• Colin Bristow, Fraud & Anti-Money Laundering Specialist at SAS UK & Ireland


• 09.05.2017 10:30 am
Anti-Money Laundering (AML)

Anti-Money Laundering (AML) regulations require the identification and reporting of activity representing most risk to the firm. The risk element needs to consider the perspective of the firm; and take account of some external factors e.g. social economic. Key to this is delivering an approach to increase the visibility of risk, which can be achieved through building a better understanding of customers and their behaviours.  The firm’s monitoring strategy must provide transparency. If the strategy is opaque, it will be difficult to explain and challenging to defend. Essentially, it can put the institution in danger.

Adaptation to changing regulatory requirements, for example the Fourth Anti-Money Laundering Directive (4MLD) (May 2015), requires firms to review the risks posed by doing business. Failure to do so risks serious financial and reputational damage. It’s a significant challenge. However, faced with ever-increasing workloads, business as usual activities and a flood of new data, many firms are failing to meet the challenges posed.

Plus ça change, plus c'est la même chose – really?

With the context of a changing regulatory environment, and rapidly changing business risks, there is an implicit assumption firms must be able to adapt quickly. This is not always the case.

A case in point is the 4MLD, changing several aspects of compliance process. Adjusting existing legacy monitoring systems and processes is creating significant overhead for compliance departments – and not all systems can adapt sufficiently. Adaptation of legacy systems and processes will need to centre around a more sophisticated strategy.  Realistically, adopting an appropriate strategy to meet the changing regulatory landscape could be considered a significant enough challenge, irrespective of having to make changes to processes and systems for regulatory purposes.

Is there a short-term fix?

Developing a short-term strategy needs to consider several elements of the regulations and how we can adapt existing platforms. In addition, there will also need to be an agreement on when to adapt the short-term strategy.

Several firms have adopted an approach of bulking up their compliance teams. Not necessarily a straightforward approach, as it has several considerations relating to appropriate skills, knowledge and background of the individuals. Furthermore, there will be a need to ensure there are sufficient internal resources to support his approach. But at what point have we ‘bulked up’ too much?

Another approach adopted to meet regulatory changes has been to increase the number of monitoring scenarios. This considers not only hot list checking, but also transaction monitoring processes. However, a lack of skilled staff means this is often done at great cost and effort, while providing moderate benefit. More output, typically driven by additional scenarios, requires a larger review resource.

A way to manage greater output is to adjust existing scenarios; but which ones and how do we evidence we are not missing possible risks?

Ultimately, many firms are struggling to process the sheer volume of cases they are obliged to investigate with the systems and personnel at their disposal, creating a backlog of cases for investigation.

Using analytics to drive customer segments

Many firms are seeking out new, aggressive approaches. Analytical and statistical methodologies are growing in popularity – popularity is being driven by results. While there is no silver bullet to overcome the compliance challenge, significant efficiencies and savings can be found in renovating outdated transactional monitoring systems and approaches to case identification. Typical goals we identify from firms approaching these challenges are to improve the accuracy of detection, reduce the costs of detection and to speed the investigation process.

An effective AML transaction monitoring system must have a strong foundation for monitoring customer activity. A good segmentation model provides this. Segmentation is the process of grouping together customers and accounts that have similar characteristics and transactional behaviours, which in turn allows appropriate risk-based settings to be made. Segmentation can also be used to consider measures of difference – which can also be a useful input into modelling activities.

Organisations I have worked with have adopted various approaches for segmentation – typically driven by existing internal reference systems or marketing codes. While this provides useful proxy, it does not represent how the customer actually behaves.

Segments of customers should be grouped together based on one or more of their inherent characteristics, or ‘risk attributes’, such as net worth, product usage, average transaction amount and volume of transaction types. These types of measures can be driven by analytical processes relating to the actual activities – not a business-driven proxy. Ultimately, the key to successful customer segmentation is having an accurate view of the customer behaviour. This has a significant reliance, although not insurmountable, on having clean and recent data.

Implementing a quality segmentation model allows for threshold values to be established through a method which provides effective coverage throughout the customer and account portfolios. Most firms that perform transaction monitoring without the use of a segmentation model often find that they have poor alert coverage among their lines of business. In these cases, alert generation can be skewed in a part of the business representing lower-risk customer groups. The consequence can then be fewer alerts generated for smaller, high-risk customer groups.

Getting to a segmentation that suits

Currently, the sheer weight of data being collected makes effective analysis and reporting a herculean task for an unaided compliance team. Fortunately, true drag-and-drop analytical tooling can significantly reduce the time and expertise required to analyse data and identify analytically driven segmentations. Graphical techniques, for example scatter plots, frequency plots and heat maps, can be used to dissect customers into segments and allow business review. Further analysis capabilities can then be used to better understand the relationship between the various accounts and risk attributes. This can lead to rapid validation of the segments.

In the long-term, a well-designed hybrid detection process, based on multiple analytical processes, can significantly increase AML monitoring coverage for firms’ portfolios. This, in turn, focuses alert generation toward risk-based thresholds; and ultimately identifying those activities that pose the most risk.