Automation and AML/BSA Compliance
The future of compliance includes technology solutions. Do not get me wrong – technology is not a panacea but it is an important strategy for leveraging resources. In the anti-corruption and sanctions compliance arenas, technology is an important tool, especially for third-party risk management and knowing who your business partners and customers are for sanctions compliance.
AML and Bank Secrecy Act compliance heavily depends on technology. That is a fact reflecting the reality of monitoring and auditing numerous customer relationships, correspondent banking and large numbers of transactions. In the absence of technology, banks and other financial institutions would be overwhelmed by labor costs. Automation is a key strategy for improving the accuracy and efficiency of an AML/BSA compliance program.
Banks and financial institutions have it very hard – they are required to monitor financial transactions for criminal activity, terrorism and tax evasion. Monitoring customer activity is a challenge as more sophisticated criminal schemes are being developed to avoid bank scrutiny. The challenges are multiplying in this aggressive enforcement environment.
Technology solutions have been available since the early 2000s in response to the pressures created by the USA PATRIOT Act. It is important for a BSA Officer and bank leadership to screen software solutions to make sure they fit a bank’s needs and operations.
A critical goal of any technology solution is to deliver accurate and timely information to stakeholders and decision makers. Automation has to provide a BSA Officer with actions that can be audited and improve audit reviews so that overall program enhancements can be implemented.
Several activities can be automated. I will discuss some of the more significant activities and procedures.
Know Your Customer (KYC) can be automated to reduce significantly time spent in manual functions.
Customers should provide identification information electronically and validation of the customer’s identity and screening can be conducted automatically and the results reviewed by BSA staff. This process will create a record that can be audited. Customers are notified when they have not provided all the requisite information. Automated reminders can make sure that registration and validation process is complete. Customer due diligence is completed through the validation process and linking to an appropriate database screening service. If a customer fails to provide required information, the account can be blocked until the information is provided.
Automation of the registration and validation process also facilitates filtering against high-quality watch lists for PEPs, sanctioned parties, and other important red flag monikers. Notifications of changes in status can also be provided by automated solutions. Technology provides a means by which a bank can regularly check customers and entities against watch lists and other source databases.
Transaction Monitoring can help BSA Officers to monitor customer accounts and activity. In the beginning of a customer relationship, standard-screening criteria should be used until an accurate historical picture of customer activity can be developed. As more information is learned about transaction patterns, a BSA Officer should update and revise criteria for automated screening as necessary.
It is important to keep accurate statistics on the number of alerts, the performance of scenarios, and to modify standards as necessary. Criminals change their modus operandi to avoid detection. BSA Officers cannot rely on standard rules as an effective means to identify suspicious activity. In addition to customer specific monitoring, day-to-day transactions have to be screened against sanctions and terrorist financing lists, and to identify PEPs.
Customer behavior monitoring focuses on customer’s details and activities and compare those with algorithms designed to measure expected activity. The key factors in this analysis focus on unexplained changes in behavior, unexpected patterns and fluctuations in relationships between accounts and customers. Whatever model is adopted in the monitoring solution, the model has to be regularly validated based on operating assumptions, profile characteristics and rules. The underlying risk matrix has to reflect the following: customers, transactions, geography, products and employees. Risk scores should be applied through consistent rules and changes in customer details.
Automation of risk scoring is an important strategy for an efficient monitoring system.
Enhanced Due Diligence can be applied through automated solutions by using available data and validation services. The steps taken to conduct such validation can be logged into a customer’s profile and audited if necessary. BSA analysts can review these actions and follow-up as necessary through appropriate notification settings.
Regulatory reporting is an important function supported by automated solutions. Preparing SAR regulatory reports can be automated because of the well-publicized forms and standards for completing such forms. The information needed to complete a SAR report is usually maintained in a case file relating to a specific customer and/or transaction.
The SAR report fields require a concise and thorough narrative of evidence suggesting suspicious activity. An automated reporting system should be able to pull dates and times from case notes from a customer’s file.