in
John Reynolds
Legal and Compliance Risk Department
Federal Reserve Bank of New York
AIBA Quarterly Meeting
Wednesday, March 13, 2013
Association of the Bar of the City of New York
Use of Technology – BSA-AML – Examiner’s
Viewpoint
Exams - 1
Disclaimer
The views expressed herein are those of the presenter and do not necessarily represent those of the Federal
Reserve Bank of New York or the Federal Reserve
System. For a complete description of regulatory expectations related to the Bank Secrecy Act, the reader should refer to applicable laws, statutes, interpretations and the FFIEC BSA-AML Examination Manual.
Use of Technology – BSA-AML – Examiner’s Viewpoint 2
•
•
•
•
Use of Technology – BSA-AML – Examiner’s Viewpoint 3
•
BSA-AML Manual is the backbone of any review
•
In scoping the BSA-AML review, a key step is to determine the “Level and extent of automated BSA/AML systems.”
•
Examiners are interested in integrity and accuracy of MIS used in the BSA/AML compliance program
•
MIS includes reports used to identify large currency transactions, aggregate daily currency transactions, funds transfer transactions, monetary instrument sales transactions, and analytical and trend reports
•
Examiners are interested in Internal Audit’s review of the
MIS used in the BSA/AML and OFAC Compliance programs
Use of Technology – BSA-AML – Examiner’s Viewpoint 4
•
The need to identify and report suspicious activity is central to the BSA
•
Type of monitoring used to identify suspicious activity.
•
Likewise, what is used for effective OFAC screening and interdiction
Use of Technology – BSA-AML – Examiner’s Viewpoint 5
Monitoring Thoughts – Account Profiling
•
Algorithms formulated to model predicted activity based on historical activity.
–
Simple model based on past activity in an account based on a single product i.e., wire activity, check activity and predicted volume of debts/credits.
–
Combination of checks deposited, cash withdrawals, wires in and out of the accounts based on a daily, weekly, monthly activity.
–
Geographic locations also incorporated – transactions that occur outside of the normal regions locations are alerted.
– Relationship Profiling
•
Expanding beyond a single account to incorporate all of the activity a relationship conducts with a bank.
•
Would include activities across business units:
–
Trust activity
–
Credit
–
Checking, wire transactions, cash
–
Securities
Use of Technology – BSA-AML – Examiner’s Viewpoint 6
Monitoring – Modeling Peers and
Comparison to normal behavior
•
Utilizing the individual account profile to compare to other account profiles in a similar industry.
•
Activity in an account the occurs outside of what is deemed “usual” or “normal” based on the aggregate activities in a “business classification” would generate
“Alerts”
•
What defines normal/objective is actual transaction activity however what defines unusual is subjective – does activity need to exceed 10,20, 50% of its peers to generate an alert?
Use of Technology – BSA-AML – Examiner’s Viewpoint 7
Monitoring – Rule Based Alerts
•
Specific “ Key Words ” and information, or lack of, in a payment field such as geographic location, LLC numerical names etc.
•
Specific set dollar value thresholds.
•
Common originators/beneficiaries.
•
Transactions that cut across multiple jurisdictions – particularly those that are high risk.
•
Relative “%” dollar value and/or transaction volume thresholds based on expected activity.
•
Can be designed to customer specific risks and expectations .
Use of Technology – BSA-AML – Examiner’s Viewpoint 8
Monitoring – Profiling and Rules Based Systems
•
Most often see a combination of both at larger institutions.
•
Bank management may not fully understand the
General Profiling algorithms but can assign the relative or absolute thresholds for transaction alerts.
•
Rule based alerts tend to be easier to program providing more flexibility to bank management.
•
Peer analysis not often fully utilized, and monitoring at a relationship level at the forefront of industry development
Use of Technology – BSA-AML – Examiner’s Viewpoint 9
Monitoring – Risk Rating
•
Important that bank’s get it right to meet their legal obligation to have effective controls in place to detect and report suspicious activity.
•
Rules need to be commensurate with the Risk Rating of the customer’s and incorporate CDD/EDD information.
–
What is the customer’s expected activity?
–
What geographic locations are normal/expected for the client?
–
What dollar volume and values are expected?
–
What products will the client be transacting in?
Use of Technology – BSA-AML – Examiner’s Viewpoint 10
Thoughts on Monitoring Software
•
Does software provide risk assessments by customer base, country, and product types?
•
Define to your vendor your MIS needs, control environment, and support needed for a robust monitoring reporting system.
•
Assess internal functionality for account officers, audit, legal, and management reporting and ability to interface with government regulatory AML units How will Software address defined risks faced in each product and client account?
•
Match the functionality of commercial software with your bank’s requirements
•
Explore and compare to non-commercial alternatives including home-grown monitoring system
Use of Technology – BSA-AML – Examiner’s Viewpoint 11
Some observations on use of Technology in AML
•
Banks increasingly feel a need to adopt to the changing regulatory environment by arming themselves with the latest AML technology only to find that they don't know how to effectively operate and/or it doesn't fit what their needs
•
Vendor management – ensuring that there is adequate support from the vendor
•
“Turn key" systems – cannot simply switch on & have fully functional system. In reality, it requires customization to operate properly with the bank's operations (canned monitoring rules, or canned OFAC screening thresholds)
•
Purchased systems vs. internally developed
•
UAT. Does the system do what users think it does?
•
Periodic review of output and effectiveness
•
Suppression Lists
•
Model Risk Management (SR Letter 11-07)
Use of Technology – BSA-AML – Examiner’s Viewpoint 12
Some Industry Vendors*
–
Searchspace/Fortent
–
Mantis
–
Norkom
–
SAS
–
GIFTS
–
Metavante/Prime BSA & OFAC Reporter
–
Assist
–
Actimize
–
HotScan – OFAC
–
Bridger – OFAC
–
Accuity - OFAC
–
OFAC Compliance Engine (OCE) Compliance Intelligence Group
–
Others?
* Listing is not all-inclusive and inclusion does not indicate does not indicate endorsement
Use of Technology – BSA-AML – Examiner’s Viewpoint 13
Use of Technology – BSA-AML – Examiner’s Viewpoint 14