AML technology platform selection – keeping up with changes

Uttam Purushottam and Satnam Gill

Since AML regulations were mandated globally, Financial Services Institutions (FSIs)
are trying to achieve the ideal of a robust AML program – effective deterrence, detection
and reporting. But, FSIs are still figuring out the way to get there through a strong
detection capability as it then serves as an effective deterrent and enables reporting.
Technology has evolved to play a critical role in enhancing money laundering detection
capability to supplement efforts by vigilant front-line staff interacting with customers.
Hence, AML compliance program outcome is now a function of technology and selection
of an appropriate AML technology platform often holds key to the desired outcome of the
program as it affects not only the current investment but also future expenditure on
technology and business operations. Focus on appropriate technology selection process is
expected to yield results as any gain made here would translate into substantial savings as
FSIs expect to spend 34%1 more in 2007-2010 compared to 2004-2006 period (Exhibit
1).

Exhibit 1 – Spending on AML Compliance program 2004-07 Vs 2007-10 (expected)

Major steps in selection of an appropriate technology platform are:

(i) Translation of AML compliance objectives to features expected of the
technology platform
(ii) Determine Total Cost of Ownership (TCO)
(iii) Account for transformational trends to protect your investments

Translation of AML compliance objectives to features expected of the technology

1
AML survey 2007 conducted by KPMG
Translation of AML compliance objectives into technological components starts with
assessment of components of the AML compliance program. Major components of a
typical AML compliance program that need to be assessed are:
• AML Policies, procedures and controls
• AML Training program
• AML Compliance Officer / organization
• Audit / Independent review of AML program

Policies, Procedures and Controls:

Implementation of an AML compliance program is preceded by definition of policies,
procedures and controls related to AML efforts. This is similar to that of Operational
Risk Management (ORM) approach2 and this to be one of the best practices that could
used effectively in the AML program. Hence, AML technology platform should support
hosting of policies, documenting procedures and testing controls related to money
laundering. Specifics of policies, procedures and controls from AML compliance
program could guide specific requirements of the AML technology platform at various
FSIs.

Review of policies, procedures and controls put in place during initial phase of AML
compliance program is recommended as they may now be obsolete due to widespread
acceptance of risk based approach to AML compliance. The risk-based approach is a
management tool for developing and managing a firm's systems and controls. A
reasonably designed risk based approach will provide a framework for identifying the
degree of potential money laundering risks associated with customers and transactions
and allow for an institution to focus on those customers and transactions that potentially
pose the greatest risk of money laundering3. So, AML policies and procedures shall be
tuned to identify customers and transactions posing the highest risk to the FSI while
customers and transactions with the lowest risk are allowed to go through with minimal
checks facilitating optimal use of compliance resources.

Following table summarizes effects on policies by risk based approach.

Sl # Policy Name Implication on Procedures Features to be expected from
Technology
1 Know Your - Classify customers based - Automated calculation of
Client (KYC) & on riskiness (High / Low) risk score to estimate
Enhanced Due - Maintain risk data on riskiness of the prospect
Diligence (EDD) geography, channels and - Score based and rule based
products identification of prospects
- Define a procedure to requiring Enhanced Due
calculate risk score of each Diligence (EDD)
customer - Automated name check
- Watchlist Filtering against internal and external
- Identification of candidates databases of Specially
2
Anti-money laundering: regulations, challenges and best practices – Karim Rajwani
3
Definition provided by Wolfsberg. http://www.wolfsberg-principles.com/risk-based-approach.html
 for EDD (high risk score,
PEP, Sanctions, etc)
- EDD procedure and
workflow
2 Transaction - Classify transaction into
Monitoring high / low risk
- Define a procedure to
calculate risk score for each
transaction based on
instrument type, location,
channel and client risk score.
- Differential monitoring
capability - high risk
transactions monitored more
closely than low risk
transactions
Just as the AML technology platform enables policies and procedures, it can also embed
controls within procedures for proper checks and balances. A robust self-assessment
facility as in the case of ORM would help in determining the health of AML compliance
program.
Health Check of AML Compliance Programs
Designated Nationals (SDN)
- Support EDD through pre-
populated questionnaires and
other data gathering tools
- Visualization of enterprise
wide view of the client
relationship across the FSI
- Mining of hidden /
unknown relationship of
customer with the FSI
- Maintenance of risk ratings
for geography, products,
channels
- Workflow configuration
- Automated check of
counter-party & geography
of originating transactions
against internal and external
SDN lists
- Automatic application of
appropriate level of
surveillance for transactions
based on transaction risk
score
- Advanced technology to
reduce false-positives (fuzzy
matching)
- Integration with payment
systems for real-time check
- Link analysis tool to
monitor / learn about
customer behavior
Training Program
FSIs are obligated to train their staff members on detecting and reporting of money
laundering activities by the customers as a first line of defense against ingenuity of
money launderers. The exhibit below states that FSIs are rightly empowering front-line
staff with appropriate training to counter money laundering as 64% of the spending in
AML compliance program is on training and reporting (Exhibit 2). Well trained
employees can supplement automated detection capability with insights that machine
with programmed logic can not have. So, technology should aid employees register
suspicions to be passed onto AML compliance staff for investigation and could also be
used effectively in select training processes though may not be critical piece of training
program.
Anti-Money Laundering Spending Breakdown

IT Training,
Maintenance Compliance,
24% Reporting
64%

Software/
Hardware
12%

Exhibit 2 – Spending breakdown of AML program (Source: Celent)

AML Compliance Officer / Organization

Regulations mandate FSIs to designate an officer in-charge of AML (GAMLO – Global
Anti-Money Laundering Officer) compliance and task the person with all responsibilities
in overseeing efforts directed against money laundering. Consequence of any lapse on the
part of the GAMLO in complying with regulations might not be limited to GAMLO
alone. Regulators might even attach personal assets of FSI’s directors and officers as
penalty for inadequate or ineffective AML program as was done in the case of
Caversham Trustees Limited4. As a result, senior management is extremely interested
in the health of AML compliance program. This is corroborated by a survey in which
71%5 of senior management of banks took active interest in the program. Technologically
well equipped AML office would allow the program to be successful and mitigate AML
risk faced in the organization facilitating GAMLO and team to function effectively.

While technology is an empowering tool, effectiveness of the functioning of GAMLO

and team would depend on how
4
5
AML survey 2007 conducted by KPMG
 - AML sub-unit is organized and the way workload is managed (workload
allocation, auto-close functionality)
- well they work with the rest of compliance and risk management groups
- alerts are resolved (workflow)
- cases are reported to AML regulators

Compliance Organization and the place of AML

Typical compliance hierarchy as applied to AML is shown in Exhibit 3. Hierarchy
determines workflow and collaboration requirements between the AML and the broader
Compliance Organization as money-laundering incidents also tend to be related to fraud
and other compliance areas like brokerage compliance, etc. Collaboration would help
areas like fraud and trade compliance with money laundering and provide inputs for
AML investigation and vice-versa. Collaboration and interactive environment enabled
technologically could make the AML office more potent in detecting and reporting
suspected cases of money laundering.

Also structure and dynamism of the AML organization determines the workflow
capabilities expected of the technology platform. The efficiency achieved by the AML
compliance office could be a function of the flexibility and capability of the workflow
function provided by the platform. Flexibility in configuration of workflow would also
play an important role as changes could be effected without crippling the system.
Board’s Audit
Committee

Chief Compliance
Officer Other Compliance
Functions
Global Anti-Money
Laundering Officer

Divisional Compliance Divisional Compliance Divisional Compliance

Officer (Retail Banking) Officer (Brokerage) Officer (Cards)

Analyst Analyst Analyst

United
States
Analyst Analyst Analyst

European Analyst Analyst Analyst

Union
Analyst Analyst Analyst

Exhibit 3 – Compliance Hierarchy as applied to AML

Alert Resolution and Workload Management

Since AML technology platform is capable of producing hundreds and thousands of
alerts due to automation, allocation of alerts among analysts optimally for resolution is a
feature that could increase productivity of the unit as a whole. Technology allows
dynamic allocation of alerts based on Analyst’s workload, skill, LOB and any other
factor that needs to be considered.

Technology also allows certain types of alerts produced to be auto-closed based on

specific rules built into the platform. FSIs might take advantage of the feature as it
reduces effort on resolving frivolous alerts created by non-optimally tuned AML
technology platform and allow analysts devote enough time for alerts of the highest risk.
This might also allow management of GAMLO office with fewer analysts and might
result in financial gain.

Case Management
Alerts on transactions resolved as suspected money laundering activities are converted to
cases. Technology should ensure that the AML platform facilitates investigation of cases
through:
• Seamless interface with rest of the enterprise in gathering relevant data
• Storage for data (any type) gathered from external sources and tagging them
appropriately
• Ad-hoc query utility to gather specific data when needed
• Workflow to facilitate investigation of cases at multiple levels of investigation
and for approval of GAMLO
• Monitoring tool to help GAMLO track progress of various cases
• Data investigation and visualization tools for investigation

As analysts spend bulk of their time on this part of the AML technology platform, it is
extremely important to ensure ease and effectiveness of the user-interface of the tool to
increase productivity.

Since Case Management platform could be common across multiple areas e.g. fraud,
trade compliance, etc, it is important to facilitate inter-operability with external systems
too. This way, FSIs could be spared of the expense of having to go for multiple Case
Management tools.

Reporting
GAMLO is expected to file Suspicious Activity Report (SAR) with regulatory authority
of respective jurisdictions. Going by the trend over the past few years, SARs have more
than tripled since 2001 (Exhibit 4) implying that GAMLOs are filing huge number of
SARs every year and the trend is showing no signs of change. This also implies that
GAMLOs would be filing more SARs than ever in subsequent years and would spend
more time doing this activity.
 Number of SARs Received by Fincen
700,000
600,000
500,000
400,000
300,000
200,000
100,000
-
1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007
Number of SARs
Exhibit 4 – Suspect Activity Report Filings by year
However, technology makes it possible to create SARs based on pre-defined templates
with minimal intervention by AML compliance staff making it a potential productivity
enhancer.

Regulators such as Fincen (US), Fintrack (Canada), etc are showing signs of being
overwhelmed with the volume of SARs filed by various FSIs. This affects regulators in
performing their duties in other areas such as frauds, thefts, etc over which as much
oversight is necessary thereby impacting them. Exhibit 5 shows that 47% of SAR filings
at Fincen are due to money laundering activities.

To keep up with the growth rate of SARs, Fincen either has to ramp up it staff
proportionally or would need to reduce the number of SAR filings by issuing additional
directions to FSIs to improve accuracy of SARs. FSIs using technology would be the
most impacted as regulators would focus on FSIs contributing disproportionally more
number of SARs and could potentially be targeted by regulatory agencies. Such FSIs can
improve accuracy of reports only by improving capabilities of technology platform in
detection and investigation areas by improving or replacing old technology.
 SAR Filings by Characterization (04/1996 till 12/2007)

11%
3%
3%
3%
4%
47%

5%
5%
9%
10%
BSA/Structuring/Money Laundering Check Fraud
Other Counterfeit Check
Credit Card Fraud Mortgage Loan Fraud
Check Kiting False Statement
Identity Theft Others
Exhibit 5 SAR Filings by Characterization from 01-Apr-1996 till 31-Dec-2007

Internal reporting capability is an equally important part of reporting as these reports

would help management in assessing the health and competence of the AML compliance
program. It could also provide intelligence, trends, etc as any other reporting
functionality. But, vendors generally recommend third party reporting tools for better
capability and flexibility.

Exhibit below represents the relationship between components of AML technology

platform in a schematic format.
Data Feed
(Transactions, Account Data)

Risk Watchlist Filter Alert

Assessment (Real Time) Management
Product Workload distribution
Channel & Geography Resolution
Geography Case creation
Transactions Monitoring
Cash,
Securities, Case
KYC Derivatives,
Name screeing & PEP Services Management
Sanctions Compliance Watchlist Filter Case Acceptance
Client Risk Rating Investigation & Reporting
Regulatory Reporting

Reporting
External (SAR, CTR, etc) & Internal (MIS, Dashboards, Audit, etc)

Exhibit : Components of AML Technology Platform

Audit / Independent Review
Supporting an independent review of AML sub-unit’s work is a critical element of the
AML technology platform and is also mandated by regulation. Independent review is
undertaken by the audit staff as well as regulators on a periodic basis and a technology
platform that enhances their productivity of audit staff is expected by the FSI. But,
separation of access and safety of data used by audit functions from the regular
operational functions is paramount to make the platform useful to auditors. This apart,
AML compliance unit should be able to do self-assessment of procedures and controls
without interfering with external audit function.

FSI could incorporate above information into the Request for Proposal (RFP) and manage
the process. Cost is an obvious factor in the selection of technology platform and holds
true for AML as well.

Determining Total Cost of Ownership

Different vendors provide different models of licensing and support costs and with
different caveats. Costs across vendors need to be brought onto the same base for
comparison by accounting for all expenses incurred directly and indirectly due to the use
of the specific vendor’s technology platform. Apart from the obvious license and annual
support costs, there are other costs which could be classified under:
• System adaptation costs (one time)
o Costs Cover missing functionality
o Costs incurred to ensure flexibility
o Hardware & network costs attributable to the product under consideration
o Costs towards integration with enterprise systems of FSI
• Recurring costs
o IT systems maintenance costs
o IT staff costs
o Compliance staff costs (to manage alerts generated by AML platform)
o Periodic system enhancement costs

System adaptation costs are incurred one-time at the beginning of the program. This is
necessitated as even the best of AML vendors do not provide all functions required by the
FSIs out of the box. Some functionality may have to be built specifically to meet the FSI
requirement and there is a cost to it. A vendor providing maximum functionality out of
the box would be able to minimize cost incurred due to missing functionality. While the
extent of the missing functionality spikes the cost proportionally, better flexibility if
present in the tool has the potential to reduce the cost of adding missing functionality. On
the other hand, inflexibility can compound the cost of bridging missing functionality.

In some cases, FSIs would have the option of buying a tool to enhance flexibility from
the vendor. For products with good architectural foundation, this cost is irrelevant.
Systems integration cost is incurred in connecting the AML technology platform with the
rest of IT systems of the enterprise and to provide support to peripheral AML functions.
Data warehouse, interfaces, etc fall into this category. The extent of systems integration
cost would depend on properties of each vendor, current enterprise architecture, etc.
Other obvious cost is incremental hardware and network consumed by the AML
technology platform which again varies by the vendor.

While one-time costs incurred due to AML technology platform form 12% of the AML
compliance expense, 24% costs are attributed to IT maintenance (Exhibit 2). IT
maintenance costs include annual support for AML technology platform from the vendor,
maintenance of software and hardware of all related (to AML technology platform)
systems, cost of staff maintaining these IT systems and periodic enhancement of IT
systems. AML technology platform and peripheral systems may need to be upgraded for
changes in regulations, approach or technology. The ease with which these changes can
be effected determines this cost.

But, a cost that is not obvious but very important is the expense on the number of
employees working in the AML organization. The AML technology platform has a direct
bearing on the number of employees employed in the AML organization as that number
would be proportional to volume of alerts produced for investigation. For these reasons, it
is important to have the platform tested in conditions prevailing in the firm’s technology
environment before committing to buy the AML platform. Testing the product under
these conditions helps FSI get a better estimate of the number of alerts produced by the
platform and hence the number of employees required to manage AML compliance
program.

Total cost of ownership (TCO) could be arrived at using present value analysis by
accounting all one-time expenses and recurring expenses over a suitable time horizon
using appropriate discount rate. Vendor with the lowest TCO could be the obvious
choice.

However, FSI may need to account for factors that go beyond the current solution
landscape and the present value analysis – the prospect of third generation AML solution
becoming mainstream approach to compliance upsetting investments on AML
technology platform.

Beyond the current solution landscape - would your firm wait for third generation
AML solutions?
The current crop of AML solutions are a generational improvement over the first set of
AML solutions that became popular with USA Patriot act. This generational change
brought about significant improvement and popularity of AML solutions. The increase in
popularity is evidenced in the volume of SARs filed by FSIs. A comparison of the first
generation and second generation solutions has been made in the table below.

Factor First Generation Solutions Second Generation Solutions

Clients All clients treated the same Clients differentiated by risk levels
Client risk level assessed and classified
 into a specific risk segment
Transaction Detection through rules and Detection through transaction risk
Monitoring thresholds assessment, behavior changes
detection technology
Technology Usually batch-mode technology for Real-time technology for payment
payment screening screening (watchlist filtering &
Primitive workflow and reporting sanctions compliance)
Non-browser supported technology Advanced workflow and reporting
with flexible configurability
Easy access through browser
Product Coverage Predominantly cash transactions Ability to monitor cash, securities and
derivatives

While second generation solutions are impressive, third generation of AML solutions is
beginning to appearing over the horizon. Though third generation AML solutions may
only demonstrate incremental functional improvement, it is different the way AML
solution is delivered to FSIs. This opens up a whole new approach to compliance
promising to lower the enterprise compliance complexity and cost benefitting AML
compliance as well. The major factor driving this change is the combination of Service
Oriented Architecture (SOA) and Software as a Service (SaaS).

Service Oriented Architecture (SOA)

A Service is a coarse grained executable unit of business functionality which is described
by well defined interfaces and can be discovered and invoked remotely. An SOA
provides a flexible, reusable framework for constructing and integrating multiple
applications and application components. In an SOA, resources are independent services
that are accessed in a standardized way. SOA is driven by promises of:
• Enhanced flexibility - a more responsive IT infrastructure geared to meet future
compliance changes
• Cost reduction and ROI
o Common functionality (e.g. reporting) may be consolidated into services,
thereby eliminating maintenance costs for multiple systems
o Changes in functionality not too expensive to make
o New business functionality can be immediately incorporated without
overhauling whole application as in case of monolithic systems.
• Distribution of value as services are shared across multiple business units,
geographies, etc
• Eliminates vendor lock in by using widely accepted open standards
• SOA allows disparate lines of business in an enterprise to effectively reuse
business functionalities

So, risk and compliance at FSIs will not be about stack of point solutions as they would
prefer benefits brought about by SOA. Functionality of AML platform would potentially
overlap with components of anti-fraud solution, Operational Risk Management (ORM)
solution, Securities Trade Compliance solution, etc. When these components become
services, overlaps are eliminated and efficiencies increased as SOA is an architectural
paradigm that uses standards-based interfaces to facilitate need-based access to IT
resources spread over an enterprise network. So, SOA makes it possible to harness all
compliance platforms through a system that could be accessed seamlessly. Since SOA is
very compatible with web-services, delivery of this efficient model over the web is made
possible.

Software as a Service (SaaS)

With SaaS, FSIs can off-load the burden of maintaining a technology platform(s)
exclusively for compliance purposes to vendors hosting the solution and pay by quantum
of usage. FSIs then don’t have to suffer playing catch-up with advances in technology or
costly changes to keep up with regulations. Compatibility of SOA and Web-services
makes delivery of an efficient compliance platform possible over web. AML services
bundled along with other compliance solutions could be accessed through a browser
making the solution (SOA + SaaS) nimble, flexible, adaptive and scalable. Since
technology infrastructure is maintained by the vendor, FSIs need not be bothered about
the cost of acquiring those assets.

Smaller FSIs that complain about the high cost of AML compliance also stand to benefit
as pricing is based on volume of transactions and number of clients and not a fixed
upfront cost. Essentially, costs are transformed from fixed to variable reducing the
volatility of bottom-line as costs for FSIs with smaller volumes would be proportional to
their size. This solves one of the major challenges to AML implementation – perceived
high cost of implementation.

When regulations change, vendors could nimbly demonstrate the change through proof-
of-concept to users reducing the risk of owning a large system for a specific purpose.
This facilitates easy buy-in from executives and allows the AML compliance unit to
focus on AML. SaaS also has other benefits:
- Faster implementation cycle
- Improved cost management and hence competitive differentiation
- Always on cutting edge of solutions
- Risk mitigation

Already, a large financial services technology vendor has stopped offering the
conventional license and support model and shifted to service model for a few solutions
and day for this approach to become mainstream is not far away.

While this is the future, AML solutions currently being offered on SaaS model are yet to
mature and the model also has to be supported by regulators. AML solution buyers might
enquire vendor’s response to this possibility to protect AML investments being made
now.

Conclusion
AML compliance environment and solution space has undergone and is continuing to
undergo huge changes. FSIs contemplating on acquiring or replacing AML technology
platform should keep the selection exercise aligned to objectives and approach of
compliance program while also looking for technological imperatives. Third generation
AML technology is distinct possibility and FSI’s must plan to factor in this possibility in
their AML technology acquisition plan.

Endnotes
1. Understanding the role of technology in Anti-money laundering compliance –
Rajesh Menon, Sanjaya Kumar
2. Anti-Money laundering: Regulations, Challenges and Best practices – Karim
Rajwani
3. New platform for business: How software as a service can create new
opportunities for financial services institutions – Brian Knotts, Darren Wesemann
4. Global Anti-money laundering 2007 – KPMG
5. The SAR Activity Review; Tips, Trends & Issues – May 2008, Fincen
6. Reckoning Legislative Compliances with Service Oriented Architecture – a
proposed approach. By Naveen N Kulkarni, KM Senthil Kumar, Dr. Srinivas
Padmanabhuni
7.