3 keys to getting the most from evolving AML technology
FINANCIAL INSTITUTIONS INSIGHTS |
Anti-money laundering (AML) technologies have seen tremendous strides in recent years. Especially among large, national banks, AML systems are moving beyond just transaction monitoring toward fully customized end-to-end solutions. At major institutions, evolving AML technologies are breaking down data silos to offer a single view of any customer across all business lines, from commercial banking to wealth management to retail. They are integrating previously disparate activities like alert generation, case management and customer risk rating and shifting from rules and static expected activity profile-based tools to dynamic systems that self-adjust to a customer activity and use artificial and predictive intelligence. From allowing electronic filings of suspicious activity reports to providing better audit trails for all AML activities, these new systems can help banks' AML professionals shift their attention from large volumes of low value alerts to more in-depth analysis in key areas of risk. However, as the complexity of monitoring systems grows, so do the regulatory expectations regarding monitoring system governance, validation, and ongoing system tuning and evaluation.
At the other end of the spectrum, some community banks are still relying on AML processes driven by spreadsheet-based tools. Not only does this mean those institutions are failing to realize the very real benefits that evolving AML tools offer, it also means they are coming under increasing regulatory pressure to upgrade their AML tools. Doing that effectively raises a variety of challenges.
One size does not fit all
Whether in response to regulatory pressure or for other reasons, some institutions have implemented new AML tools only to see their workload increase, sometimes to unsustainable levels. Inexperienced users relying on off-the-shelf tools end up overwhelmed with alerts, most of them unnecessary, but all of them which have to be addressed.
The problem is that AML systems are not designed to be used off the shelf. They must be tested and tuned to the specific risks faced by the institution. The default settings may not be aligned with a bank's risk profile and will lead to an overwhelming volume of alerts, especially for a community bank with limited staff. This situation can be compounded when the bank chooses a AML tool that is more complex than their BSA and IT resources can manage. They may think that, by choosing one of the top of the line systems used by the largest and most sophisticated financial institutions, they are better protecting their institution. In reality, especially if the system is implemented with inadequate pre- and post-implementation testing and tuning, they may be spending significant amounts of time and money on a tool that creates more headaches without significantly improving the effectiveness of the bank's transaction monitoring program.
Regulators have increased their expectations on AML monitoring system governance in response to the growing complexity of financial institutions and their monitoring systems, and because of high profile monitoring failures in recent years. Financial institutions are expected to have appropriate processes around monitoring system development–a business requirements analysis, implementation and user acceptance testing, initial and ongoing validation and tuning. It is expected that monitoring systems will evolve with the bank's risk profile, therefore periodic evaluation of the system parameters and coverage are necessary as an institution adds new products and services or changes its geographic exposure.
The battle for talent
Another complicating factor is the shortage of and competition for experienced personnel. As larger banks build increasingly customized systems, the industry is seeing a bidding war for professionals with strong IT and AML experience. Community banks find it increasingly hard to attract the qualified talent they need to handle the monitoring workload. Some potential good news? In response to demand from bigger banks, a number of off-shoring and outsourcing options have sprung up to help deal with AML demands, some of which community banks are turning to, usually to help with transaction monitoring. However, outsourcing raises a number of new regulatory issues related to vendor risk management and oversight, and the privacy of customer data.
Three steps to better AML technology
What can community banks do better to take advantage of evolving AML technologies?
First, pick the right tool. You should take a close look at your current risk profile and future plans and decide on an AML tool that is appropriate to your needs. The most expensive or sophisticated system may not be the best fit for the bank's mix of products, services and customers or the BSA and IT departments' size and level of expertise. Also, consider how well an AML tool will work with your current core and peripheral systems. Other considerations could include ease and level of access to archived transaction data, whether the system provides a global view of a customer across various lines of business. A useful exercise is to create a “wish list” of desired features in a monitoring system and compare the positive and negative aspects of your current system with the features of other systems on the market and their costs.
Second, tune early and often. No matter which AML tool you select, you will need to tune it to your unique environment prior to implementation. But that's only the beginning. You also need to continually adjust your AML system as your risk profile changes. As new customers are added, new markets are entered and new services are offered, your AML practices, procedures and tools all must be revisited to make sure that new risks are addressed effectively. Getting expert help in tuning the AML tool should be considered.
Third, give your IT department a seat at the table. BSA/AML compliance is getting more complicated every day and will continue to be the subject of considerable regulatory attention. If you include your IT leadership early in the planning for a new monitoring system or for major changes that will significantly impact the system such as new products or merging bank data from an acquisition, they can help you to anticipate and address potential technology issues before they become major problems.