Behavior-Centric AML Systems Can Cause Trouble for Small Banks
This may seem like an exposé on which systems to avoid, but I’d like to avoid litigation, so the AML systems shall remain nameless. But listen up if your community bank utilizes a behavior-centric AML system. The six main AML systems that service community banks use some type of a behavioral element. However, the better systems, in my opinion, are the ones that offer the behavioral element as an optional parameter to use within a rules-centric system. Behavior-centric systems essentially function in a way that if the customer has a history of structuring, they are A-OK. The customer doesn’t deviate from their historical behavior; therefore, the customer is most likely not engaged in anything illicit. It is safe to say that in the AML/CTF realm, using legacy deviation analytics is not effective.
I know there are some BSA Officers that are ready to throw tomatoes in the form of post comments… but hold on for a second. We can assume that the majority of alerts and resulting SARs come from an existing customer base. Meaning, that if a bank opens 200 accounts per month and they have 35,000 existing accounts that the majority of transactions analyzed through the AML system, and thus the corresponding behaviors are historical from established customers. All of that information gets uploaded (to an extent) to the AML system. If a customer deviates from their historical activity that means they are doing something new. But that’s fraud detection. Not money laundering and certainly not terrorist financing. And as time goes on and your customers build what is historical activity, it further dilutes the reality of what you should expect from that customer. Expected activity is not historical activity, nor is it what the customer projected they would do during onboarding.
For example, John Doe conducts cash transactions in April that aggregate to $34,000 – deposit amounts of $8,000, $4,200, $6,000, $4,800 and $11,000. In May, the total cash aggregates to $32,000. The June 1st batch of alerts does not detect John Doe because May activity has not deviated from the historical (April) activity. There are a few issues that one would hope a bank would investigate regarding April’s activity. However, it is not obvious structuring so unfortunately many banks would disposition the alert as not suspicious – once they get a reasonable answer from the branch regarding the source of the cash or they will disregard the alert all together because there was one reportable transaction ($11,000).
If a customer has a history of laundering funds or a history of structuring, that doesn’t mean if they continue to perform those transactions that their activity is suddenly legitimate. While the FinCEN Exam Manual needs some updating and clarification in the Surveillance Monitoring section, they do get one statement right – “Monitoring accounts purely based on historical activity can be misleading if the activity is not actually consistent with similar types of accounts.” I’d like to take that one step further and state that monitoring purely based on historical activity (deviation) – without an in-depth analysis and justification of the historical activity (i.e. – high-risk customer review) – is misleading, to the point of not detecting suspicious activity.
So, if your AML system only allows the adjustment of deviation thresholds, difference percentages and risk ratings (for transaction monitoring, not high-risk customer detection) – then the system is most likely missing out on uncovering and reporting suspicious activity. Especially when it comes to detecting structuring activity – that should not have a behavioral or historical element to the rule. Structuring is structuring, even if they have a history of it. In addition, monitoring for long-term structuring, long-term suspicious cash activity, cash/wire relationships, micro-structuring, higher risk ACHs and cash are standard areas that need to be addressed by community banks and most times banks have to add these manual transaction monitoring processes to their behavior-centric AML system. Why have the AML system in the first place?
And some may be asking, if this is such a problem why has my examiner not noted any issues with the AML systems that are mainly behavior-centric? Good question. I’d like to ask your examiner (but mainly your audit firm) why they haven’t caught it yet since it is in the FinCEN Exam Manual. The effectiveness test of an AML system should not just reside within the system criteria itself – there has to be analysis and evaluation of the system’s approach to alerting the bank to suspicious activity along with analysis of the “activity the bank is trying to identify and control” (p. 66 of the Manual). In addition, most examiners don’t test to that level – they wait for the eventual fallout of the system not alerting the bank to suspicious activity – missed SAR filings. And that is a serious issue for community banks, especially those in growth mode.
© 2018 Palmera Banking Solutions
Author: Sarah Beth Felix