


Encountering the limitations of rule-based systems
Finom built their transaction monitoring system from scratch to provide a familiar, unified workspace for the company's AML analysts — a place where they could efficiently conduct investigations into the diverse AML challenges unique to each country where they operate.
But it's precisely when entering new operating environments that new threats arise:
“As a new kid on the block, we are particularly exposed to various types of fraudsters and other scammers trying to exploit our systems, trying to find how they can use us for their benefit... So the early days in every country where we launch is when our risk engine in the CDD domain—and our detectors and alerts in transaction monitoring—are really put to the test.”

The main challenge proved to be an existing system that couldn't keep up with unique activity patterns. Concerning behavior in one country may be normal in another, yet the rules-based system generated an alert whenever a transaction filled a specific condition. As a result, the Finom team struggled to cope with false positives (95% of the time) versus genuinely unusual activities worth investigating. Analysts ended up spending most of their efforts where they weren't needed.
This also risked wasting the time and patience of customers who unwittingly triggered alerts in the course of normal activities, resulting in requests for information where they were not in fact needed.
Reviewing these rules to improve output was time-consuming and wasn't effectively countering the unique local AML typologies Finom was encountering across Europe. Tackling increasingly complex customer behaviors with rules alone was leading to an unwieldy system that still produced sub-optimal results.
An added complication: Could such a solution work within their bespoke transaction monitoring system?
“One case could potentially take a week to resolve end-to-end, or at least one or two days, which is already too long if you're a regular person who just sent a big payment. There's only so much you can do with if–then logic: it doesn't take context into account. [So the question became] when do we stop hiring more people to review these rule-based alerts and [instead] implement a smart solution to provide more targeted monitoring?”

New detections put new risks into context
An overlay onto Finom's existing transaction monitoring tool rather than an entirely new system, Resistant AI’s Resistant Transactions began digesting Finom's data streams in mid-2022 after only a few weeks of implementation.
Instead of tinkering with inflexible rules, the ensembles of models that make up each Transaction Forensics detector use statistical anomalies to uncover previously unseen relationships and behaviors that are out of the ordinary for certain customers.
Resistant's detectors bring truly unusual behavior to the forefront with detailed descriptions and priority indicators that contribute to swift investigations. All while maintaining a single analyst workspace — and a single source of trust.
Confident and accurate decisions
These insights contributed to better and faster investigations straight away, saving valuable time for analysts to only focus on priority cases. The solution also improved oversight, providing detailed explanations of detectors in plain terminology for auditors, regulators, and platform users alike.
But the Finom–Resistant collaboration didn't stop at first implementation. Finom appreciates ongoing direct access to the tech team and regular meetings with data analysts throughout the relationship. The Resistant team continuously comes up with new detectors and are happy to explain how things work and adjust to Finom's needs as necessary.
In the two months following the deployment of Transaction Forensics, findings from Finom customer transactions and new developments at Resistant grew the number of deployed detectors from 16 to 28. This combination of explainability and rapid adaptability is a crucial edge for an ambitious financial services provider like Finom.
“The Resistant team does an excellent job of describing how their detectors work to non-technical people, which is crucial when developing an internal risk management framework and communicating it to third parties such as auditors and regulators. When analysts have a clear idea of what they're looking for, when they have sufficient context and clear explanations of why an alert was triggered, they won't waste their time where it's not necessary... And [having] the ability to request new detectors is comforting and means we don't have to wait for months to detect new trends in a particular country — it will take just a few weeks to have a new method to detect a new pattern that we haven't seen yet.”

Related reading material
Resistant transactions
Upgrade your TM system today
