A strong AML (Anti Money Laundering) system is key to your financial institution’s BSA program if it is established to fit your institution’s needs and used efficiently by your BSA department. An effective automated system should allow your BSA department to focus on investigating suspicious activity versus trying to find potential suspicious activity by reviewing countless reports manually. Don’t get us wrong…manually reviewing some reports may still be needed to have an effective BSA program. However, if you have an automated system that is not being used effectively, your financial institution is likely adding unnecessary time to human resources, possibly not detecting suspicious activity that should be reported in addition to the financial loss of purchasing a system that is not working as it should.
Select the model that best suits your needs. Some models are offered by the same third party that provides your core processor and offer a more streamlined integration. However, other models could offer a more robust behavioral solution. Before your contract auto-renews for your existing model, we encourage you to explore other models and negotiate pricing with your top choices.
Review system settings at least annually and any time there is a significant change at the institution or the system itself. Be sure to review those features that have been disabled to assess if they should now be used. For those that are disabled, document the reason that decision is appropriate.
If certain customer information is not being placed in the system, assess the cause and work with your third-party service provider to resolve the situation. If there is no practical solution, implement other procedures to compensate for this limitation. Manually reviewing this activity could be the solution.
Recognize that the risk rating system could be limited if not all customer data is placed in the system. Determine the additional procedures needed to help ensure that you have properly identified higher-risk customers.
If you have recently moved to a new system, perform your own due diligence to help ensure that all data is being captured accurately and that settings are appropriate for your institution. Most third-party service providers ask that you use default settings for a period of time. Be sure to compensate for this limitation. Manually reviewing reporting outside of the AML system will likely be needed until you feel comfortable with the automated system.
Understand how activity is captured and placed in the system. Some systems are based on transaction codes. Others use the source and transaction descriptions to place information in the model. Regardless of the method, understand how it works and ensure there is a process in place to identify any customer transactions that are not captured each day.
Address alerts in a timely manner. Most systems generate different types of alerts. For those that could cause harm to your customer and/or the institution, address those in one to two business days to mitigate actual loss.
Address alerts appropriately. When you determine that an alert is not the result of suspicious activity, be sure to document why you have come to that conclusion. For repeat alerts for the same customer, revisit that decision periodically to help ensure that activity is not really suspicious.
Request a system “optimization” periodically from your third-party service provider. An “optimization” is performed by the third party that provides the model. An optimization should help your institution fine-tune the system to best fit your needs, including ensuring features of the system that could help your organization are in use and settings are at levels that are appropriate. Don’t confuse an “optimization” with a “validation” which is intended to independently assess if the system is working effectively and data is correctly being placed in the system. To help save money, negotiate a periodic optimization into your contract!
Validate the system ideally every two to three years and any time there is a significant change to the institution or the system. A “validation” is different than an “optimization”. A validation should assess the institution’s overall use of the model and test data for completeness and correctness.
A strong AML model can enhance an institution’s BSA program. If used correctly, it can save your BSA department time and possibly detect suspicious activity that would be difficult to detect manually. Use these top 10 best practices to help ensure that your system is working well for your institution.
Contact our financial institutions team today to more effectively identify and manage risk.