KYT1 to boost KYC2?

The current approach to KYC (Know Your Counterparties) and transaction screening is to look for matches and return hits. This approach is not satisfactory anymore, as it generates a lot of waste in the form of repetitive alerts and high operational costs.



Maxime Heckel - Partner - Forensic & Financial Crime - Deloitte

Pascal Aerens - Chief Product Officer - Neterium

Published on 25 March 2021

Share this article


For twenty years, the transaction screening process has barely changed: look at elements of the transaction that possibly match with an entry in a watchlist and, if a homonym is found, block that transaction and wait for an operator to review it. This methodology has two major flaws:

1) as transaction volume grows, it requires more and more operators; and

2) it founders when faced with new use cases such as instant payments, since any (false positive) alerts on such a payment breaks its very tight Service Level Agreement (SLA) in terms of time allowed to execute the underlying payment.

The general feedback from operators is that transaction screening “could be and should be smarter” as it constantly presents alerts that look different to a machine but awfully similar to a human.


When there is a task that looks relatively obvious to a human but is very hard to determine for a machine, it usually means AI and deep learning will be effective in solving the issue. A typical example of this is computer vision where it’s effortless for a human to recognize an object, while traditional computer algorithms, prior to the advent of deep learning, struggled at the task.

In the case of transaction screening, the added value of deep learning does not really apply to the name matching itself. With the advantage of both performance and explainability, matching algorithms has become very effective at that task as latency needs to be extremely low and financial regulators expect decisions to be explainable and transparent.

Where deep learning brings enormous value is in providing context after the name matching occurs. Such context is delivered with high accuracy, and this is where Know Your Transaction (KYT) comes into play.


When speaking to screening alert reviewers, you often hear “I constantly have to clear the same alerts” or “the same alerts come back, over and over again”. Of course, they are partly wrong; these are not exactly the same alerts (screening systems have become pretty good at eliminating duplicates), however they are similar and contain repeating patterns. However, while the human brain is quite good at detecting repeating patterns (hence the complaints), computer algorithms are not.

From a data science perspective, this looks like a problem that can be solved using profiling, i.e. capturing past events to identify similar patterns, usually to predict future behavior.

This is where computing power and nearly infinite storage available today in the cloud can unlock two important capabilities:

1) screening/profiling of all transactions; and 2) creating profiles in real-time.

When looking at individual transactions, every one of them may look different. Indeed, screening systems are designed based on that idea, i.e. look at one transaction, identify possible matches, report them, then forget that transaction and look at the next one. No memory—or, in stochastic terms, a “Markovian process” where the current state does not depend on previous ones.

Taking a step back and looking at the bigger picture (all or groups of transactions), there is in fact

substantial similarity between transactions. Indeed, many customers have recurring payments (e.g., mobile phone invoices), and many receivers (even if not clients of the institution) can be identified and be the recipients of similar types of payments.

KYT’s aim is to capture all incoming and outgoing transactions in real-time by using the underlying data items to automatically profile related sources and all destinations that have ever transacted with the institution. The resulting profiles can then be used to detect patterns in future transactions and, comparing them with known patterns, add context to the alert. Such information tells the operator if this type of match is “usual” or not, and therefore enables a quicker resolution.


Profiling transactions as they flow through the platform is not a trivial task, mainly because transaction formats are still not well standardized and structured. The first issue to solve is party resolution: if John Smith appears in three different transactions as “J.SMITH”, “:50: /123456 JOHN SMITH” and “<UltmtDbtr>SMITH, J</UltmtDbtr>”, it should be recognized as the same person in all cases. The same applies for corporates where different spellings and legal forms should not prevent identifying the party.

Once transaction parties have been identified, the profiling can start by getting as many data points as possible from each transaction.

The more dimensions we capture here, the better the profiling will be at determining if a match is a potential false positive or not. It is also important to profile every single party participating in a transaction, not just the bank’s customers, as some patterns may only be uncovered by including the full scope. As an example, a notary may not be a client of the bank, but many clients of the bank may transfer money to that notary at a moment in time. If we suppose the name of the notary is raising a matching alert, we can start detecting a pattern where each client sending money to the notary has a similar pattern and that this alert is likely a false positive.

Over time, the model can even “learn” what a notary is, and what kind of patterns are to be expected.

Looking beyond screening, this new profiling approach could also support the detection of suspicious behaviors (usually called AML transaction monitoring) as well as the detection of fraudulent payments, looking at additional data items on top of party names (e.g., payment type, frequency, aggregated amounts, usage patterns, geo-localization, device used, etc.).


Although KYT can be seen as the evolution of the transaction screening use case (since it occurs in real-time), transaction monitoring and fraud detection solutions could also benefit from this approach. This would lead to the emergence of a new type of ecosystem delivering a comprehensive and homogeneous detection process across transactions. Moreover, it will most probably affect the KYC process, as it makes sense to use the KYT profile (and the underlying transactional behavior rating) in the KYC risk profile.

From a name screening perspective, and as KYT is a machine learning solution, it will need to earn the trust of financial institutions, and therefore adoption will go through successive phases:

  • In the first phase, KYT will provide context to a screening alert, indicating through a series of analytics scores how this match is an outlier or not.

Based on this assistance, analysts will make sound decisions and actually create a labelled data set that contains the alert, prediction, and human decision. Such datasets can then be used to train and further refine the model.

  • In a second phase, the model would be in a position to suggest a decision that the analyst would simply have to validate or invalidate. Again, this creates a dataset allowing the model to be further trained on its decision accuracy.
  • Once this cycle is complete, the model would be able to auto-decision most of the alerts with a level of accuracy so high that it could actually be better than its human counterpart. The model would at that point be trusted enough to perform on its own, obviously supervised by audit like any other risk function.

In a future ecosystem where this approach is also used by transaction monitoring and fraud detection solutions, analysts could focus on the most complex cases (that only humans can solve) rather than be flooded with obvious false positives. It would also enable financial institutions to stick to their SLA for use cases such as instant payments.

1 KYT : Know Your Transactions 2 KYC : Know Your Counterparties


Even if we are not there just yet, innovative KYT solutions are now emerging. The aim is to bring a more data-driven approach together with artificial intelligence and machine learning to deliver actionable insights and to create much less noise than the usual approach. In addition to this new technology framework, financial institutions are also beginning to consider uniting their efforts (e.g., by sharing datasets or using advanced analytics over multi-institution KYT initiatives) to detect suspicious parties/transaction patterns to collectively optimize the cost/efficiency ratio.

Share #DeloitteInsideNow


Forensic Digital, Analytics & Solutions

Our services combine the best of Deloitte’s and our most experienced partners’ analytic and technology capabilities to deliver a distinctive and valuable digital experience. Our forensic digital capability can help you quickly and efficiently address the broad spectrum of challenges and plan for the future.

© 2021. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see to learn more about our global network of member firms. The Luxembourg member firm of Deloitte Touche Tohmatsu Limited Privacy Statement notice may be found at