Banks and other financial institutions may think they can prove to regulators they are combatting financial crime and terrorist activities by filing as many suspicious activity reports as they can.
Yet more often than not they are missing out on the real criminal activity, say anti-money laundering and compliance managers. No one wants to specify what percentage of SARs are actually not worth the paper they are written on, but AML compliance managers at several New York banks privately tell FinOps Report that the figure could easily be as high as twenty percent.
That percentage will likely grow as financial firms become more fearful of increased regulatory action. “Regulators won’t penalize banks and others for filing too many SARs, but they won’t hesitate to penalize them if they miss illegal activity,” says Aaron Kahler, managing director of AML Compliance Advisors in New York. The Financial Crimes Enforcement Network (FinCEN), New York Department of Financial Services and Financial Industry Regulatory Authority are cracking down as shown by the recent string of enforcement actions against big name banks and brokerages.
Filing a SAR doen’t necessarily mean that the financial firm knows the customer’s activity is criminal. The financial firm is only reporting that it has strong reason to suspect its customer has engaged in wrongdoing. It counts on FinCEN, a unit of the US Treasury, which accepts the SAR, to draw its own conclusion and in some cases pass along its enforcement recommendations to other agencies to carry out. FinCEN has never disclosed how what percentage of SARs result in successful prosecutions. However, it recently acknowledged that the number of SARs has climbed from 669,000 in 2006 to almost one million in 2013.
At the core of fulfilling regulatory requirements to catch money laundering and other criminal activities is keeping a close watch on customer transactions. That’s typically done through a transaction monitoring system. But such a system is only as reliable as its rules and inputs. Even the most efficient platforms need well-trained analysts and investigators to verify any red flags or alerts.
Better Process
Starting off on the right foot by collecting the right client information during the onboarding process could go a long way to helping the transaction monitoring system do its job correctly. They rely in part on the risk profile assigned to the client to determine whether any of its activities fall outside the norm. The wrong data will result in an incorrect risk profile. Hopefully, the bank or other financial firm will have developed consistent global policies and trained the customer service staff to ask for the right documentation on the country of residence of the customer, origin of any funds, beneficial shareholders of the firm and anyone having a controlling say.
If a transaction monitoring system does sprout an alert it will likely be sent to a junior level analyst for initial review. Some banks and financial firms might send the alert to a senior level analyst from the start. It’s often the responsibility of the first analyst to weed out the false positives, so that the second analyst can take a closer look.
How often does the first analyst fail to catch wrongdoing? Again, no one will say but it could easily be over fifty percent of the time AML compliance managers tell FinOps. Hopefully the junior analyst will have a cheat sheet of permissible and non-permissible scenarios to rely on. If not, he might have to go back to the original relationship manager or the customer onboarding department to find out all it can about the customer. If the junior analyst ultimately decides nothing is wrong, the case might be closed without further review. Most financial firms won’t verify whether the junior analyst has made the right decision.
“It ultimately takes common sense and a sixth sense to work to be an AML analyst or investigator,” says Kahler. “Some analysts have the necessary instincts while others don’t. However, a comprehensive training program which focuses on general AML principles, red flags and scenarios representing unusual activity would go along way to help offset the analyst or investigator’s shortcomings.”
Too often analysts or investigators learn on the job from others who are also ill-trained. They are sometimes reassigned from within and even if they are hired from law enforcement agencies, they may not comprehend financial transactions well-enough. “Some analysts do not understand cross-border wire transfers or correspondent banking so they don’t know what red-flags for criminal activity to look for,” says Natasha Taft, a former chief compliance officer for several foreign banks who now runs her own consultancy in New York.
If a junior analyst has some doubts about the legality of the transaction an even more senior level analyst might investigate whether other SARs or investigations have been done for the same customer. He or she will likely check other public sources and in some cases ask for further information from a correspondent bank in a foreign country. The foreign bank will either respond immediately, take its sweet time, or even tell the US bank that they cannot provide additional information on the original sender of a wire transfer or a recipient. It takes a persistent analyst to refuse to accept no for an answer.
If the customer has multiple accounts with the same bank in different business lines, chances are an analyst will also have to research the possibility that multiple interconnected transactions taking place on the same day or within a short time period represent criminal activity. To do so, the analyst will likely have to dig into data available only through different applications which can be viewed through different screens.”The analyst will need to use some reasoning to come up with the answer and the bank has to hope it is accurate,” says David McLaughlin, chief executive officer of QuantaVerse, a Wayne, PA-based firm specializing in AML transaction monitoring technology. “The element of subjectivity is relatively high; therefore, the potential for error is high.”
As a rule of thumb, the higher the number of alerts generated by a transaction monitoring system, the greater the chance real criminal activity will be missed, say AML specialists. Because there is a window of only 120 days in which to file a SARs from the time an alert is made or 30 days from the time it is concluded the activity is suspect, banks and other financial institutions will try to cut corners by reducing the investigation time. They might even tell analysts to bypass reviewing transactions which have a value of less than US$20,000, claims McLaughlin.
Better Technology
It would make life a lot easier for AML staff if a transaction monitoring system were to sprout out only legitimate alerts and eliminate perfectly legitimate transactions from the research process. That’s not feasible at smaller banks which often decide to simply use an off-the-shelf platform with no customization. “That’s better than nothing, but still not good enough,” warns Kahler. “Examiners won’t be understanding if the financial firm doesn’t do further work to improve the results of its transaction monitoring system.”
Using a one size fis all approach isn’t a good idea. The transaction monitoring system’s rules, models thresholds should be tied into a financial firm’s risk assessment, products and services and cover all customer related activity, recommends Taft. She also cautions that financial firms also shouldn’t use a pre-determined ratio of SARs to alerts be the litmus test for determining the accuracy of a tranaction monitoring system.
Transaction monitoring systems should be tested at least annually to ensure they work correctly and tweaked if necessary. “Regulators are adding more quantitative and technology specialists to their examination teams so it stands to reason they will want to verify that the transaction monitoring system is operating well,” says Taft. “Models and thresholds may need to be changed depending on the results the system generates from the testing process.”
McLaughlin suggests that banks complement their transaction monitoring systems with artificial intelligence applications which could help weed out false positive alerts and increase the number of potentially illegal activities caught. Using AI, as offered by QuantaVerse’s system, would make the investigations process more efficient and effective because it is superior to traditional rules-based applications and human reasoning.
Yet not all AML specialists are convinced of the merits of AI. Analysts and investigators will remain in strong demand, they say, because banks and other financial firms fear they will still have enough false positives to weed out. They will also want to show regulators they are sufficiently staffed.
It stands to reason that global banks, which have the deepest pockets, would have less to worry about than their smaller peers because they can afford to invest the most on the best technology and staff. Unfortunately, that’s not the case. HSBC, Standard Chartered, Credit Suisse and Agricultural Bank of China are just a few of the foreign based-banks which have joined the roster of US banks fined for violations of AML rules.
If the corporate headquarters of a global bank is outside of the US, C-level executives might not want to spend the money needed to adjust global transaction monitoring systems to US standards, according to Taft. The foreign-based banks might also fail to heed the warnings of US AML compliance managers that they could fall afoul of US regulations. Their rationale: US rules don’t apply because the funds in question transmitted through wire transfers are only passing through the US to another destination. The originators or recipients are not US-based.
Yet another rationale some banks might give for having so much trouble with complying with US AML rules: inconsistent interpretation and enforcement of AML rules by different regulatory agencies. “One examiner tells us to do one thing and another says something entirely different,” the AML compliance manager of a New York-headquartered bank. “It all becomes very confusing and a waste of time.”
One solution recently proposed by some large global banks represented by the New York-based Clearing House is to have banks only investigate and report on specific concerns raised by law enforcement. They won’t have to file a SAR on every transaction that smells suspicious. The banks also want FinCEN take over the process of investigating their compliance with AML rules. Such an approach would leave the Office of the Comptroller of the Currency out of the loop when it comes to enforcing federal rules.
But FInCEN doesn’t have sufficient manpower. Nor is it equipt to understand AML programs holistically because too many activities fall outside of traditional AML monitoring, warn AML consultants. They also caution that even if controls were loosened at the federal level, state regulators won’t let banks off the hook. New York’s DFS recently published even more stringent AML rules.
What’s left to do? “Financial firms need to build beneficial relationships with regulators and not react with paranoia,” recommends Taft. “Granted, some examiners are more helpful and knowledgeable than others, but it would make more sense to learn as much as possible from what the regulator is looking for to improve one’s systems and procedures.”
Roger@Alfa-sec.com says
Responsible Relationship Management, Intelligent KYC, Correct Static data set up, Correctly allocated Risk Rating and then comprehensive IT screening and finally intelligent alert evaluation. All of these are so straight forward yet hard to implement given fictionalisation and loss in large banks of a true understanding at staff level of the entire “end to end” process. A great article.