Académique Documents
Professionnel Documents
Culture Documents
Since AML regulations were mandated globally, Financial Services Institutions (FSIs)
are trying to achieve the ideal of a robust AML program – effective deterrence, detection
and reporting. But, FSIs are still figuring out the way to get there through a strong
detection capability as it then serves as an effective deterrent and enables reporting.
Technology has evolved to play a critical role in enhancing money laundering detection
capability to supplement efforts by vigilant front-line staff interacting with customers.
Hence, AML compliance program outcome is now a function of technology and selection
of an appropriate AML technology platform often holds key to the desired outcome of the
program as it affects not only the current investment but also future expenditure on
technology and business operations. Focus on appropriate technology selection process is
expected to yield results as any gain made here would translate into substantial savings as
FSIs expect to spend 34%1 more in 2007-2010 compared to 2004-2006 period (Exhibit
1).
1
AML survey 2007 conducted by KPMG
Translation of AML compliance objectives into technological components starts with
assessment of components of the AML compliance program. Major components of a
typical AML compliance program that need to be assessed are:
• AML Policies, procedures and controls
• AML Training program
• AML Compliance Officer / organization
• Audit / Independent review of AML program
Review of policies, procedures and controls put in place during initial phase of AML
compliance program is recommended as they may now be obsolete due to widespread
acceptance of risk based approach to AML compliance. The risk-based approach is a
management tool for developing and managing a firm's systems and controls. A
reasonably designed risk based approach will provide a framework for identifying the
degree of potential money laundering risks associated with customers and transactions
and allow for an institution to focus on those customers and transactions that potentially
pose the greatest risk of money laundering3. So, AML policies and procedures shall be
tuned to identify customers and transactions posing the highest risk to the FSI while
customers and transactions with the lowest risk are allowed to go through with minimal
checks facilitating optimal use of compliance resources.
Just as the AML technology platform enables policies and procedures, it can also embed
controls within procedures for proper checks and balances. A robust self-assessment
facility as in the case of ORM would help in determining the health of AML compliance
program.
IT Training,
Maintenance Compliance,
24% Reporting
64%
Software/
Hardware
12%
Also structure and dynamism of the AML organization determines the workflow
capabilities expected of the technology platform. The efficiency achieved by the AML
compliance office could be a function of the flexibility and capability of the workflow
function provided by the platform. Flexibility in configuration of workflow would also
play an important role as changes could be effected without crippling the system.
Board’s Audit
Committee
Chief Compliance
Officer Other Compliance
Functions
Global Anti-Money
Laundering Officer
Case Management
Alerts on transactions resolved as suspected money laundering activities are converted to
cases. Technology should ensure that the AML platform facilitates investigation of cases
through:
• Seamless interface with rest of the enterprise in gathering relevant data
• Storage for data (any type) gathered from external sources and tagging them
appropriately
• Ad-hoc query utility to gather specific data when needed
• Workflow to facilitate investigation of cases at multiple levels of investigation
and for approval of GAMLO
• Monitoring tool to help GAMLO track progress of various cases
• Data investigation and visualization tools for investigation
As analysts spend bulk of their time on this part of the AML technology platform, it is
extremely important to ensure ease and effectiveness of the user-interface of the tool to
increase productivity.
Since Case Management platform could be common across multiple areas e.g. fraud,
trade compliance, etc, it is important to facilitate inter-operability with external systems
too. This way, FSIs could be spared of the expense of having to go for multiple Case
Management tools.
Reporting
GAMLO is expected to file Suspicious Activity Report (SAR) with regulatory authority
of respective jurisdictions. Going by the trend over the past few years, SARs have more
than tripled since 2001 (Exhibit 4) implying that GAMLOs are filing huge number of
SARs every year and the trend is showing no signs of change. This also implies that
GAMLOs would be filing more SARs than ever in subsequent years and would spend
more time doing this activity.
Number of SARs Received by Fincen
700,000
600,000
500,000
400,000
300,000
200,000
100,000
-
1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007
Number of SARs
Exhibit 4 – Suspect Activity Report Filings by year
However, technology makes it possible to create SARs based on pre-defined templates
with minimal intervention by AML compliance staff making it a potential productivity
enhancer.
Regulators such as Fincen (US), Fintrack (Canada), etc are showing signs of being
overwhelmed with the volume of SARs filed by various FSIs. This affects regulators in
performing their duties in other areas such as frauds, thefts, etc over which as much
oversight is necessary thereby impacting them. Exhibit 5 shows that 47% of SAR filings
at Fincen are due to money laundering activities.
To keep up with the growth rate of SARs, Fincen either has to ramp up it staff
proportionally or would need to reduce the number of SAR filings by issuing additional
directions to FSIs to improve accuracy of SARs. FSIs using technology would be the
most impacted as regulators would focus on FSIs contributing disproportionally more
number of SARs and could potentially be targeted by regulatory agencies. Such FSIs can
improve accuracy of reports only by improving capabilities of technology platform in
detection and investigation areas by improving or replacing old technology.
SAR Filings by Characterization (04/1996 till 12/2007)
11%
3%
3%
3%
4%
47%
5%
5%
9%
10%
BSA/Structuring/Money Laundering Check Fraud
Other Counterfeit Check
Credit Card Fraud Mortgage Loan Fraud
Check Kiting False Statement
Identity Theft Others
Exhibit 5 SAR Filings by Characterization from 01-Apr-1996 till 31-Dec-2007
Reporting
External (SAR, CTR, etc) & Internal (MIS, Dashboards, Audit, etc)
FSI could incorporate above information into the Request for Proposal (RFP) and manage
the process. Cost is an obvious factor in the selection of technology platform and holds
true for AML as well.
Different vendors provide different models of licensing and support costs and with
different caveats. Costs across vendors need to be brought onto the same base for
comparison by accounting for all expenses incurred directly and indirectly due to the use
of the specific vendor’s technology platform. Apart from the obvious license and annual
support costs, there are other costs which could be classified under:
• System adaptation costs (one time)
o Costs Cover missing functionality
o Costs incurred to ensure flexibility
o Hardware & network costs attributable to the product under consideration
o Costs towards integration with enterprise systems of FSI
• Recurring costs
o IT systems maintenance costs
o IT staff costs
o Compliance staff costs (to manage alerts generated by AML platform)
o Periodic system enhancement costs
System adaptation costs are incurred one-time at the beginning of the program. This is
necessitated as even the best of AML vendors do not provide all functions required by the
FSIs out of the box. Some functionality may have to be built specifically to meet the FSI
requirement and there is a cost to it. A vendor providing maximum functionality out of
the box would be able to minimize cost incurred due to missing functionality. While the
extent of the missing functionality spikes the cost proportionally, better flexibility if
present in the tool has the potential to reduce the cost of adding missing functionality. On
the other hand, inflexibility can compound the cost of bridging missing functionality.
In some cases, FSIs would have the option of buying a tool to enhance flexibility from
the vendor. For products with good architectural foundation, this cost is irrelevant.
Systems integration cost is incurred in connecting the AML technology platform with the
rest of IT systems of the enterprise and to provide support to peripheral AML functions.
Data warehouse, interfaces, etc fall into this category. The extent of systems integration
cost would depend on properties of each vendor, current enterprise architecture, etc.
Other obvious cost is incremental hardware and network consumed by the AML
technology platform which again varies by the vendor.
While one-time costs incurred due to AML technology platform form 12% of the AML
compliance expense, 24% costs are attributed to IT maintenance (Exhibit 2). IT
maintenance costs include annual support for AML technology platform from the vendor,
maintenance of software and hardware of all related (to AML technology platform)
systems, cost of staff maintaining these IT systems and periodic enhancement of IT
systems. AML technology platform and peripheral systems may need to be upgraded for
changes in regulations, approach or technology. The ease with which these changes can
be effected determines this cost.
But, a cost that is not obvious but very important is the expense on the number of
employees working in the AML organization. The AML technology platform has a direct
bearing on the number of employees employed in the AML organization as that number
would be proportional to volume of alerts produced for investigation. For these reasons, it
is important to have the platform tested in conditions prevailing in the firm’s technology
environment before committing to buy the AML platform. Testing the product under
these conditions helps FSI get a better estimate of the number of alerts produced by the
platform and hence the number of employees required to manage AML compliance
program.
Total cost of ownership (TCO) could be arrived at using present value analysis by
accounting all one-time expenses and recurring expenses over a suitable time horizon
using appropriate discount rate. Vendor with the lowest TCO could be the obvious
choice.
However, FSI may need to account for factors that go beyond the current solution
landscape and the present value analysis – the prospect of third generation AML solution
becoming mainstream approach to compliance upsetting investments on AML
technology platform.
Beyond the current solution landscape - would your firm wait for third generation
AML solutions?
The current crop of AML solutions are a generational improvement over the first set of
AML solutions that became popular with USA Patriot act. This generational change
brought about significant improvement and popularity of AML solutions. The increase in
popularity is evidenced in the volume of SARs filed by FSIs. A comparison of the first
generation and second generation solutions has been made in the table below.
While second generation solutions are impressive, third generation of AML solutions is
beginning to appearing over the horizon. Though third generation AML solutions may
only demonstrate incremental functional improvement, it is different the way AML
solution is delivered to FSIs. This opens up a whole new approach to compliance
promising to lower the enterprise compliance complexity and cost benefitting AML
compliance as well. The major factor driving this change is the combination of Service
Oriented Architecture (SOA) and Software as a Service (SaaS).
So, risk and compliance at FSIs will not be about stack of point solutions as they would
prefer benefits brought about by SOA. Functionality of AML platform would potentially
overlap with components of anti-fraud solution, Operational Risk Management (ORM)
solution, Securities Trade Compliance solution, etc. When these components become
services, overlaps are eliminated and efficiencies increased as SOA is an architectural
paradigm that uses standards-based interfaces to facilitate need-based access to IT
resources spread over an enterprise network. So, SOA makes it possible to harness all
compliance platforms through a system that could be accessed seamlessly. Since SOA is
very compatible with web-services, delivery of this efficient model over the web is made
possible.
Smaller FSIs that complain about the high cost of AML compliance also stand to benefit
as pricing is based on volume of transactions and number of clients and not a fixed
upfront cost. Essentially, costs are transformed from fixed to variable reducing the
volatility of bottom-line as costs for FSIs with smaller volumes would be proportional to
their size. This solves one of the major challenges to AML implementation – perceived
high cost of implementation.
When regulations change, vendors could nimbly demonstrate the change through proof-
of-concept to users reducing the risk of owning a large system for a specific purpose.
This facilitates easy buy-in from executives and allows the AML compliance unit to
focus on AML. SaaS also has other benefits:
- Faster implementation cycle
- Improved cost management and hence competitive differentiation
- Always on cutting edge of solutions
- Risk mitigation
Already, a large financial services technology vendor has stopped offering the
conventional license and support model and shifted to service model for a few solutions
and day for this approach to become mainstream is not far away.
While this is the future, AML solutions currently being offered on SaaS model are yet to
mature and the model also has to be supported by regulators. AML solution buyers might
enquire vendor’s response to this possibility to protect AML investments being made
now.
Conclusion
AML compliance environment and solution space has undergone and is continuing to
undergo huge changes. FSIs contemplating on acquiring or replacing AML technology
platform should keep the selection exercise aligned to objectives and approach of
compliance program while also looking for technological imperatives. Third generation
AML technology is distinct possibility and FSI’s must plan to factor in this possibility in
their AML technology acquisition plan.
Endnotes
1. Understanding the role of technology in Anti-money laundering compliance –
Rajesh Menon, Sanjaya Kumar
2. Anti-Money laundering: Regulations, Challenges and Best practices – Karim
Rajwani
3. New platform for business: How software as a service can create new
opportunities for financial services institutions – Brian Knotts, Darren Wesemann
4. Global Anti-money laundering 2007 – KPMG
5. The SAR Activity Review; Tips, Trends & Issues – May 2008, Fincen
6. Reckoning Legislative Compliances with Service Oriented Architecture – a
proposed approach. By Naveen N Kulkarni, KM Senthil Kumar, Dr. Srinivas
Padmanabhuni
7.