The ever-increasing importance of a robust BSA/AML monitoring system has become more than clear in recent years. However, an all-encompassing monitoring system often feels beyond the reach of the smaller financial institution. Resources are finite, and some institutions are left floundering when attempting to cover all their bases. What must your small financial institution do to determine whether its BSA/AML monitoring system is as sound as those applied by their far larger counterparts?
In Part 1 of this two-part post, we discussed the first secret weapon vital to the smaller financial institution’s BSA/AML monitoring systems: sufficiency. This week, we’ll examine the second and final essential element.
Secret Weapon No. 2: Efficiency
If sufficiency is the first secret weapon a smaller financial institution must employ as part of a sound BSA/AML monitoring system, the second is efficiency. Efficiency in AML monitoring is achieved when the institution is using the proper amount of resources needed to complete the task. For smaller institutions looking to make their AML monitoring more efficient, the secret may lie in the creation and use of level and trend reports.
When talking about level reports, we are referring to reports that display information of the current levels of AML monitoring completed. For larger institutions with automated systems this may be easier, as the list of information to collect comes out of the AML system itself, including the number of generated system alerts, the number of resulting investigations, and subsequent SARS.
With manual systems, knowing the right information to collect and analyze can be less clear. Using the information collected from automated systems as a guide, here are foundation elements of what we would recommend the information on level reports might look like.
Sufficiency Component 1: Level Reports
Level reports can contain information such as:
- the number of SARs filed
- the source and types of suspicious activities observed (and how many of each)
- the number of instances where an investigation was warranted, and
- the monetary amounts involved in observed suspicious activities.
Additional information on the number of High Risk Customers accounts opened and currently maintained with the number of conducted investigations on these HRCs can also be meaningful. These are just a few examples and can expand to include any metric you can think of that might help you get a better understanding of what’s really happening at you institution.
This information can be useful by itself, but is even more powerful when presented within the context of the institution’s previous performance. This is where trend reports come in.
Sufficiency Component 2: Trend Reports
Trend reports should compare these levels with previous levels. Ask yourself the following two questions: Are we seeing different trends from the previous month or quarter? How does this compare to the same time period in previous years?
Once you have this information, take the time to examine the numbers for trends in the institution’s completed investigations and reporting. Frequently, by reviewing these trends you can identify patterns that may warrant expanded training or other elements aimed at ensuring a proper monitoring effort. For example, an institution identifying a higher number of cash intensive businesses would want to implement appropriate controls and monitoring efforts to ensure proper internal monitoring. These specific monitoring efforts can frequently be facilitated through awareness and customer monitoring without an automated system.
Here are a couple of examples of possible situations you might find your institution in, and some questions to help guide you toward improved monitoring:
- Considering the typologies discussed in Part 1’s sufficiency discussion, perhaps you never find evidence of common counter-party activity. Is this because you don’t have the right tools to look for it effectively? Is the monitoring you have looking for the right things?
- Perhaps you initiate many investigations, but rarely file a SAR. Are you looking at all of the information collected through the investigation correctly? If there really isn’t suspicious activity there, what is prompting your institution to start so many investigations?
- What if almost all of the investigations you complete result in a SAR filing. Are you doing too much during the initial review of activity as opposed to “triaging” activity to determine where your efforts are best spent?
Sufficiency Component 3: Interpreting BSA/AML Reports
The information collected and included on the reports is useless without using your expertise to give the numbers meaning. We recommend the information on these reports be presented to the appropriate decision-making body within the institution, such as the Board of Directors, to help keep them up-to-date with the BSA/AML program, as well as to help them make decisions regarding potential improvements. A financial institution’s leadership is responsible for performance in all areas of the institution, including compliance with BSA. The responsibility rests with them, so they need the appropriate information.
With the information collected and presented in level and trend reports, you have another tool at your disposal in making the AML monitoring in your institution more efficient. Remember, no matter if your organization is large or small, new or old, the principles of sufficiency and efficiency should be the backbone of your monitoring system.
Ken Agle, President of AdvisX, brings more than 25 years of experience covering almost all facets of financial institution risk management operations. He has conducted more than 350 compliance reviews and has assisted more than 200 financial institutions throughout the United States. He has developed and implemented systems and training programs on all phases of banking risk management, including, but not limited to BSA/AML, fair lending, loan review, HMDA, CRA, BSA, operational compliance, TILA, and RESPA. He has written numerous regulatory responses and appeals and has been instrumental in assisting institutions with challenging circumstances while facing regulatory enforcement orders. He has partnered with McGladrey & Pullen, RSMI, Promontory, Sheshunoff and other multi-region firms to provide support services to financial institutions. Mr. Agle specializes in strategic regulatory response and in developing and implementing both proactive and reactive tools and systems to preempt and resolve issues affecting today’s financial institution. For more information on BSA/AML services, contact Ken Agle.