Sponsored by Kaufman Rossin, Infinity Consulting Solutions, Inc., & Hunton and Williams
The primary aim of the new rule is to bring AML measures firmly into the 21st century, placing heavy emphasis on technology to revamp transaction monitoring. This rule shows a considerable shift in N.Y regulator attitude as the DFS is actively encouraging financial institutions to embrace technology and make it a necessary component of AML compliance programs, highlighting especially that manual solutions are no longer fit for purpose. This should bring a resounding sigh of relief from the global compliance community, who know all too well just how unsustainable manual compliance solutions have become and how new technologies are needed.
Applying a Risk-Based Approach to Transaction Monitoring
The application of a risk-based approach to transaction monitoring rules can be achieved by taking some measures within the transaction monitoring systems such as incorporating the customer’s risk and product risk levels into the rules and implementing a suppression of repetitive alerts which represent no ML risk.The key input is the AML/CTF Risk Assessment, which will identify and assess the money laundering risks posed by the products and services used by their customers’ and the geographies where they conduct their business.The financial institution will implement enhanced monitoring over higher risk customers, products, and geographies.
Common Pitfalls When Reviewing Monitoring Systems
Inaccurate or incomplete model documentation.
New ML risks to the institution are not included promptly in the transaction monitoring model.
Misaligned alerts to ML/TF risk profile (i.e., focus of typologies are for areas identified as low-risk to the institution).
High-risk jurisdiction alerts do not include all countries involved with a transaction and redundant alerts or scenarios (i.e., looking at the same activity multiple times).
Inadequate controls over the integrity of the data being submitted to transaction monitoring.
Current Environment of Model Calibration and Validation
Transaction monitoring is a complicated and data-intensive process. AML Teams can take stock by asking the following questions:
Are transaction monitoring rules documented thoroughly enough for a qualified third-party validator to replicate them? (e.g systematic overrides, such as white lists and learning algorithms)
Does the documentation provide a comprehensive description of how each typology is intended to work?
Are thresholds appropriately defined and supported by the requisite evidence of testing?
Is there detailed evidence to demonstrate that every eligible transaction has been subjected to transaction monitoring?
Implications and Challenges Ahead
Financial institutions will be working to comply with the DFS 504 regulation simultaneously with other recent regulations, such as FinCEN’s regulation on beneficial ownership and customer due diligence, adding the fifth pillar to the AML compliance program. This must be a coordinated effort from both a risk assessment and technology standpoint, adding to the complexity of the implementation and consistent execution.The thoroughness of the transaction monitoring and filtering program requirements calls for the close cooperation between the line of business functions and the compliance department. Financial institutions that do not have robust monitoring of data quality as information moves through varying systems may encounter challenges as they attempt to integrate different information systems into a cohesive program. There is an increasing emphasis on the importance of tone at the top, as well as the assumption of individual liability. Senior officials certifying parts of the AML program should take note of their tone at the top and seek to enforce a strong compliance environment throughout their organization. Financial institutions should ensure that they hire and retain highly qualified personnel to support the continuous improvement of their AML Compliance program.