A version of this post was originally published on CU Insight.
Congratulations! You’ve just been made head coach of a major college basketball team and are now responsible for improving their ranking. All anyone will tell you is the number of wins and losses from last year. Based on this information alone, you have one mission: improve the team. Can you do it?
Probably not (unless you’re Coach K). The problem is that while the number of wins and losses is important information about a team, it is rather far from painting the entire picture. You don’t even know whether the number of wins and losses put the team in first or last place, or how the team performed in years prior. Without further information, like current ranking or player stats, your evaluation of your new team’s strengths and weaknesses would be rudimentary at best.
Yet, such is often the case when evaluating a Bank Secrecy Act Anti-Money Laundering (BSA/AML) automation system. The only information many financial institutions look at when attempting to improve their AML system is the number of alerts it generates. However, just like in basketball, the number of alerts—although meaningful information—does not tell the whole story. Did the alert result in an investigation? Did the investigation result in a SAR filing?
The answers to these and other questions can reveal the places where adjustments to the AML system’s effectiveness and efficiency are advisable. If on one end of the spectrum is the origination of an alert and on the other end a SAR filing, it stands to reason that most alerts end somewhere in the middle —which means a lot of investigation resources invested in non-SARs or, what is worse, legitimately suspicious activities slipping through the cracks. And if your institution can’t get things under control, it could be subject to dreaded look-back projects and other costly penalties.
Whatever AML system you’re using, whether it’s the most expensive platform with all the bells and whistles or an Excel spreadsheet built by Tom in operations, its effectiveness and efficiency are capped by how much effort has gone into refining it to fit your institution’s circumstances and your constantly evolving base of members. Because there is no industry-wide set of rule parameters for identifying transactions that should result in an alert to be investigated, it takes an investigation of each individual institution’s current system to make any improvement.
As I’ve traveled to dozens of financial institutions across the country struggling with balancing their Anti-Money Laundering Systems between too many and too few alerts, I’ve identified what I call the “waterfall” diagram, which has proven to be an effective model in the process of optimizing an AML system. Named for its sequential flow through six stages, this model provides a framework for stepping back and tracking alerts from a given period of time through six stages:
1) Is the identified activity accurate?
2) Does the activity merit investigation?
3) Should the investigation be escalated?
4) Should the investigation be presented to SAR committee?
5) Should a SAR be filed?
6) Should parameters be expanded to detect similar activity?
If the answer to each question is “yes,” your rule parameters for a given alert functioned as designed, enabling you to file a suspicious activity report and consider whether the rule parameters should be expanded to detect similar activities. But each “no” along the way presents an opportunity for the institution to fall back and consider modifications to the current AML rule parameters to reduce “noise” (alerts that have limited or no meaningful value in identifying suspicious and/or fraudulent activities, thereby absorbing finite credit union resources). With strong case management that tracks the stages hit by each alert, a credit union can revise its parameters with statistical support on activity that promotes regulatory acceptance of parameter adjustments.
Furthermore, it is that same insight provided by a strong case management system that will allow credit unions to truly see what impact parameter modifications have. After all, good coaches will make adjustments to their program to test what works, but the key to lasting improvement is knowing how the team was affected by the change. Otherwise, it’s just a guessing game.
If you’re the “head coach” for your credit union’s AML program, don’t limit your homework to an analysis of simple wins and losses of seasons gone by. Use the AML waterfall model to help refine your analysis to fit your institution’s circumstances and your ever-transforming base of members. Once you’ve completed this type of analysis, your institution will be able to make informed parameter modifications as needed, resulting in a top-seeded AML program.
Ken Agle, President of AdvisX, brings more than 25 years of experience covering almost all facets of financial institution risk management operations. He has conducted more than 350 compliance reviews and has assisted more than 200 financial institutions throughout the United States. He has developed and implemented systems and training programs on all phases of banking risk management, including, but not limited to BSA/AML, fair lending, loan review, HMDA, CRA, BSA, operational compliance, TILA, and RESPA. He has written numerous regulatory responses and appeals and has been instrumental in assisting institutions with challenging circumstances while facing regulatory enforcement orders. He has partnered with McGladrey & Pullen, RSMI, Promontory, Sheshunoff and other multi-region firms to provide support services to financial institutions. Mr. Agle specializes in strategic regulatory response and in developing and implementing both proactive and reactive tools and systems to preempt and resolve issues affecting today’s financial institution.