Why AML Matters
Anti-Money Laundering, or AML, is the set of laws, regulations and procedures intended to prevent criminals or terrorist organizations from disguising illegally obtained gains as legitimate income. In the US, the Office of Foreign Assets Control (OFAC) within the Treasury Department administers and enforces economic and trade sanctions, including those directed toward foreign narcotics traffickers. When criminals transfer large sums of money around the world, it can pose a significant risk to the safety and soundness of our financial system and our economy that could facilitate a range of illicit activities.
The AML rules pertain to a number of financial institutions, including securities broker-dealers, and traders, mutual funds, futures merchants, introducing brokers, prime brokers, futures commission merchants, commodity trading advisors, registered investment advisors, investment companies, bank employees, and more. To comply with AML regulations, financial institutions are required to set up internal procedures, including a designated compliance officer, written procedures, customer due diligence , monitoring procedures and independent testing functions.
The Bank Security Act (BSA) requires financial institutions to assist government agencies to detect and prevent money laundering. The AML regulations require financial institutions to report suspicious or unusual transactions to Treasury’s Financial Crimes Enforcement Network (FinCEN) and to comply with the Know your Customer (KYC) rules by verifying the identity of clients.
Recent events have received headlines. Large financial institutions have paid billions of dollars in civil monetary penalties. In 2013, Credit Suisse pleaded guilty to willfully and knowingly conspiring to defraud the federal government and entered into a deferred prosecution agreement with the Justice Department, resulting in an obligation to pay $2.6 billion in fines. In this year there were voluntary forfeitures and fines from several groups including, BNP Paribas Sanciones, Ltd., a French banking corporation; Commerzbank AG, a German limited corporation which paid $1.7 billion in criminal penalties and forfeitures, and ICBC Financial Services, Inc., a New York bank and broker-dealer owned by China’s Industrial and Commercial Bank of China Limited, which agreed to pay $48 million to settle civil charges brought by the Securities and Exchange Commission over allegations it violated standards for detecting and preventing money-laundering.
AML Transaction Monitoring Rules
Effective AML Transaction Monitoring Rules: Key Examples
Beyond just knowing your customers, the cornerstone of an effective anti-money laundering program is transaction monitoring. The Financial Action Task Force (FATF) notes that:
"Countries and the private sector should take appropriate measures to effectively identify, assess, understand, and mitigate the money laundering (ML) and terrorist financing (TF) risks to which they are exposed… They should pay special attention to highly risky customers."
The following are some common transaction monitoring rules. These rules should be risk-based and aligned with the overall AML risk profile of the financial institution.
For certain types of common transaction monitoring rules, it is common for the financial institution to store the rule in its AML transaction monitoring model in the following structure: Scenarios: Money Laundering/Illicit Financial Activity; Description; Rule; Conditions; Alerts; && Legacy Data?; Alerts; Alerted; Closed. It is important to note, however, that there is a difference between the legacy data alert and the current data alert.
Rules relate to suspicious activity dedicated to coordinating financial crime. Important examples include: Due Diligence: There are many variations of this type of rule, but these rules capture multiple pieces of information. For example: No Reasonable Explanation: Although this rule is less common, it is also important. This rule alerts the financial institution when there is no reasonable explanation for a transaction. In many cases, this conflicts with AML efforts to expand the bank/customer relationship.
Testing AML Transaction Monitoring Rules: All transaction monitoring systems should be vetted with a user acceptance plan. Financial institutions should use this plan to test the system from an end-user perspective. This also ensures compliance with regulatory expectations.
Examples of AML Transaction Monitoring Rules that are Effective
The following are a few examples of AML transaction monitoring rules that have been found effective in the real world.
Rule 1: High-Wire-Risk Financial Activity
Much like a red flag filing (or suspicious activity report), a high-activity rule can help weed out criminals dodging detection. An example might be: if the bank has a relationship with a company located in a high-risk jurisdiction, and the average monthly deposit activity exceeds $25 million in two or more out of three consecutive months, this activity warrants further investigation.
Rule 2: Smurfing
When criminals are looking to launder cash using a method considered the quickest, most cost-efficient way is often called smurfing. This process involves breaking down huge amounts of cash into smaller parts (which is why it’s also referred to as ghosting). A rule designed to catch this type of activity requires the system to flag a suspicious transaction such as: when a single transaction, where the amount reaches $5,000 or more, occurs when within one day there are ten or more other transactions for a total exceeding $50,000 deposited into the same account.
Rule 3: Internet-Only Bank Transactions
Internet banks have increased in popularity. For some, a warning sign is if after account opening it is immediately or frequently accessed from foreign IP addresses, but an invoice for what is bought is never provided. A rule might be: online-only accounts can be suspect only if the frequency of foreign IP addresses downloaded exceeds that of domestic, and frequency has jumped 30% or more in less than one year.
Rule 4: Domestic Activity on Foreign Account
A rule might be: if an account holder (in a sanctioned country) accesses funds that have a distinctively domestic source these transfers may be done as wire transfers and require additional investigation.
Rule 5: Memorable Numbers
A common way criminals look to launder money is by working in large numbers of deposits using shared bank accounts and naming the presumed owner as the account manager. They each make small deposits as a cover-up. If the system finds a profile where an existing account is being used by more than one person where they share a phone number or e-mail, the activity needs further review.
How Technology Can Assist in AML Monitoring
Technology has, and will continue to have, a significant impact on how AML transaction monitoring, as well as risk assessment, takes place. There are numerous software products that are capable of scanning large transactions, and identifying those that may be suspicious. Such products should, in a cost effective manner, be able to quickly analyze large amounts of data , while expeditiously identifying the key data points that an analyst needs to review in determining whether a Suspicious Activity Report (SAR) needs to be filed.
A near-term goal of many AML compliance departments should be to utilize technology for many tasks, including: the conducting of risk assessments; automated transaction monitoring; monitoring high risk customers; and identifying and prioritizing red flags arising out of transaction monitoring to assist in SAR filing decisions. Technology should also be used to assist analysts/leverage analytics in making the SAR filing decision.
Challenges and Opportunities
Financial institutions face several challenges when implementing AML monitoring rules effectively. The first is the fundamental concept of a rule family, which, on its own, can create confusion as a result of varying approaches taken across different business lines leading to constant correction of differences in rule families logic. Existing best practice, instead, is now the use of family of families, meaning that the institution rationalizes repeated rule logic across all rule families of equal priority as one set of rules that get evaluated at a given frequency. This solution helps short list the number of alerts generated in response to AML monitoring rules but may not address the fundamental issue associated with rule logic and rule tuning. Financial institutions that do not classify their customers/clients into distinct categories then risk generating alerts on all clients, regardless of transaction volumes or risk-level, since the underlying rule logic is typically based on a binary logic of whether or not a certain type of transaction occurred (such as wires exceeding a certain amount, ACH debits/credits exceeding a certain range, etc.). This approach has however changed over time, and now AML monitoring rule logic are typically based on risk-based parameters which allow for client/customer classification into risk categories and resulting modifications in alert thresholds, which is now more commonly referred to as alert tuning.
Another challenge financial institutions face is distinguishing between alerts generated as a result of transactional behavior monitoring from alerts generated as a result of know your customer (KYC) rules. The current practice is to test those rules which are independent of each other, which is now possible because certain institutions have expanded their testing programs to include KYC rules that generate alerts based on the input of appropriate information into a client and/or account profile fields by employees completing KYC due diligence processes. However, more work needs to be done to ensure that those alerts are marked as KYC related alerts so that AML processes do not need to waste resources performing multi-layered reviews while also not being in a position to identify the nature of the alert.
A third challenge financial institutions usually face relates to how high-risk alerts are dealt with and whether there is an adequate decision-making framework to appropriately evaluate their severity or potential link to illicit activity. This means doing the appropriate analysis to determine not only if a red flag was present, but also allowing appropriate decision makers to identify whether additional sources of information are required to perform the appropriate level of due diligence. It also involves some discussion of whether the same decision making is done across business lines in order to effectively manage cost, mitigate risk and apply a common standard of knowledge and experience to the evaluation of alerts, as there are currently divergent practices in this area. Certain institutions have devised ways to calculate ROI for alerts based on results from QCs and whether an alert makes it to an SAR (as is also done by law enforcement to measure the effectiveness of SARs), while others have moved entirely to a PD monitoring-type structure to allow for a more even allocation of AML resources.
A fourth challenge financial institutions have been facing over the last several years relates to the changing AML landscape and the regulators expectations on the comprehensiveness of an AML program. While there is no doubt that regulators are looking for more robust AML programs, the problem financial institutions face is the fact that while we can manage risk, we cannot eliminate it entirely. This creates challenges in light of discussions on optimal size of AML programs, potential headcount reductions as a result of implementing automated solutions and taking on additional risk as a result of maintaining a more concise rules and policies and procedures.
Compliance, Regulation, and the Next Generation
As surveillance and preventative controls advance and regulators continue to demand tighter compliance, the AML/CFT landscape will undergo significant changes. With this evolution, traditional AML transaction monitoring suites face many challenges. In addition to the traditional capacity of adding new rules and enhancing alert management with the analytics that fit. There is now an increasing need to consider surrounding risk profiling applications, integrating profiles with transaction monitoring, identifying inclusion factors that allow the institution to combine monitoring and profile processes, identifying risk factors that will satisfy regulatory expectations and designing new rules based on risk factors. The ability to look at risk in a cross-institutional way, as required by regulations like the Sixth Money Laundering Directive, is also challenging . However, institutions should not wait until a directive is published before acting. They should seek information from industry groups and regulators, participate in AML/CFT forums, and listen to instruction from consultants from law enforcement authorities about how they view risk in a cross-institutional way. One such way of looking at risk across institutions is the formation of a financial crimes risk profile as proposed by the FATF. The proposal currently includes a #FinCEN_FUGU_MSIX1 (i.e., a flowchart) and a questionaire template as part of the "Instructions for Completing the Financial Crimes Risk Profiling Statement." The instructions suggest that the financial crimes risk profile (which is part of the larger risk assessment) should include quantitative and qualitative data on transactional data within and outside the jurisdiction and across institutions.