As the number and complexity of sanctions increase, regulators worldwide continue to step up their scrutiny of banks and other financial institutions to ensure compliance. Considered the initial line of defense against money laundering and terrorist financing, financial institutions have witnessed the intensified focus on sanctions compliance firsthand. Recent enforcement actions and punitive fines bear this out. While regulatory requirements are the same regardless of size of the organization, a large customer base and multiple jurisdictions elevate certain risks.
Compliance professionals face an evolving environment where sanctions are increasing, lists are expanding and watch list screening is more complex. With reputational and financial risk ever present, compliance departments are under intense pressure from internal mandates to mitigate risk. At the same time, they are expected to reduce costs, presenting a double-edged challenge. In a recent white paper, SWIFT indicates that growing watch lists and transaction volume will cause the operational costs of sanctions compliance to double every four years. Add to that the cost of Politically Exposed Persons (PEPs), other high-risk individuals or accounts, and negative media screening for customer due diligence, and operational efficiency becomes a priority.
Meeting the dual challenge of balancing risk mitigation and cost is easier said than done. Much has been written about effectively addressing the large number of alerts generated by most AML software that is used for customer screening and transaction monitoring, yet alert management remains one of the most challenging and expensive problems for institutions to overcome. Industry experts advise that it is critical to have efficient systems and processes in place to meet this challenge. Financial institutions have responded by re-evaluating their anti-money laundering (AML) programs, systems, processes and controls. Companies most successful will be those whose compliance strategies take into account four key factors:
- Culture — create a strong, company-wide culture of awareness and accountability for compliance that comes from the top down.
- Risk Management — a major role in compliance with risk assessments as a best practice.
- Technology — an essential component for effective compliance programs.
- Globalization — well-defined compliance programs that are consistent across a company's locations.
From System Deployment to System Effectiveness
The Federal Financial Institutions Examination Council (FFIEC) provides guidelines for selecting AML software that satisfies regulatory compliance and addresses all the risks inherent in an organization's customers, geographic imprint and products and services. These guidelines are proof that industry focus has shifted from solution deployment to solution effectiveness. Implementing AML systems is no longer enough. Bank examiners expect complete transparency and evidence that knowledgeable, well-trained compliance professionals can not only speak to filtering performance and understand how system changes will impact that performance, but also are regularly testing processes for effectiveness.
Institutions have come to realize that an inefficient system can impose excessive compliance costs. Faced with an uphill battle to comply with regulations and identify changing risk, compliance departments will calibrate system parameters to cast a wider net, only adding to the mounting sea of alerts, many of which are irrelevant or false. To address the volume of work involved in screening, financial institutions must exploit technology further. As a result, they are raising the technology bar by demanding more from their AML solutions providers.
The Role of Technology
Identifying and monitoring high-risk customers and transactions can only be addressed with an effective model for managing risk across the enterprise. The inherent complexity of the screening process poses a big problem for most rules-based systems in the market today. An algorithm compares individuals and entities to any number of lists with varying qualities and data while fuzzy logic must be employed to allow for spelling inconsistencies and other variations. These variables work in unison to deliver result sets that yield more quantity than quality.
A common problem with rules-based solutions is that they produce large, unmanageable volumes of false alerts. And while a vendor's default values are based on generic industry trends, they can fall short of a bank's unique risk profile. A cost-effective, manageable filtering process must be tailored to produce a reasonable number of highly relevant alerts based upon a defendable methodology. But what approach should institutions take?
Recommendations in industry white papers, articles and blogs suggest improving data quality at the source, understanding your screening environment, incrementally improving system performance and implementing analytics for AML. While these are all valid points for consideration, the basic underlying screening technology that is used still relies on the set up and maintenance of hundreds, if not thousands, of rules. Many institutions struggle to win the screening battle of out-of-control hit rates and false positives by playing with the tuning parameters. Others are beginning to consider an alternative approach to the traditional, rules-based systems that have flooded the market for years or were built in-house.
The Trues and Nothing but the Trues
On the opposite end of the rules spectrum, a principles-based model lends simplicity to the screening system. In principles or knowledge-based models, various problem solving methods such as classification and qualitative reasoning can be viewed in a uniform fashion. Classification of alerts is an important aspect of the screening process and one that is lacking in typical screening solutions. There are three types of potential matches: the really good ones to keep, the really bad ones to discard and those in the middle to either review or not to review. A principles-based model is more effective in quantifying, qualifying and prioritizing risk than a rules-based approach because the focus is not just on eliminating false positives. It will also quickly deliver alerts with the highest risk and greatest relevance first, enabling institutions to establish a meaningful risk threshold that effectively separates alerts for review from those to be discarded. Where to draw this threshold is determined by an institution's requirements, risk appetite and a thorough analysis using below the line testing. Institutions plagued by an overabundance of false positives that drain time and resources for manual review will appreciate the fewer but higher quality results a principles-based AML screening solution delivers.
While the goal is to identify and monitor relationship risk across the enterprise, efficient alert management is crucial to the process. Principles-based technology solutions enable institutions to achieve greater operational efficiency and reduce the overall costs of alert remediation.
Carol Stabile, CAMS, senior business manager, Safe Banking Systems LLC, Mineola, NY, USA, carol.stabile@safebanking.com