A Top Down Understanding of Transaction Monitoring Software – Part Two

As an AML (anti-money laundering) professional it is often hard to fully understand AML transaction monitoring software, including the terms, functionality, data dependencies, and limitations.  These challenges can make it difficult in creating and maintaining an effective AML governance program.  Often we see when AML governance programs are built upon their AML software, they have gaps or limitations as a result of the AML software implementation or in some cases the limitation of the AML software itself. The intention of this two-part article is to give a top down perspective of AML transaction monitoring software, including the commonalties and the differences between terms, functionality, data dependencies and limitations of AML software; however, no software will be named specifically. In part one of this article, we discussed AML software as whole, a hosted versus licensed version, the interface, level setting some terminology among profiling/behavior/patterns and the considerations when reviewing software features. In part two, we will level set some terminology around rules/scenarios, alert/case management, dashboards and reporting, and selecting your AML transaction monitoring software.

Rules/Scenarios

The primary method of detecting suspicious activity is through ‘Rules/Scenarios’ which I will refer to ‘Rules’ in the remainder of this article.  Rules are one the most important portions of AML transaction monitoring software because rules detect the majority of suspicious activity.  Some sample rules are, cash structuring, high risk country, wire rules, and velocity.  Rules are generally queries that review data that resides in the AML software database.  These queries will have parameters or filters that are hard coded, meaning they cannot be changed, or table driven, which will allow you to make the rule more custom to your needs.  Many of the lower cost AML software solutions have very simple or flat rules with a single dimension with limited filtering capabilities.  What this means for you is that you will need to create many versions of this rule to accomplish what one complex rule can do.  In the more expensive systems a more complex rule will often give you more parameters and filtering capabilities.  The advantages to having complex rules is very significant and include examples such as risk based, customer types, cases/alerts roll up and more capability to tune or manage false positives.  Additionally, some of the more expensive or advanced AML transaction monitoring software will allow a user to create a completely new custom rule instead of just customizing a templated/existing rule.  This advantage will give your FI the complete capability to accommodate future AML requirements. There are even a few AML transaction monitoring software tools that allow for a “What If” button or report, which allows you to preview a change before making it permanent.

Alert/Case Management

When a query condition whether it be profiling or a rule has been exceeded, a case or alert is created.  As stated previously when investigating a case or alert AML transaction monitoring software can vary greatly in its ability to support the investigations process, its ability to annotate the alert or case, how the tool treats or takes in supporting evidence, how or if the tool allows for RFI’s and lastly does the tool support the rejection or escalation process.  I have even seen some FI’s create some of this case workflow outside of the AML transaction monitoring software because of the limitations within the case management workflow.

Workflows can also vary greatly depending on how flexible the AML software case management software is.  In the lower cost AML solutions case management is generally a fixed process.  In the higher cost solutions, you can generally build a fully custom work flow process.  Some of the AML tools allow scoring of a case generally based on how close the conditions of the query match.  The scoring typically is used as a prioritization of a case or to be routed to a particular investigator either based on specialization like cash management or wires.  Routing can also use scoring to send cases to a senior analyst/investigator for higher risk cases to be processed at the appropriate level.  In some systems routing can be used to balance workload or even route when an investigator is on vacation. There are also roll-up or customer based detection capabilities in some of the higher cost systems.  Roll-up allows for all suspicious activity at a transaction level within a period of time to roll-up to a single case or a groups of related cases. Most of the AML tools allow SARs and CTRs to be created, retained and sent electronically to the government.  Some of the higher cost solutions will allow some custom workflow options and tend to assist more with creating the SAR’s, such as SAR approvals and pre-generated narratives that are templates.  

Dashboards and Reporting

Some features often overlooked are Dashboards and Reporting.  Dashboards are a great way to improve efficiency and reporting can keep management better informed.  Since this is an area that is often more overlooked, we find some systems that are very feature rich and unlike others.  The more mature systems have custom dashboard capabilities to demonstrate status and case disposition for workflow purposes.  We even see some of the control management process can be simplified for items of concern such as verifying that data import processes ran correctly and reconciled.

Reporting tends to be a more detailed and less dynamic than dashboards.  Reports will allow a user to review summary and detailed reports that typically have drill down capability. This is most commonly used for aging reports, audits, examiners and management reporting.

Selecting AML Transaction Monitoring Software

When selecting your AML transaction monitoring software or converting to a new solution, there are several key factors to consider. Should you purchase hosted or licensed software? This will greatly depend on your budget and AML risk profile.  If you do not feel that a hosted environment will be adequate to meet or exceed your AML risk requirements, then a licensed environment would be better for you.  When it comes to compliance you must spend whatever it takes to be fully compliant, and I often see that management doesn’t understand this (“Compliance is not an option”). Now the ROI in understanding if you can afford a to enter a market should include the compliance costs, before that market is entered or a service/product is provided.  Lastly, every FI should consider a way to have access to a test server with the ability to have an updated clone of production for improvement verification, before any changes are made in the production system. This is especially important for testing or considering rule changes, false positive tuning, and conducting model validations.

Conclusion

In conclusion, there are a number of considerations when selecting a AML transaction monitoring software system for your FI. In part two, we level set some terminology around rules/scenarios, alert/case management, dashboards and reporting, and selecting your AML transaction monitoring software. It will depend of course on your budget, but more importantly your risk profile and maintaining your compliance. There is a tremendous amount of detail within this topic and I could discuss each feature in more depth should there be demand. The intention of this article was to give a top down perspective of AML transaction monitoring software, which I hope provided you an overview of how AML transaction monitoring software works, the differences, the common benefits/features and what to look for when selecting your own. I would suggest if you are in the market for AML software that you understand and document your business requirements (pre-implementation a FFEIC Requirement), create a thorough request for proposal process and ensure that within 3-6 months after production you have an Independent Verification and Validation (model validation and post-implementation a FFEIC Requirement).

If you would like to know more about ARC Risk and Compliance or transaction monitoring software please contact us.

Facebooktwitterlinkedin