Wednesday, 11 January 2017

FIU issues #2: filtering for Amber Flags

  • In last week’s post I discussed how massive scale, multi-lingual content capture can be achieved, enabling investigators to use OSINT techniques and methodologies to discover relevant content from the periphery. 
  • This week I look at how to create effective search algo’s and filters that will cut out the white noise and deliver a refined flow of actionable intelligence.  
  • Financial intelligence is not just about transactional intel and by definition cannot be delivered by backward-looking systems (i.e. red flags)
  • What follows in an example of how to set up an effective forward-looking monitoring system for amber flags and the benefits that such systems can deliver. 

In the world of finance, events tend to repeat themselves time and time again: bombs, earthquakes, oil leaks, fires, court cases, frauds etc. Everything repeats at some time or other (hence my assertion that black swan events are an urban myth). The fact that events repeat means that one can build search algorithms that will effectively monitor for a pre-defined future event with relative ease.
Take the example of BP’s tragedy in the Gulf of Mexico, with the Deepwater Horizon.  Such an event is an ongoing operational risk for any company exploring for hydrocarbons. By building a data-set with the names of all the offshore rigs in the world (available by subscription from RigData.com) and by adding to that the list the names of companies involved in producing or exploring for oil and gas, you can create the base for a highly effective alert system.  Then you build an ontology (list of keywords) around the possible types of accidents that can occur on offshore rigs, in various languages and put the two lists together using some basic Boolean logic.  Plugging the resulting search algorithm into Moreover’s Newsdesk should thereby ensure that you will be one of the first people to know of such an event occurring; furthermore the system’s alerting function will ensure that you are alerted as soon as the first piece of relevant content triggers a capture.
This is exactly what happened on Sunday 25st March 2012. At about 5:30pm the alarms on Total’s Elgin gas platform in the North Sea were triggered on the back of the detection of a gas leak. The platform immediately “went dark”, meaning that all power was shut down to reduce the risk of any sparks igniting the escaping gas, and an orderly evacuation of the platform began. The first alert of this potentially catastrophic situation was captured by the search algorithm on Moreover within the hour, as local Scottish press reported the arrival to Aberdeen of helicopters from the platform evacuating the workers. At 6:21 pm Sunday 25th March BBC Radio Shetland carried a report of a major evacuation being carried out from the Elgin platform, citing a gas leak. The Shetland Isles might be about as peripheral as one can find; but as a source, the BBC is a global leader. The radio report was transposed from voice to text by Moreover and hence captured on its systems. (Note the technological feat of translating an Aberdeen accent into printed English!).
Just three words had triggered the news alert: the word Total (which has by itself numerous meanings); that word was tied to the term “Elgin Platform” and to the keyword “leak”. Separately each one of these would generate a massive amount of noise, but brought together in a structured format within a dedicated search algorithm, meant that an alert was immediately triggered when the three words appeared together in a single news report. Searching on Google with the word “total” would generate 3.5 billion instances; the word “Elgin” another 57 million; and “leak” about 147 million. However by searching for instances of those three words locked together (Total AND Elgin PlatformAND leak) delivers just 383 pieces of content: a volume that can be easily filtered further. 
The point is this: a structured search of global content, using Boolean logic to create the search strings and filters, will deliver relevant news even from the periphery to the end-user real-time.
A gas leak is far more dangerous that an oil leak: one spark and the whole platform is at risk. Consequently it was likely that as soon as the news went mainstream the share price of Total would react negatively, especially given that the BP disaster will still then fresh in peoples’ minds. Yet whilst the Moreover system captured over 120 instances of the news the following day (Monday) there was no reaction in Total’s share-price; in fact the shares went up. One of those reports came via BBC Radio Shetland again, quoting a local union representative as saying that workers coming off the rig talked of a major subsea leak that was visible from the support vessels present, mentioning that “that the sea was seen to be boiling gas below the rig”. That is not a minor event by any means. Why was there no reaction in the share-price? Because as far as traders were concerned, there was no such news: as it wasn’t carried on either Bloomberg or Reuters, it “wasn’t news”.

This changed the following day and minutes after Total started an emergency executive meeting (some 42 hours after the first public reports emerged), the share price of Total fell by €7bn. The French press started talking about a major evacuation on one of the company’s North Sea platforms, and both Reuters and Bloomberg finally picked up the story, which was then elevated to being “breaking news”. Finally, when the stock market closed (at 5:30pm Paris time), Total announced that the platform had been evacuated and whilst the situation was ongoing, that there was no risk to human life.  A few days later the leak was plugged and the story over. Three years later Total was fined a record £1.125mn for the shortcomings that lead to that leak.
In this example, there were multiple examples of amber flags over a 60-hour period that were not picked up by the market, despite them being easy to capture for anyone with the foresight to put an early warning system in place. On Monday 26th March Moreover had processed over 2 million articles; just 120 of those were relevant to the event (0.006% of the day’s throughput); yet effective filtering ensured that they were all picked up and that not one mention “fell through the floorboards”.
Now take that example and relate it across to money-laundering, financial crime or to KYC and it quickly becomes apparent that:
  1. Relying on third-party vendors selling red-flag data is hopelessly out-of-date
  1. That creating relevant search algorithms to act as early warning signals for potential risks is increasingly straight-forward

End…/

No comments:

Post a Comment