Modernizing Anti-Money Laundering Practices

Similar documents
INTELLIGENT FINANCIAL CRIME DETECTION GETTING AHEAD OF FINANCIAL CRIME WITH AI THE POWER OF AI

Preventing Board and Management Liability for Violations of AML Rules

STRATEGIES FOR REDUCING AML CASE PROCESSING TIMES

Actimize Essentials AML. Cloud Based Anti-Money Laundering Solutions

Contextual Monitoring: Enabling banks to reduce false positives while catching the bad guys

Customer Due Diligence (CDD) Market Survey. Survey Results. Copyright 2016 NICE Actimize. All rights reserved.

ANTI-MONEY LAUNDERING & SANCTIONS EXPERTS WITH IMPACT

Financial Crime Mitigation

KYC compliance strategies that your customers will love

ANTI-MONEY LAUNDERING SERVICES EXPERTS WITH IMPACT

Anti Money Laundering Compliance Solutions. Copyright 2016 Allsec Technologies. All rights reserved.

COMPLIANCE REIMAGINED THE AML COMPLIANCE LANDSCAPE. Financial institutions seek enterprise-wide, cost-effective solutions

Anti-Money Laundering and Sanctions Compliance. You Can t Afford the Risks

AML for MSBs & FinTech: The Compliance Conundrum. Insight Article. Copyright 2016 NICE Actimize. All rights reserved.

Key BSA/AML takeaways from the 2015 FIBA conference

TOO BIG TO SUCCEED. Top 5 AML Challenges in These forces produce a set of common challenges:

Auditing for Effective Training

IBM AML compliance solution

RSM ANTI-MONEY LAUNDERING SURVEY BEST PRACTICES AND BENCHMARKING FOR YOUR BSA/AML PROGRAM

SAS ANALYTICS AND OPEN SOURCE

AML model risk management and validation

FINANCIAL SERVICES FLASH REPORT

Actimize Essentials. Cloud-based Solutions for Financial Crime Prevention & Regulatory Compliance

A RESPONSE TO CELENT S DAWN OF A NEW ERA IN AML TECHNOLOGY REPORT. Addressing Financial Crime and Compliance Challenges with Advanced Analytics

How to discover ways to sustainable anti-money laundering operations*

ANTI-MONEY LAUNDERING, SANCTIONS & ANTICORRUPTION SOLUTIONS EXPERTS WITH IMPACT

READY OR NOT? NAVIGATING THE DFS 504 RULE. AUTHORS Adrian Murphy Austin Hong Aron Cohen CONTRIBUTORS Allen Meyer Alan Morley

ONGOING MONITORING OF THIRD PARTY RELATIONSHIPS

RC & TACKLING TRADE BASED MONEY LAUNDERING (TBML) risk compliance RISK & COMPLIANCE MAGAZINE. risk & compliance REPRINTED FROM: APR-JUN 2018 ISSUE

Combining Data Analytics with Transaction Monitoring Capabilities to Identify Suspicious Behavior. AIBA Compliance Seminar March 3, 2015

INTELLIGENT IAM FOR DUMMIES. SecureAuth Special Edition

BSA/AML Self-Assessment Tool. Overview and Instructions

JOB TITLE: VP, BSA Officer REPORTS TO: SVP, Deposit Operations and Regulatory Compliance/CRA Officer DEPARTMENT: Compliance

PATH TO INTELLIGENT TRANSACTION MONITORING. February 22, 2018

FINRA 2090/2111 Solutions & Expertise

DFS NY A strategic approach to dealing with the final rule. August 2017

Thomson Reuters SCREENING RESOLUTION SERVICE

AML and Tax Compliance in the Asia-Pacific Region: Investing in KYC Systems, Data, and Processes

Conducted 2nd quarter 2015

RDC Risk Management and Compliance: Expert Update & Case Study

AML Investigations. Understand the Challenge of AML Investigations and How to Meet Them

RDC Risk Management in 2013

Markets Surveillance Enterprise Solution Overview. December 3. Financial Markets Compliance Solutions

Anti-Money Laundering

Thomson Reuters World-Check One Finding Hidden Risks

Testing and Reviews. Importance of BSA / AML Training Testing staff on their comprehension of the training

LexisNexis Risk Management Suite

2017 Conference Takeaways

The web seminar has not yet started: A sound check will be performed 5 minutes before the start time.

IdentityMind SANCTIONS SCREENING PRECISION.

The Modern FCIU: Special Risk Investigations

Risk Management TRAINING AND EVENTS. aba.com/risktraining

A buyer s guide to data-driven HR. Which approach is best for you?

Madison Consulting Group. An Introduction to Our Compliance and Regulatory Consulting Services

Customer Due Diligence Risk-Based Approach. Dan Soto CCO Ally Financial

WHITE PAPER. Managing the Intelligence Life Cycle: Title A More Effective Way to Tackle Crime

RiskTech Quadrant 2017 Watchlist Monitoring Solutions

REGULATORY HOT TOPICS FOR INTERNAL AUDITORS: EVALUATING THE USE OF AML TECHNOLOGY

REGULATORY HOT TOPICS FOR INTERNAL AUDITORS: EVALUATING THE USE OF AML TECHNOLOGY

Machine intelligence for financial services

Enterprise-wide Risk Case

Bank Secrecy Act Training: Who, What, When, How and Why? Presented by Lynn English Lafayette Federal Credit Union

Practical Ideas for an Effective BSA/AML Compliance Function: Risk Assessment and Program Development

Managing Sanctions Compliance in a Global Economy

WELCOME. 1

Financial Services Compliance

RDC Risk Management in 2015

BUSINESS CASES & OUTCOMES

CSMAD / MAR: From regulatory burden to competitive advantage. A NICE Actimize White Paper. Copyright 2016 NICE Actimize. All rights reserved.

IDC MarketScape: Worldwide Anti Money Laundering Solutions in Financial Services 2018 Vendor Assessment

OPERATIONAL TRANSFORMATION OF ANTI-MONEY LAUNDERING THROUGH ROBOTIC PROCESS AUTOMATION

FMS New York/ New Jersey Chapter Meeting January 14, The Impact of Models. by: Scott Baranowski

The Role of the VMO in Regulatory Compliance Planning, Due Diligence and Contract Negotiation

CONSULTATION DOCUMENT AML/CFT SUPERVISORY STRATEGY

Crowe Caliber. Using Technology to Enhance AML Model Risk Management Programs and Automate Model Calibration. Audit Tax Advisory Risk Performance

Non-Banking Financial Institution (NBFI) Third Party Payment Processor (TPPP) AMLQuestionnaire

The Changing Check Deposit Landscape: An Obstacle Course for Fraud Management. Copyright 2016 NICE Actimize. All rights reserved.

bitarisk. BITA Star a product from corfinancial. london boston new york BETTER INTELLIGENCE THROUGH ANALYSIS better intelligence through analysis

ACAMS Utilizing Internal Audits to Pinpoint Gaps in Your Institution s AML Program

IDC MarketScape: Worldwide Know-Your-Customer Solutions in Financial Services 2018 Vendor Assessment

REUTERS/Carlos Baria. Thomson Reuters World-Check One Finding Hidden Risks

Markets Surveillance Buying Guide: Everything You Need to Know

On the case: Mitigating emerging financial crime risks through enhanced case management

BEIJING BRUSSELS CHICAGO DALLAS GENEVA HONG KONG LONDON LOS ANGELES NEW YORK SAN FRANCISCO SHANGHAI SINGAPORE TOKYO WASHINGTON, D.C.

Madison Consulting Group. An Introduction to AML Compliance Consulting Services

Text Analytics for Executives Title

NEED FOR ARTIFICIAL INTELLIGENCE & MACHINE LEARNING

Getting ready for any examination brings about the initial

REGULATORY COMPLIANCE. Dynamic Solutions. Superior Results.

AML Regulation in 2014: The New Culture of Compliance. Webinar Participant Poll Results. Copyright 2016 NICE Actimize. All rights reserved.

EMPOWER YOUR ANALYSTS. GO BEYOND BIG DATA. Delivering Unparalleled Clarity of Entity Data. White Paper. September 2015 novetta.com 2015, Novetta, LLC.

Why Machine Learning for Enterprise IT Operations

BANK SECRECY ACT. Kevin T. Kane, President Financial Regulatory Consulting, Inc. April 19, frcconsult.com 1

The New Rule on Customer Due Diligence Key Takeaways from Banker s Toolbox

OVERVIEW MAPR: THE CONVERGED DATA PLATFORM FOR FINANCIAL SERVICES

7 Tips to Successful Check Cashing

An all-in-one risk management platform delivering fraud detection, transactions screening and customer due diligence capabilities

WHITE PAPER. Results Delivers Value

Arjun Kalra - Senior Manager - Crowe Horwath Risk Consulting Practice Chuck Taylor BSA Officer City National Bank

Empowering Customer Analytics, Fraud Detection, and Threat Assessment. Whitepaper

Transcription:

Conclusions Paper Modernizing Anti-Money Laundering Practices How Financial Institutions Can Use Predictive Analytics to Pinpoint Suspicious Activity Insights from a presentation at the ACAMS AML & Financial Crime Conference Featuring: Mason Hinkle, Senior Vice President, Deputy BSA Officer, BSA Operations and Financial Crime Risk Management, Union Bank David Stewart, Director of Financial Crimes Global Practice, SAS

Contents Introduction... 1 Springing to Action... 1 Building the Financial Intelligence Unit... 1 How the FIU Is Structured... 3 Surveillance Unit... 3 Investigations Unit... 3 Global Sanctions Group... 4 Currency Transaction Unit... 4 Client Intelligence Unit... 4 A Work in Progress... 4 Closing Thoughts... 4 About the Presenters... 5

1 Introduction It was a nightmare come true for Union Bank, a wholly owned subsidiary of Bank of Tokyo-Mitsubishi UFJ with branches primarily in California, Washington and Oregon. Between January 2004 and August 2005, drug dealers moved millions of dollars of proceeds from drug sales through their Union Bank accounts as part of a money laundering operation. Union Bank failed to detect the illicit activity and to file suspicious activity reports (SARs) to the Financial Crimes Enforcement Network (FinCEN) in a timely manner as mandated by 12 CFR 21.11. This put the bank in violation of the Bank Secrecy Act (BSA) of 1970. Regulators demanded that Union Bank implement an enterprisewide BSA compliance program to improve its processes for identifying and reporting suspicious transactions. The bank was ordered to develop proper controls, train managers and staff, and establish audit and due diligence procedures. When the bank didn t move fast enough, it received $10 million in fines. Worse, a cease and desist (C&D) order prohibited the bank from any new operations until it could resolve the compliance issues. As a result of the C&D, we couldn t grow. We couldn t open branches. We were at a total standstill, said Mason Hinkle, Senior Vice President and BSA Operations Manager for Union Bank. Union Bank is hardly alone. Regulators are under pressure from Congress to crack down on BSA violations. As a result, more financial institutions than ever are finding themselves in Union Bank s shoes. BankersOnline.com compiled a list of approximately 120 financial institutions that have been slapped with BSA/AML fines or penalties since 2004. The largest enforcement action to date was $1.9 billion levied against HSBC. Clearly, financial institutions of all types and sizes need to beef up their BSA compliance efforts. The challenge is that high transaction volumes from online and mobile banking services give criminals considerable cover for money laundering schemes. Identifying a suspicious transaction is like finding a needle in a haystack. And while the largest institutions can hire armies of compliance experts, most firms lack these resources. They need to work smarter so they can pinpoint truly suspicious activity - with minimal false negatives or false positives - to optimize investigator productivity. David Stewart, Director of the Financial Crimes Global Practice at SAS, recently spoke with Mason Hinkle about how Union Bank successfully modernized its anti-money laundering (AML) practices using sophisticated analytics capabilities - and extricated itself from its C&D in record time. Springing to Action In the face of the C&D, Union Bank wasted no time in doubling down on its AML efforts. It was all hands on deck, said Hinkle. We made sure we had total support and buy-in from board members and senior executives. We assigned board members to our project and kept them intimately involved. Our parent company provided intense support as well. We put a lot of money into building our program. We went from basically nothing to the very large and robust program that we have today. Our first order of business was to understand the root of the problem and determine what we needed to achieve, Hinkle continued. At the time, we had no financial intelligence unit (FIU) for monitoring suspicious transactions. We had about five people in a BSA-related function. We had no tools. We had disparate processes and disparate systems. We had to determine what we needed to do from a people, process and technology perspective and what players needed to be involved. Throughout the process, we also initiated a lot of open and transparent conversation with our primary regulator, said Hinkle. We met with them weekly. We disclosed anything we found. We were very fortunate that they were receptive to our ideas and provided feedback. We also gave (and continue to give) them a road map of what we re looking to change and improve. Building the Financial Intelligence Unit The bank needed to organize its efforts at detecting and monitoring suspicious transactions, regulatory filing, and creating currency transaction reports (CTR) and suspicious activity reports (SAR). That meant implementing the right technology - including solutions that would allow it to perform sophisticated analysis - hiring the right people, and developing robust controls and processes around monitoring. Addressing these issues became the purview of the new Financial Intelligence Unit (FIU). As the bank considered its technology, it searched for opportunities to integrate technology, eliminate redundant processes and eliminate rekeying of data to improve the overall effectiveness of systems. It also implemented solutions to synthesize data from incompatible data sources on a wide variety of platforms to create an enterprisewide view of risk across customers, products, business units and channels. The FIU also staffed its operation. Says Hinkle, We made sure to hire a balanced staff - from former law enforcement to former bankers to people who ve been in the AML industry at many different organizations. Because analytics would play a key role in

2 the bank s BSA compliance efforts, it also hired four statisticians to build predictive models and perform validation. Ultimately, financial institutions will also need to hire people with skill sets new to the compliance department. As Stewart explained, In most IT organizations, you have a database administrator and the old-school federated data, star schema, data warehouse guys. Now there s an emerging role of data scientist. Some new architectures put large amounts of data into memory to make it available for analysis and reporting. They do this in a less structured manner than a traditional database. These new approaches allow IT to make data available to compliance users more quickly. In addition, disciplines like text mining and managing unstructured data will require new skill sets. Ranking Customers for Risk To improve its ability to identify suspicious activity, Union Bank implemented a risk-based AML program that looks at groups of customers in different ways depending on their ever-changing overall risk profile. They then monitor the customer or accounts according to the risk classification. The bank examines the behavior of high-risk customers more closely than low-risk ones. For example, a customer deemed to be high risk might have a much lower threshold for wire transfers before the activity alerts the AML system. A customer deemed to be low risk would have a much higher limit for wire transfers in the eyes of the AML system. Stratifying customers based on risk classification enables the bank to run AML scenarios with different parameter thresholds that more closely match the risk represented by each unique customer. Ranking customer risk requires the bank to collect information about the customer, starting when the customer first signs up. The bank uses a structured approach to assign that customer to a risk category, depending on specific attributes or behaviors. We put a lot of energy into customer risk ranking. We rank our customers on a scale of 1-3, with 1 and 2 being the highest risk. The majority of clients are in the lowest risk category - 3, said Hinkle. These risk categories are moving targets. We always have to look at where they ll potentially elevate, said Hinkle. For example, we have a client who s risk-ranked as a 3 or low risk, but based on factors such as negative news they have the moderate risk characteristics of a 2. What do we do? Do we automatically force elevate? Or do we put additional monitoring and controls around it. You have to be as accurate as possible in ranking your clients. The answer is having up-to-date data so the bank can accurately evaluate risk on an ongoing basis. This can be challenging in a retail setting. As Hinkle explained, When you onboard the client, you get a lot of information, but then the client s financials change. Say you onboard a student and they re ranked low risk and then Figure 1: Regulatory expectations mean leading financial institutions need to employ new skill sets within their AML operations unit, particularly talent that understands data, logic and analytics. These firms are also re-engineering processes to enhance integration, share information, and streamline processes to drive efficiency gains.

3 four years later, you re seeing wire transactions because they re not a student anymore. They re in the workforce or own a business. But your Know Your Customer (KYC) data says they re still a student. You need to come up with a way to gather that information. Credit bureaus have a lot. But you have to be careful how you use that information. Currently, there s no panacea. We do client outreach to keep the KYC current with high-risk clients. But client outreach isn t possible with the high number of low-risk clients. Luckily, technology is available to help monitor low-risk clients. First, Union Bank is using a technique called event-based client rating. The bank purchases lists from third-party providers of information about negative news events. It uses this information to identify clients whose risk ranking should be changed. The bank is also working to link its transaction monitoring solution to its client risk rating system. When the monitoring system sees activity that is characteristic of customers with lower ratings, the rating system will be able to use that information to adjust the customer s ranking accordingly. Of course, any alert-based system comes with the risk of false positives. Investigators could be deluged with work that ultimately proves unnecessary because no nefarious activity occurred. Union Bank applies another layer of analytics combined with automated workflows to minimize the impact of false positives. Typically, when a bank s monitoring system uncovers potentially suspicious activity, it generates an alert. This kicks off an investigation that involves several levels of human analysts who determine whether or not the alert is suspicious enough to warrant an SAR. In contrast, Union Bank s sophisticated analytical models compare the event or transaction with results from thousands of other similar events or transactions. It then scores the event based on the likelihood that it will warrant an SAR. If the score meets a specified threshold, the system automatically escalates the case, bypassing several levels of human analysts. As a result, fewer humans need to review cases and those employees can focus their efforts on cases that are less clear-cut. As banks develop thresholds and policies for handling suspicious events, Hinkle stressed the importance of aligning policies with risk appetite. For example, the Los Angeles market has a high number of customers of Iranian descent who can be subject to additional scrutiny by the Office of Foreign Assets Control (OFAC) as the result of US government s sanctions against Iran. As a result, the bank needed to develop policies and processes, for example, to include additional reviews of wire transfers. Union Bank contrasts its approach with the static and disparate risk management approaches found in many other institutions. Said Hinkle, A lot of the client risk rating that we see as the status quo is based on a static risk rating. So based on defined time intervals, certain groups of customers will be reviewed for potential risk. Static rules run the risk of being overly broad or not specific to the institution s real money laundering risks. These institution risks are easy to overlook, leaving the institution exposed to greater regulatory scrutiny and putting compliance staff under greater pressure. Moreover, a static rules-based system can trigger too many false positives and overwhelm compliance staff with busy work. At the very least, the increased volume of work items may diminish the credibility and energy of AML monitoring and distract front-line staff from primary responsibilities. Hinkle continued, We also see financial institutions using many disparate methods for ranking customers - whether they re a high net-worth client or normal customer or business client. You have your high-risk customer surveillance. You see general population activity monitoring. And then you see anomaly models in addition to your normal heuristic or simple behavioral modeling. It may indeed be appropriate to use different approaches to monitor different customer groups. But financial institutions will need to defend these decisions. While regulators are not currently demanding this step, they likely will be soon. When they do, firms will need to back up their judgments with data, results and historical outcomes. Union Bank is well on the road to addressing this issue of compliance governance. Said Stewart, They re actively documenting their monitoring models to explain and defend policies for monitoring customers. How the FIU Is Structured Today, Union Bank s FIU has more than 90 employees with numerous units in charge of various aspects of monitoring nefarious transactions. Most of these units employ some form of analytics. Surveillance Unit The Surveillance Unit (SU) is a triage unit. Referrals from the field, systems or negative news searches come in to SU analysts. These analysts determine whether the alerts represent nonsuspicious activity and can be closed, or whether they require additional research and vetting. This unit employs analytics and tools as well as automated SAR workflows. Its road map incorporates even more analytics. Investigations Unit The Investigation Unit (IU) conducts comprehensive investigations in accordance with standards set by FinCEN, FFIEC BSA/AML Examination Manual guidelines, and bank policies. IU investigators determine whether the customer s activity is normal and explainable, or is suspicious and requires an SAR.

4 Global Sanctions Group The Global Sanctions Group addresses issues relating to the bank s Office of Foreign Assets Control (OFAC) and anti-corruption program. Its duties include monitoring to identify OFAC-related parties, blocking or rejecting prohibited transactions, and OFAC reporting. Says Hinkle, We re in the process of ramping up this group. The OFAC world has changed quite a bit. We ve enhanced our affidavit program and have implemented additional prevention controls. Currency Transaction Unit The Currency Transaction Unit monitors and reports on currency transactions and monetary instruments. They currently have their own system now and we re doing more blending with traditional FIU systems and processes, says Hinkle. Client Intelligence Unit The Client Intelligence Unit (CIU) is an integrated group that manages the bank s Know Your Customer and enhanced due diligence processes for high- and moderate-risk customers. The CIU reviews customer profiles to ensure activity is consistent with the customer s transaction profile. They evaluate customers with high-risk products or within specialized business units. The CIU also manages an adverse findings process that provides additional oversight, review, and exiting of customers when needed. This unit has successfully improved its ability to address suspicious activity in an appropriate manner. As Hinkle explained, In some cases they were taking an extremely conservative approach. We were exiting clients we shouldn t. We enhanced our client outreach and have seen a lot of success in making that activity cease. A Work in Progress With the whole industry and operations around BSA compliance in a state of flux, Union Bank is continually looking to improve its operations. I ve never been one to build a program and set it on the shelf and say, OK, we re done, said Hinkle. This effort involves staying up-to-date with analytics models and technology. You have to keep current around your rules and scenarios, including what you re monitoring, said Hinkle. Every month we test the accuracy and efficacy of our monitoring rules. We also evaluate our technology to determine whether it s the right solution, or whether we need a newer release or a different vendor. In addition, while the bank is currently considered to be midtier, with about 450 branches and 12,000 employees, it is looking to grow. Explained Hinkle, We re looking at how to make sure our BSA program is scalable and will carry us all the way to becoming a top 10 bank. Closing Thoughts BSA compliance is clearly something all financial institutions need to take seriously. Analytics plays a key role in enabling them to improve the effectiveness of their suspicious activity monitoring efforts. Based on Union Bank s experience, financial institutions can take away the following conclusions to apply to their own operations. First, big data is real and it s here to stay. Says Stewart, Poke around you ll find that every bank s information technology department has projects under way where they re adopting various big data standards, such as Hadoop, as well as in-memory and in-database technologies. Be aware of the big data projects in your company and take advantage of the innovation and best practices that are occurring in other departments. Second, money launderers adapt quickly. Once banks get their feet wet in analytics, they need to take the next step. Says Stewart, You have to get away from monitoring risky transactions and accounts and start investigating high-risk customers or counterparty relationships using a modeling approach. Third, banks need to keep abreast of new analytics technologies that will make their investigations even more productive. For example, the new release of the SAS Financial Crimes Suite will offer a new in-memory architecture that can run multiple simulations of monitoring strategies in a test/sandbox environment in seconds compared with hours or next day. This power will allow financial institutions to quickly perform what-if analysis against a large volume of data to more accurately measure the impact of deploying new scenarios or changing parameters. For example, a bank might conduct multiple simulations to determine the optimal thresholds of ATM withdrawals to mitigate risk most effectively. And finally, as financial institutions move toward adopting analytics, says Stewart, Don t try to boil the ocean all at once. Don t do some huge enterprise project. Enterprise projects are very demanding. It s all about data. You need an 18- to 36-month road map of which risks you want to address first. Then do a phased approach that s more culturally sustainable.

5 About the Presenters Mason Hinkle, Senior Vice President, Deputy BSA Officer, BSA Operations and Financial Crime Risk Management, Union Bank Mason Hinkle is responsible for Bank Secrecy Act operations at Union Bank. He has worked in the BSA/AML domain for more than 10 years and has more than 30 years of experience in the financial industry. David Stewart, Director of Financial Crimes Global Practice, SAS David Stewart is responsible for developing strategy, guiding product management and supporting the marketing of SAS fraud and financial crimes solutions for the banking industry. He also coordinates best practices among SAS global subjectmatter experts in combating financial crimes. He works closely with many of the world s most innovative financial services institutions, regulatory agencies, SAS research and development, implementation teams, and SAS Alliance partners to deliver superior solutions for fraud detection and anti-money laundering compliance. Stewart is a Certified Anti-Money Laundering Specialist and serves on the North Carolina ACAMS board.

To contact your local SAS office, please visit: sas.com/offices SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. indicates USA registration. Other brand and product names are trademarks of their respective companies. Copyright 2014, SAS Institute Inc. All rights reserved. 106930_S114334.0214

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback