Wolfsberg Group: Developing an Effective AML/CTF Program
The Wolfsberg Group says it is pleased to see jurisdictions are adopting the Financial Action Task Force’s (FATF) focus on effective outcomes.
Wolfsberg, which represents a number of major banking organizations, had outlined key elements of an effective Anti-Money Laundering/Combatting Terrorist Financing (AML/CTF) program earlier. It includes:
- Providing highly useful information to relevant government agencies in defined priority areas
- Establishing a reasonable and risk-based set of controls to mitigate the risks of a Financial Institution (FI) being used to facilitate illicit activity
The Wolfsberg Group says it is encouraged that several unnamed jurisdictions have moved towards more effectiveness-focused AML/CTF regimes.
Complying with AML/CTF laws and regulations
The Group suggests FIs need to take the following steps to evolve their AML/CTF programs:
Assess Risk in Defined Priority Areas: The starting point for an effective AML/CTF program is understanding risks associated with financial crime areas in jurisdictions that are relevant to the FI, the applicability of those risks to the FI, and material changes to those risks over time.
The Group says a priorities-focused AML/CTF regime is most effective when relevant government agencies specifically define a set of national priorities for FIs to focus on.
Implement/Enhance Controls: Once an FI has confirmed its potential risks in the priority areas, it should assess its controls against the identified risks, which may then result in the enhancement of existing controls, or the implementation of new controls, and associated governance, to mitigate those risks.
Prioritize Resources: FIs should use a risk-based approach to reallocate time and resources from lower-risk areas to higher-risk areas. FIs should also assess the benefits of harnessing technological developments (such as machine learning and artificial intelligence) and, if proven, should consider adopting these capabilities more widely and discontinuing practices that do not lead to one of the key elements of an effective AML/CTF program.
Engage with Law Enforcement: FIs should engage actively with the appropriate level of law enforcement in order to understand operational priorities and assist agencies and understand trends and emerging threats from a more strategic perspective.
The Group believes the most effective engagement is through Public-Private Partnerships (PPPs) of which there are many examples, although the models in place differ.
Demonstrate AML/CTF Program Effectiveness: The risks that each FI is exposed to, and how it assesses and mitigates those risks, will vary by FI. The Group said an assessment of effectiveness should not merely be a statistical exercise. Effectiveness can be enhanced when both law enforcement agencies and supervisors provide feedback on what they have found to be most effective in an FI reporting and/or how components of the FI’s program have been implemented.
The Group believes that this approach will enable FIs to detect and deter criminal activity more effectively and efficiently, while at the same time reducing friction on innocent customers and helping governments achieve their financial inclusion objectives.
Collaboration needed among stakeholders
As AML/CTF regimes around the world continue to focus on effectiveness, the Group remains committed to collaborating with policy makers, supervisors, law enforcement agencies and other stakeholders to develop this approach further.
In conclusion, the Group said it would publish additional materials on each of the five steps described above to assist FIs in developing, and continuously enhancing, their AML/CTF programs.
Read the full statement here.
As the Group continues to promote ways to prioritize resources, CaseWare RCM, makers of the financial crime fighting solution Alessa, believe FIs should continue harnessing technological developments. Tools like machine learning and artificial intelligence can be instrumental in making the initial detection of suspicious transactions more accurate and reduce the number of false positives.
Alessa uses both rules-based and AI-based techniques to help AML teams focus their efforts on genuine alerts and the following sections outline how to get started with these techniques.
Identify AML/Fraud cases
Once you decide how to evolve your FI’s program, the next step is to identify AML and/or fraud use cases, as well as any supporting data ingested by the AI system.
It is worth noting that AI and machine learning will not completely replace the need for people. Human or natural intelligence has to be coupled with machine intelligence in an effective AML program. However, what machine intelligence can do is look at both structured and unstructured data to detect patterns or clusters of activity that may be out of the ordinary and potentially fraudulent.
It should also be noted that solution providers do not “program” the AI system to detect threats – they help financial institutions to train it to do so.
This requires people who are subject matter experts and leaders within the AML compliance and fraud space to work in conjunction with the AI system to determine whether abnormal behaviours or clusters of transactions are suspicious or fraudulent.
Start with anomaly detection
The first model that should be implemented by every organization is anomaly detection. It uses an organization’s data and data science to detect behavior that does not fit within expected norms.
These include scenarios such as sudden large deposits or credits to an account. A collective anomaly could flag a case where unusual or frequent deposits are made into a chequing account. It may be unusual to have frequent deposits even though the value of the deposit is not suspicious or above mandatory reporting levels.
It should be noted that to have an effective anomaly detection system, organizations need to implement a solution that detects all the different kinds of anomalies. That is because not all anomalies are fraudulent, but they do require further investigation.
To help compliance staff manage anomalies, the technology should be configured to rank alerts by risk level.
Transaction monitoring using machine learning
Most organizations are familiar with rules-based transaction monitoring with instances like transactions exceeding a value or coming from a flagged high-risk account.
While these are still valid and need to be part of any transaction monitoring system, technology has allowed financial institutions to augment the effectiveness of these systems with machine learning where the system is designed to look for suspicious or fraudulent behaviour.
Like in anomaly detection, the system uses data science and machine learning to take in various inputs, including historical data that led to a filing of a suspicious activity report (SAR), to determine whether a transaction is likely to be fraudulent.
Effective AI technology solutions use a layered analytics approach, which allows financial institutions to reduce the high levels of false positives generated by rules-based systems.
Fewer false positives allow compliance staff to focus on investigating true compliance risks and fraudulent cases.
Robotic Process Automation (RPA)
Analysts spend a significant and often exhaustive amount of time reviewing a large number of alerts and cases. The process is prone to human error – which can be costly for an organization. Robotic process automation increases the speed and efficiency at which decisions are made during the review process while taking away the need for compliance staff to get involved with routine tasks.
Organizations that incorporate automation into their programs enjoy many benefits, including time and cost savings, increased compliance, fewer errors and the ability to quickly adapt to new rules and regulations.
Tasks that can be successfully automated include those that are:
- Rules-based, rather than those that require human intervention
- Are triggered and supported by digital data
- High volume and repetitive.
When starting on their automation journeys, many financial institutions look at their tasks and processes that are very time consuming and routine. Examples of where automation and workflows can be used by financial institutions for AML compliance include:
- Validating client information against internal and external sources during the customer due diligence phase
- Screening customers against sanctions, politically exposed persons (PEPs) and negative news lists
- Acknowledging and resolving alerts created by the transaction monitoring system that should be treated the same way
- Verifying account activity of high-risk activities
Machine learning and artificial intelligence can do much more than what is listed in this article to enhance the effectiveness of AML compliance program. To learn more how your financial institution can take advantage of these technologies, contact us today.