Individuals and organizations tend to act cautious—extremely cautious—during and immediately after a crisis. Yet too much caution can create a mini-crisis of its own: making firms so defensive that they reduce risk well beyond a safe margin of error.
After the 2007-2009 meltdown, financial firms were so concerned about taking on too much risk that they rejected loans to thousands of creditworthy customers. Today, firms throughout the financial industry chase too many false cybersecurity signals and fail to focus on legitimate threats—this because they fear becoming the next company with hacks plastered across the news. Similar concerns apply to anti-money laundering (AML), where regulatory requirements have exacerbated the need to investigate increasing false positives, sending operational costs associated with compliance through the roof.
Fortunately, a new class of sophisticated algorithms takes an unsupervised approach to anomaly detection that can apply across many aspects of a firm’s business. An unsupervised analytical engine does not require any rules, patterns, signatures, data semantics or heuristics. These move beyond first generation “big data” platforms to analyze data in real time. They spot the “unknown unknowns” or “blind spots” that prevent a company from making informed financial and operational decisions.
Consumer credit positives: True or false?
A financial institution needs to decide on a credit cutoff point (at which applicants are accepted on a credit scoring scale). The optimal credit cutoff point is a function of weights assigned to a True Positive (TP) for credit-worthy customers granted credit, and a False Positive (FP) for customers who get credit but ultimately default.
It matters greatly where the risk cutoff score is placed. For example, lending institutions may need to service 20 creditworthy customers to make up for the losses caused by one person who defaults.
Traditional platforms in recent years have evaluated a customer’s risk profile by analyzing their social media accounts, behavioral data, and other non-traditional information sources. That itself is not new. But sophisticated, unsupervised anomaly detection algorithms can take these processes a step further. They do this by uncovering the unknown unknowns that lurk within mountains of data and continue to grow in size and source—and that have previously led to incorrect creditworthiness assessments. The difference here is that unsupervised approaches automatically uncover these unknowns in real time, making them more nimble and forward-looking.
Anti-money laundering, cybersecurity: Why the unsure insure
The efficient, effective deployment of unsupervised anomaly detection algorithms can address both AML and cybersecurity alerts. Banks currently investigate thousands of false positives for these risks. Companies today are painfully aware of how the frequency and severity of cyber risks have increased. Yet the challenge of differentiating true cyber threats from false alerts is less understood.
Each minute it seems as though new types of malware emerge and get to work with dangerous speed and sophistication. Depending on a firm’s responsiveness, certain threats can even threaten company stability (e.g. Yahoo’s recent breaches). The surging interest in cybersecurity insurance policies bears witness to this threat, as the total written premium worldwide sits at roughly $2.5 billion, and could soar to $20 billion by 2025, according to Allianz.
Cyber security insurance policies cannot insulate companies from issues such as reputational risk. Given the stakes, they must understand the impact of false cyber alerts—and minimize them so that a firm can target its limited resources to actual threats.
In fact, a false alert represents one of the most unappreciated, misunderstood problems in cyber security today. If a company cannot differentiate fact from fiction, it will fail to allocate resources effectively and expose itself to serious costs and risks. In a 2016 Ponemon survey, 68 percent of respondents say their security operations team spends significant time chasing false positives. On average, 29 percent of all malware alerts security operations teams receive are investigated; 40 percent on average are considered false positives.
Of big data, bias and bigger benefits
Despite the potential benefits, developers of new analytic technologies must consider potential model risks. There is always the concern of any mathematical modeling technique creating a false sense of security. Fortunately, the best models on the market keep risk to an absolute minimum.
Sometimes, it’s also difficult to identify the bias inadvertantly programmed into an analytic engine. The stakes are raised further when we discuss forward-looking machine learning tools. That said, advantages and potential drawbacks come with any new analytic technology. Knowing these challenges represents the first step to overcome them.
Big data analytic platforms can already make important contributions to business and operational lines in the financial sector. Unsupervised anomaly detection algorithms identify previously unknown threats or opportunities—and thus add significant incremental value to current big data analytic platform approaches.
This approach to anomaly detection is bound to play a critical role in helping firms upgrade the quality of their risk management. If nothing else, it turns an apparent paradox into a digital-age truth. For financial institutions, perhaps the best way to head off risk and threats is to leave the house unsupervised.
Dr. Bob Mark is a senior strategic advisor to ThetaRay and a managing partner at Black Diamond Risk Enterprises. The co-author of three risk management books, Mark has also served as a Chief Risk Officer at Tier 1 banks. Dr. Ulf Gartzke is managing partner at Spitzberg Partners, a corporate advisory firm located in New York with a special focus on big data analytics, fintech, IoT, and artificial intelligence.