The ANTI-MONEY LAUNDERING ASSOCIATION AML SYSTEMS -- Data validation October 20, 2011 - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

The ANTI-MONEY LAUNDERING ASSOCIATION AML SYSTEMS -- Data validation October 20, 2011

Description:

Title: Compliance Training for the Board of Directors First Community Bank of Southwest Florida April 20, 2011 Author: Kristen Stogniew Last modified by – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 30
Provided by: Kriste150
Category:

less

Transcript and Presenter's Notes

Title: The ANTI-MONEY LAUNDERING ASSOCIATION AML SYSTEMS -- Data validation October 20, 2011


1
The ANTI-MONEY LAUNDERING ASSOCIATIONAML SYSTEMS
-- Data validationOctober 20, 2011
  • Kristen J. Stogniew, Shareholder
  • Saltmarsh, Cleaveland Gund

2
  • I am ---
  • 16 years BSA Regulatory Compliance consulting,
    including audit, monitoring, training
  • Attorney - Florida Bar Member since 1995
  • Accredited ACH Professional
  • A deep thinker
  • I am not ---
  • IT person
  • Regulator
  • Vendor representative

3
Agenda
  • Purpose of AML system
  • Examiner expectations
  • Improve your chances of passing data validation
    testing
  • Methodology for testing
  • Determine what is brought in
  • Determine how it is being used
  • Test Input/Output

4
Why implement an AML system
  • ?

5
Regulatory Expectations on AML/MIS systems,
since 2005.
  • FFIEC Exam Manual Independent Testing
  • The Independent Test should addressthe integrity
    and accuracy of MIS used in the BSA/AML
    compliance program. MIS includes reports used
    to
  • identify large currency transactions,
  • aggregate daily currency transactions,
  • funds transfer transactions,
  • monetary instrument sales transactions, and
  • analytical and trend reports.
  • The programming of the Banks monitoring systems
    should be independently reviewed for reasonable
    filtering criteria.
  • Determine whether the system filtering criteria
    are reasonable and include, at a minimum,
  • cash,
  • monetary instruments,
  • funds transfers,
  • and other higher risk products, services,
    customers, or geographies, as appropriate.

6
Implementation Phase
  • Vital to success
  • Takes extensive time
  • Basis for data validation
  • down the road
  • Map out where data is coming in.
  • data feed

7
Data feeds.
XYZ AML System
8
Types of Currency Transactions
9
Implementation Phase, contd
  • What Transaction codes are being used? (are they
    being used correctly consistently?).
  • Example
  • General debit or credit, or
  • Incoming domestic wire Outgoing domestic wire
    Incoming foreign wire Outgoing foreign wire
  • Monetary Instrument sales can implement unique
    code
  • ATM systems cannot always tell if cash or check
    deposit can implement mitigating process

10
Readiness Phase
  • Select your customer sample for CIP/CDD
  • Select your transaction sample
  • Pull report that meets your sample criteria and
    check off against both lists and
  • Pull customer report(s) and verify transaction
    appears, with all ancillary data.
  • Document, Document, Document
  • Test, Test, Test
  • New account reports and any forms
  • Branch cash tickets/teller boards/night deposit
    logs
  • Wire transfers excel logs, or correspondent bank
    reports
  • Branch monetary instrument sales logs

11
During recent Independent Test
  • For the days in our sample, the AML system
    failed to capture the following types of
    transactions
  • Miscellaneous cash out
  • On us non-customer cashed check
  • Money market withdrawal
  • Savings withdrawal and
  • Checking deposit cash in
  • The institution requested the vendor review the
    configuration to determine whyFor the
    transactions, the cash component was missing in
    the configuration

12
Deeper thoughts on implementation
  • Run parallel for a while3-6 months
  • Join your systems user group

13
Why Automated Solution for Monitoring
  • ?

14
Regulatory Expectations, since 2005
  • FFIEC Exam Manual, Suspicious Activity Reporting
    - Overview
  • Management should periodically evaluate the
    appropriateness of filtering criteria and
    thresholds used in the monitoring process. Each
    bank should evaluate and identify filtering
    criteria most appropriate for their institution.

15
Surveillance Monitoring Parameters
  • Initial Rule(s), examples
  • Cash transactions between 7,000 and 10,000
  • 3 or more wire transfers of less than 3,000 in a
    week
  • Wire transfer 5,000 or more in, followed by cash
    out 5,000 or more

16
Surveillance Monitoring Parameters
  • Filter(s), apply the rules to.
  • Subset or risk category of accounts
  • Example, Personal accounts
  • Opened less than 3 months
  • Example, Business accounts
  • In high risk industries

17
Surveillance Monitoring Parameters
  • Intelligent systems
  • Review activity in context to other data
  • Adaptive based on historical activity
  • Can compare against peer group
  • Behavior norms

18
Regulatory Guidance
institution awareness
  • Management should document or be able to explain
    filtering criteria, thresholds used, and how both
    are appropriate for the institutions risks.
  • Recent test comments
  • The BSA Officer was not aware of the AML
    systems parameters that triggered the alert
    reports, and was not able to identify the
    triggers after researching the system during our
    review.

19
Regulatory Guidance - setup
  • System filtering criteria should be developed
    through a review of specific higher-risk products
    and services, customers and entities, and
    geographies.
  • What customers, products and services are
    included within the surveillance monitoring
    system?

Recent test comments Accounts rated as
Charity, Jewel Dealer, and Non-traditional
financial entities are not being assigned added
points at account opening. DBAs are not being
industry-coded.
20
Regulatory Guidance - baseline
  • System filtering criteria, including specific
    profiles and rules, should be based on what is
    reasonable and expected for each type of account.
  • Monitoring accounts purely based on historical
    activity can be misleading if the activity is not
    actually consistent with similar types of
    accounts.
  • What is the systems methodology for establishing
    and applying expected activity or profile
    filtering criteria and for generating monitoring
    reports?

Recent test comment Customer Due Diligence
data obtained at account opening is not being
input to the AML system.
21
Testing Transaction and Rules
Sample screen shot where you can trace your
sampled transaction into the system. Small box
shows the transaction types (data feeds).
22
Surveillance Parameters
Institution created
Vendor supplied
Constant Evaluation - Change Control Processes
23
Deeper thoughts on change control
  • The volume of system alerts should not be
    tailored solely to meet existing staff levels.
  • System changes should be performed independently,
    and documented with
  • purpose for the change,
  • evaluation afterwards, and
  • process to un-do if need be
  • BSA Officer should be involved/aware of all
    system updates. What is the impact on our
    filters/parameters?
  • Re-do testing where applicable!

24
Regulatory guidance on change control
  • The authority to establish or change expected
    activity profiles should be clearly defined and
    should generally require the approval of the BSA
    Officer or senior management
  • Do controls limit access to the monitoring system
    and are there sufficient oversight of assumption
    changes?

Recent test comment The BSA Officer can make
changes to the parameters without IT or other
independent review, and system maintenance
reports do not provide a useful audit trail for
parameter changes.
25
Who uses AML system for Risk Rating?
  • Actual high risk list or something else?
  • Data validation can compare to Board and other
    reports of high risk customers
  • Take transaction tests (performed earlier) and
    verify that points were properly assessed (or,
    transaction was appropriately identified by the
    filter).
  • Sample customers identified as high risk and
    validate appropriate.

26
Who uses AML system for recordkeeping?
  • Test recordkeeping and reporting for
  • Funds Transfers 3,000 or more
  • Cash sales of Monetary Instruments 3,000 or more
  • Customer Identification (CIP)
  • Customer Due Diligence Establish the risk level
    at account opening
  • CTRs
  • SARs

Recent exam comment None of the CTRs thought
to have been created and filed during this period
were actually sent to FinCEN, as the systems
entire filing process was not completed.
27
Who uses system for OFAC/314(a)?
  • Office of Foreign Asset Control
  • Test -- Date of list update(s)
  • Test -- Transactions searched
  • Test name on list
  • USA PATRIOT Act 314(a)
  • Test -- records maintained
  • Test -- kept secure

SAMPLE Audit reports are available under Alerts
Watch List - Reports. Quick Search Log
provides a log of front line or teller searches
against installed lists Watch List Analysis Audit
Log provides an audit trail of scans and list
updates 314(a) Audit Log provides a log of
314(a) files and any matches IAT Audit Log
provides a log of IAT import and any matches The
Installed List panel on the dashboard also
gives a snapshot of the lists the institution is
using as well as when they were last updated.
28
Final deep thoughts..
  • Each System is different
  • Read SAS 70 SSAE 16 reports
  • Create test environment
  • Built in data validations audit reports
  • Missing data reports
  • Daily of new accounts brought in
  • Daily of transactions

29
Questions / Discussion
  • ?
Write a Comment
User Comments (0)
About PowerShow.com