BSA/AML software used for screening customers and monitoring transactions comes in differing styles, sizes, and scalabilities, but experts agree that one common denominator is that all of them can be better utilized, whether the bank has been using the software for years or just finished installation.
"The criticism I've heard is that there are too many false alerts [also called "false positives"], so that you and your staff are spending a lot of excess time investigating things that are not going to generate legitimate Suspicious Activity Reports," says John Byrne, president, Condor Consulting LLC, and ABA BJ's AML blogger.
Longtime participants in this compliance subset say that regulators don't give much official guidance regarding monitoring soft ware. Technically, it's not even required, although field examiners are said to frequently ask those banks with any significant transaction volume why they don't use it, if they have not adopted it.
"It's all meant to be part of the risk-assessment process," says Robert Rowe, ABA vice-president and senior counsel.
"The regulators are concerned about achieving a reduction in false positives, but for slightly different reasons than the banks," says S. Ramakrishnan, CEO at Oracle Mantas Products at Oracle Financial Services Software. "The banks require increased efficiencies to save costs. The regulators want fewer, but more targeted, alerts to help ensure that the banks are not missing anything."
"The weak spot is if you don't tell the software to do the right thing," warns Rick Small, a former federal anti-money-laundering official and vice-president at American Express in charge of enterprise-wide anti-money laundering and sanctions risk management. Here are 26 tips from bankers, consultants, and vendors:
1. Understand what technology you are working with. Various systems came from different directions. Some were designed for BSA/AML work, some started as anti-fraud packages, some began as add-ons to core systems from core vendors, others were acquired from independent developers into core families.
Whatever the source, there are various software elements you are dealing with. One is rules engines, according to Erik Stein, vice-president, solutions architecture, in Fiserv's Fraud & Compliance Solutions section. In very simple terms, these are an "if, then" evaluation of behavior against preset types. Such software would be used to look for structuring, for instance. Another element is predictive analytics. Stein explains: This is frequently used to generate typical patterns of bad behavior from a large transaction base; those patterns become a template to check against. Predictive analytics and rules-based monitoring can also be combined, and then there are other techniques, such as profiling. That refers to establishing a given customer's normal behavior, for future comparison.
2. Don't turn it on and go to sleep. "You can't just set it on autopilot," says Doris Waldman, senior vice-president, Salem Five Cents Savings Bank, Salem, Mass. Waldman's $2.8 billion-assets institution is a satisfied user of GlobalVision's Patriot Officer. But she likes redundancy, so the bank also runs a system of its own that was developed using reports generated by its core system's software and developed by Salem Five's IT department. This can help in performing one of Waldman's recommendations-periodic review of the rules the bank has set in its software. Updating, pruning, replanting, rethinking-it all comes with the use of software. (GlobalVision is one of two vendors endorsed by ABA for such software.)
"There's tremendous importance in the human eye," says Lucy Griffin, ABA BJ contributing editor and president, Compliance Resources, Inc.
"The process is a combination of systems and manual input, which you can't avoid at all," agrees Marfa De Lourdes Jimenez, senior vice-president and manager of the corporate compliance division at San Juan's $23. …