonomously and at the same time are easily integrated into various information banking systems. For non-banking financial institutions, there is the ISPPA for NBFI (Integrated Software Package to Preventing Abuses for Non-Bank Financial Institutions) application. Also, the specified scenario report and the proposed algorithms for its implementation made it possible to create software for tracking reputational risks -Check Lists FinAP.
The integrated software package has proven itself, has been tested, and is successfully used in a number of leading banks. Among the users of the developed software products are Ukreximbank, Alfa-Bank, TASCOMBANK, PUMB, Raiffeisen Bank, OTP Bank, Kredobank, Piraeus Bank, and others. The information system is trusted by more than 25 insurance companies, including "Universalna", "Oranta", "Etalon", "Providna", "Persha", UPSK. TAS Group and Eximleasing are also our clients. Financial companies' "SS LOUN", "CASH TO GO", "FREEDOM FINANCE Ukraine", Money4You cooperate with us. And there are many other clients that are equally important to us.
Let the observation units (payments) be characterized by a wide range of value parameters -from several thousand hryvnias to values exceeding 1 million hryvnias. It was decided to check payments for a certain period of time, the total number of which is 5,000. Since the range of value indicators is large, the observation units will be divided into 4 value intervals according to the selective method of stratification (the first column of Table 1). Based on considerations about determining the minimum required sample size of the researched observation units, which representatively characterize the entire general population, with the corresponding indicators of confidence probability and confidence error of observations, it is determined according to the formula:
where tthe critical value of the Student's criterion at the appropriate level of significance (as a rule, in statistical studies, 0.05 is used as the critical level of significance, then at this level of significance 𝑡 is 1.96), ∆maximum permissible error (usually 5% in statistical studies), Ngeneral volume, Pthe proportion of cases in which the trait under study occurs, Qthe proportion of cases in which the feature under study does not occur (100-𝑃). Thus, the minimum number of selected payments for verification is 𝑛 = 1,96
Thus, it is necessary to select 135 observation units with value parameters below the threshold of significance, from the total number of them, equal to 5000. There are two options for this:
1. Randomly select this quantity without taking into account the cost characteristics in each layer (proportional placement);
2. Taking them into account.
The second method of selection, where disproportionate placement takes place, more reliably reflects the properties of the general population.
In column A of the "Sample volume" column of the table. sample sizes proportional to the number of payments in each interval (2.7% of the number of payments in a stratum) are shown.
When dividing the sample volume by intervals taking into account cost characteristics to estimate cost indicators by intervals, multiply the central values of each cost interval (shown in parentheses) by the number of payments it includes.
The estimate of the total amount of value indicators is 2.13 million hryvnias. So, for every million hryvnias. this amount accounts for 135/2130 = 0.063 sample units. In this case, the sample size for the first interval will be 12.5 0.063 = 0.78 for the second interval -55 0.063 = 5.2, etc. The corresponding data are given in column B of calculation table 1. As we can see, even a very approximate accounting of the cost factor (column B) significantly changed the distribution of sample sizes by strata in favor of observation units with higher cost characteristics.