Avoid the needle-in-the-haystack trap in AML Compliance
By Frank Cummings, CEO of AML Partners
People overwhelmed by the challenge of successful AML Compliance often default to the analogy that they’re looking for needles in haystacks. But what if they just worked smarter and identified the needles before they got mixed up in the hay? So clearly that metaphor is breaking down, but the premise is critical: Manage AML by exception. Full stop.
Managing by exception means doing your risk analysis early and well. And it means analyzing risk factors specific to your institution—and to its various branches, books of business and so on.
Analyzing risk early and well should result in a catalog of expected behaviors—and more importantly a catalog of unexpected behaviors. It’s these unexpected behaviors that are central to managing by exception. These are the needles that never make it into the haystack in the first place.
On one hand, this seems so obvious. But think about your work in AML Compliance. Think about all the times you have been a part of an AML program in which the development of a true Risk-based Approach is insider jargon rather than an operationalized plan. Or all the times when the nitty-gritty of completing a data-driven Enterprise Risk Assessment was passed along from one person to another for contributions that looked sorta/kinda right on paper but that may not dig deeply enough or cohesively enough into the manifestations of risk present in your institution’s distinct books of business.
In contrast, treating these foundational analyses like high-level brain games can yield long-term benefits. Specifically—focusing on your own institution’s unique books of business—what exactly would expected behavior look like? If you know the expected behaviors of customers, can you accurately imagine and then define the unexpected behaviors?
A perfect example is a behavior associated with terrorist financiers—a lesson learned when investigators followed the money that facilitated the 9/11 terrorists. After the fact, investigators identified as suspicious the act of one person sending money multiple times to five or more distant individuals, and then those individuals sending money back to that one individual a single time (i.e. returning unused funds just before an attack).
Legitimate businesses might also engage in those types of transfer behaviors—but in legitimately predictable ways. When you know intimately your books of business, you empower yourself to manage AML by exception. You do not commit time and resources to flagging those predictable behaviors; instead, you tune your AML Compliance program to flag that which is unpredictable or unexpected.
Again, this sounds so obvious. But time and time again, we see catch-all AML efforts. And in this high-tech, globalized environment, catching everything means catching nothing. It’s that ‘needle in a haystack’ problem—too much ground to cover too much of the time.
Part of the problem is that while we all want to work smart, it’s the age-old challenge of trying to build the plane while we’re flying it. It’s not like institutions shut down for a month every year so that Compliance staff can take the time and resources to re-analyze and re-tune their core AML programs. But committing to that analytical effort—that level of deep and cohesive ongoing analysis to define and flag unexpected behaviors—is one of the cornerstones of effective and efficient AML Compliance.
________________
SURETY Eco: End-to-End AML/CFT Compliance
When you’re ready to manage your AML by exception, SURETY Eco is your best AML/CFT software solution. AML Partners thrives on innovation in AML software solutions—innovations that deliver fully configurable software solutions that “Comply on the Fly.” To learn about SURETY Eco and its fully integrated CDD/KYC, transaction monitoring with optional 314a, and sanctions screening capabilities, call us today. We will show you how SURETY Eco adapts completely to your unique risk-based approach. SURETY Eco: The AML Software Ecosystem for end-to-end fully integrated AML/CFT Compliance.
