With assets of $3 trillion (as of the end of September 2020), HSBC is one of the world's largest banking and financial services organisations. HSBC serves customers worldwide from offices in 64 countries and territories in its chosen markets of Europe, Asia, North America, Latin America, and Middle East and North Africa. HSBC Holdings plc, its parent company, is headquartered in London.
HSBC Group Financial Crime is a unit within the bank that operates on a global basis. Its job is to deliver a simplified framework for managing financial crime, leveraging specialist capabilities, data and technology, so as to enable HSBC to serve the needs of its customers. The team strives to provide effective oversight of the operational effectiveness of the financial crime framework as part of a drive to ensure the group's exposure to financial crime and related reputational risk is well-managed.
A contextual, comprehensive view of customer activities
Central to that mission is something the bank calls its Global Social Network Analytics (GSNA) platform. Going live in March 2018, first in the UK and Hong Kong nearly two years ago, but now being rolled out across HSBC's global network, GSNA is all about giving the bank's anti-fraud and anti-money laundering teams a centralised approach to identify potential illicit activity, providing investigators with the ability to access and analyse both internal and external data from various sources.
And as its Group Head of Compliance Product Management and Compliance Chief Data Officer, Michael Shearer, notes, a particularly useful way of doing that has been to use an entity resolution and network analytics approach:
The purpose of our compliance team is really to protect our customers, us and the integrity of the financial markets in which we operate. We're there to make sure things run smoothly, and as they should; and within that, my bit of that organisation is there to make sure we've got the systems, tools and the data that together enables us to operate the controls that provide that protection, and that we're able to manage financial crime and regulatory conduct risk. Mine is very much a global role, and I have team members and functions in six different regions.
For the last few years we've had a lot of focus on raising our game in a financial crime context, particularly, and HSBC has put a huge amount of investment into modernising our controls and our processes - work I would say, has been pretty successful.
Essentially, Shearer told us, GSNA gives the team a way to get a contextual, comprehensive view of customer activities and relationships, and is powered by a contextual decision intelligence platform using both AI and Big Data from supplier Quantexa. The software claims to help organisations like HSBC uncover hidden risk as well as aid in the fight against financial crime, credit risk, and fraud throughout the customer lifecycle.
What goes in as inputs includes bank data and external data like company ownership information to identify links between counterparties and transactions and map out networks of connections between entities. There is also very much a real-time element, as the system also automatically screens all trade finance transactions against 50 different scenarios to try and find any signs of potential money laundering activity, such as hidden connections between actors and suspicious payment patterns. Shearer said:
This is all about joining the dots- about making sure that we can get the full picture of our customers, both who they are, their profile and what they are doing, their behaviour. Only when you bring those two things together can you really take the right actions to address financial crime risk. It's a complicated picture, because we need to bring together a number of different data sources within the bank. Entity resolution allows us to say this Joan Smith here and this J Smith there are in fact the same person, but getting that picture is a key problem in a bank at our scale.
Scale - but in-house
All of this ‘dot-joining' is happening at scale. Big scale. Each month, HSBC says it screens over 689 million transactions across 236 million accounts for signs of money laundering and financial crime, while 131 million customer records and 40 million transactions also get probed per month for sanctions exposures. To do that, the system has no less than 50 billion data points in it, Shearer says, being run over "a very large percentage" of its 40 million-strong global customer base.
Interestingly, this is all done in-house, too: while Shearer says he is interested in the cloud, but the system is almost exclusively on-premise, built on top of an internal Data Lake architecture that HSBC put together back in 2016.
Like most large organisations, we are looking at taking advantage of the scalability and the efficiencies that cloud gives us, but that process will not be quick, because people do need reassurances that the cloud offers the right level of protections in terms of data cybersecurity and various jurisdictions have concerns about data being on cloud providers. So it will be an ongoing process, but very much we're seeking to move as much as we can to leverage the cloud, for sure.
But the $64,000 (or perhaps $3 trillion?) question has to be: does it work? Shearer said:
The system does two things for us. One, it detects any behaviour we think might be of concern to us and then allows us to investigate that concern. How do we know that detection is working? Because in its first year we found significantly more financial crime risk than we had examined and acted upon than via manual methods. In the first six months, it also generated more alerts that we thought were of quality than our previous process did in 12. So we have very good reasons to think that it's detecting both quicker and better than our previous methods.
Plus, when I talk to some of our most senior investigators, who have had experience across law enforcement and other agencies across the world, they tell me that this platform provides great acceleration to their work, and allows them to discover things that they simply would never find manually because the numbers are just too big. I can confirm that there was a case just recently, I can't go into detail, where a link was made that would never have been found if it wasn't for the tool.
Next steps for data-driven anti-money laundering work at HSBC will involve more exploration of the potential of AI and machine learning, he concludes:
The world now is networks: networks of people, networks of machines, it's all about relationships. Ultimately, what this technology does is allow you to build those relationships and generate insight from that.
I think once you bring relationships and machine learning together, I think there's a really exciting future there.