The current financial crisis has shuttered long-standing financial institutions and is dramatically redefining the banking landscape. Financial institutions are
looking for ways to improve balance sheets and survive, causing AML compliance executives to reduce overall costs and cut staff.
While AML compliance efforts strain under budget reductions, AML compliance teams will be faced with new challenges. Suspicious activity is likely to increase as financial crime and underground markets expand in response to tough economic conditions. And, despite the challenging conditions, regulators will not be relaxing AML requirements anytime soon. Many institutions will find themselves having to maintain or increase AML risk management while under pressure to do more with fewer resources.
Since 2003, nearly all financial institutions have purchased or developed transaction monitoring software designed to detect potentially suspicious activity. However, it’s common that these systems produce hundreds or even thousands of low value alerts each month, compounding inefficiency and driving up costs of AML compliance as few of these alerts actually end up as SARs.
How to Improve Effectiveness and Efficiency of Transaction Monitoring
As most AML professionals know, the first step in eliminating or reducing low value alerts is to “tune” the automated alerting parameters and thresholds. Typically, tuning is a statistical exercise aimed at identifying correlations between alert attributes (e.g. transactions, account type, customer type) and SAR filing percentages focusing on which alerts actually result in a SAR. The goal is to find common attributes between the low value alerts and then change thresholds to prevent meaningless alerts from being produced month after month.
Often times however, tuning will not substantially reduce alerts. Marginal improvements are good, but won’t dramatically reduce wasted time. Fortunately there are other ways to increase transaction monitoring efficiency. Here are a few proven methods to consider:
Single Event: A customer’s sudden unexpected change in behavior, often referred to as a large balance fluctuation, causes many alerts. Often, such a sudden change in account activity is associated with a transaction of little, if any, AML risk. For example, an account that receives proceeds from the sale of one home and is then used for the subsequent purchase of another. Other examples are seasonal, such as tuition payments (August and December) or bonus payments (January).
Analyze the SAR filing percentages of these “single event” alerted customers whose transactions are not cash or wire transfers and alert only once during a defined period (six months). Consider placing them in a “holding tank” only to be worked when another alert/event occurs within the next six months. If no further unusual activity occurs during the time frame, the original alert is cleared.
Repeat Customers: Most financial institutions develop procedures to suppress alerts for certain customers such as public companies and government agencies, but to do so for other customers presents some challenges. However, by applying an approach we refer to as the “trusted customer” it is possible to create a subset of alerts subjected to a less stringent review.
For example, a grocery store that also offers lottery and ATM services regularly alerts for cash transactions. Every prior alert has been cleared and the bank is comfortable with the customer’s business. However, future alerts cannot be suppressed because the customer is not publicly traded or a government entity. Instead, procedures to review the grocery store’s alerts should be modified to hasten the review. This more expedient review seeks to determine if the current alert is similar to the prior cleared alerts. Trusted customers should undergo a semi-annual review to validate this modified approach continues to be sound.
Data Quality: Monitoring systems often encounter difficulties with deciphering particular transaction codes and as a result, alerts are needlessly generated. The best example of this is when source systems feeding a monitoring system erroneously classify non-cash transactions (like check deposits) as “cash.” This wreaks havoc on an AML group who ends up having to address alert after alert that are not cash related. We have seen instances where this problem infects up to 25% of an institution’s cash alerts. Over the course of a year this means employees spending significant time working on insignificant alerts.
In many instances this problem is not caused by a system error, but from retail personnel employing techniques to accelerate the processing of customer transactions. Known sometimes euphemistically as “teller tricks,” these short cuts have a detrimental impact on AML operations.
Documentation Templates: AML compliance operations employ standards for how alerts are analyzed and documented. Whether the group that analyzes alerts is one person or 50, creating reusable and automated templates is among the best ways to improve speed, consistency, and compliance. A standardized template can capture the key elements of the analysis and even automatically fill in a customer’s name, account number, address and date the account was opened.
While customer and transaction details will differ for each alert, the verbiage around some of the unusual events remains similar. If a report is written for unusual cash transactions below $10,000, a standard introduction or conclusion could be: “This customer’s cash deposits appear to be attempts to circumvent CTR filing requirements because on (fill in dates) he/she deposited (fill in amounts). In addition, the cash activity is unusual for the customer because the source of funds is unknown and the customer’s listed occupation of (insert occupation) is not likely to generate cash income.”
A complete SAR narrative requires more detail, but to automate portions of the report will improve effectiveness and efficiency. The AML compliance department should create a library of commonly used narratives (introductions, explanation of transactions, conclusions) to reuse in SAR narratives that describe everyday AML violations. These could include: large cash transactions, domestic wires, international wires to high risk jurisdictions, wires to potential shell companies, large balance fluctuations, monetary instrument use, rapid movement of funds, and certain types of fraud. Placing these templates on a shared drive or imbedding them in a case management system to be used by the entire department will speed up work and ensure consistency in documentation.
Risk Assessment: AML compliance groups often over commit to monitoring products and services that appear high risk or are declared high risk by regulators, but in reality, pose little threat to your institution because internal controls limit exposure to potential money laundering. Using a recent internal risk assessment that fully and properly articulates the risk posed by a particular product may relieve the department from a monitoring burden.
For example, stored value cards are believed to be money laundering vehicles and thus deemed “high risk.” An institution’s response may be to develop a specific
report to monitor stored value card activity and an employee’s time is spent reviewing that report. However, the risk assessment may show that stored value cards are only sold to bank customers, not reloadable, only a certain number may be sold at one time, and there is a relatively low maximum dollar amount allowed on each card. Furthermore, actual data from the previous year may reveal that the institution sold very few cards and current sales are not much better. Therefore, a seemingly “high risk” product is negated by compensating controls and the fact few customers seem interested in the product. The bank is left with very little residual risk and a specific monitoring report is unnecessary.
As difficult economic times continue to weigh on the financial sector, it is incumbent upon all AML departments to proactively identify opportunities to reduce cost, improve operations and maintain compliance. However, not finding ways to improve operations and reduce costs will ultimately hamper compliance as the group draws the ire of management for failing to act in these unprecedented times. AML compliance departments are necessary to meeting regulatory requirements and protecting an institution’s reputation.
Please feel free to share your thoughts, opinion and questions in the comment section.