The most serious AML compliance problems begin when institutions fail to properly
analyze transaction-monitoring alerts. Why is this essential function so challenging
and what does alert compliance look like?
Anti-money laundering departments are buried under piles of transaction monitoring alerts. Trying to find the few that actually merit real attention is a daily battle.
As we discussed previously, monitoring systems identify far too many low value alerts, often referred to as “false positives.” AML staff must sift through piles of alerts looking for the few that may be suspicious. This presents a great deal of risk.
Most institutions have a two-step process for researching and resolving alerts. The first step is to “triage” large number of alerts in order to identify those that in the second step are then subjected to a more detailed and lengthy investigation. This two-step process is often referred to as, “alert analysis” followed by “case investigation.”
Alert Analysis Failures Are the Root Cause of AML Problems
AML compliance failure sprouts during the alert analysis process for a number of reasons:
- Alert research and resolutions are not compliant with the standards set out by FinCEN and the FFIEC examination manual
- Banks do not have the number of analysts needed to research and properly resolve alerts, and thus backlogs of work grow
- Alert analysis is arguably the most important part of the suspicious activity decision chain, yet it is often where the least experienced staff is assigned
- Institutions lack effective management information reporting systems to properly measure alert quality, track the time it takes staff to resolve alerts, and monitor alert inventory
- AML management does not focus its attention on this often times very boring and ”factory like” process
- Spending hour after hour and day after day looking at low value alerts has a debilitating impact on the skills, attention span and psyche of alert analysts leading them to make poor decisions
- In order to keep up with large volumes of alerts the natural inclination of an overworked analyst is to cut corners and speed through work leading to faulty decisions and shoddy documentation
What A Complete and Compliant Alert Analysis Looks Like
A complete and compliant alert analysis must provide the reader, who is often an auditor or regulator, with key information about what the alert is, who was involved, where the transaction occurred, the type of activity involved, and why the analyst either decided to close the alert or to refer it for further investigation.
Jotting down a few words such as, “no suspicious activity found.” Or, “activity is consistent with customer expectations.” Or, “no additional investigation needed,” is not compliant and will lead to serious AML failures.
Unlike a SAR where FinCEN and the FFIEC provide specific guidance on the format and contents for the written Narrative section, alert resolutions can be written in a format of your choosing but must contain the elements of a well researched and documented effort. As a guide we provide examples of complete and compliant alert resolutions here.
Alert analysis is not the process where SARs are written. Alert analysis is about weeding out the low value alerts and determining which alerts must be then investigated.
Proper Alert Compliance Takes Time
Writing a coherent and supportable explanation to resolve an alert like in the examples provided here takes 25 to 45 minutes.
This may seem like a long time to some, but is it really possible to review the facts and context of an alert, understand the background of a customer, make a sound and supportable decision and then properly document that decision in much less then 25 minutes?
In a typical day, strong analysts resolve between 12 and 19 alerts, and between 60 and 95 each week.
A Simple Way To Gauge Alert Compliance
Alert analysis takes between 25 and 45 minutes to complete. Using simple math can reveal whether your institution complies with suspicious activity detection requirements.
Let’s look at an example from the 2012 U.S. Senate hearing involving HSBC. If HSBC management better understood alert compliance the bank could have self-identified its failures years ago and perhaps avoided much of its troubles.
In 2006 a HSBC AML compliance officer, in an email to other AML compliance management, requested additional analyst staff to address the backlog of correspondent banking and cash management alerts. In an email the AML compliance officer said his team was keeping up by, “handling an average of 3,800 alerts per person” each month but needed additional assistance to stop from falling behind.
There are typically 21 workdays in a month. Assume that HSBC’s analysts worked every minute of every workday (no lunch, no training, no staff meetings, no breaks, no vacation). Under those circumstances these analyst, to resolve 3,800 alerts a month, would have to have been completing 23 alert reviews every hour or one every 2.5 minutes. At that point HSBC should have realized its AML compliance program was failing.
What does the time it takes your staff to resolve alerts reveal about your AML compliance?
Please feel free to share your thoughts, opinion and questions in the comment section.