Improving the performance of anti money laundering tools
Staying in compliance with the anti-money laundering (AML) regulations* is an ongoing struggle for banks and credit unions. They must continually adapt and adjust their AML programs to meet the changing expectations of federal regulators. New customers and new product types also create challenges for the institution's AML detection and prevention system. If program controls are too relaxed and suspicious transactions are missed, the bank faces the twin consequences of regulatory penalties and reputational damage. Conversely, if program controls are too sensitive, there may be excessive and unnecessary flagging that lead to system inefficiencies and the need for manual intervention.
Although it was anticipated that AML tools would enhance the compliance function and mitigate regulatory risk, this has not always been the case. All too often, bank and credit union managers report being disappointed with their large capital outlays in AML monitoring tools. While seeing little value added to the process, they have seen their workload substantially increase, a consequence of the program's tendency to generate a high number of alerts for possible suspicious activity, followed by the need to document the review and resolution of each item. Simply not documenting alerts is not an option, since a lack of documentation would be reported in the regulatory examination or annual independent audit.
These problems point to why banks and credit unions should consider adopting a system validation approach that will allow them to meet the challenges of AML compliance more efficiently and with maximum effectiveness. The goal of system validation should not just be the confirmation of data flow from the core system to the AML monitoring system, but also confirming appropriate rules and parameters for detecting and monitoring unusual and suspicious transactions based on the entity's risk profile, as well as confirming that the system is optimized for efficiency and effectiveness. To this end, the goal is to detect suspicious transactions while avoiding constraint of resources caused by misidentifying normal customer activities. The framework allows institutions to identify suspicious activity more accurately and, therefore, make better business decisions.
The approach is comprised of three elements:
- System validation – the process that confirms information flows from the core system to the AML system as expected
- System logic – the process of configuring system rules and parameters with respect to an entity's risk profile
- System optimization - the process of identifying AML system and program inefficiencies
System validation confirms that the system is doing its job based on the information that flows from the core system. Unfortunately this is where most financial institutions stop without implementing the critical system logic and system optimization elements of the validation process.
System logic confirms that an institution's AML system is aligned with the entity's risk profile and regulatory guidance. The goal of this process is to be sure that your AML system is appropriately designed to capture high risk customer transactions, high risk transaction types and unusual transactions with respect for the entity's customer base and geography. As an entity's risk profile changes, especially as it relates to the customer base and high risk industries served by the entity, the system's logic should change as well to ensure a continual alignment of logic and risk.
System optimization is a process that determines if your AML program is working efficiently, generating meaningful reports and with a minimum of false positives. Your system logic may be overly sensitive, excessively flagging normal transactions. The problem with this is that real suspicious activity can get lost in the vast jungle of excessive alerts. System optimization will detect this, and can help eliminate unnecessary rules, duplications and redundant steps. The process will also allow you to entirely eliminate parameters that are yielding no results and which are therefore superfluous, or revise parameters for better effectiveness. The goal is to fine-tune the AML monitoring tool to see through the data jungle and identify the true suspicious activity that deserves scrutiny.
System optimization also involves the evaluation of your output, such as the number of alerts and cases in relation to the Suspicious Activity Reports (SARs) generated. Your system may have an excessive number of rules and parameters that are not resulting in an actual SAR, suggesting that your system may be too focused on irrelevant details while simultaneously missing the larger picture that shows where suspicious activity is actually occurring.
This is not an ongoing process like system logic. Rather, system optimization looks at historic patterns and should be done only once every 18 to 24 months. A long period of time is necessary to identify year over year patterns and to reveal how efficient or inefficient the AML system has been in identifying unusual and suspicious transactions.
Inefficiencies waste the institution's time, money and resources. To mitigate costly inefficiencies, the bank or credit union will not want the program to be so hypersensitive that it forces them to commit resources to analyzing a large number of false positives. Ideally, the financial institution will want to limit its time to identifying only meaningful transactions.
While the importance of system validation is widely recognized by bank and credit union compliance professionals, the latter two processes are less commonly understood and thus, are infrequently incorporated into the review process. System validation alone is insufficient. Be sure you employ system logic to insure your AML system is logical for your risk profile and customer base, and also do periodic system optimization, to insure your system is as efficient as possible,
For more information
For more information or assistance with this topic, please contact Ty Beasley, Principal, Risk Advisory Services, 972.764.7100.
*Pursuant to the Bank Secrecy Act of 1970, and as amended by The Money Laundering Control Act of 1986, and USA PATRIOT Act, Title III of 2001.