Tailoring your AML tools and processes for efficiency and success
Staying in compliance with the anti-money laundering (AML) regulations is an ongoing struggle for banks and credit unions. They must continually adapt and adjust their AML programs to meet the changing expectations of federal regulators. New customers and new product types also create challenges for the institution's AML detection, prevention and monitoring system. If program controls are too relaxed and suspicious transactions are missed, the institution faces the triple consequences of regulatory penalties, reputational damage and potential financial losses. If program controls are too sensitive, your employees waste time on unnecessary reviews of potential suspicious activity on innocent transactions.
Automated AML tools should enhance the compliance function and mitigate regulatory risk, but this is not always the case. Many banks and credit unions report they have invested heavily in AML monitoring tools with unsatisfactory results. Instead of increasing efficiency, too many institutions instead faced an increased workload due to an unnecessarily high number of alerts for possible suspicious activity, all of which then had to be reviewed and documented.
The right approach
The solution is a system validation approach that helps ensure your automated AML system is tailored to the specific realities of your risk profile, which includes your customer base, geographies, transaction types, and other issues such as manpower or resource constraints. Too many institutions only validate the appropriate flow of data from their core system to the AML system. But that means that the system will apply high-level, generic rules to identify suspicious transactions. Too many transactions are flagged and too much time is wasted having to review them.
An appropriate validation approach has three stages:
- System validation – Confirming that the right information flows from the core system to the AML system
- System logic – Tailoring system rules and parameters to your institution's risk profile
- System optimization – identifying and correcting AML system and program inefficiencies
Most institutions do a good job with system validation, but many have inadequate system logic and optimization efforts.
AML system logic
System logic confirms that an institution's AML system is aligned with the entity's risk profile and regulatory guidance in order to identify high-risk customer transactions, high-risk transaction types and unusual transactions based on the entity's customer base, its transaction sophistication, and geography. This should not be a one-time effort. As your customer base, service offerings and geographies change, your system logic must change too, to ensure a continual alignment of logic and risk.
To illustrate the importance of system logic, consider some examples. Wire transfers are a transaction category with high potential for money laundering, so the generic logic in most AML tools will target a high volume of wire transfers. But consider the difference in risk profile in the following two situations. On one hand, you have regularly occurring wire transfers for predictable amounts between well-established customers in the U.S. and Western Europe. On the other, you have periodic wire transfers for varying, but significant amounts between a new customer and private parties in a high-risk geography. Your system logic can and should be adjusted to flag the latter, not the former.
Not all logic adjustments are that obvious. Business customers that deposit a lot of cash raise risk concerns. Of course, you can tweak your system logic to differentiate cash and noncash businesses.
That's not always enough, though. There can be seasonal issues. For example, many retailers might deposit little cash most of the year, but will make large cash deposits during the holiday shopping season. Banks near beaches or other travel destinations also likely have readily identifiable seasonal differences in cash deposit volume. Using system logic to account for these will help minimize unnecessary suspicious activity reports (SARs).
Sometimes your logic should drill down to the individual customer level. For example, liquor stores do a lot of cash business. Even if you adjusted your AML system to account for that, though, it would still likely flag a cash deposit that was far larger than usual. But suppose one of your institution's customers is a liquor store located near a pro football stadium. On game weekends, their cash volume is likely to increase exponentially. Or a customer could be a florist, who would see huge spikes in cash volume around Valentine's Day and Mother's Day. These events would almost certainly trigger an SAR from your AML system, unless you adjusted its logic to account for them.
AML system optimization
While reviewing and adjusting system logic is an ongoing process, system optimization is a periodic review, usually every 18 to 24 months. This allows a longer view of system performance, enabling you to look at year-over-year results to determine overall system performance. This includes evaluating more than just your AML system. For example, are staffing levels in line with AML demands? Maybe you've made changes to your system logic that have greatly reduced the number of unnecessary alerts. If so, maybe you have staff that should be reassigned to other duties in the department or repurposed elsewhere in the organization. Conversely, if AML activity is increasing, staff may need to be augmented.
Overall, your system optimization review should be designed to see if your AML program is working efficiently, generating meaningful reports and keeping false positives to a minimum. System optimization can help identify and eliminate unnecessary rules, duplications and redundant steps. The process will also allow you to entirely eliminate superfluous parameters that are yielding no results. The goal is to fine-tune the AML monitoring process to see through the data jungle and identify suspicious activities that need scrutiny.
System optimization includes measuring outputs—for example, checking the ratio of alerts generated and actual SARs. The higher the ratio, the more likely that your system logic needs revisiting.
The goal is compliance and efficiency
While the importance of system validation is widely recognized by bank and credit union compliance professionals, system logic and optimization processes are less commonly understood and thus, are infrequently incorporated into the review process. System validation alone is insufficient. Be sure you employ system logic to insure your AML system is logical for your risk profile and customer base, and also do a periodic system optimization check to ensure your system is as efficient as possible.