The Bank Secrecy Act (BSA) is the primary anti-money laundering (AML) law in the United States. Although technology has been at the heart of AML compliance for years, new technologies are bringing more sophisticated and efficient approaches to AML compliance, with the goal of reducing compliance costs for large and mid-tier banks.
AML compliance generally is based on identifying transactions that fall outside the normal banking behavior of an individual. Systems provide alerts when transactions fall outside prescribed norms, which may be based on a profile of transaction behavior for a group of customers with similar characteristics or, in newer systems, on a customer’s actual past behavior.
The alerts provided by any system must notify a compliance officer to examine transactions that have a high probability of being irregular. Yet the alerts cannot be so tightly designed that they create a large number of “false positives:” transactions incorrectly identified as non-compliant.
For many AML systems, the number of false positives is far too high, leading to a need for additional staff to identify flagged transactions that actually do comply. “Financial institutions are looking for ways to reduce false positives and alerts in a way they can defend in front of a regulator,” says Julie Conroy, research director for Boston-based Aite Group’s Retail Banking practice. The solution most banks choose, she says, is to add staff in order to investigate alerts and comply with the BSA.
In order to limit AML alerts to those transactions needing investigation, AML systems are using increasingly targeted analytics. “It’s all about creating a situation where one compliance specialist with competing resources can focus and target those transactions that are the most anomalous,” says Seth Ruden, a financial crimes and risk consultant with ACI Worldwide, Seattle. “AML compliance is going to benefit from new technologies based on profiling that measure legitimate consumer behavior.”
AML System Types
ALM systems fall into three general categories, experts say, as follows:
- Rule-Based Compliance. These systems, initially designed for large banks, monitor transactions based on rules programmed to meet specific situations that may indicate anomalous transactions. Rules may encompass considerations like dollar thresholds, payment beneficiaries, missing information, or the amount of a transaction compared to normal transaction amounts within an account relationship.
- Statistical Comparison. These systems compare an individual’s account activity to a peer group. For instance, the general transaction profile of all physicians is compared to the specific activity of a single physician. Deviations from the norm may result in an AML alert. Comparisons can be made to industry norms or norms within an institution’s own customer base.
- Predictive Analytics. The predictive analytics approach uses actual customer behavior, rather than comparison against a peer group, sending investigation alerts when a customer’s current behavior deviates significantly from previous behavior. This enables the system to send alerts based on behavior from an individual that is deviant, which takes into account individuals whose behavior as a whole deviates from their peer group.
“Many solutions in the market are more rules based, which can lead to a lot of false positives,” Conroy says. The latest technologies use predictive analytics, which reduces the number of false positives and are increasingly required by regulators.
As the consultants at PricewaterhouseCoopers put it in a recent report, “Given the current industry landscape and intense regulatory scrutiny around BSA/AML issues, it is imperative that organizations move toward an analytics-driven model rather than rely on traditional control-based testing for AML compliance.”
Regulators are starting to require banks to use analytics-based approaches in their AML programs, Conroy says. It’s a requirement for banks above $8 billion in assets. “It’s only a matter of time before small banks will need to use analytics solutions,” she says. Conroy is working on an AML Vendor Evaluation report.
Verafin, one company highlighted in Conroy’s report, has targeted small banks with its hosted AML software. “They are bringing analytics to the small bank market,” she says. Based in St. John’s Newfoundland, Canada, Verafin has gained more than 1,000 customers since its founding in 2010.
AML Monitoring Software Guidelines
In a presentation given to the Association of the Bar of the City of New York on March 13, 2013, John F. Reynolds, an examining officer in the Legal and Compliance Risk Department of the Federal Reserve Bank of New York, provided the following guidelines to consider when selecting and evaluating AML monitoring software:
- Ensure that the software provides risk assessments by customer base, country, and product types?
- Define your IT needs, control environment, and support needed for a robust monitoring reporting system.
- Assess internal functionality for account officers, audit, legal, and management reporting, including the ability to interface with government regulatory AML units.
- Understand how the software addresses defined risks faced in each product and client account.
- Match the functionality of commercial software with your bank’s requirements.
- Explore and compare to noncommercial alternatives including, home-grown monitoring systems.
AML Software Vendors
BSA and Related Regulations