Second in a series.
A bank cannot comply with AML regulations without a system to monitor and identify potentially suspicious transactions. Yet transaction monitoring systems are a leading contributor to catastrophic AML compliance program failures.
The prior Insights & Action discussed the results of a study citing the seven primary reasons AML compliance programs fail – one of which is that transaction-monitoring systems produce far too many low value alerts. This is not surprising. Industry surveys show most institutions find 90% of the alerts monitoring applications generate are of little value to AML compliance units.
Institutions must analyze and determine if transaction-monitoring alerts warrant further investigation and eventual SAR filing. Regulations are clear about the work that must go into alert analysis. Performing this work takes time. The more alerts produced, the more analysts institutions must hire. The cost of such work has increased dramatically over the past decade and for most institutions it is a struggle to hire and pay for the people needed to comb through piles of alerts each month.
When the struggle to hire more people and the never ending production of more alerts reaches a tipping point, the study showed institutions that failed to comply with AML laws made poor decisions about how to deal with alert inventories. It was not unusual for institutions to cap or stop the production of alerts once reaching the maximum number FIU staff could handle. Such an approach undoubtedly leads to violation of AML regulations, but in many of the cases where programs failed, capping alerts was an accepted practice.
As alert workloads became too much for staff to handle, decisions were made, thought at the time to be small and subtle, about what work was to be done and what work could be delayed, or not done at all. In the space between these untenable options suspicious activity went undetected by the institution, but not undetected by law enforcement and regulators. Thus setting off the unstoppable momentum towards AML program failure.
We’ve personally seen situations like this many times. We realize that when the decision to purposefully limit the number of alerts is made it is not done with explicit intent to blatantly and knowingly disregard regulations. Instead this decision is made under the pressure that comes with trying to manage budgets, figuring out how to get work done, and trying to comply – basically doing what can be done with the resources available.
DEALING WITH TOO MANY ALERTS
So what is an institution to do when confronted with never ending alerts, constrained budgets and not enough FIU staff? Lets look at some options.
1. Switching transaction-monitoring applications – Sounds reasonable if the application now being used produces too many alerts. But is there really a noticeable distinction between monitoring applications where one produces so far fewer low value alerts that it makes the enormous cost and effort to switch systems compelling? If the answer were “yes” wouldn’t that incredibly effective application dominate the marketplace? An unhappy fact is that the applications now in the market are very similar in that they all produce volumes of low value alerts. They are also very expensive. For midsize banks purchasing, customizing, engineering, testing, and maintaining a new system costs in the millions. For smaller institutions the relative costs are just as high.
2. Hiring more FIU staff – Yes, for some institutions this may be a viable and sustainable answer. If your staffing numbers are off by just a few people, adding a couple of more may be the best solution. Unfortunately though for most institutions, hiring the people needed to resolve large numbers of low value alerts is not possible without busting budgets. Moreover, trying to locate qualified FIU staff is not easy. The skills and experience analysts need are hard to find and unless your institution is in a larger city where you can poach FIU staff from another institution (which inevitably leads to unsustainable salary escalations) locating good candidates is a significant challenge.
3. Optimizing transaction monitoring application – Perhaps the best approach for most institutions is to make the application now in place better. While the efforts needed to optimize a monitoring application are not necessarily fully understood when purchasing a system, cost much more than imagined and are a constant necessity, they do provide the best ways to whittle down the numbers of low value alerts.
A note of caution: If a system is implemented properly, meaning the initial scenario selection and setting of thresholds is thoughtful and reasonable, subsequent tuning or optimization efforts will yield only mild improvements in alert quality usually reducing low value alerts by single percentage points. Getting a particular scenario’s low value alert percentage from 90% to 85% may not be cause for wild celebration, but over time these reductions can help limit budget increases and enable an FIU to operate with smaller inventories of alerts and hopefully avoid backlogs.
Tuning combines statistical analysis, knowledge of how money is laundered, and sound judgment to craft better detection scenarios. Some key things to consider when tuning a monitoring system include:
Not every type of transaction needs to be monitored through a vendor software application. Often institutions, using basic programming, develop better monitoring processes themselves.
The purpose of AML compliance is to file SARs. It is tempting to deploy scenarios to detect activity that sounds interesting, or are the AML issue de jour, but if these scenarios never yield a SAR, modify or retire them.
Tuning is not something done once a year. Tune your monitoring system each month or at least each quarter.
Examine non-transactional variables: Transaction volumes and values are the most common variables to alter when tuning. However, these variables may not always be those that are best at identifying suspicious activity. Analyzing SARs filed from the scenario being tuned may reveal what is most meaningful and it may have more to do with the duration or location of a customer’s activity.
Micro-target scenarios: Every FIU knows the frustration of seeing the same customer alert every month for normal or expected activity. FIUs are reluctant to suppress alerts for fear of missing something. Consider applying a subset of more narrow thresholds to these repeat customers that identifies their truly suspicious activity but does not alter the thresholds and scenarios applied to the general population of customers.
Change time line: Instead of a scenario looking at monthly activity, extend the monitoring period to quarterly or semi-annually. Stored value cards and loans are products that lend themselves to longer review periods.
Transaction monitoring systems have a long way to go before they become the type of tool that brings real effectiveness to AML. In the meantime the costs of maintaining and improving these systems will rise. Don’t let this reality force poor decision making that ends up jeopardizing compliance.