PRACTICAL SOLUTIONS
important to note that a supplemental risk assessment and / or mini risk assessment can be completed in lieu of a full risk assessment when a major event occurs . Failure to have a well-defined methodology tailored to the financial institution that also incorporates recent trends and / or regulatory guidance can expose the financial institution to undue scrutiny from the independent auditors and / or regulators .
Aligning your ML / TF risk to your transaction monitoring program
Over the past 18 months , one of the most commonly cited areas of examiner AML criticism is the concept of sound model risk management and inadequate enterprise-wide risk assessments . Regulatory agencies have shifted resources and attention to assessing how institutions set up their automated transaction monitoring and highrisk customer management programs .
Financial institutions rely heavily on automated systems to identify potential suspicious activity but have been inundated with high levels of false positives , which have taken time and resources away from the ML / TF risks that require the most attention . Scenarios principally based on judgmental and quantitative considerations should be tailored to the institution ’ s specific ML / TF risk profile .
A sound enterprise-wide risk assessment is the key to bridging the gap to effectively identify and monitor ML / TF risks within your financial institution
Conceptual soundness is the foundation for setting up an automated transaction monitoring model commensurate with your institution ’ s ML / TF risk profile . Conceptual soundness involves assessing the quality of the model design and construction , as well as a review of documentation and empirical evidence supporting the methods used and variables selected for the model . 3 In setting up your transaction monitoring system , you should ensure that judgment exercised in model design and construction is well informed , carefully considered and consistent with published research and with sound industry practice .
When setting up your scenarios or rules to be utilized in the automated transaction monitoring system , you should map the areas with higher ML / TF inherent risks to scenarios or rules to ensure there is coverage of such risks . When setting the thresholds for your scenarios or rules , it is important to consider conducting some level of statistical analysis of the percentage of coverage ( i . e ., customer or transactions that would be captured by the scenario ) to determine whether the scenario will identify those customers and / or transactions that present the highest risk . When setting your production scenario or rule thresholds , it is important to consider the results of below-the-line scenarios as there may be potential suspicious activity below your threshold that may warrant the threshold of the scenario to be reduced to include suspicious activity that may have gone undetected .
In addition , you should consider historical suspicious activity experience within your financial institution . Also , it is important to remember that all scenarios and settings should be reviewed in a “ test ” environment before moving them into production to ensure that scenarios are operating as designed .
Once you have implemented your transaction monitoring scenarios or rules , it is important to maintain key performance indicators ( KPIs ), such as an alert to information request percentage , an alert to investigation percentage and an alert to suspicious activity report percentage , as this will assist the institution in determining the effectiveness of each scenario or rule on an ongoing basis .
Some common pitfalls that may occur when reviewing automated monitoring systems are :
• Inaccurate or incomplete model documentation
• New ML risks to the institution are not considered part of the transaction monitoring model
• Misaligned alerts to ML / TF risk profile ( i . e ., focus of scenarios or rules are for areas identified as low risk to the institution )
• High-risk jurisdiction alerts do not consider all countries involved with a transaction and redundant alerts or scenarios ( i . e ., looking at the same activity multiple times )
Financial institutions should look for opportunities to monitor transaction activity by customer peer grouping . This will allow for a more tailored transaction monitoring approach and it will allow an institution to benchmark customers against their peers and identify outliers that may present heightened ML / TF risk to the institution .
In the near future , at a minimum , institutions will need to consider creating a Model Governance Committee responsible for oversight of the institution ’ s model , risk management program . Your financial institution should conduct an AML model inventory documenting all the systems utilized to monitor ML / TF risks within the institution . The Model Governance Committee should determine and document the frequency of any calibration and validation efforts .
In summary , a sound enterprise-wide risk assessment is the key to bridging the gap to effectively identify and monitor ML / TF risks within your financial institution . By setting up your compliance program in a manner commensurate with the institution ’ s ML / TF risk profile , you will be able to focus your attention and resources on those areas that present the highest risk to your financial institution .
Jason Chorlins , CAMS , principal , Kaufman Rossin , Miami , FL , USA , jchorlins @ kaufmanrossin . com
3
“ Supervisory Guidance on Model Risk Management ( OCC 2011-12 ),” Office of the Comptroller of the Currency , April 4 , 2011 , https :// www . occ . treas . gov / news-issuances / bulletins / 2011 / bulletin-2011-12a . pdf
36 ACAMS TODAY | SEPTEMBER – NOVEMBER 2017 | ACAMS . ORG | ACAMSTODAY . ORG