Red Hat Fuse: AML solutions should be able to extract and ingest data from check processing, watch lists, and databases, making data available quickly for analysis. Supporting ubiquitous connectivity with more than 150 connectors and services, Red Hat Fuse can support batch processing and real-time use cases. It functions as a lightweight pattern-based integration platform for noncritical path data loads. The service provides real-time notifications, an application programming interface (API) foundation, intuitive tooling, and improved high availability to allow extensive customization in AML frameworks.
Red Hat Fuse is also the data abstraction, transformation, and provisioning engine for the AML architecture. It can ingest data directly from enterprise data storage systems. The data virtualization component simplifies the process of integrating data from a variety of sources such as relational databases, files, web services, and Software-as-a-Service (SaaS) repositories, letting them be accessed as virtual databases that allow the use of standard OData, REST, or JDBC interfaces and the execution of SQL queries. Data from storage systems or databases can also be injected directly into Red Hat Data Grid via extract, transform, load (ETL) operations using the Apache Spark core library. Data, in other formats, also can be integrated. With Red Hat Fuse, the complexity of data types and sources is masked so that Red Hat Data Grid can speed application response times, reduce latency, improve the user experience, and reduce the load on transactional databases.
Red Hat 3scale API Management: The API management platform lets you monitor and control API use for data transfers between systems and throttle requests as needed to protect systems of record. Red Hat 3scale API Management lets you share, distribute, and manage APIs with security on a centralized platform built for performance, customer control, and future growth. A set of selfmanaged and cloud components provides traffic control, security, and access to policy enforcement capabilities.
Red Hat Data Grid: Once data is extracted and ingested, other services within an AML framework need fast and flexible access for processing and analysis. Red Hat Data Grid serves this purpose, functioning as an in-memory data management system that can be used as a distributed data cache and event broker. With the ability to perform reads and writes to cache, Red Hat Data Grid can function as a key-value store similar to a NoSQL database. This ability means that it can serve as the primary application data source for rapid retrieval of in-memory AML data. It also can be used to persist transaction data for recovery and archiving. Applications can run data-intensive operations like queries, transaction management, and distributed workloads against Red Hat Data Grid.
Red Hat AMQ: Event-based interaction allows different services in the AML framework to interact in a resilient and decoupled manner. The components maintain well-defined boundaries and interact with each other by consuming and producing business events. The interaction with other enterprise systems is also event-driven. Data sources become event sources with enterprise integration, illustrated in Figure 1 using Red Hat Fuse, or Apache Kafka Connectors deployed via AMQ streams. Change data capture connectors from AMQ streams, a component of Red Hat AMQ, can be used for real-time data updates. The role of AMQ streams is to act as the central hub and event broker of this architecture and provide capabilities such as pub-sub interaction, scalability, ordering, longterm persistence for additional composability, and replayability.
Build a AML transaction monitoring engine
An effective AML system needs to enable rapid and flexible application development. Business experts and application developers alike need to be able to model, automate, measure, and improve their critical policies and processes executed as a part of business rules.
Red Hat Decision Manager combines the power of declarative logic with business rules to facilitate compact, fast, and easy-to-understand business applications. Analysts and developers can now work on the same artifacts, since the rules are both human readable and machine executable. Generally two kinds of rules are involved:
- Rules automatically generated by Apache Spark jobs based on historical transactions can create a profile of a customer (e.g., average daily cash deposit, average cash transfers, average credit card transactions).
- Analyst-managed decision tables are used to take necessary action based on the risk score of a particular transaction.
Identity data quality
AML systems must reliably match data elements and determine a quality score to avoid false positives. For example, names and addresses of customers — complete with typos or intentional errors — must be matched against the Office of Foreign Asset Control (OFAC) list of known terrorists.
As an in-memory data management system, Red Hat Data Grid provides configurable ACID (atomicity, consistency, isolation, durability) transaction support and integration with Apache Spark and Apache Cassandra. It also provides querying capabilities with Hibernate Search and Apache Lucene used to index and search objects in the cache. Users can obtain objects within the cache based on some of the object’s properties — without needing to know the keys to each object that they want to obtain.
Watch list support
Analysts need to be able to easily maintain and update watch lists provided by governmental organizations, sanctions lists from compliance organizations, and confidential internal watch lists. Using Red Hat Fuse, they can access and retrieve diverse watch lists from different governments and agencies. Watch lists can then be stored in a cache or database, or converted into a decision table, ensuring that the system is always updated with the latest lists, rules, and policies.
Fraud processing system
The fraud processing system is technically a separate supporting solution to AML, but it too needs to take advantage of emerging technology frameworks such as analytics, machine learning, and artificial intelligence.
Once a transaction is flagged, the system needs to provide an adaptive and responsive analyst user interface with the following functionality:
- Rules: With Red Hat Decision Manager, the logger functionality of the rules engine can create an audit trail of the rules that have been executed. This capability helps the analyst understand the transaction under investigation and what data or conditions triggered the investigation.
- Process: Red Hat Process Automation Manager integrates process and decision management, coupled with simple tools for business experts and developers, making it easy for project stakeholders to collaborate and design business processes and define policies. The business process diagram can be displayed with current steps highlighted, helping analysts understand completed steps and next steps.
- Analytics: Red Hat Fuse includes modular integration capabilities and an enterprise service bus (ESB) to unlock information. Using this mechanism, the system can retrieve all of the associated data about the transaction and related customers. This information can then be stored in Red Hat Data Grid for quick access.
- Administrator view: Red Hat Process Automation Manager provides a portal that offers multiple views of tasks, including the number of open tasks, tasks assigned to analysts, delegated tasks, and time taken to complete a task. These graphs can be embedded in custom dashboards so that management leads have complete visibility into analyst activities.
Statistically based fraud detection
Fraud detection is increasingly based on machine learning (ML). These methods use statistics, analytics, and artificial intelligence (AI) to classify potential fraud investigations. Descriptive analytics or unsupervised learning finds unusual or anomalous behavior that deviates from the average behavior. In contrast, predictive analytics seeks to build a model predicting a target of interest. Red Hat Storage can be used to provide distributed file services — either on-premise or in the cloud — to support a wide range of analytics activities. Figure 2 illustrates the process of training, deploying, and monitoring AML/ML models for detecting anomalies and predicting likelihoods.
Within the training pipeline, pre-existing data and outcomes are used to build the model. Through examinations of this data, which include labeling and cleansing the data, significant features are identified, extracted, and used to train the model, testing its performance with naive data (data not used in model training), along with various metrics.
Once refinements are completed, the validated model is tested in a production-like setting to generate the model service, assessing the processing speeds, health, and usability of the model in a (limited scope) real-world environment. The resultant model service becomes the code used in production to generate the insights.
Deployment into the production pipeline is achieved by embedding the model service code into the originating data sources and transaction systems. This service then automatically extracts features and applies the model. Ongoing reporting to address model drift beyond desired thresholds is applied, with notifications set for when model refinement, retraining, or substitution should occur.
The Open Data Hub is an open source project that brings together open source AI tools for running large and distributed AI/ML workloads on Red Hat OpenShift® Container Platform.
Financial institutions must comply with a variety of reporting requirements, designed to identify suspect individuals and transactions.
- Currency transaction reports (CTRs): CTRs are used to identify individuals conducting cash transactions and maintain a trail for cash withdrawals and deposits, foreign currency exchange, and other cash transactions. Red Hat Decision Manager provides easy-to-write rules that can identify when a CTR needs to be filed. When needed, the system can also automatically file a CTR. Red Hat Decision Manager also comes with a complex event processing (CEP) engine. Using CEP sliding window patterns, the system can keep track of all transactions performed in a 24-hour window, filing a CTR accordingly.
- Suspicious activity reports (SARs): Once a transaction is flagged, financial institutions are required to file a SAR with the Financial Crimes Enforcement Network (FinCEN) within 30 days. Red Hat Process Automation Manager can generate the SAR from the various templates stored in the system. The relevant data can be pulled from the downstream system using Red Hat Fuse or from the Red Hat Data Grid cache. This level of automation can improve analyst efficiency since reports no longer need to be created manually.
AML in the hybrid cloud
To operate in a flexible and cost-effective manner, an AML system must provide timely information that lets analysts react as quickly as possible. In Red Hat’s solution architecture, the AML transaction monitoring engine works across a cluster or clusters of industry-standard servers. These nodes can be located on-premise or in a public cloud. This hybrid cloud model lets organizations gain considerable agility by deploying scalable AML solutions that can adapt quickly to new challenges or changing regulatory environments. Embracing technology like containers and big data analytics can yield significant benefits.
- Kubernetes containers: Containers are a significant technology for packaging and deploying AML images. Both the AML transaction monitoring engine and transaction models shown in the architecture can benefit directly from container technology. Red Hat OpenShift Container Platform includes Red Hat’s enterprise-ready Kubernetes implementation for orchestration, making it ideal for deploying AML in the cloud. Red Hat Container Storage supports containers directly, allowing storage to be deployed as a container. Together with Red Hat OpenShift Container Platform, this capability allows storage to be deployed close to compute resources in a cloud setting.
- Big data analytics: Apache Spark can harness the resources of thousands of compute cores to run random trials and aggregate their results. It can transform raw financial data into model parameters needed to carry out simulations as well as persist the result in a cache store via Red Hat Data Grid. Apache Spark also provides SQL support for analyzing the results. The simplicity of Apache Spark’s programming model can greatly reduce development time, allowing programming in Scala, Java™, or Python. Red Hat Storage allows data spread across multiple machines to be accessed as a single logical entity.
- High-performance ingest: A high-performance ingest mechanism such as AMQ streams or Red Hat Fuse can be used to extract data from the data injector and insert the data into Red Hat Data Grid via an Apache Spark or Flink layer. At that point, Red Hat Decision Manager can derive real-time business rules and dynamically create new workflows based on the rules. After the data is inserted into the grid, incremental algorithms are run and resulting data is stored in the aggregated results and reporting layer for querying, analytics, and visualization applications.
- Data virtualization: Data virtualization is an abstraction layer to connect disparate, big data sources without moving or copying the data. Composing a virtual data set, Red Hat Data Virtualization operates across environments (on-premise and cloud), connecting different data types and formats. It makes the selected fields consumable by any standard interface, including OData, ODBC, JDBC, REST, and Java applications. Given the abstraction layer, it protects consuming applications from disruption.
AML infrastructure needs to be flexible and innovative to allow organizations to address current business needs even as they adapt to a changing regulatory environment. Red Hat’s open source enterprise technology can help financial services companies respond more quickly and efficiently, with AML infrastructure that can evolve to meet new challenges. Beyond the limitations of proprietary solutions, incorporating analytics, containers, and open hybrid cloud solutions brings a new agility to AML solutions.