Upload
andrew-simpson
View
185
Download
0
Embed Size (px)
Citation preview
Denver, Colorado
TRANSACTION MONITORING BEST PRACTICES
FOR
BSA/AML REGULATION
PRESENTER: ANDREW SIMPSON
Agenda
• Getting the Data Right
• Analytics for Monitoring
• From Monitoring to Insights
• Realizing the Value
• Q&A
Getting the Data Right
Dimensions for Analytics
Customer
GeographicHousehold
*Transaction dimension excluded because presentation limited to WU activities.
Data Challenge
• Existence
• Completeness
• Validity
• Accuracy
Data Refinement
• Parsing
• Standardizing
• Fuzzy Matching
ParsingSource House Street Suffix City Zip Code State Country
234 Leader Ave, Denver, Colorado, 80327, United States 234 Leader Ave Denver 80327 Colorado United States
234 Leadr Avenue, Denver 234 Leadr Avenue Denver Colorodo
Leader St., Denver, USA Leader St. Denver USA
StandardizingSource Number Street Suffix City Zip Code State Country
234 Leader Ave, Denver, Colorado, 80327, United States 234 Leader Avenue Denver 80327 Colorado USA
234 Leadr Avenue, Denver 234 Leader Avenue Denver 80327 Colorado USA
Leader St., Denver, USA Leader Avenue Denver 80327 Colorado USA
Best of Breed RecordSource Number Street Suffix City Zip Code State Country
234 Leader Avenue, Denver, Colorado, 80327, USA 234 Leader Avenue Denver 80327 Colorado USA
Virtual Customer ID
• Fuzzy matching
• A unique ID
• This allows us to create a virtual single instance of the customer
• Apply similar concept to other dimensions (household and geographic)
• Still very valuable even without the fuzzy matching
Virtual ID Name Address ID Presented Certainty
100900212 Andrew Simpson 234 TRELAWNEY CIRCLECONYERSGA 30013
DL#0**~*33 100
100900212 Andrew Simpson 234 TRELAWNEY ROADCONYERSGA 30013
95
100900212 A. Simpson DL#0**~*33 90
Analytics for Monitoring
Driven by Risk Assessment
• What to monitor?
• Frequency?
• Focus on highest risk
• Segmentation
Thresholds
• Straightforward where amounts over threshold.
• Identify single customer structuring:
– Multiple transactions exceeding threshold within the day
– Intentionally staying below the threshold (e.g. $2,990)
Structuring
• Multiple transactions by a customer across locations to evade CTR filings.
• Individually below threshold but cumulatively above.
Hints
Benefits from refined customer and household data
Exclude noise like P.O. Boxes, blanks or invalid addresses
Make the time period for review a variable (i.e. don’t just use a day)
Smurfing
• Multiple transactions by multiple customers across locations to evade CTR filings.
• Individually below threshold but cumulatively above.
• May be to the same recipient.
Hints
Isolate all the suspected smurfs and then examine receivers for trends
Correlate the receiver with information from your network analysis – later in PPT
Flipping
• Receives a transaction and quickly resends or vice-versa.
• May keep a small portion (“fee”).
Hints
Make the timeline for the flip a variable and do “what-if” to see what works best
Make a distinction between a fee taken or not. Then examine other inbounds that are not flipped.
“Mules”
• Sending from and receiving at the same location.
Hints
Suggest you limit this to same location or city so as to not mix with flipping.
Make a distinction between a fee taken or not. Then examine other inbounds.
Networks
• Layering evidenced by a collection of smurfing, flipping, mules, etc.
• Correlation between senders and receivers
Hints
There are some good tools available to do this. However you can achieve something success with just summaries.
Multiple Customers - Same Address
Hints
Benefits from refined data
Exclude noise like P.O. Boxes, blanks or invalid addresses
Prioritize by number of customers or amounts sent or frequency
Single Customer - Multiple Addresses
Hints
Benefits from refined data
Reduce false positives by using more than just name (e.g. ID)
Prioritize by number of addresses or amounts sent or frequency
Inherently Risky
• Identifying transactions to and from “high” risk countries.
• Refer to Financial Action Task Force (FATF) website – fatf.org
Elder Abuse
• Treat transfers from elderly customers as higher risk
• Also correlate to high risk payout locations/recipients
• HQ Compliance should detect any structuring
Hints
Make the age variable by sex
Flag known recipients and trigger a red flag on future transfers
NGO/Charity/Religious
• Use keywords to detect
• Treat as higher risk transactions
• May be used for tax evasion and money laundering
Hints
Adjust thresholds for detection based on existing cases
Add new keywords over time
Collusion Detection
• Trending by locations and employee:– Falsified addresses (“ANYWHERE STREET”)
– Invalid or duplicated IDs
– Invalid or duplicated SSN
From Monitoring to Insights
By Locations
• What locations am I having a challenge with?
• What is the most frequent anomaly detected?
• What controls are failing?
Indicators
• Why did we allow the structuring?– Was not aware of the requirements
– Not structuring (false positive)
– Scared of customer
• What actions were taken?– Filed a SAR
– Requested additional details
– Rejected transfer
Realizing the Value
Risk Scoring
Customer VID: 900989873
Name: Paul Barton
Risk Rating: High
Indicators:Threshold Reached (6 red flags)
Smurfing (25 red flags)
SARs filed (20)
Using multiple addresses (4 locations)
Actionable Insights
• Identify what controls are not working
• Address root cause
• HQ Compliance should play oversight role
• Allow locations to play localized role
• History and context are important
• One platform to coordinate all activities
Q&A
Presenter:
Note that neither CaseWare nor Western Union is stating that these are the absolutely requirements for compliance. This presentation is intended to suggest approaches and provide examples to the participants.
Andrew Simpson Chief Operating OfficerCaseWare [email protected]