We have developed a machine learning model for a leading Dutch bank with over EUR 300 billion in assets to detect potential money laundering activities within its high-net-worth client segment.

Challenge​

Anti-Money Laundering (AML) models typically struggle with a common issue: a limited number of true positive cases for effective model training. To address this, most AML models incorporate some form of anomaly detection to identify unusual patterns in client behavior.​

We focused on the bank’s wealthiest clients, identified by a minimum asset threshold. This presents a unique challenge because, by nature, these clients are already statistical outliers. As a result, we needed to identify anomalies within this group of outliers, significantly increasing the model's complexity.​

The bank has an existing model in place, and our role is to enhance its performance, with a focus on:

• Redeveloping peer groups
• Reducing false positives in AML detection

Model Development

Like most machine learning projects, the development lifecycle is divided into three key phases: feature engineering (which takes up most of the time), modeling, and testing/implementation.​

We designed model features to ensure that normal client behavior corresponds to lower values, while anomalous behavior triggers higher values. This approach enhances the effectiveness of anomaly detection models.​

Collaborating closely with operations analysts, we refined these features to minimize obvious false positives among top-scoring cases. As a result, clients with legitimate activities are less likely to receive high anomaly scores in the final model.​

Peer Groups​

Detecting anomalous behavior among high-net-worth clients—who are all outliers by nature and exhibit highly diverse transaction patterns—requires a nuanced approach. To address this, we grouped clients based on their transaction behaviors to form peer groups.​

Key features were then evaluated by measuring how much a client’s behavior deviated from that of their peers. This method identifies anomalies by comparing clients to peers with similar transaction patterns.​

Our role involved revisiting and refining these peer groups to enhance the effectiveness of peer-based features, ultimately improving the model’s overall performance.

For more information, visit our Financial Crime Prevention page, or reach out to Johannes Lont, Senior Manager.

VAT Carousel Fraud (VCF) is a significant issue in the EU, costing an estimated €25-50 billion annually. We helped one of the largest Dutch banks become the first to develop a machine learning model specifically tailored to detect this type of fraud.

Challenge​

A team within the bank manually identified several cases of VCF each month. The objective was to develop a machine learning model to replace these investigations while leveraging the team’s expertise. The challenge was to create an effective model despite having a limited number of true positive cases for training.

Model Development​

Most Anti-Money Laundering (AML) models focus on detecting a broad range of money laundering activities. However, anomaly detection models are particularly effective at identifying outliers across diverse behaviors.

In the case of VAT Carousel Fraud (VCF), the behavioral patterns of the missing trader role are more distinct and consistent. To address this, we implemented a hybrid approach that combines supervised and unsupervised machine learning models.

The approach is summarized in the following steps:​

1 - Feature Engineering​

• Converted risk indicators into features, focusing on aspects like network structures and rapid movement of funds.​

2 - Supervised Model​

• Employed XGBoost to identify missing traders within the carousel fraud.​
• Utilized all available true positives to train the model on recognizable patterns.​

3 - Unsupervised Model​

• Implemented Isolation Forest to detect other roles in the carousel fraud.​
• Focused on outlier detection to identify anomalous behavior.

Performance​

Given the large scale of VAT fraud within the EU and the well-defined transactional typologies, we expect the model to deliver strong performance.

The first VAT Carousel Fraud (VCF)-specific models are now in production. A set of alerts was generated using real transaction data and reviewed by experienced analysts, achieving a 20% precision rate in identifying suspicious activities.

​VCF explained ​

VAT carousel fraud, also known as missing trader fraud, exploits the VAT system by allowing companies to import goods VAT-free within the EU, sell them domestically while collecting VAT, and then fail to remit the VAT to tax authorities.

The goods are sold through a chain of companies and eventually exported again, enabling the final exporter to reclaim the VAT. This cycle can be repeated multiple times, leading to substantial tax losses for governments.

For more information, visit our Financial Crime Prevention page, or reach out to Johannes Lont, Senior Manager.

We have helped a Dutch bank with over 500 billion in assets understand and realize their data ambitions regarding customer due diligence, sanctions, transaction monitoring, and fraud.

Challenge​

Entering the final stages of remediation, the bank wishes to develop a best-in-class data strategy in the financial crime domain. Having spent the last few years focusing on ensuring short-term compliance, the management team requested Zanders’ help to transition into an institution capable of tackling financial crime proactively.

This project aligns with a wider trend in the financial industry, where institutions, after addressing regulatory findings, invest in augmenting and automating their financial crime systems as a stepping stone toward an integration phase with a holistic view of client risk.

Solution

Zanders proposed a three-step approach:

• Step 1: Determine the current maturity state​
• Step 2: Work along with stream leads to determine ambition
• Step 3: Create and execute a roadmap to guide the bank through until 2027​

In Step 1, we determined the current state of data management regarding customer due diligence (CDD), sanctions, transaction monitoring (TM), and fraud. Since data is a multifaceted and all-encompassing element of an institution’s fight against financial crime, we divided our investigation into six key themes. This structure allowed for better alignment with stream leads within the bank while also enabling comparisons with best practices across the financial industry.

During Step 2, we assisted stream leads in identifying pain points and future objectives, thereby developing ambitions for each of the six themes. These ambitions balanced the bank’s desire to foster a cutting-edge data policy while still being actionable given the available resources—technical and otherwise.

Finally, in Step 3, not only did we bring all ambitions together into a coherent roadmap defining the data strategy through 2027, but we also began executing this roadmap immediately, minimizing the time between vision and realization to maximize value creation.

Moreover, a key deliverable was a comprehensive overview of the primary dataflows between departments. Our experience shows that, in trying to ensure short-term compliance, financial institutions often inherit a legacy of tangled dataflows, where data origins are obscured and key features are redundantly recalculated.

The first step toward resolving this issue was to carefully analyze how data flows between different pillars (Transaction Monitoring, KYC, Fraud Detection, and Sanctions). Once identified, inefficiencies and vulnerabilities were addressed through improved architecture and governance.

Making the Data Transformation Visual

The broad scope of this project, combined with the large amount of data it involves, poses a risk that stakeholders may struggle to stay informed about developments and decisions.

That’s why, from the very beginning, we committed to visualizing the ongoing transformations by creating a Data Initiative Dashboard to track progress on key data initiatives. This tool enables leadership to monitor and adjust priorities throughout the execution phase and establishes a gold standard for reporting future initiatives in an informative and intuitive manner.

For more information, visit our Financial Crime Prevention page, or reach out to Johannes Lont, Senior Manager.

Our client faced a challenge with a large volume of KYC/CDD reviews that needed to be conducted periodically, but many did not contain material CDD risks. Zanders supported the development and management of the PR automation model, which automates cases requiring limited research and allows analysts to focus on more complex, high-risk cases.

Challenge​

The traditional approach to CDD case handling requires significant manual effort by analysts. However, many cases that require minimal investigation are still reviewed manually. As a result, the current approach is neither risk-based nor cost-effective.

Typically, a Client Risk Rating model classifies clients as low, medium, or high risk. These clients are then reviewed at set intervals, such as every five, three, or one year(s), respectively. During these periodic reviews, analysts spend considerable time reviewing cases with no significant changes since the last manual review. This process is inefficient, and improvements can be made to make it more risk-based.

Solution

The PR automation model identifies cases that require minimal research and processes them automatically. The process begins with analyzing the current group of clients. From this large dataset, a subset of low-risk clients is identified based on expert knowledge combined with data analysis.

Next, the model determines which additional automated checks are necessary to ensure that the case has not undergone material changes since the last manual review. With these additional checks in place, the case can be processed automatically.

Automating PRs is only possible with a strong data foundation. Zanders assisted not only in developing the PR model but also in ensuring that data quality meets the necessary standards.

Performance

The PR automation model delivers significant cost savings while improving the efficiency and effectiveness of CDD case handling. Additionally, Zanders supports clients in demonstrating to regulators that this model helps transition to a more risk-based CDD approach.

For more information, visit our Financial Crime Prevention page, or reach out to Johannes Lont, Senior Manager.

We conducted a comprehensive review of the model landscape and governance across all KYC & AML models in a leading Dutch bank with over 900 billion in assets.

Challenge​

Although the shift toward a risk-based approach for models and processes in a bank’s first line of defense (1LoD) is widely adopted across the industry, this approach is often lacking in second-line (2LoD) activities. As a result, limited compliance and validation resources are allocated to low-complexity, low-impact models, leaving less time for rigorous evaluation of high-impact, complex models.

We conducted our review by focusing on four key areas: first, clarifying the definition and classification of models; then building a risk-based approach to model risk management given this classification. Finally, we covered model ownership and the overarching landscape.

Model Definition and Classification

What qualifies as a model? This question is as straightforward as it is fundamental. Without a clear definition, institutions cannot build a coherent approach to model risk management. Under the existing framework, several "expert opinion"-based systems were subject to model validation requirements. By leveraging Zanders’ extensive market experience, we refined the definition to align with industry standards, effectively removing these expert systems from the model inventory.

The bank’s existing model risk classification, based on the likelihood and magnitude of reputational risk, did not require an overhaul but benefited from key refinements. Zanders recommended enhancing the framework by factoring in additional elements, such as automation and model complexity. These refinements resulted in a classification system suitable for leading industry models.

Risk-Based Model Risk Management

With a robust model classification established, a risk-based approach to model risk management was implemented. Each model was assessed based on its potential reputational risk and intrinsic complexity, with oversight measures adjusted accordingly.

For example, models with lower risk and complexity were validated using a more qualitative approach, eliminating unnecessary benchmarking and confidence level requirements.

Model Ownership

Ownership is a critical component of the financial crime model landscape. Without clear ownership structures, model maintenance and necessary improvements, such as those prompted by validation findings, become challenging.

A well-defined ownership structure ensures sufficient independence between model development, ownership, and validation, reinforcing accountability and governance.

Model Landscape

Within the Compliance and KYC domains, a wide range of models exist, broadly categorized under:

• Customer Due Diligence (CDD)
• Transaction Monitoring (TM)
• Screening
• Market Abuse
• Investment Risk

Following our review, we provided a detailed visual representation of this often highly complex model landscape. This offered the management team a unique, high-level perspective, helping identify key areas for improvement based on industry best practices and regulatory expectations.

For more information, visit our Financial Crime Prevention page, or reach out to Johannes Lont, Senior Manager.

We restructured the Financial Crime Prevention (FCP) model landscape of a bank with over 500 billion in assets to prioritize efficient model development and reduce analyst workloads.

Challenge​

Despite having a mature and well-resourced FCP department, this Dutch bank’s existing model landscape was overly complex. It lacked transparency in the alert generation process and produced too many unnecessary alerts. Additionally, the model development process was extremely time-consuming, causing a lengthy delay between development and implementation. This resulted in frustration within the department and exposed the bank to operational risks.

Our mandate was to develop a model landscape that:

• Improves the effectiveness of models within the landscape
• Enhances the efficiency of the model development process

Model Development

Any mature model development process follows key stages: data preparation, experimentation/modeling, implementation (e.g., within a pre-existing codebase), and model validation.

By developing a landscape where preparation, implementation, and validation are streamlined, model developers can dedicate more time to in-depth analysis and leverage cutting-edge modeling techniques. The result is a landscape populated by high-performing, advanced models.

To achieve this, we provided several key recommendations:

• Model Validation: By enacting a toll-gated approach to model validation, potential issues can be flagged earlier in the development process.
• Data: By emphasizing reusable and well-documented data elements (e.g., through feature stores or derived layers), features and tables can be shared, drastically reducing data preparation time.
• Implementation: By standardizing the model design process and adopting a robust MLOps framework, model implementation can become seamless and consistent.

Model Landscape

Within such a complex domain, having high-quality models is only the first step in tackling the risks associated with financial crime. To be truly effective, models must have minimal overlap while collectively maximizing coverage of perceived risks.

Once this balance is achieved, models can be embedded into a landscape designed for targeted signals (i.e., ongoing due diligence) rather than the former periodic review regime.

Below is a schematic view of a best-practice FCP model landscape. The trigger-based approach ensures that analysts assess only those clients or transactions worth investigating. This shift results in higher-quality Suspicious Activity Reports (SARs) and more engaged analysts.

Implementing our recommendations would reduce the time-to-market for a model in development from 24 months to 9 months, significantly decreasing analyst workloads while improving the efficiency and effectiveness of financial crime detection.

For more information, visit our Financial Crime Prevention page, or reach out to Johannes Lont, Senior Manager.

We assisted a private Dutch bank in managing the overwhelming volume of queries from bankers regarding Know Your Customer (KYC) and Customer Due Diligence (CDD) by developing an AI-powered chatbot.

Challenge​

Bankers frequently needed specific information to assess customer profiles, verify identities, and evaluate potential risks to comply with regulatory requirements and ensure due diligence. However, this information was scattered across approximately 30 documents in various formats, including Word documents and PDFs. As a result, CDD specialists were overwhelmed by a constant stream of queries, making the process inefficient and increasing the risk of inconsistent or inaccurate responses.

To address these inefficiencies, the client sought a solution to streamline information retrieval and provide accurate, consistent answers.

Solution

Zanders proposed a step-by-step approach to developing the CDD chatbot:

1 - Investigating requirements from CDD specialists and bankers.

2 - Developing the chatbot using Retrieval-Augmented Generation (RAG).

3 - Optimizing performance through rigorous validation.

4 - Deploying the chatbot for live use by the client.

In the initial phase, we held discussions with both CDD specialists and bankers to identify their key requirements. It became evident that the chatbot needed to deliver accurate, reliable information while ensuring response consistency. Given these requirements, the unstructured nature of the data, and the chatbot’s internal use case, we determined that a Generative AI (GenAI) chatbot would be the most effective solution.

For development, we leveraged Retrieval-Augmented Generation (RAG), a method that combines fast and relevant information retrieval with the power of advanced AI to generate accurate, context-aware responses. This ensured a reliable and informative user experience. The processes in this approach are shown in the figure below.

To validate the chatbot’s performance, we created a dataset with expected responses, fine-tuned hyperparameters, and conducted extensive accuracy testing.

Finally, to ensure a seamless deployment, we established a structured system for development, deployment, and continuous improvement. By leveraging pre-trained large language models (LLMs), we were able to rapidly deploy the chatbot and refine it based on real-world user feedback.

Performance

As a result, the client successfully implemented the CDD chatbot, allowing users to query the document corpus directly and receive responses in plain English, along with a list of reference sources used by the LLM. Thanks to the RAG approach and thorough validation, the chatbot consistently produced accurate and reliable answers.

The chatbot has significantly improved efficiency, enabling CDD specialists to manage inquiries more effectively while helping bankers conduct due diligence with greater speed and accuracy. This has led to a more streamlined and reliable CDD process.

For more information, visit our Financial Crime Prevention page, or reach out to Johannes Lont, Senior Manager.