4
Paul Reuben and Martin Chipperfield were classmates in Business School. After a gap of 7 years they run into one another at Chicago’s O’Hare to find that coincidentally they are programme managers in two banks; one a European giant and the other a Community Bank. Not so coincidentally they are seized with the onerous task of staying on top of their jobs in implementing the provisions of the US Patriot Act and its significant and rapidly increasing updates. Their flights are late and they get to talking about their life and professional concerns. The BSA Act and compliance with its anti money laundering provisions are on top of their minds. The risks of non-compliance are high. More than safeguards against operational, legal and concentration risks the reputational risk as seen by the top management is severe. They wondered why they had not considered the perils of downplaying this aspect of testing so far. They muse; if only they could find an independent testing house that is an expert on the AML domain! If not, with the frequent ‘Federal Deposit Insurance Corporation’ (FDIC) audits and with their CFOs on their necks to ensure strict compliance, their jobs could be on the line. The banks were tuned to Yellow Hammer™ BSA and Prime™ AML applications. Yet, it was becoming hard to find an independent testing house that is comprehensively competent to test and certify the system for compliance with ‘Know Your Customer’ (KYC), ‘Enhanced Due Diligence’ (EDD), and ‘Customer Due Diligence’ (CDD) requirements, the various transaction risk monitoring procedures and ‘Office of Foreign Asset Control’ (OFAC) validations! Going into the details Paul and Martin find that their concerns were more or less the same and were centered on ‘Bank Secrecy Act’ (BSA) compliance structures, Core examination procedures, Currency transaction reporting, the MT 202 COV format, ‘Suspicious Activity Reporting’ (SAR), ‘Automatic Clearing House’ (ACH) transactions, trade finance and third parry payment processes. Prompt compliance with FDIC audit findings was a constraint that could no longer be wished away under the excuse of changing compliance structures. Winter was setting in. They had just a couple of months to find an independent and competent AML testing vendor. CASE STUDY: TESTING FOR ANTI-MONEY LAUNDERING (AML) COMPLIANCE

Testing for AML Compliance ( Case Study)

Embed Size (px)

DESCRIPTION

Thinksoft's AML Testing Framework

Citation preview

Page 1: Testing for AML Compliance ( Case Study)

Paul Reuben and Martin Chipperfield were classmates in Business School. After a gap of 7 years they run into one another at

Chicago’s O’Hare to find that coincidentally they are programme managers in two banks; one a European giant and the other

a Community Bank. Not so coincidentally they are seized with the onerous task of staying on top of their jobs in implementing

the provisions of the US Patriot Act and its significant and rapidly increasing updates.

Their flights are late and they get to talking about their life and professional concerns. The BSA Act and compliance with its

anti money laundering provisions are on top of their minds. The risks of non-compliance are high. More than safeguards

against operational, legal and concentration risks the reputational risk as seen by the top management is severe. They

wondered why they had not considered the perils of downplaying this aspect of testing so far. They muse; if only they could

find an independent testing house that is an expert on the AML domain! If not, with the frequent ‘Federal Deposit Insurance

Corporation’ (FDIC) audits and with their CFOs on their necks to ensure strict compliance, their jobs could be on the line.

The banks were tuned to Yellow Hammer™ BSA and Prime™ AML applications. Yet, it was becoming hard to find an

independent testing house that is comprehensively competent to test and certify the system for compliance with ‘Know Your

Customer’ (KYC), ‘Enhanced Due Diligence’ (EDD), and ‘Customer Due Diligence’ (CDD) requirements, the various transaction

risk monitoring procedures and ‘Office of Foreign Asset Control’ (OFAC) validations!

Going into the details Paul and Martin find that their concerns were more or less the same and were centered on ‘Bank

Secrecy Act’ (BSA) compliance structures, Core examination procedures, Currency transaction reporting, the MT 202 COV

format, ‘Suspicious Activity Reporting’ (SAR), ‘Automatic Clearing House’ (ACH) transactions, trade finance and third parry

payment processes. Prompt compliance with FDIC audit findings was a constraint that could no longer be wished away under

the excuse of changing compliance structures. Winter was setting in. They had just a couple of months to find an independent

and competent AML testing vendor.

CASE STUDY: TESTING FOR ANTI-MONEY LAUNDERING (AML)COMPLIANCE

Page 2: Testing for AML Compliance ( Case Study)

Case Study: Testing For Anti-money Laundering (AML) Compliance

Not having short listed any AML testing vendor they thought they

would check out with a few well known banking consultants. With

Martin’s flight to Wisconsin being announced, they parted having

decided to compare notes after a year or so.

The story thereafter: Armed with their check list and in

consultation with banking consultants and independent of one

another both Paul and Martin found vendors who inspired

confidence in them. They took the plunge.

At Paul’s Bank:: In a couple of months of being contracted, with

respect to the Yellow Hammer application, the AML testing vendor

was able to:

• Ensure that the peer group definitions for various ‘North

American Industry Classification System’ (NAICS) codes were in

order

• Help the bank’s operational users to define and set up ‘new

analysis definitions’

• Bring down the overall failure to 4.16% against the executed test

count of 1,227

• Bring down the defect distribution (percentage of showstopper

& critical defects over total defects) from the observed 9.81% to

less than the allowed 5% during UAT

• Help the bank in cleansing up all their data by initiating a

separate data quality project

• The need for cleansing arose because data analysis revealed

inconsistencies between the TIN information of customers,

appropriate NAICS codes and account closure dates

• 40 per cent of the defects were found in the base product

version in the consoles relating to reports, review risk rating and

managing peer definitions

At Martin’s Bank:: With respect to the Prime Compliance suite

application the newly contracted vendor was able to help the

bank validate CDD, BSA reporter and OFAC reporter modules

• Bring down issues raised to 1.77% against the executed test

count of 787

• Bring down the percentage of showstopper and critical defects

over total defects to less than recommended 5 % from the

observed level of 7%

• Identify business critical defects, which were found to be 58%

of the total defects identified

Seven months later Paul and Martin met up at a seminar and

that evening shared their success stories. Amazingly both had

honed in on the same AML testing expert vendor. They compared

their own experience and the formal feedback from the vendor.

With their flights being further delayed they went into the details of how they would refine their search. They realized that they wanted an AML testing house that would: -

• Understand their customer identification programs

• Suggest improvements to existing ‘Account Due Diligence’ (ADD) and CDD procedures

• Validate changes to a customer profile based on risk category

• Clearly understand the existing SAR and ‘Currency Transaction Report’ (CTR) filling procedures.

• Effectively validate risk assessment models and execute multiple data manipulations to ascertain the effectiveness of the current risk assessment

• Conduct link analysis and link unrelated accounts based on transactional patterns (type, volume, amount etc.)

• Provide accurate measures of the level of alerts generated by the system.

• Validate the system’s accuracy in migrating data and provide risk based analytics

Page 3: Testing for AML Compliance ( Case Study)

Value Additions by the champion AML tester

• Recommended operational procedures to tie up the CTR

related communication between Yellow Hammer and vertex

(Back-end system) which will improve operational efficiency of

the business users

• Quality of the defects raised enabled the bank to identify

customers and accounts involved in suspicious and fraudulent

transactions and thereby install effective control procedures

• Early and accurate unearthing of defects helped the bank to

comply with BSA norms within the agreed timelines

• Effective root-cause analysis performed on the data

integrity/inconsistencies issues formed a basis for the banks to

take corrective action in their respective source systems.

• Identification of inconsistencies in risk rating console enabled

the bank to enhance their current risk modeling and risk

grouping

• Proven business scenarios from the repository were reused to

ensure a robust system against the existing suspicious activities.

• Made the banks realize that AML testing was not to be treated

as a one short exercise. It was to be an ongoing process, with

testing to be done at least once in 6 months in addition to being

in sync with new releases or when application/system changes

are carried out.

Now who is this champion AML testing vendor that both Paul and

Marin were gung ho about? None other than Thinksoft Global

Services Ltd.

Some challenges faced by the AML testing vendor:

• Lack of clarity within the bank in the definition of functional

requirements and scattered documentation.

• Access restrictions on the vendor due to the Data Protection

Act.

• Limited time window available to the vendor for testing the

system

Suggesting that a competent AML vendor be identified early in

the core software acceptance phase!

• Limited access to the test environment to set up new transaction

rules, reports and work lists

Suggesting that the business user needs to play a proactive role

in having the software developer willingly coordinate with the

independent AML testing vendor!

• The vendor’s personnel had the necessary technical skills and

people skills to overcome all the constraints with the minimal of

friction

Project Highlights

• Business critical transaction related gaps were identified in the

AML application during initial discussions with the business

users as part of strategy discussions.

• Loopholes linked with instruments other than cash were

plugged

• Issues relating to data mapping were identified during the

planning phase resulting in eliminating down-time during

execution.

• Based on extensive experience the vendor was able to guess

the clerical errors that could have crept up in mapping

customers to their rightful NAICS codes

• Functional scenarios were prepared for different consoles and

reports

• Transactional rule & risk assessments tested with masked

production data.

• The CTR console was tested for both CTR filing and exemptions

to ensure effective monitoring of cash transactions

• Appropriate data selection through effective analysis of

transaction pattern covering different category of customers and

periods to detect potential structuring and Smurfing activities

• Periodical reports validated for different peer group

Matching text algorithms and sanction data rules were validated as

a part of OFAC programs

Page 4: Testing for AML Compliance ( Case Study)

Disclaimer: All the documentation and other material contained herein is the property of Thinksoft Global Services and all intellectual property rights in and to the same are owned by Thinksoft Global Services. You shall not, unless previously authorized by Thinksoft Global Services in writing, copy, reproduce, market, license, lease or in any other way, dispose of, or utilize for profit, or exercise any ownership rights over the same. In no event, unless required by applicable law or agreed to in writing, shall Thinksoft Global Services, or any person be liable for any loss, expense or damage, of any type or nature arising out of the use of, or inability to use any material contained herein. Any such material is provided “as is”, without warranty of any type or nature, either express or implied. All names, logos are used for identification purposes only and are trademarks or registered trademarks of their respective companies.

For more details visit, www.thinksoftglobal.com

Case Study: Testing For Anti-money Laundering (AML) Compliance

Thinksoft’s AML testing framework

• Identify High Risk banking areas

(products, services, customers,

entities, and geographic locations)

• Derive and agree on Project Scope

• Understand KYC Procedures /

Customer Identification

Programs/Transsactional Monitoring

• Analyze the Risk identification

Programs

• Business scenarios designed to

ensure optimum coverage

• Data selection to validate Boundary

value and Negative testing

scenarios

• Functional matrix to highlight

coverage

• Risk based execution based on

business criticality and functional

complexity (e.g customer due

diligence)

• Structured Testing and Timely

reporting

• Agile Planning methods ensuring

faster delivery


1. Insufficiently Linking the AML Compliance Pro- gram to ...1. Insufficiently Linking the AML Compliance Pro-gram to the Firm’s AML Risk Assessment In some sense, preparing for

1. Insufficiently Linking the AML Compliance Pro- gram to ...1. Insufficiently Linking the AML Compliance Pro-gram to the Firm’s AML Risk Assessment In some sense, preparing for

Documents
Standards for AML/CTF Compliance Management in Canada ... · Standards for AML/CTF Compliance Management in Canada: Assessing Your Regime’s Score Card Money Laundering in Canada

Standards for AML/CTF Compliance Management in Canada ... · Standards for AML/CTF Compliance Management in Canada: Assessing Your Regime’s Score Card Money Laundering in Canada

Documents
AML: RISK MANAGEMENT & COMPLIANCE PROGRAMME

AML: RISK MANAGEMENT & COMPLIANCE PROGRAMME

Documents
MITIGATING THE SANCTIONS RISK IN AML COMPLIANCE

MITIGATING THE SANCTIONS RISK IN AML COMPLIANCE

Documents
AML Compliance Risk Assessment and Testing - AIBAaiba-us.org/wp-content/uploads/2012/05/Compliance-Testing.pdf · AML Compliance Risk Assessment and Testing AIBA Quarterly Meeting

AML Compliance Risk Assessment and Testing - AIBAaiba-us.org/wp-content/uploads/2012/05/Compliance-Testing.pdf · AML Compliance Risk Assessment and Testing AIBA Quarterly Meeting

Documents
Welcome to MSB/AML Compliance Training…walshagencyinc.com/pdf/MSB_AML_Training.pdfWelcome to MSB/AML Compliance Training ... certify you and send you your AML Certificate within

Welcome to MSB/AML Compliance Training…walshagencyinc.com/pdf/MSB_AML_Training.pdfWelcome to MSB/AML Compliance Training ... certify you and send you your AML Certificate within

Documents
AML/CFT and Financial Inclusion: New Opportunities Emerge ......AML/CFT compliance. Part II discusses changes in AML/CFT compliance assessment introduced in the new Assessment Methodology

AML/CFT and Financial Inclusion: New Opportunities Emerge ......AML/CFT compliance. Part II discusses changes in AML/CFT compliance assessment introduced in the new Assessment Methodology

Documents
True Cost of AML Compliance Philippines “Snapshot” · 2019-10-01 · 3 Methodology & Definitions 2019 True Cost of AML Compliance –Philippines LexisNexis® Risk Solutions retained

True Cost of AML Compliance Philippines “Snapshot” · 2019-10-01 · 3 Methodology & Definitions 2019 True Cost of AML Compliance –Philippines LexisNexis® Risk Solutions retained

Documents
2017 Managing BSA AML Compliance - resources.gabankers.comresources.gabankers.com/Event Agenda PDFs/2017... · Managing BSA/AML Compliance Financial Solutions * May 2017 6 Five Pillars

2017 Managing BSA AML Compliance - resources.gabankers.comresources.gabankers.com/Event Agenda PDFs/2017... · Managing BSA/AML Compliance Financial Solutions * May 2017 6 Five Pillars

Documents
ACI's AML & OFAC Compliance for the Insurance Industry (Day 1)

ACI's AML & OFAC Compliance for the Insurance Industry (Day 1)

Documents
AML and Compliance Analytics

AML and Compliance Analytics

Data & Analytics
Countering Money Laundering: Compliance, Investigation ......•˚Compliance-dominant legislation •˚Regulatory •˚Substantive (prohibitory) AML law •˚Second-tier AML legislation

Countering Money Laundering: Compliance, Investigation ......•˚Compliance-dominant legislation •˚Regulatory •˚Substantive (prohibitory) AML law •˚Second-tier AML legislation

Documents
True Cost of AML Compliance Indonesia “Snapshot” · 3 Methodology & Definitions 2019 True Cost of AML Compliance –Indonesia LexisNexis® Risk Solutions retained KS&R, a global

True Cost of AML Compliance Indonesia “Snapshot” · 3 Methodology & Definitions 2019 True Cost of AML Compliance –Indonesia LexisNexis® Risk Solutions retained KS&R, a global

Documents
audit & assurance (veie poradenství a analýza v …audit & assurance (veie poradenství a analýza v AML, compliance 2012 - 3/2017 Specilista AML, compliance, forer specialista v

audit & assurance (veie poradenství a analýza v …audit & assurance (veie poradenství a analýza v AML, compliance 2012 - 3/2017 Specilista AML, compliance, forer specialista v

Documents
SWIFT in Compliance - Sanctions, AML

SWIFT in Compliance - Sanctions, AML

Economy & Finance
1 * BSA/AML and Compliance Officer: Jonathan Gwin, Esq

1 * BSA/AML and Compliance Officer: Jonathan Gwin, Esq

Documents
AML/CFT COMPLIANCE GENERAL GUIDELINES FOR ......AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS 2 CHAPTER I – GENERAL 1- Money Laundering Money laundering

AML/CFT COMPLIANCE GENERAL GUIDELINES FOR ......AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS 2 CHAPTER I – GENERAL 1- Money Laundering Money laundering

Documents
Modernize AML compliance

Modernize AML compliance

Documents
AML COMPLIANCE MADE SIMPLE - Jade Insights

AML COMPLIANCE MADE SIMPLE - Jade Insights

Documents
Anti Money Laundering (AML) Learnings from Banks Compliance Group-AML July 16, 2010

Anti Money Laundering (AML) Learnings from Banks Compliance Group-AML July 16, 2010

Documents
The Role of Data Analytics and Technology in AML Compliance

The Role of Data Analytics and Technology in AML Compliance

Data & Analytics
Trends in AML Compliance

Trends in AML Compliance

Technology
2nd Annual AML Summit 2018 - fintelekt.comfintelekt.com/files/documents/2nd-AML-Summit-Bangladesh-2018-Key... · The progress of Bangladesh on AML compliance has ... banking industry

2nd Annual AML Summit 2018 - fintelekt.comfintelekt.com/files/documents/2nd-AML-Summit-Bangladesh-2018-Key... · The progress of Bangladesh on AML compliance has ... banking industry

Documents
AML/CTF Compliance Presentation - Gaming

AML/CTF Compliance Presentation - Gaming

Recruiting & HR
Preparing for AML-CFT Compliance Exams · Preparing for AML-CFT Compliance Exams Sarah Green, Senior Director, Enforcement and BSA Policy November 2015

Preparing for AML-CFT Compliance Exams · Preparing for AML-CFT Compliance Exams Sarah Green, Senior Director, Enforcement and BSA Policy November 2015

Documents
MONEY SERVICE BUSINESSfiles.acams.org/pdfs/2019/MONEY-SERVICE-BUSINESS-03.08.19.pdf · 2)Designated BSA/AML Compliance officer 3)Training Certification 4)Independent Testing/Review

MONEY SERVICE BUSINESSfiles.acams.org/pdfs/2019/MONEY-SERVICE-BUSINESS-03.08.19.pdf · 2)Designated BSA/AML Compliance officer 3)Training Certification 4)Independent Testing/Review

Documents
Operational innovations in AML/CFT compliance …...Contents •Executive Summary •Background •Survey Overview •Research Findings, Key Themes and Analysis •AML/CFT Compliance

Operational innovations in AML/CFT compliance …...Contents •Executive Summary •Background •Survey Overview •Research Findings, Key Themes and Analysis •AML/CFT Compliance

Documents
BSA/AML COMPLIANCE · 2019-05-23 · BSA/AML COMPLIANCE Recent and Proposed Changes to the Current Enforcement Regime Follow us on social media! @accgp @delvacca. Presenters:

BSA/AML COMPLIANCE · 2019-05-23 · BSA/AML COMPLIANCE Recent and Proposed Changes to the Current Enforcement Regime Follow us on social media! @accgp @delvacca. Presenters:

Documents
Evolving Sanctions Landscape and its impact on AML Compliance

Evolving Sanctions Landscape and its impact on AML Compliance

Documents
fast FACTS >>>> AML Compliance

fast FACTS >>>> AML Compliance

Documents