United States

Optimizing your AML controls to keep them aligned with your risks

Periodic tuning of controls improves results, creates efficiencies


How often do you assess and tune your AML monitoring controls, specifically the automated scenarios and thresholds within your AML system, to ensure that they are still aligned with your evolving risk environment? For too many financial institutions, the answer is not often enough. Failing to keep your monitoring controls aligned with your risks can mean your people are wasting time and resources on unnecessary alerts. It may also mean that you are missing suspicious or illicit activities you should be catching, thus opening your institution to unwanted legal and regulatory attention, as well as reputational risk.

When and how often should you review and tune your AML monitoring scenarios thresholds?

To keep your AML system aligned with your risks, you should assess and tune your scenarios and thresholds on at least three occasions:

  • When AML systems and tools are installed. This may seem obvious, but some financial institutions simply leave AML systems on their default settings when they are installed. The range of risks and issues that help to determine appropriate settings are too broad and too unique to the geography, customer base, products and services of each bank for default settings to be appropriate. At best, you will end up overwhelming your personnel with unnecessary alerts. At worst, you will miss activities you should catch and face regulatory scrutiny.

  • When events occur that affect and change your AML risk profile. Anytime your institutions undergo a change that could materially affect your AML risk profile, you should revisit your controls to ensure they are appropriate. Obvious instances would be a merger or acquisition, expansion into new markets and higher-risk customer types, the addition of new products or services, and changes with customer activity.

  • At least annually. Even absent a clear event that changes your AML risk profile, over time, risks evolve. You should revisit your AML monitoring program at least annually to ensure it still provides adequate coverage over the financial institution’s monitoring priorities identified in the most current risk assessments.

How to tune your AML monitoring controls

Consider the following questions when assessing and tuning your activity monitoring scenarios and thresholds:

  • Do we have the right resources? The right results start with having a team in place that understands both your AML environment and the tools you use to manage it. That takes a unique combination of operational, regulatory and technical experience. If you don’t have the right people to manage the process, then augment your team with the appropriate external resources.

  • What’s changed since our last review? As noted above, an acquisition or changes to your geographic exposure, customer base or products and services all can impact your AML monitoring program. Know where to focus your attention. Not all operational areas, customers or geographies are created equal. Services like wire transfers and remote deposit capture, higher-risk customers such as cash-intensive businesses, money service businesses (MSBs), third-party payment processors or increased involvement with international customers, all point to a need for increased AML attention.

  • What are our current results telling us? How many alerts does your monitoring system generate and how many of them require additional investigation? How many suspicious activity reports (SARs) are filed as a result of the activity being detected by the AML monitoring system? A robust statistical analysis of your current results can help highlight areas where you are generating too many or too few results and aid in the identification of modification opportunities that enhance the system's ability to identify illicit activity and reportable suspicious activity.

  • Are you documenting your work? Be sure to maintain timely, clear records of your AML optimization efforts so that regulators can see exactly how you are aligning your monitoring controls with your AML risks.

Benefits of tuning your AML monitoring controls

Tuning your AML monitoring controls delivers two key benefits for your organization:

  • It will make your AML function more efficient. An AML system that is appropriately tuned to your risk environment will deliver the quality of alerts that are more likely to catch suspicious activities without swamping your people with unnecessary alerts. Too many financial institutions waste resources dealing with false positives generated by poorly tuned AML systems.

  • Improved audit and examination results. It’s no secret that regulators are ramping up attention on AML compliance efforts. If you can demonstrate to your regulators and auditors that you are regularly and appropriately monitoring and optimizing your AML monitoring controls and systems to keep them aligned with your AML risk profile, you may avoid unneeded regulatory scrutiny, including supervisory letters, memorandums of understanding (MOU) and consent orders.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Receive Risk Bulletin by Email


Cybersecurity Rapid Assessment®

Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.




Case Studies

COSO Resource Center

Consulting Careers



Trending risk concerns for business leaders in 2020

  • February 12, 2020


On the Sarbanes-Oxley radar

  • January 20, 2020