Received January 5, 2021, accepted January 9, 2021, date of publication January 18, 2021, date of current version February

1, 2021.
Digital Object Identifier 10.1109/ACCESS.2021.3052313

Investigation of Applying Machine Learning for

Watch-List Filtering in Anti-Money Laundering
MOHANNAD ALKHALILI , MAHMOUD H. QUTQUT , (Member, IEEE),
AND FADI ALMASALHA , (Member, IEEE)
Faculty of Information Technology, Applied Science Private University, Amman 11931, Jordan
Corresponding author: Mahmoud H. Qutqut ([email protected])
This work was supported by the Applied Science Private University in Jordan to cover part of the publication fee.

ABSTRACT Financial institutions must meet international regulations to ensure not to provide services to
criminals and terrorists. They also need to continuously monitor financial transactions to detect suspicious
activities. Businesses have many operations that monitor and validate their customer’s information against
sources that either confirm their identities or disprove. Failing to detect unclean transaction(s) will result in
harmful consequences on the financial institution responsible for that such as warnings or fines depending
on the transaction severity level. The financial institutions use Anti-money laundering (AML) software
sanctions screening and Watch-list filtering to monitor every transaction within the financial network to
verify that none of the transactions can be used to do business with forbidden people. Lately, the financial
industry and academia have agreed that machine learning (ML) may have a significant impact on monitoring
money transaction tools to fight money laundering. Several research work and implementations have been
done on Know Your Customer (KYC) systems, but there is no work on the watch-list filtering systems
because of the compliance risk. Thus, we propose an innovative model to automate the process of checking
blocked transactions in the watch-list filtering systems. To the best of our knowledge, this paper is the first
research work on automating the watch-list filtering systems. We develop a Machine Learning - Component
(ML-Component) that will be integrated with the current watch-list filtering systems. Our proposed ML-
Component consists of three phases; monitoring, advising, and take action. Our model will handle a
known critical issue, which is the false-positives (i.e., transactions that are blocked by a false alarm). Also,
it will minimize the compliance officers’ effort, and provide faster processing time. We performed several
experiments using different ML algorithms (SVM, DT, and NB) and found that the SVM outperforms other
algorithms. Because our dataset is nonlinear, we used the polynomial kernel and achieved higher accuracy for
predicting the transactionś decision, and the correlation matrix to show the relationship between the numeric
features.

INDEX TERMS Anti-money laundering, financial transactions monitoring, machine learning (ML), sanc-
tions screening, watch-list filtering.

I. INTRODUCTION international regulations to deny services to criminals and

The Financial Action Task Force (FATF) is an inter- terrorists or to distinguish suspicious activities and report
governmental organization that promotes and develops them to the authorities to prevent money laundering and
policies to guard the global financial system against terrorist financing [1]. These regulations focus on the source
money laundering, terrorist financing, and the financing of of money and with whom it can be exchanged as it may fall
proliferation of weapons of mass destruction. The FATF under national security.
recommendations are recognized as the global anti-money Dealing with illegal companies and people will lead to
laundering (AML) and counter-terrorist financing (CFT) direct fines, and suspend business or harm the institutionś
standard [1]. All financial institutions should apply these reputation. Considering a substantial number of transactions,
and the significant amount of illegal entities, it is a must
The associate editor coordinating the review of this manuscript and to implement an automated system to assure that financial
approving it for publication was Xiong Luo . institutions meet the compliance regulations [2]. Currently,

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
VOLUME 9, 2021 18481
 M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

financial institutions perform vast volumes of transactions

per day, and there are high chances of missing a suspicious
transaction or even transactions. Moreover, while large and
medium-sized institutions can hire armies of experienced
compliance officers, small-sized firms cannot afford to do
the same. With such a limited number of officers and the
numerous number of transactions, they need in both cases to
work smartly to detect suspicious transactions with minimal FIGURE 1. Money laundering stages.

false positive or false negative.

Anti-money laundering (AML) regulations require that
all financial institutions monitor, investigate, and report any The rest of the paper is organized as follows. We pro-
suspicious transaction. It needs to ensure that the sender and vide background topics related to our paper in Section II.
beneficiary are not listed in the blacklists as it is prohibited In Section III, the literature related to our research is
to do business with them. This is an essential duty to avoid overviewed. We present our proposed model and its phases in
money laundering; as banksŕeputation is at stake and will Section IV. The performance evaluation and the test scenarios
have to pay significant penalties. Hence, a proactive and with their results are carried out in Section V, and followed
intelligent system is needed to protect banks and to monitor by the conclusion and future work in Section VI.
money transactions. One famous example of the AML penal-
II. BACKGROUND
ties is the HSBC bank penalty that occurred in 2012 [3]. The
We provide background topics and related concepts to our
bank paid $1.9 billion because of the weak and insufficient
work in this section.
money laundering controls that made the bank to be used
to launder a river of drug money flowing out of Mexico.
A. MONEY LAUNDERING
Another example was in 2009, Switzerlandś Credit Suisse
Group was fined $536 million because helping Iran and other Money laundering is the process of converting illicit money
countries to move billions of dollars through the US banking to clean money using different methods to hide the money
system [4]. source [1], as described in Figure 1, there are three main
Current software and technologies that are used to monitor stages of money laundering as follows.
money transactions and validate sender and receiver informa- • Placement: Inserting the money into the financial system
tion against the blacklisted names are not smart enough to occurs in this stage; this can be done in different ways
release or block transactions based on historical data. This like smurfing.
leads to a delay in transaction processing time and places the • Layering: In this stage, the money will be transfer
financial institutions at risk [5]. Chartis Research (a leading between different bank accounts to convert it into
firm in doing research and analysis on the financial sector another form in further steps. This will help to create
and global market for risk technology) asked a question on a complicated layer that will hide the source of money
a survey ‘‘What do you consider to be a technology priority and make it difficult to track it.
for trader surveillance?’’ Financial institutions answered the • Integration: Is the process of converting the money into
survey question, and it is highlighting the importance of different forms such as vehicles and buildings. After this
Artificial Intelligence (AI) and Machine Learning (ML) on stage, it will be impossible to track it back to the dirty
banking software. 48% of the survey responses were in the source.
direction of using AI [5].
To this end, we propose a novel automated model for B. ANTI-MONEY LAUNDERING (AML)
monitoring money transactions by applying ML on the watch- Anti-money Laundering (AML) is a set of actions, laws,
list filtering process and sanctions screening. To the best procedures, and regulations designed to detect and prevent
of our knowledge, this paper is the first research work on all practices that lead to generating income through illegal
automating the watch-list filtering systems. Our proposed activities [1]. The dirty money should be detected in the
model aims to achieve better protection and faster process- first two steps placement and layering. Otherwise, it will be
ing time than human-based decisions to minimize the false- difficult to investigate its source in the third stage. The need
positive blocked transactions and human efforts by replacing for automated software to help in catching suspicious transac-
the traditional rule-based system. The proposed model can tions is mandatory. Every financial institution is responsible
be integrated seamlessly with the current watch-list filtering for having an implementation to apply global regulations.
system by direct connection to the Database (DB) used by the Nowadays, different software systems in the market help
software. The Watch-list filtering system DB is updated by banks to detect suspicious transactions to decide which cus-
the money transactions traffic decision and all related infor- tomer is safe to open a business channel with.
mation. This information can be used by the ML-Component The AML solutions have essential elements (illustrated in
to analyze the historical transactions before recommending Figure 2) that work together to fight money laundering and
the final decision. ensure that the financial institutions are not making business

18482 VOLUME 9, 2021

M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

FIGURE 3. Watch-list filtering (current implementation).

and Derivatives, and Category 4 is for Collections and Cash

FIGURE 2. Key elements of the AML solutions. Letters. Category 5 is for Securities Markets. Category 6
is for Treasury Markets – Commodities, and Category 7 is
for Documentary Credits and GuaranteesStandby Letters of
with risky clients [6]. The first element is Know Your Cus- Credit. Category 8 is for Travellers Cheques while Category 9
tomer (KYC) which is the process of verifying the identity is for Cash Management and Customer Status, and category n
of the clients and assessing the potential risks of making is for Common Group Messages.
a business relationship with them. The second element is In this paper, we will be using the Mt103 message from
Record-Keeping; this can be achieved by archive historical group 1.
records for a specific period depends on the regulation of
each region. The third is the Suspicious Activity Monitor- D. BLACK LISTS
ing element which focuses on monitor client account. The Blacklists are lists that contain blacklisted people, countries,
fourth element is Customer Behavior that requires studying or other types of entities. There are different types of black-
the client transactions pattern. The fifth is the Customer Due lists, public blacklists that can be used by watch-list filtering
Diligence (CDD) element that validates the identity of the system and are published by governments or economic, polit-
client before opening an account by checking documents such ical, and law enforcement bodies. Also, private blacklists can
as passports, photocard driving licenses, and at least two be created by financial institutions [6]. Every list can have its
recent utility bills. The sixth and last element is the Watch- structure, but usually, they have some vital information such
list filtering system that we are focusing on in this paper. as:
The Watch-list Filtering system helps financial institutions • Name: is the personś full name.
to apply the required regulations and stay updated with any • Name type: can be the main name or Also Known As
change or update on the regulations and blacklists’ content. (AKA).
This system can filter all transactions and customers against • Category: the entity type (Individual, Country, Group,
all types of blacklisted entities [6]. etc.).

C. SWIFT MESSAGES TECHNOLOGY E. AML SOFTWARE FOR SANCTION SCREENING AND

Society for Worldwide Interbank Financial Telecommunica- WATCH-LIST FILTERING
tion (SWIFT) is an organization that handles secure trans- Financial institutions implement a watch-list filtering system
actions and communications between financial institutions on their operations system to assist them in monitoring finan-
worldwide [7]. Each financial institution that uses SWIFT has cial transactions and capture any potential risk. The software
its code that identifies where the communication originates can be integrated with a bank system to track financial trans-
and what business it is intended for. SWIFT messages are actions and scan them against a pre-loaded blacklist. Figure 3
formatted messages that can be used for different purposes. shows the current implementations for validating transactions
Mt103 is an example of SWIFT messages that is used for between financial institutions.
single customer credit transfer. The Mt103 message has a The AML software for watch-list filtering is implemented
standard format to save the needed information to transfer the bidirectionally; at sender and receiver institutions. Every
money from the source to the destination. Essential informa- party is responsible for validating the transaction information.
tion includes transaction-ID, sender, and receiver [7]. The AML software implements a string matching algorithm
The SWIFT messages grouped into ten categories as fol- that verifies the transaction information such as names, aka,
lows. Category 1 is for Customer Payments and Cheques; addresses, and countries against the preloaded blacklists.
Category 2 is for Financial Institution Transfers. Category 3 If the transaction does not generate any alerts, this transaction
is for Treasury Markets, Foreign Exchange, Money Markets is considered clean and released by the financial institute.

VOLUME 9, 2021 18483

 M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

TABLE 1. Examples of rank calculations.

Otherwise, a warning will be created and logged appropri-

ately until a compliance officer investigates it to make a
decision; either make it pass or reject it.

F. MATCHING RANK
FIGURE 4. Rank calculations.
As part of the AML program implemented in financial insti-
tutions, transactions are validated against blacklists using a
string-matching algorithm. String matching is based on an G. MACHINE LEARNING (ML)
exact match or a partial match (not 100% match) between
Machine Learning (ML) is one of the Artificial Intelli-
the scanned and blacklist entities. The more accurate the
gence (AI) applications that aim to train the machine using
algorithm is, the more the system is effective [6]. For the
historical data. This will allow the machine to understand
partial match, it will consider differences between names to
and categorize the previous data by developing efficient and
calculate the rank value. The current implementation explic-
accurate prediction algorithms [9]. The main categories of the
itly decides either to release or to block the transaction based
ML are described below.
on the string matching algorithm results. If the matching rank
• Supervised learning: In supervised learning, there
is low enough, the transaction will be released. Otherwise,
a ticket will be reported to the compliance officer for fur- should be a set of input attributes and an output value.
ther investigation. As part of the AML program, the string The algorithm will learn the relation between input and
matching algorithm results will be compared with a threshold output from the historical data. The algorithm can keep
value defined by the financial institution. If the matching learning from new coming data to enhance accuracy.
• Unsupervised learning: A learning approach that has a
rank is less than the threshold value, the transaction will not
be blocked. However, if the matching rank is the same or set of input attributes but with no output value. The target
higher than the threshold value, a detection ticket will be in this approach is to study the input attributes to find a
reported [6]. pattern of similarity between the data to group them.
• Reinforcement learning: This learning approach is dif-
When the threshold value is minimized, more hits will
be generated, and more transactions will be blocked; this ferent from others; it depends on interacting with the
will increase the false-positive. False-positive detection is environment and receiving a response for each action.
detection that should not be blocked. Also, this will increase In this paper, we will be testing and comparing the follow-
the required effort to investigate more blocked financial trans- ing algorithms because our paper is considered a first step in
actions as the program will stop transactions that should validating the idea of applying machine learning on watchlist
not be stopped and declare a faulty alarm. Setting the pre- filtering systems. The selected algorithms were chosen based
defined value to a proper value is critical to avoid skip- on those similar problems in the industry that already use
ping compliance transactions (false-negative) or getting a them. Hence, our proposed work will open doors for more
massive number of blocked transactions. This is will either future works and development.
put the financial institution in a risky situation to bypass • Support Vector Machine (SVM): is a discriminative
a risky transaction or causing a delay in money transfer classifier formally defined by a separating hyperplane.
because of the vast number of transactions that are waiting In other words, given labeled training data (supervised
to be investigated. In both cases, the bank will be subject to learning), the algorithm outputs an optimal hyperplane
penalties. that categorizes new examples. In two dimensional
So, the success of the watch-list filtering system depends space, this hyperplane is a line dividing a plane into two
on the matching algorithm which measures the matching parts wherein each class lay on either side.
rank while taking into consideration the various possibili- • Naïve Bayes (NB): The Naive Bayesian classifier
ties such as spelling variations, phonetic variations, double is based on Bayes’ theorem with the independence
names, double first names, and alternative first names [8]. assumptions between predictors. A Naive Bayesian
Figure 4 explains how the watch-list filtering system utilizes model is easy to build, with no complicated iterative
the matching string algorithm to calculate the matching rank. parameter estimation which makes it particularly useful
We show an example of how the rank values will be calculated for very large datasets. Despite its simplicity, the Naive
considering the string similarity in Table 1. Bayesian classifier often does surprisingly well and is

18484 VOLUME 9, 2021

M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

widely used because it often outperforms more sophis- on six common aspects of AML solutions. These main
ticated classification methods. We used the Gaussian aspects are generated from the KYC guideline, which is
method in the Naïve Bayes model. a standard procedure for every financial institution against
• Decision Tree (DT): supervised ML algorithm that can AML [11]. In the following, we describe the six AML aspects
be used in both regression and classification problems. mentioned earlier.
It works for both categorical and continuous input and
1) AML typologies: The AML typologies aspect is
output variables. Following the splitting technique to set
focused on building a model that defines the AML
the input attributes and keep moving to reach the desired
cases that captured from the historical transactions by
output to build the tree using the training data. The tree
following the KYC guidelines, which require a thor-
consists of two entities, the decision nodes, and leaves,
ough understanding of parties related to the transac-
where the leaves are the decisions or the outcomes. The
tions.
decision nodes are where the data is split.
2) Link Analysis: The link analysis aspect focus on
understanding the relations between entities (e.g., bank
III. LITERATURE REVIEW
accounts), and to analyze the nature of the relations.
In this section, we overview the literature of the AML area,
3) Behavioral modeling: The behavioral modeling aspect
and we conclude the summary of different approaches at the
can be achieved by understanding the customers’
end of this section.
behaviors based on their transaction activities.
The AML is an enormous industry; researchers and com-
4) Risk scoring: The risk scoring aspect is concerned
panies are working on different solutions for fighting money
with ranking all customers and transactions based on
laundering and terrorist financing. Also, many companies
potential risk.
developed part of these solutions, and other companies officer
5) Anomaly detection: The anomaly detection aspect is
all of them together as an AML suite [6]. Chartis published a
the ability to differentiate the unusual transactional
new report titled Artificial Intelligence in Financial Services
behavior of each customer.
in 2019 [10]. This report analyses the use of AI in financial
6) Geographic capability: The geographic capability
institutions and discusses the financial institutionsḱey drivers
aspect depends on strong cooperation between finan-
to implement AI. The report also presents several examples
cial institutions among countries to be able to identify
from the industry where AI is a significantly needed element.
money laundering activities across different countries.
The studies showed that AI tools are not yet applied to
the decision-making process and there are many hindrances An example algorithm for the AML typologies is the
of using AI on regulatory compliance areas. This is because CLOPE clustering algorithm. Cao and Do in [13] proposed a
any failure in these areas means significant penalties. On the technique for applying the grouping approach-based CLOPE
other hand, the report explains the motivations of using AI calculation to recognize three common money laundering
in financial services to automate several processes in AML cases. The cases are moving money around, distributing
systems and capture more complex trends in the dataset to money to many beneficiaries in small amounts, and collecting
predict how the system will behave in the future [10]. money from different sources. The experimental outcomes
In the past, AML solutions were based on an operational demonstrated that CLOPE could distinguish each suspicious
model that uses simple and easy to code rules. This is usually records with only six clusters, without specifying which
built by consultants and domain experts who implement these cluster is related to the money laundering category. This is
rules on the automated decision process. With time, more considered a drawback that makes the approach impractical.
rules will be needed which will impact the system perfor- An example of link analysis is the system that supports
mance and accuracy [11]. Recently, researchers start to focus money laundering detection. Dreewski et al. [14] proposed
on money laundering control and prevention by automating a system consist of three components that support money
the monitoring and diagnosing of money laundering schemes laundering detection. The first component is clustering; it
to report suspicious activities. Such automation can be done refers to constructing graphs that represent the flow of money
by applying intelligent technologies to deal with all possible and captures only suspicious money transfers between groups
money laundering operations [12]. of accounts. The second component is mining for frequent
As shown earlier, the AML key elements can be catego- patterns in clusters. The third component is data visualization,
rized into two groups. The first group is a regulatory com- and concerns about displaying the result and the transac-
pliance area, which is the watch-list filtering element. The tions flow. The source and destination of a specific banking
second group is related to customer profiles and information transaction are required for building the clustering graphs,
that contains the remaining elements (KYC, CDD, suspi- and it can be challenging to determine the exact destination
cious activity monitoring, case management services, record- if the money moves through different banks and countries.
keeping, and customer behavior). Chitra and Subashini in [15] suggested using the expectation-
Researchers have investigated and implemented some ML maximization (EM) algorithm as the clustering model in
algorithms using the account transaction patterns of clients catching fraud for the behavioral modeling aspect. The idea
that fall under the second group. These algorithms are based was to use the EM cluster in grouping the data into a similar

VOLUME 9, 2021 18485

 M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

cluster by building a model using the historical transaction developed using ML techniques such as dynamic Bayesian
behavior for each bank. The author did not provide any Networks [16] and clustering [18]. Z. Chen in [11] pro-
experimental results on the performance of the algorithm on vided an extensive survey on the applied ML techniques
either synthetic or real datasets. This approach assumed that for anti-money laundering solutions in suspicious transac-
the customer transactions follow a cretin distribution which tion detection depends on the AML aspects. These fuzzy
is not valid in fact. logic techniques, SVM, graph clustering, frequent pattern
For the risk scoring aspect, Sudhakar and Reddy in [11] FP close, decision tree, random tree, random forest, mini-
used the DT algorithm and proposed a two-step loan cred- mum spanning tree clustering, and genetic algorithm. On the
ibility prediction system that made it easy for the financial other hand, some applications built as traditional (rule-based)
institutions to make the right decision to approve or reject expert-systems, where knowledge engineers manually extract
the loan request of the customers with the application of knowledge from human experts and make it part of the
DT algorithm. The authors have clarified that credit risk inference system [19]. The performance of such expert-
management is critical for a successful bank loan process. systems, thus, entirely depends on the quality of the acquired
Building this model will need five main phases, including knowledge-base and the inference engine. These expert-
problem understanding, data understanding, data filtering, systems face a significant challenge when operating in a
system modeling, and system evaluation. dynamic domain as their anticipated inference capabilities are
The suspicious activity reporting using dynamic Bayesian degraded with a continuously changing environment. One of
networks (SARDBN) proposed under the anomaly detection the latest expert systems by Rajput in 2014 [19] used semantic
aspect by Raza and Haider in [16]. They introduced a mix web technologies to build an ontology-based expert system.
of clustering and Bayesian networks to identify anomalies The ontology consists of domain knowledge and rules which
in transactions. This approach contains three phases. Firstly, are independent from the inference system. The ontology
the process of clustering to group customers based on aver- knowledge base can be easily updated without any significant
age monthly credit and debit transaction amount, average overhead and data storage requirement [19].
monthly credit and debit transaction frequency, and the time However, none of these mentioned above solutions covered
between the consecutive transactions. This phase focused on the watch-list filtering in the AML. As discussed in the latest
grouping customer behavior based on their transaction activ- Chartis report, AI and ML are not yet applied on watch-list
ities using the fuzzy c-means algorithm. In the next phase, filtering in the AML solutions, because of the risk of taking
SARDBN determined the formation of a Dynamic Bayesian a wrong decision. So in this paper, we balance between the
network (DBN) on each cluster. Each DBN was constructed importance of ML techniques and the industry concern about
using three variables which are transaction amount, transac- the risk of failure. Hence, we propose a model to implement
tion mode, and period of transactions on three-time slices. ML on the watch-list filtering and introduce a new system to
Finally, for the geographic capability aspect, Yang et al. deploy on the financial institutes without putting them under
in [17] proposed an AML service system for a union bank to high penalties risk.
detect money laundering on online payment using the neural
network algorithm. The logical framework for this proposed IV. MACHINE LEARNING COMPONENT
method contains five sequential layers: database layer, basic (ML-COMPONENT)
data resource base layer, data analysis layer, application ser- In the current implementation of AML systems, there is a
vice layer, and the interface layer. The database layer gathers significant challenge in monitoring an enormous number of
transaction information. Then, the basic data resource layer transactions and evaluating the false-positive alarms. Hence,
contains a knowledge base, case base, and other useful infor- a substantial human effort is needed to do so, but not every
mation that enabled the discovery of money laundering cases. financial institution can engage a big team of compliance
All of the collected information then transformed into useful officers [3]. Therefore, our objective is to develop a Machine
applications in the data analysis layer. In this layer, data clean- Learning Component (dubbed as ML-Component) to predict
ing is performed and then sent the result to several agents that the risky transactions before waiting in the queue for human
include a neural network agent, an expert system agent, and a investigation. The proposed ML-Component will be imple-
data mining agent to analyze. The detection component was mented as an external service (i.e., an independent component
in the application service layer where pertinent data from new that is integrated with the watch-list filtering system through
incoming transactions was extricated and displayed to users direct access to the DB) as shown in Figure 5. The DB
to request a decision. is centralized between the SWIFT and MLComponent as
When money laundering is discovered, the union bank will clarified in the current watch-list filtering system. This will
be notified and received the result. The standard interface help the ML-Component to monitor coming transactions, and
layer is just an interface that shows the transaction details update the decision of the new transactions. To the best of
from all financial institutions to the union bank. The main our knowledge, this is the first implementation for ML within
difficulty with this is the integration between different sys- the watch-list filtering system. It will not be simple to take
tems using different currencies. Over the past few years, the risk of placing the ML-Component to take full control
several suspicious transaction detection techniques have been and replace human decisions. Therefore, the system will be

18486 VOLUME 9, 2021

M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

TABLE 2. Blocked transaction attributes (Watch-list Filtering).

FIGURE 5. ML-Component integration with the current watch-list filtering

system.

TABLE 3. Blocked transactions attributes (Swift message information).

FIGURE 6. Example of the money transaction flow.

implemented gradually to help in evaluating and testing the

ML-Component more efficiently. This will lead to a mature TABLE 4. Blocked transactions attributes (KYC).
model that can be used later on with confidence.
By adding ML on the watch-list filtering system, we will
use the historical data and more information about the trans-
action and the blacklisting entity to minimize the human
effort by providing recommendations for the blocked trans-
actions as a first step. The historical data includes all
transactions evaluated with the same blacklists loaded. The
ML-Component will handle the transaction flow and take name and the matched name on the blacklist), it will be
an initial decision. This can be achieved by placing trans- blocked and moved to the queue waiting for the compliance
actions in different queues where each queue represents the officer to make a decision. If it will be released, next time
recommended decision. Later on, the ML-Component can be a similar transaction (transaction no. 2) enters the system
enhanced to replace the string matching algorithm and take a with the same information, the ML-Component will release
final decision for most of the transactions. However, the high- it automatically.
risk transactions will be investigated by a compliance officer. The first step to achieve this is to prepare the dataset to
Adding more rules will lead to more cases getting flagged be cleaned and make it compatible with the ML algorithms.
for investigation, which will result in increasing the false- Also, we have to specify the most important features. We tar-
positive incidents. Hence, the ML model will be more effec- get to test multiple algorithms to evaluate the accuracy of
tive than rule-based systems by improving the quality of the them and compare the results.
alerts and minimizing compliance officer costs. This will help Our dataset contains 1500 blocked transactions with ranks
compliance officers and investigators to focus on the most between 75 and 100. The compliance officer will have limited
high-risk cases [20]. information to decide the blocked transactions and he/she
The following example in Figure 6 explains the message will need to check other resources. In Table 2, we explained
flow in the integration of ML-Component with the watch-list the main features of the Watch-list Filtering system. Then,
filtering system using a threshold rank value 75 to clarify the we added two other features from the swift messages which
example. When transaction no. 1 reaches the system with no are the source country risk rate and the destination country
historical data and the threshold rank is 75. In this scenario, risk rate as shown in Table 3. To increase the dataset depth
if the matching rank between the scanned financial transac- in terms of useful data, we added two features from the KYC
tion and the blacklisting entity is below the threshold value, application as explained in Table 4.
no detection should be reported. Where if transaction no. 1 Table 5 includes a sample of the dataset including ten
reported a hit that matched blacklisted entity information features. The first three features are numeric, starting with
(scanned name in this example) with rank 77 (as an example the rank feature which represents the matched value with a
depends on the value of the differences between the scanned number between 75 and 100. The second is the amount of the

VOLUME 9, 2021 18487

 M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

TABLE 5. Sample dataset.

FIGURE 7. Monitoring phase. FIGURE 8. Advising phase.

transferred money. The third is the birthyear which expresses

to the compliance officer the age of the sender. The fourth • Convince the financial institutions to use the ML-
feature is a binary feature called goodguy, the default value Component: When the financial institution gets a report
is zero because all clients should be investigated by default, with exact matches between the decisions taken by
and one means the sender is a trusted person. The fifth feature the ML-Component and the decisions made by the
(entity type) is binary as well, zero for individuals, and one compliance officer, they can eventually trust the ML-
for other types. The sixth (source), seventh (destination) and Component
eighth (risk rating) features are categorical to show the risk
rating value for both source and destination countries, and for B. ADVISING PHASE
the sender, respectively. The ninth feature is EDD/CDD, and After finishing the first phase with an acceptable report that
it is a binary feature. The last one (status) is a binary feature; shows the exact match between the ML-Component decision
it is the output that we try to predict. and the compliance officer decision, it is time to minimize
The proposed ML-Component will follow the following the investigation effort by putting the ML-Component on the
phases to implement ML on the watch-list filtering system. action. However, this will be performed gradually so that the
ML-Component will not present a final decision on blocked
A. MONITORING PHASE transactions to avoid compliance risk and to monitor the
The monitoring phase is the first phase of the proposed ML- system’s behavior. In this phase, the ML-Component will not
Component in which the coming transactions are monitored take full control, it will be able to make a decision, but it will
silently. Based on the configuration of the ML-Component, not be the final decision. Human input is therefore needed
it will use a portion of the transactions as training data to to confirm the transaction decision. The watch-list filtering
tune the model. Then, it will try to predict the final decision system can depend on the ML-Component to evaluate the
for testing data (transactions) and save it on a separate table pending transactions and provide the recommended decision
with the transaction ID. Later on, after the compliance officer on whether to release or reject the blocked transactions. The
takes decisions on the same test transactions, the system will system will transfer the transactions to queues based on the
show a report that describes each transaction ID with both component’s recommended decision as explained in Figure 8.
decisions made by the investigator and the ML-Component, This will minimize the compliance officer’s effort on the
as illustrated in Figure 7. The advantages of this phase can be investigation process for blocked transactions. Furthermore,
summarized as follows. it will minimize the decision delay that may cause penalties
• Check how accurate the ML-Component is: We will when having a high number of pending transactions in the
be able to compare the decisions taken by the queue waiting for the investigation.
ML-Component to the decisions made by the compli-
ance officer and get a percentage of accuracy. C. TAKEACTION PHASE
• Tuning the ML-Component: With the above informa- In addition to the second phase advantages, this phase will
tion, we can change the included fields or their weight minimize the number of false-positive and false-negative
to a new result and compare it to the previous ones transactions. The ML-Component will take a final decision

18488 VOLUME 9, 2021

M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

TABLE 6. Confusion matrix.

A. PERFORMANCE METRICS
We define a set of performance metrics to evaluate the inves-
tigated ML algorithms in this thesis. We compare them to
FIGURE 9. TakeAction phase. check the best algorithm to be used for high accuracy and less
number of false-negative. The defined performance metrics
are described below.
to either release or reject the blocked transaction. This can
also be configured as the compliance officer can define a 1) CONFUSION MATRIX
set of rules where the system will behave as in the advising We use the confusion metrics to evaluate and compare the dif-
phase, by moving the transaction to the recommended deci- ferences between the ML algorithms. The confusion matrix
sion queue to be processed manually. Figure 9 describes the table is often used to describe the performance of a classifi-
transaction flow of the TakeAction phase. cation model on a set of test data for which the true values
In the watch-list filtering database, there are several useful are known. The confusion table has the following labels as
information, either related to the transaction itself or to the described in Table 6.
blacklisted entity it matched. While pre-processing the data • Actual Blocked: Represents the blocked transactions on
set and testing the model, we can select the best fields to the dataset before training.
tune the ML-Component to the best result. The financial • Actual Released: Represents the released transactions on
transaction has several useful information that can be utilized the dataset before training.
to achieve the versions mentioned above and tune our ML- • Predicted Blocked: Represents the blocked transactions
Component. Some of the transaction information that will be on the dataset after training.
used by the ML-Component are sender reference, ordering • Predicted Released: Represents the released transactions
customer, and the matched rank value. on the dataset after training.
• True Positive Counter: Represents the number of cor-
V. PERFORMANCE EVALUATION AND RESULTS rectly predicted positive classes.
We build multiple test scenarios to examine and com- • True Negative Counter: Represents the number of cor-
pare the three algorithms (SVM, DT, and NB). The tests rectly predicted negative class.
cover the basic features and the additional features that • False Positive Counter: Represents the number of
we added to enhance the accuracy considering the suitable wrongly predicted positive classes.
normalization method. We examine two SVM test scenar- • False Negative Counter: Represents the number of
ios. we first used the linear default kernel, and then we wrongly predicted negative class.
changed it to poly kernel since our dataset is not linear to The true positive, true negative, false positive, and false
achieve higher accuracy. The dataset split into a training negative are calculated by counting the transactionsṕredicted
set and testing set using stratified kfold to perform multiple decisions compared to the transactionsóriginal decisions. The
rounds of cross-validation with different subsets from the total of these counters is equal to the number of records in the
same data. For the continuous features, we use the Min- dataset.
Max scaler to have the values of the features between 0
and 1. This will assure that the dataset is not biased to a 2) ACCURACY
feature than the others; which will lead to getting accurate
Accuracy represents how close a measured value is to the
results. A Min-Max scaler is typically done via the following
true value. It expresses the correctness of measurement and
equation.
determines by the absolute and comparative way [21]. The
(X − Xm in) accuracy is calculated using Equation 2.
Xn ormalized = (1)
(Xm ax − Xm in)
Equation 1 converts the values to be between 0 and 1. X is Sum of true positive+Sum of true negative
Accuracy =
the value to be normalized. Xmin is the minimum value for Total population
the feature and Xmax is the maximum value for the feature. (2)

VOLUME 9, 2021 18489

 M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

TABLE 7. SVM_1 results. TABLE 9. SVM_2 results.

TABLE 10. SVM_2 confusion matrix.

TABLE 8. SVM_1 confusion matrix.

TABLE 11. SVM_3 results.

3) PRECISION
Precision metric refers to how close the measurements of
the same item to each other [21]. Precision value can be
calculated using Equation 3.
(Sum of true positives) TABLE 12. SVM_3 confusion matrix.
Precision =
(Sum of true positives+Sum of false positives)
(3)

4) RECALL
This metric measures the percentage of total relevant results
correctly classified by the algorithm [21]. The recall metric
can be calculated using Equation 4. added from swift messages (source and destination). For nor-
malization, we used min-max normalization for continuous
features (rank, amount, and birthyear). The results are shown
(Sum of true positives) in Table 9 and the confusion matrix is shown in Table 10.
Recall =
(Sumof true positives + Sum of false negative) Table 10 shows the number of transactions that detected
(4) with the wrong decision comparing to the real transactions
with a total of 491. 191 transactions were detected as released
B. TEST SCENARIOS while they should be blocked and 430 transactions were
In the following, we list all tests with the details of the predicted as blocked and they should be released.
setup and used features. For each test, we specified the ML
algorithm and listed the used features. Also, we provide the 3) SVM_3
used normalization and the parameters. Then, we show the In this test scenario, we used the SVM algorithm, and the used
results matrices and the confusion table for each test scenario. features are the basic ones (rank, amount, birthyear, goodguy,
and the entity type) in addition to two features added from
1) SVM_1 swift messages (source and destination) and two features
In this test scenario, we used the SVM algorithm with the added from KYC application (risk rating and cdd/edd). For
basic features (rank, amount, birthyear, goodguy, and the normalization, we used min-max normalization for contin-
entity type) as input features. For normalization, we used min- uous features (rank, amount, and birthyear). The results are
max normalization for continuous features (rank, amount, shown in Table 11 and the confusion matrix is shown in
and birth year). The results are shown in Table 7 and the Table 12.
confusion matrix is shown in Table 8. Table 12 shows the number of transactions that detected
Table 8 shows the number of transactions that detected with with the wrong decision comparing to the real transactions
the wrong decision comparing to the real transactions with a with a total of 276. 138 transactions were detected as released
total of 491. 149 transactions were detected as released while while they should be blocked and 138 transactions were
they should be blocked and 342 transactions were predicted predicted as blocked and they should be released.
as blocked and they should be released.
4) SVM_4
2) SVM_2 In this test scenario, we used the SVM algorithm and the used
In this test scenario, we used the SVM algorithm, and the features are the basic ones (rank, amount, birthyear, goodguy,
used features are the basic ones (rank, amount, birthyear, and the entity type) in addition to two features added from
goodguy, and the entity type) in addition to two features swift messages (source and destination) and two features

18490 VOLUME 9, 2021

M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

TABLE 13. SVM_4 results. TABLE 17. SVM_6 results.

TABLE 14. SVM_4 confusion matrix.

TABLE 18. SVM_6 confusion matrix.

TABLE 15. SVM_5 results.

TABLE 19. NB_1 rresults.

TABLE 16. SVM_5 confusion matrix.

TABLE 20. NB_1 confusion matrix.

added from KYC application (risk rating and cdd/edd). For

normalization, we used min-max normalization for the con-
tinuous features (rank, amount, birthyear), and the one-hot added from swift messages (source and destination) and
encoder for the categorical features. The results are shown in two features added from KYC application (risk rating and
Table 13 and the confusion matrix is shown in Table 14. cdd/edd. For normalization, we used min-max normalization
Table 14 shows the number of transactions that detected for the continuous features (rank, amount, birthyear), and the
with the wrong decision comparing to the real transactions one-hot encoder for the categorical features. Also, we tuned
with a total of 268. 165 transactions were detected as released the default SVM parameters and set the kernel to poly. The
while they should be blocked and 103 transactions were results are shown in Table 17 and the confusion matrix is
predicted as blocked and they should be released. shown in Table 18.
Table 18 shows the number of transactions that detected
5) SVM_5 with the wrong decision comparing to the real transactions
In the SVM_5 test scenario, we used the SVM algorithm. The with a total of 227. 138 transactions were detected as released
input features are the basic ones (rank, amount, birthyear, while they should be blocked and 89 transactions were pre-
goodguy, and the entity type) in addition to two features dicted as blocked and they should be released.
added from swift messages (source and destination) and
two features added from KYC application (risk rating and 7) NB_1
cdd/edd). For normalization, we used min-max normalization In this test scenario, we used the NB algorithm with the
for continuous features (rank, amount, and birthyear). Also, used features are the basic ones (rank, amount, birthyear,
we tuned the default SVM parameters and set the kernel to goodguy and the entity type) as input features. For nor-
poly. The results are shown in Table 15 and the confusion malization, we used min-max normalization for continuous
matrix is shown in Table 16. features (rank, amount, and birthyear). The results are shown
Table 16 shows the number of transactions that detected in Table 19 and the confusion matrix is shown in Table 20.
with the wrong decision comparing to the real transactions Table 20 shows the number of transactions that detected
with a total of 233. 124 transactions were detected as released with the wrong decision comparing to the real transactions
while they should be blocked and 109 transactions were with a total of 429. 182 transactions were detected as released
predicted as blocked and they should be released. while they should be blocked and 247 transactions were
predicted as blocked and they should be released.
6) SVM_6
In this test scenario, we used the SVM algorithm and the 8) NB_2
used features are the basic ones (rank, amount, birthyear, In this test scenario, we used the NB algorithm and the used
goodguy, and the entity type) in addition to two features features are the basic ones (rank, amount, birthyear, goodguy,

VOLUME 9, 2021 18491

 M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

TABLE 21. NB_2 results. TABLE 25. NB_4 results.

TABLE 22. NB_2 confusion matrix. TABLE 26. NB_4 confusion matrix.

TABLE 23. NB_3 results. TABLE 27. DT_1 results.

TABLE 24. NB_3 confusion matrix.

TABLE 28. DT_1 confusion matrix.

and the entity type) in addition to two features added from

swift messages (source and destination) as input features. For added from swift messages (source and destination) and
normalization, we used min-max normalization for continu- two features added from KYC application (risk rating and
ous features (rank, amount, birthyear). The results are shown cdd/edd) as input features. For normalization, we used min-
in Table 21 and the confusion matrix is shown in Table 22. max normalization for the continuous features (rank, amount,
Table 22 shows the number of transactions that detected and birthyear), and the one-hot encoder for the categorical
with the wrong decision comparing to the real transactions features. The results are shown in Table 25 and the confusion
with a total of 436. 185 transactions were detected as released matrix is shown in Table 26.
while they should be blocked and 251 transactions were Table 26 shows the number of transactions that detected
predicted as blocked and they should be released. with the wrong decision comparing to the real transactions
with a total of 263. 160 transactions were detected as released
9) NB_3 while they should be blocked and 103 transactions were
In this test scenario, we used the NB algorithm and the used predicted as blocked and they should be released.
features are the basic ones (rank, amount, birthyear, goodguy,
and the entity type) in addition to two features added from 11) DT_1
swift messages (source and destination) and two features In this test scenario, we used the DT algorithm and the
added from KYC application (risk rating and cddedd. For nor- used features are the basic ones (rank, amount, birthyear,
malization, we used min-max normalization for continuous goodguy, and the entity type) as input features. For nor-
features (rank, amount, and birthyear). The results are shown malization, we used min-max normalization for continuous
in Table 23 and the confusion matrix is shown in Table 24. features (rank, amount, and birthyear). The results are shown
Table 24 shows the number of transactions that detected in Table 27 and the confusion matrix is shown in Table 28.
with the wrong decision comparing to the real transactions Table 28 shows the number of transactions that detected
with a total of 291. 142 transactions were detected as released with the wrong decision comparing to the real transactions
while they should be blocked and 149 transactions were with a total of 544. 268 transactions were detected as released
predicted as blocked and they should be released. while they should be blocked and 276 transactions were
predicted as blocked and they should be released.
10) NB_4
In this test scenario, we used the NB algorithm and the 12) DT_2
used features are the basic ones (rank, amount, birthyear, In this test scenario, we used the NB algorithm with the
goodguy, and the entity type) in addition to two features used features are the basic ones (rank, amount, birthyear,

18492 VOLUME 9, 2021

M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

TABLE 29. DT_2 results. TABLE 33. DT_4 results.

TABLE 34. DT_4 confusion matrix.

TABLE 30. DT_2 confusion matrix.

TABLE 31. DT_3 results.

TABLE 32. DT_3 confusion matrix.

FIGURE 10. SVM test scenarios accuracy.

goodguy, and entity type) in addition to two features added
from swift messages (source and destination) as input fea-
tures. For normalization, we used min-max normalization for
continuous features (rank, amount, and birthyear). The results 14) DT_4
are shown in Table 29 and the confusion matrix is shown in In this test scenario, we used the DT algorithm with the
Table 30. used features are the basic ones (rank, amount, birthyear,
Table 30 shows the number of transactions that detected goodguy, and the entity type) in addition to two features
with the wrong decision comparing to the real transactions added from swift messages (source and destination) and
with a total of 497. 260 transactions were detected as released two features added from KYC application (risk rating and
while they should be blocked and 237 transactions were cdd/edd) as input features. For normalization, we used min-
predicted as blocked and they should be released. max normalization for the continuous features (rank, amount,
and birthyear), and the one-hot encoder for the categorical
13) DT_3 features. The results are shown in Table 33 and the confusion
In this test scenario, we used the DT algorithm with the used matrix is shown in Table 34.
features are the basic ones (rank, amount, birthyear, goodguy, Table 34 shows the number of transactions that detected
and entity type) in addition to two features added from swift with the wrong decision comparing to the real transactions
messages (source and destination) and two features added with a total of 325. 167 transactions were detected as released
from KYC application (risk rating and cdd/edd) as input while they should be blocked and 158 transactions were
features. For normalization, we used min-max normalization predicted as blocked and they should be released.
for continuous features (rank, amount, and birthyear). The
results are shown in Table 31 and the confusion matrix is C. EXPERIMENTS SUMMARY AND ASSESSMENTS
shown in Table 32. In Figure 10, we compare the tests’ results for all scenarios
Table 32 shows the number of transactions which detected using SVM considering different settings. The graph shows
with the wrong decision comparing to the real transac- the enhancement done on accuracy. The accuracy was around
tions with a total of 326. 160 transactions were detected %67 in test one and we managed to enhance it to around
as released while they should be blocked and 166 trans- %85 in test 6 after using the additional features from swift
actions were predicted as blocked and they should be messages and KYC application and did the normalization for
released. all features.

VOLUME 9, 2021 18493

 M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

FIGURE 11. NB test scenarios accuracy.

FIGURE 14. Number of false-positive.

FIGURE 12. DT test scenarios.

FIGURE 15. Number of false-negative.

achieved using the SVM algorithm. Based on that, the SVM

achieves higher accuracy using the available features and
both min-max and one hot encoder normalization methods.
Also, we achieve the lower false-positive and false-negative
counters using the SVM_6.
Besides the accuracy, we have two major elements we
need to consider while evaluating the efficiency of the ML
algorithm; the False- Positive and the False-Negative. The
False- Positive counter reflects the number of transactions
that predicted as released transactions while the actual status
FIGURE 13. ML algorithms comparison. was rejected. The False-negative counter reflects the number
of transactions that predicted as rejected transactions while
the actual status was released. It is good to minimize both
While in Figure 11, we enhanced the NB algorithm’s values but the False Positive is riskier because releasing a
accuracy from around 72% to around 82% by including the risky transaction will put the financial institution at risk.
additional features and normalizing the features. Figure 14 shows that the test scenario SVM_6 achieved the
Figure 12 shows the DT enhancement we achieved from minimum value of the False-Positive. This will minimize the
64% to 78% for the accuracy even we tried all the enhance- compliance officer investigation effort.
ment parameters used on the SVM and NB algorithms. Figure 15 shows the test scenario SVM_5 achieved the
We compared all algorithms in Figure 13 to clarify the dif- minimum value of False Negative. And the second minimum
ferences between the three algorithms and the enhancement is the test scenario SVM_6. Because we care more about the

18494 VOLUME 9, 2021

M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

False-positive accuracy, we consider the test scenario SVM_6 [4] C. Gatti and J. Eligon. (Dec. 2009). Iranian Dealings Lead to a Fine for
as the best enhancement we can achieve by applying ML to Credit Suisse. [Online]. Available: https://www.nytimes.com/2009/12/16/
business/16bank.html/nytimes.co
the watch-list filtering system. [5] Chartis. (2017). RiskTech100 RiskTech100 2018. [Online]. Available:
https://www.risktech100.com/2018-report
VI. CONCLUSION AND FUTURE WORK [6] R. Ramachandran. (2014). OFAC Name Matching and False
Positive Reduction Techniques. [Online]. Available: https://www.
Financial institutions are considered part of the front line cognizant.com/InsightsWhitepapers/OFAC-Name-Matching-and-False-
to fight money laundering and terrorist financing. Also, the Positive-Reduction-Techniques-codex1016.pdf
financial institutions need to accelerate the investigation pro- [7] Standards MT. (Nov. 2019). Standards Release Guide. [Online]. Available:
https://www.swift.com/standards
cess to improve the ‘‘time to value,’’ which is the required [8] A. Lait and B. Randell, ‘‘An assessment of name matching algorithms,’’
time to finish a transaction life-cycle. So by applying ML on Series-Univ., Tech. Rep., 2006. [Online]. Available: https://www.
the watch-list filtering applications that monitor the financial semanticscholar.org/paper/An-Assessment-of-Name-Matching-
Algorithms-Lait-Randell/bd88761329102ea617c1c3173cf11efac4ae7876
transactions is a must to fight financial crime with better [9] M. Mohri, A. Rostamizadeh, and A. Talwalkar, Foundations of Machine
performance and shorter time. Many work and investigations Learning. Cambridge, MA, USA: MIT Press, 2012.
have been done to apply ML algorithms on AML solutions, [10] Chartis. (2019). Artificial Intelligence in Financial Services, 2019:
Demand-side Analysis. [Online]. Available: https://www.chartis-
but the industry has concerns related to automating regulatory research.com/technology/artificial-intelligence-ai/artificial-intelligence-
compliance areas, because of the high penalties if any failure financial-services-2019-demand-side-analysis-10716
happens. So, up to the best of our knowledge, this paper is [11] Z. Chen, L. D. Van Khoa, E. N. Teoh, A. Nazir, E. K. Karuppiah,
and K. S. Lam, ‘‘Machine learning techniques for anti-money laundering
the first research work that introduces a way to automate the (AML) solutions in suspicious transaction detection: A review,’’ Knowl.
blocked transactions process through three phases. Inf. Syst., vol. 57, no. 2, pp. 245–285, Nov. 2018.
In this paper, we summarized the main applications of the [12] S. Gao, D. Xu, H. Wang, and P. Green, ‘‘Knowledge-based anti-money
laundering: A software agent bank application,’’ J. Knowl. Manage.,
ML algorithms on the AML solutions, the KYC mainly and vol. 13, no. 2, pp. 63–75, Apr. 2009.
its six aspects, then we introduced a high-level architecture [13] D. Cao and P. Do, ‘‘Applying data mining in money laundering detec-
for building and integrating the ML-Component with watch- tion for the vietnamese banking industry,’’ in Proc. 4th Asian Conf.
Intell. Inf. Database Syst. (ACIIDS), Kaohsiung, Taiwan, Mar. 2012,
list filtering AML system. A full study has been done to pp. 207–216.
be able to avoid the above concerns and the industry wor- [14] R. Dreáewski, J. Sepielak, and W. Filipkowski, ‘‘The application of social
ries by planning the implementations on multiple phases. network analysis algorithms in a system supporting money laundering
detection,’’ Inf. Sci., vol. 295, pp. 18–32, Feb. 2015.
We performed multiple experiments using different settings [15] K. Chitra and B. Subashini, ‘‘Data mining techniques and its applica-
on ML algorithms (SVM, DT, and NB), and we found that tions in banking sector,’’ Int. J. Emerg. Technol. Adv. Eng., vol. 3, no. 8,
the SVM outperforms other algorithms. Because our dataset pp. 219–226, Aug. 2013.
[16] S. Raza and S. Haider, ‘‘Suspicious activity reporting using dynamic
is nonlinear, we used the polynomial kernel (mathematical Bayesian networks,’’ in Proc. World Conf. Inf. Technol., Feb. 2011,
function) and achieved higher accuracy for predicting the pp. 987–991.
transactionś decision. We used the correlation matrix to show [17] Q. Yang, B. Feng, and P. Song, ‘‘Study on anti-money laundering service
system of online payment based on union-bank mode,’’ in Proc. Int. Conf.
the relationship between the numeric features. Wireless Commun., Netw. Mobile Comput. (WiMob), Marrakesh, Morocco,
In the future, we will focus on implementing the first Sep. 2007, pp. 4991–4994.
version to apply ML on watch-list filtering. Work will be [18] A. Larik and S. Haider, ‘‘Clustering based anomalous transaction report-
ing,’’ in Proc. World Conf. Inf. Technol., Feb. 2011, pp. 606–610.
divided into small parts, each of which can build and achieve [19] Q. Rajput, N. S. Khan, A. Larik, and S. Haider, ‘‘Ontology based expert-
specific functionality. This will make it easier to validate the system for suspicious transactions detection,’’ Comput. Inf. Sci., vol. 7,
result and evaluate the work on both sides, business, and no. 1, pp. 103–114, Jan. 2014.
[20] T. Horan, F. Holzenthal, and S. Zoldi, ‘‘Advancing AML compliance
technology. The development for the ML-Component will with artificial intelligence,’’ FICO, Bengaluru, Karnataka, Tech. Rep.,
go through three phases, starting by building and tuning the 2017. [Online]. Available: https://www.fico.com/en/latest-thinking/white-
component, then using the component decision as advice to paper/advancing-aml-compliance-artificial-intelligence
[21] M. Arunadevi and J. Nithya, ‘‘Comparison of feature selection strategies
the compliance officer. Then, it can take a final decision for for classification using rapid miner,’’ Int. J. Innov. Res. Comput. Commun.
certain confident cases. So, as mentioned earlier, it is risky Eng., vol. 4, pp. 13556–13563, 2016.
to entirely depend on the intelligent component for control-
ling the financial transactions, taking into consideration the
industry concerns for automated regulatory compliance areas,
we will integrate the component efficiently with current AML
applications.
MOHANNAD ALKHALILI received the B.Sc.
REFERENCES and M.Sc. degrees in computer science from
[1] (2012). Study Guide for The CAMS (Certified Anti-Money Laundering Applied Science Private University, Amman,
Specialists). [Online]. Available: https://www.acams.org/ Jordan, in 2004 and 2020, respectively. He has
[2] R. J. Lowe, ‘‘Anti-money laundering—The need for intelligence,’’ more than 16 years of experience in software
J. Financial Crime, vol. 24, no. 3, pp. 472–479, Jul. 2017. development. He spent nine years working in
[3] M. Hinkle and D. Stewart. (2014). Modernizing Anti-Money building Anti-money Laundering applications for
Laundering Practices. [Online]. Available: https://www.sas.com/content/ money transactions monitoring.
dam/SAS/en_us/doc/conclusionpaper1/modernizingamlpractices-
106930.pdf

VOLUME 9, 2021 18495

 M. Alkhalili et al.: Investigation of Applying Machine Learning for Watch-List Filtering in Anti-Money Laundering

MAHMOUD H. QUTQUT (Member, IEEE) FADI ALMASALHA (Member, IEEE) received

received the B.Sc. degree in computer systems the M.Sc. degree in computer science from the
from Applied Science University, Jordan, in 2004, New York Institute of Technology, in 2005, and
the M.Sc. degree in telecommunication systems the Ph.D. degree in computer science from the
from DePaul University at Chicago, Illinois, University of Illinois at Chicago, in 2011. He is
in 2009, and the Ph.D. degree from Queen’s Uni- currently an Associate Professor with the Faculty
versity, Canada, in 2014, where he worked under of Information Technology, Applied Science Pri-
the supervision of Professor Hossam S. Hassanien. vate University, Amman, Jordan. In fall of 2011,
He is currently an Associate Professor with the he joined the Department of Computer Science at
Faculty of Information Technology, Applied Sci- the Applied Science University. He received his
ence University, Amman, Jordan, since October 2014. He was a Visiting Associate rank on 2016, during his appointment as the head of computer
Assistant Professor with the Queen’s University School of Computing, from science department. He has published more than ten technical papers, jour-
March 2017 till Sept 2019, and he is a Research Associate with the Queen’s nals, and book chapters in refereed conferences and journals in the areas of
Telecommunications Research Lab. He is a member of the ACM, and has multimedia systems, data mining, and cryptography.
served as Technical Program Committee co-chair, member and reviewer of
many international conferences and journals. He has several publications of
the top tier venues in the research area of networking like IEEE ICC and
IEEE Globecom.

18496 VOLUME 9, 2021