With the ever increasing regulatory scrutiny facing the banking industry, community banks, small and large, have looked upon technology as a resolution to its problems. In the past, many banks were able to manage money laundering risks by relying on manual transaction monitoring processes and controls (e.g., monitoring customer activity via Excel spreadsheets and manual cash logs). This may have worked for some time; however, times have changed. Technology has enabled criminals and fraudsters to bypass detection through the use of sophisticated money laundering and fraud schemes. Nonetheless, institutions, regardless of size and risk profile, have acquired anti-money laundering systems to supplement what was done manually in the past. Many of the reasons are related to a change in risk profile, perhaps due to branching or merging, or what we’ve all heard and perhaps experienced: regulatory enforcement.
The majority of our clients utilize transaction monitoring systems and those that don’t are looking to transition from a manual monitoring process to an automated one. However, just because a Bank uses an automated transaction monitoring system doesn’t mean that it will solve all its problems. There is still much human intervention that goes into how we use the system, and how we investigate and document the alerts being generated, and more importantly, how we are setting up our detection scenarios so that they are continually effective in mitigating our money laundering risk.
In a recent address, NYS Superintendent, Benjamin Lawsky, cited the Standard Chartered case where they ran the Bank’s transaction data in its own filtering systems, compared the results, and subsequently identified a significant number of flaws and gaps in the Bank’s transaction monitoring and reporting thresholds. Mr. Lawsky stated, "What regulators have not done is actively tested the effectiveness of the filtering systems banks are using. That needs to change". As a by-product of this, banks may experience increased regulatory scrutiny with respect to the detection scenarios and the thresholds established.
Also noted was the idea of holding executives accountable for the quality of their bank’s money laundering controls, similar to the Sarbanes-Oxley Provision. Remember that compliance starts from the top level down.
So could we see this type of regulatory oversight trickle down from the large banks to the smaller banks? We can’t say for sure. However, we should be proactive in periodically assessing the effectiveness of our money laundering controls. We’ve seen many times where a Bank recently acquires an automated monitoring system and with the aid of the vendor, establishes a core set of rules without actually doing the due diligence necessary to ensure they mitigate the Bank’s money laundering risk. The vendor may have a general idea of the Bank’s product and service environment; however, they may not have a full understanding of your customer base and transaction risk exposures. This is why it is essential that a bank take a specific approach to establishing filtering criteria, which should be largely based from the BSA/AML risk assessment.
The age of anti-money laundering technology is here and now. It is our objective as compliance professionals that it properly aids our banks in mitigating money laundering and terrorist financing risk.
Senior Manager - BSA/AML
David Lutz is an experienced Audit Supervisor at the Firm for the specialized area of Bank Secrecy Act/AML Compliance reviews. He is a Certified Anti-Money Laundering Specialist