As part of a firm's obligations to combat money laundering, they often decide to invest in the use of anti-money-laundering software. Anti-money-laundering software is essentially a computer program designed to analyse and record customer data, and detect suspicious transactions. Some of the main providers of anti-money-laundering software (highlighting their owners, where relevant) include Actimize (NICE), Ambit (Sungard), Mantas (Oracle), Fiserv (formerly NetEconomy), Fortent (formerly Searchspace, also NICE), Norkom and SAS.
There is no single approach to the way in which such software operates, although the products do fall into two broad categories. The first is the scenario-modelling approach and the second the inference-based approach.
Of course, there is no specific requirement for a firm to implement money-laundering-deterrence software; the regulations are not that specific. If a firm has a limited number of clients and already knows its clients well, then there may be little requirement leading to such investment. However, the problem with the due diligence conducted by an individual is that it could either be biased or poorly documented. Money-laundering-deterrence software serves to provide the firm with an audit trail that can demonstrate that it has taken the actions expected of it. So, while it is not a requirement, it is clearly in the interests of a firm to consider how it meets these increasingly onerous requirements.
In the scenario-modelling approach, the software house will have considered the attributes that might identify money laundering or terrorist financing. It will then have designed a series of scenarios which it considers may represent identifiers of potential cases of money laundering. The firm then uses the software to run against a file of transactions and balances, with the software then reporting all transactions that fit the set criteria. Clearly, if the criteria do not seek to review a particular attribute, then no such transactions will be identified.
The following are the types of things that might be identified:
Of course, this is just a subset of the types of analysis that such software conducts and the percentages shown are purely illustrative. In practice, such software will normally include 50+ scenarios which a firm could choose to implement. It also normally checks against lists of known money launderers and terrorist financers as well as the sanctions regime in addition to other specific reviews. We will discuss this in more detail later. The problem, of course, is that the more analysis a firm conducts, the more accounts requiring additional investigation the firm will identify. This takes up a significant amount of time and effort and leads to work being conducted on what might be referred to as false positives – transactions that appear unusual but, in fact, are legitimate.
There is always a balance to be struck between conducting additional, potentially expensive and onerous systems-led investigation and relying on the due diligence conducted by staff. This balance has now shifted in favour of software due to the current climate of concern.
The alternative solution is inference-based products, which seek to identify what might be considered potentially high-risk transactions through viewing the likelihood of them representing money laundering or terrorist financing based on historic data sets. These products seek to parameterise the customer and transaction profiles such that transactions and relationships which appear to diverge from normality are identified.
Both solutions have their place and both have advantages and disadvantages. While the scenario modeller will identify specific transactions to review, it is difficult in such products to pick up unusual transactions related to the nature of the customer.
On the other hand, the inference modellers will require a much higher level of data to enable the inference system to work effectively. When such products fail to deliver, it is usually due either to the inability of the firm to efficiently and cost-effectively access the information it requires, or to the problem of false positives. The inference modeller effectively reports every transaction that the firm undertakes, ranking each in terms of its likelihood of being money laundering. This can result in the reporting of false positives, requiring investigation to be conducted into legitimate transactions. Accordingly, even if a firm has an inference-based system, it may well also need a scenario modeller to deal with the level of false reporting.
Firms will need to decide for themselves which type of solution is best suited to their purpose and business practice. Generally, it is the larger firms that would choose to implement inference software, although we are seeing increasingly smaller institutions starting to implement increasingly sophisticated solutions.
The effectiveness of anti-money-laundering software is often debated. All money-laundering-deterrence software is based on programs that are dependent on data input. They then classify transactions or accounts according to the perceived level of suspicion and inspect the data for anomalies, whether based on statistical inference or scenario. The type of anomalies picked up will include any sudden and substantial increase in funds or a large withdrawal. Clearly, the effectiveness of such a system is dependent on the level of knowledge with which the system is programmed and the data availability within the firm's systems. Any other variables, of which the program is unaware, will go undetected. However, the clear benefit of money-laundering-deterrence software is its ability to analyse large volumes of data continuously.
If you consider the position that would exist without the use of software you will see the problem. If a bank has a large number of accounts in a number of different locations, even trying to make sure that financial sanctions legislation is complied with will become time-consuming. While a manual process can easily focus on the customer acquisition process, if an error is made in this work, there will be little in terms of control procedures to identify that the customer is inappropriate. Further, changes to the list will need a reassessment of the customer base on a regular basis. Remember, financial sanctions must be complied with, while a firm always wishes to avoid doing business with a money launderer or terrorist financer. The use of software consequently serves two purposes:
In the presence of large volumes of data and multiple locations it would be difficult for the MLRO to operate effectively in the absence of such monitoring procedures, and the resulting personal risks can be significant.
In Chapter 22 we discussed the ongoing responsibility to monitor transactions. Clearly, to enable a firm to effectively monitor customer behaviour, it is important for it to maintain adequate and up-to-date transactions documentation and customer information. This is the time when firms most benefit from the use of transaction-monitoring systems, although we are not aware of any jurisdiction that explicitly requires such software to be acquired.
To have an effective transaction-monitoring system, generally a firm should:
The software will monitor different things, and in some cases the firm is able to add specific additional matters which it wishes to have reported in addition to those routinely provided by the software. The types of things that are likely to be reviewed include the following:
This is only a subset of the types of issue that will be monitored in practice, with each software product including a variety of different approaches within the single modelling approach.
Transaction-monitoring software essentially concentrates on monitoring individual transactions for the prevention and detection of money laundering. It is particularly useful for handling large volumes of complex data within financial institutions, including retail and correspondent banks. Software currently on the market generally uses comprehensive analytical techniques to scrutinise all accounts and all transactions to produce alerts most likely to result in legitimate money-laundering cases. The software does this by:
Such software really falls into two main types – the scenario approach products (e.g. Oracle, Actimize) and the inference products (e.g. SAS and Fortent).
Anti-money-laundering software which verifies electronic ID is valuable, as it enables firms to verify key documents, which clients may have physically presented but which may be forged. Such software will use sophisticated software to find numerous ways of electronically authenticating the identity of customers. This may also involve using independent data sources to verify sources of information. Certain software on the market, such as Experian, can provide a score or index value to indicate the degree of confidence that an individual's identity and address are correct. Other similar identification software on the market includes both Complinet and Norkom.
As part of a firm's Know Your Customer obligations, the firm must be aware if it is dealing with known fraudsters, terrorists or money launderers. The effect of not having sufficient systems in place is not just the threat of penalties from regulatory authorities, or the threat to national security, but also reputational damage to the firm. Sanctions and PEP-screening software frequently and closely screen the firm's customer list for individuals identified on national and international sanctions lists, to ensure that the firm is not unknowingly assisting the financing of terrorist activities.
Most sanctions and PEP-screening solutions will minimise “false positives” (potential matches requiring additional manual assessment) which can usually result from automated screening solutions. Most systems will also provide a full audit trail of sanctions and PEP-screening activity for compliance reporting.
In many cases, failed software implementations are due to a lack of appreciation of the differences between types of software. These differences are not always obvious from the company websites, so meetings with the different vendors and discussions with successful users will be required.
One of the key stages in the selection process is the construction of the long list – that is, the list of firms that will be considered for selection, regardless of the method chosen for the ultimate selection. In many cases, failed selection processes result from an incomplete long list of potential suppliers that omits key product vendors.
Some of the capabilities firms may consider are as follows:
For smaller firms it is unrealistic to acquire money-laundering-deterrence software – it is likely to be too expensive and also the firm is unlikely to maintain sufficient data to enable the software to operate effectively. Such firms will need to implement a manual form of monitoring process and procedure to ensure that the requirements within the local jurisdiction are complied with. This would normally include a review of customer databases to ensure that sanctions and watch lists are complied with, combined with employee training to ensure that all staff are aware of their responsibilities.
By making staff aware of all of the requirements and obligations, together with the intention for such regulation, a higher level of monitoring is achievable. This, however, needs to be clearly documented and sufficient to enable the management of the firm to have assurance that the firm will not be a target for money launderers and terrorist financers.