AML Technology: Effective (and Often Expensive)

Banks are turning to the new generation of AML software to improve their compliance efforts, even if they already have an older AML system in place.

Two-and-a-half years after the passage of the USA PATRIOT Act, financial institutions in the U.S. are showing a greater willingness to bite the bullet, and they are beginning to implement the elaborate anti-money laundering (AML) technologies that are increasingly considered necessary to achieve compliance with the new regulations. While large firms are the most active in implementing new AML solutions, mid-tier and even small institutions are also getting involved. Celent estimates that by 2006, 94 percent of large financial institutions, 76 percent of mid-tiers, and 49 percent of small firms will have implemented new AML technologies.

The pressure exerted by PATRIOT can be seen clearly in the fact that banks, which have long been required to report suspicious activity, are turning to the new generation of software -- even if they already have an older AML system in place -- to improve their compliance efforts. Regulators, particularly in certain tough jurisdictions such as the State of New York, are also taking a more active interest in technology issues than in the past, scrutinizing not only the compliance policies and procedures a bank has in place but also the software solutions they are implementing as part of their anti-money laundering program. After focusing over the past two years on the very largest institutions, regulators are now turning their sights on second-tier banks, as signaled by the recently announced $25 million fine against Riggs Bank. The new attention regulators are now paying to the smaller institutions will no doubt spur active spending on compliance solutions by this sector over the coming two years.

In addition, adoption of AML technologies is turning into something of a global phenomenon, as financial institutions around the world increasingly see the need to comply with U.S. AML measures in order to remain trusted business partners of U.S. financial institutions, and as regulators in other countries feel pressure from the U.S. to put their AML houses in order. Countries that have recently adopted or are working on new AML regulations include China, Japan, India, Oman, Pakistan, the Philippines, South Korea, Thailand and the UAE, to name a few. In Europe, a number of countries, including the U.K. and Germany, have had AML regulations on the books since the early 1990s.

AML software solutions help with several separate, but related, burdensome tasks. The first is transaction monitoring, which involves scanning and analyzing the data in transactions and other account information to identify potential money laundering activity. The second is watch list filtering, which involves screening new accounts, existing customers, beneficiaries and transaction counterparties against terrorist, criminal and other blocked-persons watch lists published by various government agencies. A third area is automation of regulatory reporting, which involves the filing of suspicious activity reports (SARs), currency transaction reports (CTRs), or other regulatory reports with the government. An effective AML solution or suite of solutions -- particularly for use by large and mid-tier institutions -- should address all three of these functions. Effective workflow and case management tools are also crucial in enabling compliance or investigative personnel to efficiently prosecute the above-listed three tasks. Finally, the solution should provide a detailed audit trail, so an institution can demonstrate to regulators its compliance efforts, as well as respond to subpoenas or requests for information concerning accounts and transaction activity from regulators and law enforcement agencies.

Implementing these compliance solutions is invariably a long, complex and expensive process. Large institutions in particular should expect implementation to take a long time. A first-generation AML compliance product may turn out to be little more than a core architecture, rather than an off-the-shelf solution. In such cases, the financial institution may have to devote substantial internal resources (from both its IT and compliance departments) to assist the vendor in developing a full-fledged solution. Even more developed solutions may require significant pre- and post-implementation times for data capture and modeling, and for fine-tuning of rules to reach the desired balance between suspicious activity alerts and false positives. Financial institutions should also recognize the necessity of ongoing internal commitment for developing new rules and scenarios as they emerge. Celent estimates that maintenance costs, broadly construed (including development of new rules and scenarios by compliance departments) will amount to roughly five times the initial implementation cost over a five-year period.

At the same time, banks should remember that technology does not work miracles. Even the best compliance software needs dedicated, trained compliance professionals in order to find the needles in the haystack that are money laundering transactions. Although automating this process and reducing compliance personnel costs are major goals of AML solutions, these systems cannot run on automatic pilot; rather, they must be part of a comprehensive anti-money laundering effort that includes dedicated personnel, ongoing employee training, and continued monitoring of compliance regulations, as well as monitoring and adapting to new, sophisticated money laundering techniques as they appear.

Neil Katkov is a senior analyst in the banking group at Celent Communications, a financial services technology research firm based in Boston. He can be reached at [email protected]