The Wolfsberg Group has issued the second part of its Statement on Effective Monitoring for Suspicious Activity (MSA), providing financial institutions with a roadmap for evolving their detection systems.
According to Hawk, the paper builds on its earlier recommendation to move away from rule-based, transaction-focused monitoring towards activity-based detection, with this instalment focusing on transition frameworks across three areas: validation, balancing model risk with financial crime risk, and ensuring explainability.
The report signals the decline of what Wolfsberg calls the “drag net” approach. Traditional monitoring systems cast a wide net, flagging thousands of transactions with low investigative value. While this generated volumes of suspicious activity reports, many of them offered little help to law enforcement. The Group stresses that mature MSA systems, although less likely to flag marginally suspicious activities, are capable of producing higher quality alerts and uncovering risks that legacy systems could not detect. For banks, this represents a shift in priorities: quality should outweigh quantity, and regulators must be convinced of the value of fewer, but more meaningful, reports.
Another area of focus is the growing sophistication of detection methods. Unlike older systems that relied on simple thresholds, advanced MSA programmes generate alerts through the interplay of multiple variables and behavioural patterns. This complexity requires investigators to apply stronger analytical skills and opens the possibility of using large language models (LLMs) to interpret nuanced alerts and streamline investigative processes.
The Wolfsberg Group also highlights the tension between managing financial crime models and traditional financial risk models. A rigid “one-size-fits-all” approach can hinder innovation, as validation processes designed for financial risk modelling slow down the ability to adapt to evolving criminal behaviour. Criminal typologies emerge quickly, and banks need flexible systems that allow for rapid adjustments. The Group argues that resources are better spent on refining AI models to detect emerging risks rather than fine-tuning outdated ones.
A hybrid model is encouraged, combining the strengths of rules-based systems, supervised AI, and unsupervised AI. Each method plays a distinct role: rule-based approaches remain reliable for clear regulatory requirements; supervised AI thrives when informed by strong historical case data; and unsupervised AI is essential for identifying unknown threats. Together, these tools can deliver comprehensive coverage while balancing compliance obligations with innovation.
The final theme centres on explainability. As detection systems become more advanced, understanding why an alert has been generated is critical. Rule-based systems are relatively easy to interpret, but AI-generated alerts often involve multiple interconnected factors. Wolfsberg recommends that banks invest in visual tools, such as dashboards and graphs, to make complex models more transparent. This helps investigators not only trust the outputs of AI systems but also understand the reasoning behind alerts, enabling them to conduct more effective investigations.
The statement provides a practical framework for banks navigating the transition from outdated monitoring methods to more intelligent, AI-driven systems. It reinforces that the future of financial crime detection lies in balancing efficiency with transparency, ensuring that the industry keeps pace with evolving threats while maintaining regulatory confidence.
Copyright © 2025 FinTech Global
