AML Transaction Monitoring

Similar documents
Anti-money laundering (AML) Transaction Monitoring

Integrated reporting. Communicating sustainable value creation

Complex contracting made simple

Institute of Global Mobility

What is next for Interbank Offered Rates?

Supporting local public services through change. Contract optimisation

As we say robot, will our children say colleague? ey.com/betterworkingworld #BetterQuestions

Risk reduction? Value creation?

Introduction to Financial Modelling. Training course outline

EY s response to Building the UK financial sector s operational resilience a BoE/FCA/PRA Discussion Paper

AML model risk management and validation

Open Banking: the technology revolution sweeping across the banking industry. Policy Pulse June 2018 compendium

FAAS Financial Reporting Training

Introduction to DCF Modelling. Training course outline

Building and operating the UK s infrastructure. Establishing your roadmap to success

Excellence in Operations. Getting the basics right in banking

How robotics is changing the way accountancy firms conduct audits. Policy Pulse June 2018 compendium

Supporting local public services through change. Getting more from strategic commissioning

The viability statement. Finding opportunities in the new regulatory challenge March 2015

Big risks require big data thinking: EY Forensic Data Analytics (FDA), powered by IBM

Regulatory Reporting: Implementing the proposed MAS Notice 610. Navigating the regulatory reporting and data challenge

Supporting local public services through change. Getting more from strategic commissioning

The UK Modern Slavery Act What are the requirements and how should businesses respond?

Best practice workshop. Training course outline

Streamline your business processes for far-reaching results. EY s Business Process Management Services practice

Take-aways from EY s series of Internal Audit Analytics roundtables over 2016

Supporting local public services through change. Integrating health and social care services

Strathclyde Partnership for Transport

The future of assurance How technology is transforming the audit

Digital Passport. Transforming SME banking through customer-permissioned data exchange

EY Disruption Index Are you ahead of the curve?

Big data strategy to support the CFO and governance agenda

CoE in a Box - Enablement and Controls. The key get rights vital to successful RPA CoE Program

Info paper Is your sanctions filter working?

Innovating with RegTech. Turning regulatory compliance into a competitive advantage

Actimize Essentials. Cloud-based Solutions for Financial Crime Prevention & Regulatory Compliance

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Zero clothing returns. Digital future or fairytale?

Assessing the effectiveness of the external audit process

Business resilience in the provider care sector. Actively adapting to a changing environment

Annual reporting in 2016/17: broad perspective, clear focus Aide mémoire

Out with the old, in with the new. Early reflections from EY s review of December 2013 annual reports in the FTSE 350 June 2014

W4: Remote Trading Supervision

The winning tax transformation trinity. Data, technology and operations

Innovation in transactions

The credit card industry: navigating an evolving environment. EY Advisory Services

Crowe Caliber. Using Technology to Enhance AML Model Risk Management Programs and Automate Model Calibration. Audit Tax Advisory Risk Performance

Shareholder engagement and corporate reporting at a crossroads. February 2014

Banking Guiding an industry in transition

Combining Data Analytics with Transaction Monitoring Capabilities to Identify Suspicious Behavior. AIBA Compliance Seminar March 3, 2015

Cloudy skies. How to bring clarity to your cloud platform in order to optimize your investment. September 2016

Internal audit in insurance: market issues and trends

Optimize network OPEX and CAPEX while enhancing the quality of service. Telecom, media and technology January 2014

Can complex demands lead to a better working world? Global Compliance & Reporting and EYKeySpace : innovation at the intersection of finance and tax

EY license compliance manager for SAP software. Forensic Technology & Discovery Services

Are you ready for a future outside of the European Union?

Advancing analytics and automation within internal audit

Accelerating your financial close arrangements

EY Midlands Engine Devolution Survey

Third Party Governance and Risk Management

The shrinking treasury management system landscape TEXPO April 2017

Improving your finance function effectiveness

AML for MSBs & FinTech: The Compliance Conundrum. Insight Article. Copyright 2016 NICE Actimize. All rights reserved.

Use of analytics in financial services to combat Fraud and Anti Money Laundering.

Actimize Essentials AML. Cloud Based Anti-Money Laundering Solutions

Automotive finance. October 2014

The Modern FCIU: Special Risk Investigations

Results Integrity Management Survey

Accelerate programme launch

Madison Consulting Group. An Introduction to AML Compliance Consulting Services

EY LIC Solution. Powerful tool to support quick IFRS 9 implementation

The Business Model concept in Integrated Reporting

Poor customer experience costs $40 billion per year. Customer Experience Series Cost of Complaining

Michael Lammie Director, PricewaterhouseCoopers

The Changing Check Deposit Landscape: An Obstacle Course for Fraud Management. Copyright 2016 NICE Actimize. All rights reserved.

Model Risk Management (MRM)

YOUR PLANNING & REPORTING SUDDENLY GOT EASIER AND MORE EFFECTIVE!

The Ten Commandments of Information Governance & edisclosure 2015

Heightened standards for compliance risk management. Lines of defense compliance s role

COP21 and the Paris Agreement: what it means for UK businesses

Governing the cloud. insights for 5executives. Drive innovation and empower your workforce through responsible adoption of the cloud

Payments the new player domain. How EY can assist

Does a disrupted Internal Audit function mean a stronger strategic partner?

Business integrity and sustainable growth: making the intelligent connection Fraud Investigation & Dispute Services

A GUIDE TO FRICTIONLESS DELIVERY

KPMG Smart Controls. Putting you in control of your controls. kpmg.co.uk

EY Forensic & Integrity Services

Energy: fixed overhead or controllable input?

Payment by Results: what are the key get rights prior to launching a successful programme?

The long and winding road to corporate governance reform

Deloitte Shared Services, GBS & BPO Conference Indirect Tax: Delivering Best-in- Class Compliance in a GBS Environment

CFO attestation: building a sustainable process

Enterprise intelligence in modern shipping

Global mobility shared service centres That s the bottom line

Effective Risk Management With AML Risk Assessment. January 25, 2017

Managing the move to SMI How EY helps clients get the most from a multisourced environment Service management integration (SMI)

report that their financial impact of all fraud, corruption and/or money laundering incidents is over per incident

ROI EVALUATION REPORT IBM COGNOS SOFTWARE

Designing a finance function to meet tomorrow s challenges

Keeping pace with innovation. Managing conduct risk in a digital era

Transcription:

AML Transaction Monitoring A Survey of UK Financial Institutions September 2014

Contents Section 1 Section 2 Section 3 Section 4 Section 5 Section 6 Section 7 Section 8 Executive summary General findings Governance Technology Coverage and quality Investigation management Conclusion a lifecycle of maturity Contact information

01 Executive summary

Transaction Monitoring (TM) is a critical, and resource intensive, component of an effective Anti-Money Laundering (AML) programme. In response to demand from UK Financial Institutions for an industry benchmark for TM we conducted a targeted survey to provide a snapshot of the current state of TM as well as plans for the future. Our survey reveals that there is a large variation in how TM systems and controls are implemented, configured and managed. There appears to be a broad lifecycle of maturity that banks are following in their adoption of TM. Organisations earlier in the lifecycle are facing the challenge of how to improve their alert performance and adequately cover their AML risks; institutions that are further developed in their TM functions face the challenge of bringing operational costs under control. This variation amongst institutions is most evident in the alert effectiveness rates achieved (in particular conversion of alerts to Suspicious Activity Reports) and the number of alert investigators employed to monitor a given number of accounts. There is a clear correlation between the level of satisfaction with TM and alert performance. However, there is no clear consensus as to what level of alert performance institutions should be aiming for. The survey results show that there are significant variations in other areas. From a technology perspective, some institutions have a higher level of automation and sophistication across alert generation and case management than others. Similarly, some have much richer Management Information (MI) available than others. From an operational perspective, there are substantial differences in the way institutions have configured their vendor TM systems and the processes for ongoing alert tuning. Survey Overview EY conducted a targeted survey of AML Transaction Monitoring (TM) professionals in order to obtain a benchmark of the maturity of TM controls across the UK Financial Services Industry. The 38 question survey comprised the following sections: Introduction and TM metrics (12 questions) Governance and management information (10 questions) Technology (9 questions) Alert coverage and quality (5 questions) Investigation management (2 questions) The survey ran for several weeks in Q2 2014 following a TM round table event for UK banks. Survey Participants The survey was targeted at compliance, operations and technology leaders involved in AML TM at UK banks. Respondents roles included Money Laundering Reporting Officers, Heads of Financial Crime Compliance, Alert Investigation Managers and TM Systems Managers. Survey responses reflected different sectors within the banking industry including retail banking, corporate and wholesale banking, private wealth and securities brokerage. The survey was targeted at UK banks, but in many cases the responses reflected a global view across the organisation. 30% 20% 50% Operations Compliance Technology Figure 1: Distribution of respondents by role 14% Corporate Banking (i) Private Banking (iii) 14% 43% 29% Retail Banking (ii) Securities Brokerage Figure 2: Distribution of respondents by industry sector (i) Includes Corporate and Wholesale banking (ii) Includes Retail Banking, Credit Cards, Small/Medium Business Banking and Retail lending services (iii) Includes Private Banking and Wealth Management Services AML Transaction Monitoring 4

02 General findings

There is a wide variation in both the number of automated TM alerts that banks generate and the operational cost of investigation. Our survey covered a wide range of regional and global banking operations, from a division monitoring 5,000 accounts to global banking operations monitoring over 100 million accounts. As expected, different sizes of TM operation generate different numbers of monthly alerts. What is surprising is the large variation in the number of alerts generated on average per alert investigator, i.e. when you normalise the data. This reflects a large variation in the operational cost of a TM function: even amongst institutions with similar business profiles, some have 20 times more alerts generated per alert investigator than others. There is an even wider variation in the alert generation rates per account, especially when looking across all business lines. No of alerts generated per month 1,000,000 100,000 10,000 1,000 100 1 10 100 1,000 10,000 There is a large variation in the effectiveness of alerts generated by automated TM systems, particularly across different sectors. Typically the Retail Banking sector achieves the best conversion rates of alerts into Suspicious Activity Reports (SARs) up to 20% in some cases and the best overall rates of alerts worthy of investigation as high as 90% in some instances. At the other end of the spectrum, Securities Brokerage and Corporate Banking businesses have SAR conversion rates as low as 1% and alerts worthy of investigation as low as 5%. Whilst some of this variation may be attributable to differing policies as to when to file a SAR and as to what constitutes a worthy alert, it is notable that institutions with higher alert performance rates register higher satisfaction ratings with their TM technology and overall TM programmes. The differences in alert performance appear to not be correlated with the underlying systems used or with the individual scenarios configured within those systems in other words, all vendor systems were considered effective at detecting activity worthy of investigation. Rather, the level of maturity of the alert investigation organisation and governance around the TM function seems to be a factor. But the most significant factor is likely to be the nature of the business itself: suspicious activity is easier to identify in the Retail Banking sector where customer behaviour more naturally falls into well-defined segments. No of alert investigators Figure 3: Number of alert investigators vs. number of alerts per month Approximate number of alerts per alert investigator per month Average Maximum Minimum 357 833 22 Approximate number of accounts per alert investigator Average Maximum Minimum 1,506,102 8,333,333 143 No of accounts monitored 10,000,000,000 100,000,000 1,000,000 10,000 100 1 10 100 1,000 10,000 No of alert investigators Figure 4: Number of alert investigators vs. number of accounts AML Transaction Monitoring 6

02 General findings Respondents 50% 40% 30% 20% 10% Similarly, institutions with better alert performance tend to have more sophisticated MI, for example tracking operational efficiency, data quality and system performance in addition to basic alert metrics From a technology perspective, more mature institutions tend to have all accounts monitored by a single TM system, but with multiple instances across different business lines and geographies. 0% 0-1% 1-2% 2-5% 5-10% 10-20% 20-50% 50-100% Alert Worthy Rates and SAR Conversion Rates SAR % Worthy% Figure 5: Percentage of worthy alerts vs. SAR rates 14% Financial Institutions rely on both automated TM and manual alert generation Despite the sophistication of automated TM solutions, nearly all institutions still process significant volumes of manually generated alerts. Assuming manual alerts are of higher quality than automatically generated alerts, there is an opportunity to feedback learnings from manual alerts into the configuration of the TM systems. 50% 36% No - on-going challenge to keep up with alert volumes No - but alerts mostly processed within SLA Yes - all alerts all processed within SLA Figure 6: Are your alerts investigated in a timely manner? 0% 7% Number of manual alerts per month 100,000 1,000 10 100 10,000 1,000,000 Number of automated alerts per month 20% 40% Figure 8: Number of automated alerts vs. number of manual alerts 33% Very Satisfied Satisfied Neither satisfied or dissatisfied Dissatisfied Very dissatisfied Figure 7: How satisfied are you with the overall effectiveness and value of your Transaction Monitoring (TM) solution(s)? Alert effectiveness and operational expenditure correlate with maturity of Management Information (MI), technology implementation and alert investigation We see a correlation between overall alert performance and associated operational expenditure on alert investigation and the level of maturity of the TM organisation in other areas. For example, more sophisticated institutions tend to have their alert investigation more specialised by business line rather than relying on a single shared service model. Financial Institutions know they need to do more, but what this means is unclear Financial Institutions want to do more with their TM programmes. For institutions with poor alert conversion rates, this means getting more out of their technology and evolving their operational processes. For institutions that already have TM programmes with which they are broadly satisfied, the focus is more on reducing operational expenditure. In summary the bar for TM and what constitutes good is unclear. Respondents indicated that investment in TM is seen as harder to justify than sanctions screening, where the results may be seen as more binary, and that TM deployments even within the same organisation can vary significantly in their effectiveness. AML Transaction Monitoring 7

Governance 03

Very few institutions implement a dedicated strategy for TM, rather it is part of a broader AML or Financial Crime strategy. When surveyed on TM strategy, respondents were evenly split between those that included their TM strategy within an AML strategy and those which included their strategy as part of a wider approach to financial crime. 8% 8% Only a minority of institutions surveyed feel that they have comprehensive coverage in all areas of their TM policy. Over half of respondents acknowledged that they have gaps in the implementation of their TM policy that need to be addressed. Most respondents indicated that a separate TM policy is in place for each business line or region and some implemented an enterprise wide TM policy. Specific feedback in this area indicated that a policy emphasising a consistent minimum standard with local augmentations was the objective of most institutions. 38% 46% 60% 50% 40% No dedicated TM strategy TM strategy is a component of a wider AML strategy TM strategy is a component of a wider Financial Crime strategy We have a dedicated, stand-alone strategy for TM Figure 9: Which of the following describe the TM strategy in your organisation? However, few institutions are considering synergies with other areas of financial crime in their strategies, such as fraud and tax evasion. With regards to the content of TM strategies most frequently cited were initiatives to upgrade technology platforms. The exploitation of synergies with other areas of financial crime was the least mentioned initiative this could be considered contradictory considering that a significant volume of institutions have a TM strategy that is part of a wider approach to financial crime. Our strategy includes initiatives to upgrade technology platforms Our strategy includes initiatives to create or use a shared service investigation function Our strategy includes initiatives to implement new technologies Our strategy includes initiatives to create or use an off-shore or near-shore investigation function Our strategy includes initiatives to create or use an analytical function for coverage and quality activities Our strategy includes initiatives to merge or exploit synergies with other Financial Crime areas, e.g., fraud 30% 20% 10% 0% Some policy areas have significant coverage gaps Tactical or strategic solutions in place for all major areas but gaps exist which are still to be addressed Tactical or strategic solutions in place for all major areas and all gaps have remediation plans in place Comprehensive coverage of all areas Figure 11: How fully implemented is your TM policy (select all that apply)? The majority of respondents utilise a shared service function to process TM output; however, few share this information with an FIU (Financial Intelligence Unit) With respect to institutions operating models twothirds of respondents indicated that they use a shared service model crossing multiple regions and lines of business. However, there were still significant responses that indicated siloed business line models. These responses were commonly mentioned in the context of providing specialist investigation services for areas such as correspondent banking and trade finance. A small number indicated that they used a shared model interfacing to an FIU for information sharing. This approach is seen as the one that most institutions are inclined to move towards. 0% 50% 100% Figure 10: Which of the following initiatives are contained within your TM strategy (select all that apply)? AML Transaction Monitoring 10

03 Governance 100% Regional shared service model across multiple lines of business/regions Current 90% 80% 70% By line of business 60% 50% 40% Enterprise wide alert investigation unit for TM output Enterprise wide alert investigation unit for TM output and interface to an FIU for information sharing 0% 10% 20% 30% 40% 50% 60% 70% 30% 20% 10% 0% Alert volumes (e.g., by line of business) Timeliness of alert investigation (e.g., alert ageing) Alert effectiveness (e.g., SAR conversion rates) Coverage metrics (e.g., volumes of alerts by scenario/aml risk) Operational efficiency metrics (e.g., alerts processed per investigator) System performance (e.g., batch run times) Data quality and completeness metrics Figure 12: How is the TM operating model defined within your organisation (select all that apply)? The level of satisfaction toward MI is mixed, with institutions more satisfied by richer information covering not only alerting volumes, but, coverage, effectiveness and operational metrics. The satisfaction toward MI is mixed amongst respondents. Responses appear to be correlated to the amount of information that is available the broader number of metrics the greater satisfaction that is expressed. Areas for future consideration are focused in data quality and technical performance for most institutions. Only around 60% of respondents current capabilities measure alert effectiveness and less than 40% capture MI on data quality. Figure 14: What MI do you currently produce relating to TM (select all that apply)? Most institutions have semi-manual MI but are moving towards more automated MI production. The majority of institutions use a combination of reports generated using their TM platform which is supplemented with semi-manual processes. Usage of dedicated MI tools is limited with provision of interactive reporting even less prevalent. Institutions are however moving toward an environment where dedicated MI capabilities are used to a greater degree with a number mentioning a planned transition in the next 1 to 2 years. Semi-manual process (e.g. using some spreadsheet templates and macros) 0% 8% 8% Use the functionality supplied by the TM system Dedicated MI tool with static reports 46% 38% Fully manual process Very Satisfied Dissatisfied Neither satisfied or dissatisfied Satisfied Very Dissatisfied Dedicated MI tool with interactive reports 0% 10% 20% 30% 40% 50% 60% 70% Figure 13: How satisfied are you with the overall effectiveness of your TM MI? Figure 15: What level of automation do you have for your TM MI (select all that apply)? AML Transaction Monitoring 11

Technology 04

Institutions have typically deployed multiple instances of automated TM platforms across businesses and regions. Mostly automated (e.g. a few specialist products/businesses only have manual alert generation) Fully automated Respondents use a variety of vendor supplied TM systems. NICE Actimize (Monitor and Suspicious Activity Monitor (SAM) and Oracle (Mantas) are the most widely used TM vendors in our sample, with the majority of respondents either currently having these products installed in some part of their organisation or planning to implement them in the next 12 to 24 months. Note that some respondents utilise more than one TM vendor in their technology landscapes. NICE Actimize (SAM) Oracle (Mantas) Partially automated (e.g. some lines of business only have manual alert generation) NICE Actimize (Monitor) BAE Systems (Norkom) Fiserv AML (NetEconomy) All alerts generated manually Internally developed system Avaloq AML 0% 20% 40% 60% BAE Systems (Detica) SAS AML Figure 16: What level of automation do you have for your TM alert generation (select all that apply)? Multiple instances of a common TM architecture across lines of business and regions Multiple disparate TM platforms across all lines of business and regions 0% 10% 20% 30% 40% Figure 18: What vendor TM systems do you use (select all that apply)? Satisfaction levels on the overall effectiveness of TM software varied amongst respondents with more than half expecting more from their existing platforms. Overall TM satisfaction varied and is generally correlated with the alert conversion rates discussed in the General Findings section. 0% Single centralised TM platform across all lines of business and regions 31% 46% 0% No automated TM 23% 0% 20% 40% 60% Very Satisfied Dissatisfied Neither satisfied or dissatisfied Satisfied Very Dissatisfied Figure 17: Which of the following describe the use of TM software in your organisation (select all that apply)? Figure 19: How satisfied are you with the overall effectiveness of your TM software? AML Transaction Monitoring 14

04 Technology Data transformation processing across institutions is quite similar with transaction data being directly extracted from source system and prepared in a staging area prior to being ingested in the TM platform. Over two-thirds of the respondents had a similar approach to data management by extracting data from source systems into an Extract, Transform and Load (ETL) platform before being ingested into the TM software. Ad-hoc checks/changes only made when issues occur; focus on remediation only Programme of periodic data quality reviews in place File level reconciliation, i.e., checks on expected size of file Sample based checks of completeness and data quality against upstream systems Combination of automated and manual data quality controls at both the file and data element level Risk based sampling used Data is collected into an ETL platform and prepared for load into a TM platform Fully automated exception management for data quality issues Volume based sampling used Data is extracted and prepared at source system for load into TM platform TM system extracts data directly from source systems to perform monitoring against - 0% 50% 100% Figure 20: How is data obtained for your TM system(s) (select all that apply)? Institutions do not rely on a single control mechanism to monitor the quality and completeness of data being ingested into the TM software; instead they typically use a combination of ad hoc checks around a dedicated programme level data quality review. When surveyed on the approach towards data quality and completeness the results were quite evenly distributed amongst respondents, with a combination of ad hoc checks, periodic data quality reviews, file level reconciliation and sample based checks. There appears, however, to be a correlation between the sophistication of data quality controls, the completeness of MI and overall satisfaction with TM. Similarly, institutions with good MI and data quality also typically have better alert performance. 0% 20% 40% 60% 80% Figure 21: Which of the following describe the processes for ensuring good quality data in your TM system(s) (select all that apply)? The majority of respondents have TM alert data fed into their investigation platform or have provided access to alert data from the source systems. When queried on how they would describe their investigation platforms for AML alerts, half of respondents described conducting manual investigations. Other responses were extremely mixed with less than a third utilising a centralised or integrated case investigation platform. There exists a high incidence of varied platforms used across divisions and geographies. Manual investigations Disparate investigation platforms in use across geographies and divisions Automated case creation from high priority alert sources Single case investigation platform for all Financial Crime activity TM Investigation platform with no case management AML alert data ingested into integrated investigation platform e.g., TM, sanctions & filtering 0% 20% 40% 60% Figure 22: Which of the following describe your investigation platform for AML alerts (select all that apply)? AML Transaction Monitoring 15

With respect to data availability most respondents relied on the data ingested into their relevant TM or specific investigation platform. A minority have the more advanced capability to link their analysis to other relevant AML systems and a similar minority rely on just using references to link cases with relevant data. Almost all institutions described having a multi-level investigation workflow, with some configured by geography and half of respondents enabling a restricted workflow for specific customer types such as employees and sensitive customers. TM alert data ingested into the platform Workflow has multiple levels of investigation Access to AML data in investigation platform e.g., TM profiles & alerting analysis Link analysis from case view to all related AML systems Workflow configurable for private information (e.g., restricted customers, employees) Limited data transferred to case e.g., alert reference with customer and/or account reference Workflow configurable by country/region 0% 50% 100% Figure 23: What data is available on your investigation platform (select all that apply)? 0% 50% 100% Figure 24: Which of the following describe the workflow on your investigation platform (select all that apply)? AML Transaction Monitoring 16

05 Coverage and quality

Although all respondents are using vendor built scenarios, the majority feel these only partially met their monitoring needs. When queried about their software vendor purchased monitoring systems only a small minority of respondents felt that that the provided scenarios were very robust. There is a fairly consistent set of TM scenarios used across most institutions. Rapid movement of funds and large value/volume transaction pattern scenarios are pervasive across all respondents. 70% 60% Rapid movement of funds 50% 40% 30% 20% 10% 0% Very robust, allowing my firm to pick and choose those that are most relevant Offer reasonable Are too generic Vendor built TM options, but only or irrelevant, thus solutions are not partially meet our needs employed within my organisation requiring extensive build for our organisation Figure 25: Which of the following best describes the scenarios provided with vendor purchased TM systems? Use of alerting entities such as social networks and groups of connected entities is limited with transactions, accounts and customers remaining the key alerting entities in TM. Of developing interest however, is alerting against the customer s customer being the most popular alerted entity to be planned in the next 12 to 24 months. Large amount, large volume Cash focussed Change in behaviour High risk focused (e.g. Money Service Bureaus, cash intensive businesses) Cheque focussed Structuring Wire focussed Originator/Beneficiary Peer comparison Transactions Accounts Customers Correspondent Banks Hidden relationships Credit card specific scenarios (e.g. credit usage not consistent with profile) Loan specific scenarios (e.g. early repayment) Households/addresses Customer s customer Social networks 0% 20% 40% 60% 80% 100% Figure 26: Which of the following describe the entities that your TM system monitors or alerts on (select all that apply)? Anticipated profile Securities trading specific scenarios (e.g. excessive cancels/corrects) 0% 50% 100% Figure 27: Which of the following scenarios do you use in your TM platform (select all that apply)? AML Transaction Monitoring 18

05 Coverage and quality Many institutions are planning to build a dedicated analytics team, utilising formalised scenario libraries with a rapid development capability Most institutions are yet to implement a standardised approach although many have a more advanced approach to tuning planned in the next 12 to 24 months. Additionally, current analytical techniques are limited with most relying on historical data to tune for coverage and alert volumes. 60% Parameters tested against historical data Tuned for coverage and alert volumes Statistical analysis of data to create robust customer segmentation and peer groups 50% 40% Parameters agreed with compliance and business teams 30% 20% Above and below the line testing and tuning 10% 0% No standard approach Scenario library formalised and aligned to directly mitigating inherent AML risk assessment Current% Dedicated analytics team develop and modify rules based on identified risks and developing risks formalised by an FIU Planned% Rapid development and deployment of new detection scenarios based on money laundering intelligence Interactive What-if analysis available to users to test scenarios Dedicated optimisation team Statistical analysis to demonstrate the effectiveness to third parties 0% 20% 40% 60% 80% Figure 28: How are your TM scenarios developed and maintained (select all that apply)? Figure 29: How are your TM scenarios tuned (select all that apply)? AML Transaction Monitoring 19

06 Investigation management

The alert investigation process is generally consistent across institutions The majority of institutions surveyed have a separation of duties in alert investigations between level 1 and level 2 teams to ensure obvious false positives are discarded and only worthy alerts are reviewed for further analysis. Only half of institutions use automated SAR filing 50% of the institutions surveyed use automated SAR filing. The reason this figure is not higher may be due to the relatively low SAR conversion rates experienced by many organisations as mentioned earlier in the general findings section. Suspicious cases passed on to specialist Level 2 team for further analysis Alerts initially investigated by generalist Level 1 team to gather information and filter obvious false positives Suspicious cases passed back to individual lines of business for further analysis Financial Intelligence Unit involvement in specialist cases End to end investigation by a single investigator No standardized investigation process Manual reporting of SARs via data entry on web pages Automated SAR reporting for a single jurisdiction, predominately the main market in which my Financial Institution operates Manual reporting of SARs via paper based filing Automated SAR reporting for multiple jurisdictions, outside the main market, where technically feasible Single SAR preparation, filing and repository platform deployed across financial crime areas (e.g., AML, fraud, KYC and Sanctions) 0% 20% 40% 60% 80% Figure 30: Which of the following best describe your investigation process/workflow (select all that apply)? 0% 50% 100% Figure 31: How are Suspicious Activity Reports (SARs) filed within your business line (select all that apply)? AML Transaction Monitoring 22

Conclusion a lifecycle of maturity 07

Financial institutions face common fundamental challenges in AML Transaction Monitoring of keeping operational costs under control whilst ensuring adequate mitigation of money laundering risk. The survey results support the view that many organisations follow a common lifecycle of maturity in addressing these challenges. We see six discrete stages aligned to the management of risks and the control of operational costs. These are summarised below. Stage 1 Introducing an AML TM solution. The first stage of maturity is simply the implementation of an automated TM solution where previously one did not exist. This provides a minimal level of risk management with an initial, increasing operational cost. Stage 2 Stabilisation of an AML TM platform. As a result of lessons learnt from the initial solution implementation institutions are able to achieve efficiencies and balance a basic level of cost and risk. Stage 3 Improved coverage of AML risks. Pressure from regulators and internal control functions demand that TM provide better coverage of AML risks, but this comes at a significant increase in technology and operational cost as system coverage is extended, new rules are added and thresholds are lowered. Stage 4 Rationalisation. Refinements in operational processes and systems management, and more effective application of analytical tools and methods drives decreases in costs and further decreases in residual AML risk. Stage 5 Steady state. Mature governance, MI and a dedicated TM analytics function ensures new threats are addressed effectively whilst keeping operational costs under control. Stage 6 High performance AML function. Leading edge technologies and investigative processes are applied on an opportunistic basis to drive further cost reduction and improved risk management. AML TM Operational Cost Not to scale for illustrative purposes only Residual AML Risk Stage 1 Introducing an AML TM solution Stage 2 Stabilisation of an AML solution Stage 3 Improved coverage of AML risks Stage 4 Rationalisation Stage 5 Steady state Stage 6 High performance AML function Figure 32: The relative relationship of operational costs and residual risks in Transaction Monitoring across the stages of maturity. From our survey it appears that many UK Financial Institutions in are aligned to Stages 2 and 3 with a smaller number in Stage 4 in the maturity model. The challenge for institutions that are in the earlier stages of the model is to avoid the impending rapid increase in operational cost that will likely result from regulatory pressure to drive down risks. For institutions that are more progressed, their challenge in Stage 4 is to quickly reduce the already high operational costs caused by increased alert volumes and large investigation operations. For institutions considering how to further control their AML risk, the approach is not as simple as increasing the depth of coverage, as this will drive increases in alert volumes and consequently investigation operations. A more sustainable response appears to be for institutions to enhance their fundamental capabilities in TM, by investing in: Strategy, policies and governance that drive consistent approaches to technology and operations, where necessary highlighting requirements for specialist monitoring situations Regular MI not only on aggregate output of monitoring scenarios, but on the quality and completeness of data ingested into the system, and effectiveness of investigations Analytical functions that are able to optimise coverage with evidenced results and respond to new threats with rapidly developed scenarios and controls Smarter operational management with specialized teams, a risk focused approach and better defined processes and procedures AML Transaction Monitoring 24

08 Contact information

Contact information Patrick Craig Partner, Financial Services Advisory pcraig@uk.ey.com +44 20 7951 9999 Debbie Ward Partner, Financial Services Advisory dward1@uk.ey.com +44 20 7951 1134 Jodie Forbes Senior Manager, Financial Services Advisory jforbes1@uk.ey.com +44 20 7783 0744 Matt Reed Senior Manager, Financial Services Advisory mreed@uk.ey.com +44 20 7951 7870

EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. Ernst & Young LLP The UK firm Ernst & Young LLP is a limited liability partnership registered in England and Wales with registered number OC300001 and is a member firm of Ernst & Young Global Limited. Ernst & Young LLP, 1 More London Place, London, SE1 2AF. 2014 Ernst & Young LLP. Published in the UK. All Rights Reserved. ED NONE 1488612 (UK) 09/14. Creative Services Group. In line with EY s commitment to minimise its impact on the environment, this document has been printed on paper with a high recycled content. Information in this publication is intended to provide only a general outline of the subjects covered. It should neither be regarded as comprehensive nor sufficient for making decisions, nor should it be used in place of professional advice. Ernst & Young LLP accepts no responsibility for any loss arising from any action taken or not taken by anyone using this material. ey.com/uk

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback