Best practices for your investigation process

This page outlines best practices for using risk scores and explainability.

Using risk scores

Risk scores can be used in your investigation process to prioritize investigations of high-risk parties.

Common approaches include alerting based on investigator load or based on a chosen risk level:

Capacity led: Alert or investigate the top n parties in the output table based on risk score in descending order, depending on available investigator volume.

Note: Consider modifying investigator volume over time through assessment of the implied risk level (for example, a marginal conversion rate of lowest scoring alerted cases).
Risk led: Alert or investigate all parties with a risk score above a fixed threshold that is fixed month-to-month. This is also based on backtest results which give an acceptable level of a recall of previous cases and discovery of new risk. For more information, see Collect model and risk governance artifacts.

Note: Risk score threshold should be re-evaluated when using a new or retrained model, because the same threshold may correspond to a different risk level depending on the dataset or other aspects of the model.

Using explainability

The feature families with the highest positive attribution scores can be provided to investigators to direct their investigations, to decrease the time needed per investigation or increase success rate. Experience suggests that negative scores (which indicates a feature family has reduced the risk of a case) can be difficult for an investigator to use and some AML AI customers don't show these to their investigators. For best results, consider what training or guidance your investigators need to handle investigations related to different feature families.

You might also use explainability for other purposes:

determining if a customer's behavior has changed enough to merit a fresh investigation for a 2nd or repeated alert for this customer
deriving aggregate insights from feature family contributions over time

Filtering out repeated alerts

AML AI risk scores identify high-risk parties, but don't separate out repeat alerts. For example, a customer presenting a high risk in March 2023 may have a similarly high score in April 2023, generating two consecutive cases despite their behavior remaining the same. You might want to apply rules to filter out repeated alerts to avoid re-alerting a party with a current or recently completed investigation without significant change in risk score or explainability.