Use of Technology in BSA-AML Compliance Examiner's

advertisement

Use of Technology

in

BSA-AML Compliance

Examiner’s Viewpoint

John Reynolds

Legal and Compliance Risk Department

Federal Reserve Bank of New York

AIBA Quarterly Meeting

Wednesday, March 13, 2013

Association of the Bar of the City of New York

Use of Technology – BSA-AML – Examiner’s

Viewpoint

Exams - 1

Disclaimer

The views expressed herein are those of the presenter and do not necessarily represent those of the Federal

Reserve Bank of New York or the Federal Reserve

System. For a complete description of regulatory expectations related to the Bank Secrecy Act, the reader should refer to applicable laws, statutes, interpretations and the FFIEC BSA-AML Examination Manual.

Use of Technology – BSA-AML – Examiner’s Viewpoint 2

Use of Technology in BSA-AML Compliance

Statutory and Regulatory Requirements

Risk Focused

Size/Complexity/Volume of Operations

Business Needs

Use of Technology – BSA-AML – Examiner’s Viewpoint 3

What do the examiners do?

BSA-AML Manual is the backbone of any review

In scoping the BSA-AML review, a key step is to determine the “Level and extent of automated BSA/AML systems.”

Examiners are interested in integrity and accuracy of MIS used in the BSA/AML compliance program

MIS includes reports used to identify large currency transactions, aggregate daily currency transactions, funds transfer transactions, monetary instrument sales transactions, and analytical and trend reports

Examiners are interested in Internal Audit’s review of the

MIS used in the BSA/AML and OFAC Compliance programs

Use of Technology – BSA-AML – Examiner’s Viewpoint 4

Monitoring

The need to identify and report suspicious activity is central to the BSA

Type of monitoring used to identify suspicious activity.

Likewise, what is used for effective OFAC screening and interdiction

Use of Technology – BSA-AML – Examiner’s Viewpoint 5

Monitoring Thoughts – Account Profiling

Algorithms formulated to model predicted activity based on historical activity.

Simple model based on past activity in an account based on a single product i.e., wire activity, check activity and predicted volume of debts/credits.

Combination of checks deposited, cash withdrawals, wires in and out of the accounts based on a daily, weekly, monthly activity.

Geographic locations also incorporated – transactions that occur outside of the normal regions locations are alerted.

– Relationship Profiling

Expanding beyond a single account to incorporate all of the activity a relationship conducts with a bank.

Would include activities across business units:

Trust activity

Credit

Checking, wire transactions, cash

Securities

Use of Technology – BSA-AML – Examiner’s Viewpoint 6

Monitoring – Modeling Peers and

Comparison to normal behavior

Utilizing the individual account profile to compare to other account profiles in a similar industry.

Activity in an account the occurs outside of what is deemed “usual” or “normal” based on the aggregate activities in a “business classification” would generate

“Alerts”

What defines normal/objective is actual transaction activity however what defines unusual is subjective – does activity need to exceed 10,20, 50% of its peers to generate an alert?

Use of Technology – BSA-AML – Examiner’s Viewpoint 7

Monitoring – Rule Based Alerts

Specific “ Key Words ” and information, or lack of, in a payment field such as geographic location, LLC numerical names etc.

Specific set dollar value thresholds.

Common originators/beneficiaries.

Transactions that cut across multiple jurisdictions – particularly those that are high risk.

Relative “%” dollar value and/or transaction volume thresholds based on expected activity.

Can be designed to customer specific risks and expectations .

Use of Technology – BSA-AML – Examiner’s Viewpoint 8

Monitoring – Profiling and Rules Based Systems

Most often see a combination of both at larger institutions.

Bank management may not fully understand the

General Profiling algorithms but can assign the relative or absolute thresholds for transaction alerts.

Rule based alerts tend to be easier to program providing more flexibility to bank management.

Peer analysis not often fully utilized, and monitoring at a relationship level at the forefront of industry development

Use of Technology – BSA-AML – Examiner’s Viewpoint 9

Monitoring – Risk Rating

Important that bank’s get it right to meet their legal obligation to have effective controls in place to detect and report suspicious activity.

Rules need to be commensurate with the Risk Rating of the customer’s and incorporate CDD/EDD information.

What is the customer’s expected activity?

What geographic locations are normal/expected for the client?

What dollar volume and values are expected?

What products will the client be transacting in?

Use of Technology – BSA-AML – Examiner’s Viewpoint 10

Thoughts on Monitoring Software

Does software provide risk assessments by customer base, country, and product types?

Define to your vendor your MIS needs, control environment, and support needed for a robust monitoring reporting system.

Assess internal functionality for account officers, audit, legal, and management reporting and ability to interface with government regulatory AML units How will Software address defined risks faced in each product and client account?

Match the functionality of commercial software with your bank’s requirements

Explore and compare to non-commercial alternatives including home-grown monitoring system

Use of Technology – BSA-AML – Examiner’s Viewpoint 11

Some observations on use of Technology in AML

Banks increasingly feel a need to adopt to the changing regulatory environment by arming themselves with the latest AML technology only to find that they don't know how to effectively operate and/or it doesn't fit what their needs

Vendor management – ensuring that there is adequate support from the vendor

“Turn key" systems – cannot simply switch on & have fully functional system. In reality, it requires customization to operate properly with the bank's operations (canned monitoring rules, or canned OFAC screening thresholds)

Purchased systems vs. internally developed

UAT. Does the system do what users think it does?

Periodic review of output and effectiveness

Suppression Lists

Model Risk Management (SR Letter 11-07)

Use of Technology – BSA-AML – Examiner’s Viewpoint 12

Some Industry Vendors*

Searchspace/Fortent

Mantis

Norkom

SAS

GIFTS

Metavante/Prime BSA & OFAC Reporter

Assist

Actimize

HotScan – OFAC

Bridger – OFAC

Accuity - OFAC

OFAC Compliance Engine (OCE) Compliance Intelligence Group

Others?

* Listing is not all-inclusive and inclusion does not indicate does not indicate endorsement

Use of Technology – BSA-AML – Examiner’s Viewpoint 13

QUESTIONS?

Use of Technology – BSA-AML – Examiner’s Viewpoint 14

Download