A well-designed transaction monitoring (TM) system is an important component of an effective anti-money laundering (AML) compliance program. It supports efforts to combat money laundering and terrorist financing by helping financial institutions identify unusual or suspicious activity that must be reported to regulatory authorities, and aids law enforcement in tracking and prosecuting criminals involved in money laundering and terrorist financing.
Due to intensifying regulatory scrutiny, the increasing sophistication of criminals and the rapid pace of technological advances, financial institutions must update their AML TM efforts constantly; therefore, it’s not surprising that these organizations are increasing their investment in TM systems.
Yet despite these budget increases that also include additional personnel dedicated to support TM functions, AML TM efforts remain suboptimal in many organizations. Often, TM initiatives and systems are deficient from the outset – among the many issues, institutions may fail to incorporate lessons learned from past errors into their new TM programs in an appropriate or timely manner.
Challenges and Opportunities
In our experience, financial institutions face multiple challenges throughout the lifecycle of selecting, implementing and maintaining their TM systems. In the analysis that follows, we focus on the challenges and opportunities that can emerge during the TM system selection process. These challenges include:
- Unreasonable expectations – Management often has unreasonable expectations about how a vendor’s TM system can improve the institution’s TM program, as well as the level of effort required to implement the system. It’s not unusual, for example, to hear one or more of the following claims:
- “We can implement an ‘out of the box’ solution to improve our TM program – no need to customize.”
- “A new TM system will actually save us money because we’ll need fewer people. Installation won’t be a problem; our IT department will work with the vendor to implement the system.”
- “The system can do it all – KYC, risk scoring, monitoring, case management.”
- Poor data integrity – Even the best-designed TM system cannot mask a TM process that is ineffective due to data quality issues. During the selection process, financial institutions can underestimate, often significantly, the level of effort required to identify and integrate required data sets from across the institution (e.g., customers, accounts, transactions) that will enable the TM system to perform optimally.
- Improperly identified requirements – Without a strategic approach to deploying an enterprise- level TM solution, the financial institution may define inadequate business and compliance requirements across the institution (e.g., customer activity across products or lines of business, country-specific data privacy laws, availability of scenarios for various bank products, system security, system capacity, and infrastructure planning).
- Inappropriate scenarios or thresholds – A TM system will not support the institution’s AML objectives if scenarios and thresholds are determined by the vendor rather than in accordance with the institution’s risk profile (e.g., products, locations).
A comprehensive AML TM system selection process not only will help the institution overcome these challenges, but also will deliver a number of benefits, including:
- Improved data quality and architecture – Developing a comprehensive set of data requirements to support an effective TM system will help identify data quality and architecture issues. Addressing these issues at the source system by changing operational procedures, implementing application controls (e.g., edit checks, validations) and dealing with system gaps can enhance operational efficiencies, allow for better management reporting and improve the overall AML TM program.
- Better use of time by compliance personnel – Investing time during the TM system selection process to identify data, monitoring, geography and production requirements is critical to implementing an effective TM system, as well as ensuring its long-term effectiveness. Over time, a well-designed TM system will enable compliance resources to spend more of their time on investigations to identify suspicious activity, rather than running manual reports, linking customer activity using multiple reports, or sorting through false positive alerts caused by data or functional issues.
- Knowledge sharing – Forming a cross-functional team during the TM system selection process (with representation from compliance, IT, data architecture, bank operations and internal audit) brings together resources with differing responsibilities and perspectives, thus enhancing the knowledge base needed to make the best-informed decision.
Our Point of View
Selecting the most appropriate TM system and executing an effective implementation is a multiphase process and a number of factors must be considered. Following are some of the critical areas to address during the TM system selection process:
- Inventory of standard scenarios in the system and the ability to modify the existing scenarios or add new ones
- Capability to employ the TM system for various product types and services – correspondent banking, international ACH, remote data capture, etc.
- Case management and workflow capabilities, as well as the ability to log actions taken by the users of the TM system
- Reporting capabilities beyond the standard suspicious activity report and currency transaction report
- Process used to validate the TM system
- Capability and process to map current transaction codes to the TM system’s transaction codes
- Customer segmentation capabilities
- Data analytics capabilities that would allow the financial institution’s data analyst to determine or tune threshold values
- Capability to integrate with other financial crimes solutions implemented by the financial institution
- Capability to customize the alert/case management user interface and workflow without vendor support
- Scalability and performance/responsiveness of the TM system
- Pricing model
- Ability to integrate into the current and, potentially, future technology environment
As with any software or vendor selection initiative, a financial institution should have a defined process to evaluate the solution that fits best with the organization’s requirements. Following are some actions the institution should consider undertaking as part of this initiative.
Project Planning, Management and Communication
- Establish a project management team, including an executive sponsor.
- Obtain bank strategy, operations and compliance perspectives from executive management.
- If opting for a phased implementation (adding scenarios or products incrementally over time), establish a risk-based implementation strategy.
TM Program Needs Assessment
- Assess gaps in current TM program.
- Understand the institution’s growth strategy (e.g., acquisitions, new products).
- Identify any manual reports used in the current TM program.
- Outline desired red flag scenarios to include in the new TM system.
- Assess the alert and case information along with workflow requirements that will improve the decision-making ability of the investigator.
Data Assessment and Inventory
- Inventory data elements used by existing AML monitoring processes and programs developed in- house.
- Assess completeness, quality and accessibility of existing data elements.
- Determine potential data elements to be captured and assess business changes required to capture this data.
Requirements and Vendor Scorecards
- Develop an RFP based on business and technology requirements as well as standard institution RFP requirements (e.g., company financials, experience, warranties, cost).
- Develop a customized vendor scorecard and metrics based on prioritized business and technology requirements.
How We Help Companies Succeed
Our AML professionals, teaming up with our model risk experts who include Ph.D.-level professionals with deep quantitative skills, can help your institution select, implement and maintain a sound and robust AML TM system validation program. We have experience with a number of AML TM systems on various platforms, including but not limited to Actimize, Detica NetReveal AML (Norkom), Mantas and SAS AML, as well as a number of homegrown systems. Our AML TM services include the following:
- Assessing the effectiveness of TM programs and systems
- Assisting in TM system selection
- Developing an effective and efficient model validation methodology and approach
- Conducting validations in the following areas:
- Verification of scenarios and alerts
- Evaluation and tuning of scenarios and thresholds
- Data validation
- Customer segmentation
- AML red flag gap analysis
- Worst-case scenario analysis
- Assessing the existing model validation process
- Improving the current tuning methodology, approach and documentation, and transferring knowledge for the financial institution to use on an ongoing basis
A large regional bank engaged Protiviti to assist with its TM system selection process. We worked with the bank to develop and execute a TM system selection approach, assembling a working group that included company stakeholders from project management, compliance, operations, technology and internal audit. As part of the project, we helped our client develop technology and business requirements, vendor scorecards, and demonstration scripts and evaluations, and we assisted through the process of final vendor evaluation and selection.