Protect your financial institution against fraud: How to upgrade your anti-money laundering (AML) system

Anti-money laundering (AML) compliance is becoming increasingly complex. According to the Financial Times, since 2008, there have been over $55 billion in fines globally from enforcement actions related to AML violations – $5 billion in 2022 alone. Because of this, AML continues to be a hot button issue among regulators, and there are no signs of that changing any time soon.

Along with the changing financial crime landscape, the expectations of regulatory bodies are changing as well. The impact that financial crime has on our communities is not limited to large cities – it is increasingly affecting small communities across the United States. From human trafficking and drug smuggling to sanctions from geopolitical crises we face every day, fighting financial crime has never been more important.

Because many organizations are facing tight budgets and talent constraints due to today’s economic climate, cutting edge technology solutions will allow you to focus your energy on identifying truly suspicious activity and sanctions evasions instead of endlessly clearing false positive alerts from antiquated rules-based systems or worse: compiling data into manual spreadsheets. An effective transaction monitoring system can enable your team to focus its time on issues that require a human touch.

Transaction monitoring systems that are modern and robust can be a cornerstone in your compliance program, and new technology is completely transforming the way financial crimes investigators are able to report on potential AML cases. The level of sophistication of these tools varies widely, and therefore it is important that you consider your organization’s risk profile and specific needs before deciding which type is the best fit.

Manual system

The least sophisticated option, a manual system involves accessing your data through several different systems or spreadsheets and then completing a manual analysis to look for things like cash transactions over $10,000 or suspicious activity patterns. You are also tasked with manually documenting and researching KYC (Know Your Customer) information and manually filing reports with FinCEN.

Rules-based system

With a basic rules-based system, transaction and customer data flows into the tool, and alerts are generated using rules that you can usually configure and customize. Some systems enable you to file reports with FinCEN directly in the application, with data that is pre-populated and documented.

Advanced automation system

While automated systems vary significantly in their capabilities, many connect to most if not all systems that house transaction and customer data and leverage rules-based algorithms to synthesize that data and generate alerts and risk ratings. The most sophisticated systems also leverage artificial intelligence (AI) and machine learning to build predictive models and even execute some of the legwork for clearing alerts.

Want more information on digital transformation? Read our latest e-book here

One of the biggest challenges with manual transaction monitoring, and even the more basic rules-based automation systems, is the element of human error. Whether it stems from misinterpreting data, mistakes in judgment or making assumptions due to missing information, the more manual a process is, the more likely we are to encounter errors.​

Another related limitation is ensuring you are looking at all relevant information by comparing transaction patterns now to those from the past and reviewing all KYC information and any enhanced due diligence information on file – data that is often kept in disparate systems and files.​

Manual transaction monitoring is also time consuming. Reviewing data from across the organization, analyzing it and trying to make sense of patterns takes a lot of time and effort.​ It is important to understand your customer base and risk profile in the context of your overall AML and sanctions risk assessments​. It is also vital to spend enough time to properly investigate alerts, make a recommendation, document the decision and file any reports – for every alert.​

Time is money, and any savings you gain from avoiding the purchase of yet another software subscription, you then lose due to either the human capital needs required to get the full picture OR fines for compliance violations.

Leveraging automation and artificial intelligence for transaction monitoring will help your team more efficiently and effectively fight financial crime and maintain compliance with BSA/AML regulations.

1. Greater efficiency: When you have a properly configured, automated system for monitoring transactions, consolidating customer data and reporting, you will be much more efficient in your work.​ You will also have consistent and repeatable alert generation by the platform and actionable information for investigators​.
2. Improved accuracy: Because these systems leverage machine learning and advanced algorithms to help uncover things it would take hours or days for a human to notice, you also gain confidence in the accuracy of your work.
3. Optimized resources: Upfront costs and annual subscription fees can be pricey, but so are compliance violations and hiring and retaining talent. Vendors that take innovative approaches to enhancing their products could end up saving you on resources by providing functionality (i.e. continuous KYC and adverse media screening on your customer base) and outsourced digital workers that leverage AI to do alert triage and research.
4. Real-time alerts: Real-time fraud alerts enable you to ​quickly identify and respond to suspicious activity and stop fraud before things escalate.​ You can save money by identifying and stopping things like ACH fraud rings quickly and effectively.
5. Streamlined reporting: Additionally, many systems also include a reporting functionality to streamline the process for filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs). ​This not only saves time, but also significantly increases accuracy because it pulls data directly from your systems into the forms so you can do a quick quality assurance review and get things filed.​
6. Customizable configurations: Automated systems often generate alerts using a rules-based system.​ This allows you to tweak thresholds for various activities and turn different scenarios on or off based on your own risk profile.

According to Bill Gates, automation applied to an inefficient operation will magnify inefficiency. With this in mind, a strong BSA/AML and sanctions program is critical to the success of your transaction monitoring efforts, no matter how you do it.​

Automated systems require good data. It’s critical to make sure your organization is collecting KYC and customer due diligence info at account opening and throughout the course of the relationship. Additionally, it is important to make sure all transaction systems and data sources are connected so you see the full picture.  ​

Align your configuration with your risk profile

With the pace of change to the external risk landscape, regulatory expectations and emerging risks like cryptocurrency and marijuana-related businesses, it is critical that your organization maintains a current and comprehensive risk assessment of its AML and sanctions risks. We recommend that your team updates this risk assessment at least annually – and more often when a significant change to your risk profile or customer base occurs, like a merger/acquisition or a new product launch.  

A risk assessment is your north star in developing all your organization’s AML and sanctions policies and procedures, as well as in your decision to implement a transaction monitoring system and how you ultimately configure it.

Ensure everything is getting in

Inventory systems should be integrated across your entire organization and should connect all customer information and transactional data to the platform. Ensure that your team reviews status reports daily and quickly resolves any lapses of data downloads. It is also vital that you reconcile the data that feeds in to ensure there are no duplicates or missing pieces.

Take ownership of your system

Regulators have often criticized institutions for implementing systems out of the box without customizing the rules to their unique risk profile, or if institutions do not have a risk assessment that supports the configuration of rules and other settings in the system. You need to demonstrate that you have taken ownership of the platform and not just taken whatever suggestions were made by the vendor's sales and implementation teams. Try to get transparency in how the tool works so you can feel confident it is doing what you need it to, you can make changes to configurations to address evolving risks and test alert appropriateness and have a document trail to provide to your regulators.

Get regular tune-ups and perform scenario testing

Automated systems are usually highly configurable, and this allows you to tweak thresholds for various activities and turn different scenarios on or off based on your own risk profile. You want to ensure you catch all suspicious activity without overburdening the team with white noise from false positives. Above and below the line testing will help you optimize the number of alerts generated that result in cases and ultimately suspicious activity filings

Ensure proper governance

Establish a financial crimes committee if you don’t have one. They should:

• Assist with SAR decisions
• Help determine when customer relationships should be terminated
• Review and approve changes to BSA/AML/sanctions-related policies and procedures
• Review and approve proposed changes to system configurations
• Test that system changes work as anticipated
• Ensure user access and admin rights are appropriate
• Review and oversee the implementation of recommended changes from model validation and system tuning recommendations
• Drive change management and training efforts across the organization

Partner with your vendor to test new functionality

With so many options in the marketplace for transaction monitoring systems, there is a lot of competition, which means there is also a lot of innovation. FinCEN and regulators are encouraging innovation in fighting financial crime, so don't be afraid to test out new functionality and see how it impacts your organization’s processes. Be careful to make sure you don’t implement anything that inadvertently prevents you from detecting and reporting suspicious activity by thoroughly testing everything you implement and monitoring the impact on things like the number and quality of alerts, SAR filings, amount

Find the right vendor

Once your team has established a clear vision for how you would like your transactional monitoring system to align to your organization’s overall strategy, look for vendors that can show they are continuously innovating, have a solid track record with compliance and can communicate how they can help you save money by stopping and preventing fraud and protecting your customers.

Understand potential return-on-investment (ROI)

When contemplating your budget, try to understand how much time and money goes into your existing processes. For example, how long does it take an investigator to clear the average alert and file a SAR? 

Additionally, look at the fraud cases over the last year or two: how much money could your organization have saved if the fraud was caught earlier? These questions will help you better understand how your investment in a new technology will save you money over time as well as articulate what success looks like for you, both of which are critical to kicking off a vendor analysis.

Talk to references

If possible, ask for and talk to references. It is especially helpful if you can seek the feedback of organizations that are similar in size and maturity. This will not only help you vet the product, but also help get a sense of whether anything was overhyped by the sales team.

Ask detailed questions, including topics such as level of customer support, amount of innovation and enhancements and any detractors you should be aware of. You should also ask how regulators have responded to the system. Has it been scrutinized for any reason? And ask which other competitor products the referral considered and why they went in another direction – often they may express regret with their decision. 

Finally, offer to keep in touch regarding what you end up selecting to encourage open lines of communication.

Assess the workload for implementation

Make sure you understand how much work will be required of you and your team to implement a new tool. Highly customizable solutions are attractive because they are flexible, but they often require so much effort to configure and maintain that they become very cumbersome – and don’t underestimate the governance required to make changes to these types of systems as well.

Test how the system integrates with other tools

Asking for access to test environments, or sandboxes, can enable you to learn more about how user-friendly a tool is before deciding to purchase. Ask how easy it is to connect your existing platforms into the system so you know how much IT support you will need.

Develop a change management plan to ensure success

Involve stakeholders across your organization from the start to ensure all use cases are being considered and to help with buy-in. A strong communication strategy centered on "what's in it for me" will drive user adoption.

Also, ensure you have a complete understanding of the post-implementation reality, and focus your training efforts on why they are using the tool and what it is helping your team do. Understand what expectations are for ongoing maintenance and IT resources. Do they need to train the tool? Is there enough transparency for you to operate the tool and satisfy regulators? Will the vendor be available to help you optimize your usage, implement new functionality and answer questions once live?