reducing the cost of aml compliance pdf

WHITE PAPER

Reducing the cost of AML complianceSAS® Anti-Money Laundering: An integrated framework for risk scoring, alert generation, investigation and reporting

i

Reducing the cost of AML coMpLiAnce

Table of Contents

Executive summary .........................................................................................1The costs of AML compliance .........................................................................2

What would you gain with a more effective AML technology platform? .....3Monitor risks across the institution ..................................................................3

Allocate resources to the most meaningful cases ............................................4

Adapt to keep pace with changing risks ..........................................................5

Demonstrate knowledge of high-risk accounts and their activity ......................5

SAS® Anti-Money Laundering .........................................................................6Create an enterprisewide view of customers and risks ..............................7Benefits of a centralized AML data repository .............................................8Monitor customers as low-, medium- or high-risk based on ongoing KYC risk scoring ............................................................................8Monitor transaction activity against multiple detection techniques ..........10Beyond simple rules and thresholds .........................................................11

Key methods to detect potentially suspicious activities ..................................11

Provide a structured environment for investigating and documenting alerts ....................................................................................13Generate required regulatory reports and supporting documentation ......15Provide senior management with information on key performance metrics .......................................................................................................15Monitor and manage system access and utilization .................................17

Closing thoughts ............................................................................................18SAS Anti-Money Laundering ......................................................................19Checklist for selecting an anti-money laundering solution .......................20

About SAS ......................................................................................................21


Executive summary

Money laundering has far-reaching implications. It makes organized crime pay. It allows drug traffickers and smugglers to expand their operations. It undermines government tax revenue and the financial community in general because it siphons vast sums of money from legal endeavors. The events of 9/11 added yet more incentive to stem the flow of illicit financial transactions.

Many institutions initially made modest technology investments to meet minimum anti-money laundering (AML) requirements. However, this minimalist approach actually increased the total cost of ownership due to inefficient investigations, higher staffing costs, the need for successive technology investments and the fact that little value was contributed to other functions, such as marketing and loss prevention.

Financial institutions are finding it necessary to strengthen their AML platforms to meet new regulatory mandates and strategically manage compliance risk. For enterprises with moderate to high risk exposures, this calls for a rigorous automated system based on dynamic risk assessment.

With SAS Anti-Money Laundering, institutions can create an enterprisewide view of customer relationships and risks, monitor activity using multiple detection methods, investigate and document suspicious cases, and produce required regulatory reports – all within an integrated solution built on award-winning SAS data management and analytic capabilities.

The SAS solution is differentiated by its:

• Transparency. Compliance officers can easily see, understand and modify the underlying methodology and explain to regulators why alerts were generated.

• Adaptability. Scenarios and risk factors are driven directly from the institution’s AML risk assessment and can be easily changed as its AML environment changes.

• Depth of coverage. Beyond simple rules and matching, the solution uses multiple detection techniques and data resources to surface more suspicious activity than ever before possible.

At the same time, SAS Anti-Money Laundering reduces the cost of complying with regulatory expectations – first, through process efficiency and automation; second, by enabling investigators to work more productively; and third, by mitigating the risks of penalties and bad publicity that could result from deficient processes.

1


The costs of AML compliance

Criminals and terrorists have been resourceful and persistent with their money laundering activities, accounting for an estimated US$500 billion to $1 trillion a year, globally. Although most laundered money stems from drug trafficking and organized crime, the events of 9/11 put the spotlight on funding for terrorist activities, which has traditionally been much more difficult to detect.

The USA PATRIOT Act expanded the requirements for detecting and reporting suspicious activities that could indicate money laundering or terrorist financing. So did equivalent AML regulations around the world, such as the Third EU Money Laundering Directive. Implemented in 2007, the directive creates a uniform regime of compliance that expands the definition of “client due diligence,” broadens requirements for client/account monitoring and raises the expectation for banks to adopt risk-based management approaches.

More recently, the headlines have focused on high-profile enforcement actions – with as much as $160 million in associated fines and the risk of “cease and desist” orders that prevent the institution from engaging in mergers, acquisitions or expansion. Such sanctions have caused stock values to plummet as much as 20 percent in a single week.

However, the more pressing, day-to-day concern for financial institutions is simply the rising cost of compliance. In an effort to control the cost of meeting basic requirements, many institutions chose AML systems based on low entry price. Unfortunately, a minimalist strategy can actually be quite costly over the long term, for several reasons:

• TheKnowYourCustomer/CustomerIdentificationProgram(KYC/CIP)systemisusually not integrated with a transaction monitoring system, so high-risk entities might not receive adequate scrutiny.

• Shallowinsightintocustomersorbehaviorsmakesitdifficulttodeterminewherecompliance costs unnecessarily exceed the risks.

• Sparseinformationaboutapotentiallysuspiciouseventorpartycanleadtolonger and more error-prone investigations.

• “Black-box”systemsadaptpoorlytoachangingAMLenvironment;theinstitutionmay be locked into continual upgrades for a proprietary, closed system.

• Ifthereisnointegratedenvironmentforinvestigatingandmanagingalerts,analysts spend too much time documenting their actions.

In short, with a basic solution, upfront cost might be low, but so is long-term value. An AML program based on such a system would ultimately be insufficient for managing the evolving risks and regulatory requirements.

2


Even if very basic capabilities were seen as sufficient, financial institutions would have to ask: “Is the niche vendor going to be in business for the long haul to support our growth and customization requirements?” and “How well can proprietary software contribute to our overall management of risks across the organization?”

For many financial institutions, there’s still much work ahead, according to the Deloitte & Touche survey. Even with added emphasis and expenditure on AML programs, 30 percent of respondents said process duplication had actually increased, only 10 percent reported that compliance information was always effective, only 15 percent thought it was timely, and only 55 percent reported that their institution used quantitative metrics.

Financial institutions need an AML technology platform that offers the following capabilities:

• Capturesandorganizesallcustomeractivityacrossdisparatedatasources.

• Monitorsthatactivityagainstmultiplerules,scenariosandriskfactors.

• Usesanalyticallyderivedindicatorsofrisk,notjustsimplerulesandmatches.

• Accuratelyalertscompliancestafftopotentiallysuspiciousactivity.

• Providesastructuredenvironmentforinvestigatinganddocumentingalerts.

• Generatesrequiredregulatoryreportsandsupportingdocumentation.

What would you gain with a more effective AML technology platform?

An effective AML compliance platform must deliver capabilities lacking in low-end systems, such as the ability to:

• Monitorrisksacrosstheinstitution,usingdatafrommanylegacysystems.

• Allocateresourcestothemostmeaningfulcaseswhilereducingfalsepositives.

• Adapttokeeppacewiththechangingriskenvironment,internallyandexternally.

• ApplyknowledgeofriskexposurestoupdateyourEnterpriseRiskAssessment.

Monitor risks across the institution

The constraints: Financial institutions have vast repositories of information about their customers, transactions and external databases. The trouble is, much of that data isn’t integrated into AML programs. With typical AML systems, compliance analystsaredoingwelltojustdetectbasictrendsandsimplematchesagainstknown illegal activities.

3

■ Financial institutions that chose

static, packaged systems based on

low initial cost of ownership have

found themselves needing to replace

and retool.


Few organizations can correlate potentially suspicious behaviors across disparate systems and a multitude of risk factors. As a result, most automated AML systems only look at transactions and do not take advantage of broader institutional knowledge, such as CIP data, prior high-risk events, risk lists and previous investigations – either for identifying or examining potentially illegal activities.

What is needed: The AML solution should be based on a centralized financial services industry data model that includes a broad range of product types, channels, entities and non-monetary events. The alert-generation process should monitor multiple risk factors with a single pass through the data – even for very large databases.

In the process, regulatory risk would be reduced, because the institution would gain a more accurate view of an entity’s behavior across all products, businesses, channels and risk factors.

Allocate resources to the most meaningful cases

The constraints: Many AML systems apply the same, limited set of if/then rules to identify suspicious transactions. With time, compliance officers and regulators often discover these rules are overly broad or not specific to the institution’s real money laundering risks. These institution-specific risks are easy to overlook, leaving the institution exposed to greater regulatory scrutiny and putting compliance staff under greater pressure.

Just as troubling, the rules-based system can trigger too many false positives and overwhelm compliance staff with busy work. At the very least, the increased volume of work items may diminish the credibility and energy of AML monitoring staff and distract front-line staff from their primary responsibilities.

What is needed: Financial institutions need a way to:

• Integrateacustomer’saccountopening(“on-board”)riskclassificationintoongoing transaction monitoring.

• Automaticallyreassessriskratingandsupportarisk-basedmonitoringprocess.

• Adjustscenariosandriskfactorstominimizetheincidenceoffalsepositives.

• Combinemultiplescenariosandriskfactorstogeneratehigh-qualityalerts.

4

■ A risk-based monitoring and

investigation system is a vital

component of an effective and

compliant AML program. Financial

institutions now have a proven

way to detect and track suspicious

patterns of behavior relative to

their unique risks, instead of just

one-size-fits-all rules and account

name lookups.


• Identifycasesthataresignificant,ratherthanchasingallsimplealerts.

• Identifythehighest-prioritycasestobeinvestigated,basedonacustomer-levelrisk score.

These capabilities would reduce the cost of AML compliance by making processes more accurate and efficient.

Adapt to keep pace with changing risks

The constraints: AML is a fast-moving target. Criminals are constantly probing AML systems to discover new techniques to move their funds. Risks also change as a bank expands into new markets or adds products and services and as regulators increase their expectations.

Banks that have implemented first-generation AML solutions often find it difficult to evolve these systems to keep up with changing requirements. Many banks have been hit by formal enforcement actions – fines or business restrictions – for AML program shortfalls. Others have expended significant resources on vendors and consultants to force-fit new methodologies and techniques into old, static systems.

What is needed:Beforebeingjudgedinsufficientatthenextroundofregulatoryreview, financial institutions need a better way to adapt their scenarios and risk factors to a changing world.

The AML system should allow easy modification of the data model, rules and reports to include new data feeds, monitor new risks, meet new regulatory requirements and present relevant information to auditors, regulators and managers. With these capabilities, institutions could respond quickly to change without engaging consultants for significant system upgrades.

Demonstrate knowledge of high-risk accounts and their activity

The constraints:AMLmonitoringstaffneedtojustifytheirreviewactionstoregulators. But what if the AML system simply flags incidents as high-risk, yet doesn’t say why? Many AML systems hide their analytic routines and system logic, making it virtually impossible to explain why an alert was triggered or why one entity is deemed more risky than another. With a “black box” system, how can compliance usersjustifythevalidityofthesystem’smethodologytoregulators?

5


Furthermore, many AML systems do not present a comprehensive view of customer relationship, much less customer risk. Investigators may have trouble tracking activities that led up to the alert. Case history can be fragmented, especially if a case passes through multiple review layers. Regulatory reports often must be produced manually, which makes it difficult to use this vital information to fine-tune the system to identify more relevant work items and enhance monitoring strategies.

What is needed: The ideal AML solution explains why an event or entity represents a high risk to the institution, and it displays enough information to the investigator tosupportacleardecisionprocess.Complianceanalystscouldadjustriskweightsbased on their experience or feedback from the system. All actions, comments, reports and documents should be attached to the alert and documented in an audit trail.

With these capabilities, compliance managers would have greater confidence in monitoring policies and investigation outcomes. Auditors and regulators could easily review the decision process for a given case.

SAS® Anti-Money Laundering

SAS Anti-Money Laundering integrates a number of functions that often live in silos within an organization, such as:

• Datamanagementfromdiverseinternalandexternalsources.

• Knowyourcustomer(KYC)scoringandriskclassification.

• Transactionmonitoringbasedonmultipledetectiontechniques.

• Watch-listfilteringandsanctionscreening.

• Alertmanagement.

• Generationofrequiredregulatoryreports.

• Managementreportingandsecuresystemadministration.

All of these capabilities are provided in a comprehensive solution built on award-winning SAS data management and analytic capabilities. Institutions can secure allofthesefunctionsaspartofaholisticsolution–orchoosejustaportionofthefunctionality, such as watch-list filtering. They can also choose to have the solution in-house or obtain it as a hosted service.

Let’s take a closer look at the key capabilities of the solution.

6


7

Create an enterprisewide view of customers and risks

SAS Anti-Money Laundering synthesizes data from currently incompatible data sources on almost any platform and format – such as front-office systems, back-office systems and spreadsheets – into data models designed for AML programs.

Data about customers and transactions. Customer profile information and transaction activity is aggregated into one consistent view of the customer across all business units and transaction/instrument types. If the institution has already consolidated the requisite information in a data repository, SAS can map directly to the existing repository.

This data model stores detail and summary data related to historical customer behavior, such as:

• Customer,accountandhouseholdattributes.

• Frequencyandmonetaryattributesoftransactions.

• Activitybytimeperiod,customeraccount,channelandproduct.

Up to 13 months of data is retained in the AML core schema to support advanced detection, profiling and trending.

Data about alert and investigation processes. The system also maintains a “Knowledge Center” where scenarios and risk factors are defined, user privileges and group membership are maintained, and alerts and investigative activities are documented. All actions, comments, documents and decisions are documented and retained in the Knowledge Center to support independent audit and review.

8


Monitor customers as low-, medium- or high-risk based on ongoing KYC risk scoring

Driven by the European Union “Third Directive,” SAS has expanded the due diligence features in the latest release of the SAS Anti-Money Laundering system.

The system enables institutions to integrate customer risk profiles collected during the account opening process with their ongoing transaction monitoring system. Ultimately, the system suggests the customer’s actual risk profile based on a combination of static risks and behavioral risks. Summary reports are provided to illustrate metrics on High Risk customers, subsequent alerts and regulatory submissions.

Benefits of a centralized AML data repository

Create an enterprisewide view of risk across customers, products, business units and channels.

Manage and correlate risks across multiple global subsidiaries from a central location.

Reduce hardware redundancy while monitoring more risks.

Ensure consistency and adherence to data governance and compliance policies.

Build related applications, such as enterprise risk and financial crimes systems, on the same data repository.


9

The process begins with importing the customer’s money laundering risk score or customer profile – typically scored as High, Medium or Low.

Once the risk scores have been assigned, customers can be segmented or stratified based on their specific risk groups. For example, an institution may monitor High Risk customers more closely for variances in their outgoing wire activity versus a Medium Risk customer. This illustrates a risk-based approach to monitoring.

Risk analysts can manage lists of risk classifiers that help document whether a customer’s behavior is similar to the profile that was measured at account opening. Classifiers include risk attributes of high-risk products, customer types, services and geographies. For example, SAS pre-populates high-risk attributes such as Foreign Financial Institutions and Politically Exposed Persons. During the course of due diligence, the risk analyst can add accounts or customers to various lists, so there is greater transparency into their risk attributes.

Every month, the system analyzes the presence of risk classifiers for each party and recalculates the suggested customer risk score. Each classifier carries a unique weight depending on the severity of the classification. Customers who carry a High Risk profile, or are recommended for a new High Risk profile, will be automatically scheduled for a periodic assessment. The system schedules periodic assessments based upon the institution’s AML policies.

Sample risk classification screen.

In this example, any customer who matches the Private Banking flag in the data model will receive a risk weight of 10 on a scale of 1-10.

10


Monitor transaction activity against multiple detection techniques

The alert engine accesses the data management component to evaluate all daily transactions and other information, such as watch lists. It then applies rules and scenarios derived from financial institutions and regulatory requirements to detect patterns that could point to money laundering.

Sophisticated risk ranking algorithms determine the likelihood that illicit activity could be concealed in any combination of scenarios and risk factors. Alerts that show key risk factors, as determined uniquely for each institution, can then receive higher priority. False positives can be identified before they consume unnecessary resources. Companies can fine-tune scenarios, risk factors and business logic based on feedback provided by the system’s reports.

The robust scenario engine goes beyond simple if/then logic and uses multiple techniques to identify potential suspicious activity:

• Rules (scenarios and risk factors). Does this transaction or entity match any business rules or scenarios set forth for this risk classification?

• Peer grouping, clustering and segmentation. Does this entity share attributes with known or suspected criminal entities?

• Behavioral profiling. Does the entity display a behavior indicative of criminal activity?

• Pattern recognition. Does the transaction history match known patterns of illicit activity?

• Link analysis. Is there redundant personal information or suspicious associations with high-risk entities?

• Predictive modeling. Does some combination of factors or activities show cause for investigation, where one factor or one transaction alone would not? Does transactionbehaviormatchtheexpectedbehavior,basedonKYCinformation?

Tightly define how scenarios are defined and applied. Compliance officers can configure the parameters for all scenarios, setting thresholds to meet the institution’s specific needs and actual experience. In addition, each scenario may be further constrained by any attribute available in the data, such as geography, account type, customer type or line-of-business, so that the scenario or risk factors only apply to specific groups of customers or accounts.

Scenarios can be turned on and off or suppressed at the company, account or customer level. Scenarios could be suppressed manually by investigators or automatically by a preset rule – for example, “When an alert is generated, do not generate another alert for the same customer and scenario for X number of days.”


11

Identify and rank potentially suspicious activity daily. Nightly batch routines run scenarios and risk factors against the core data, which typically consists of 13 monthsormoreofaccount,party,household,cashflow,associateandKYC/CIPinformation. The system can apply multiple scenarios in a single pass against the database, monitoring more risks in less time than SQL-based systems that have to make numerous database scans.

If any of these detection methods identifies activity that could signal money laundering, the solution generates an alert and ranks its significance based on which scenario(s) triggered the alert, other risk factors that apply to the same entity, the likelihood that the alert will result in a regulatory report, and alerts previously generated for that entity.

Each alert is assigned a ranking both for money laundering risk and terrorist financing risk. Investigators can then focus their energies on the highest-scored or most important alerts.

Beyond simple rules and thresholds

Key methods to detect potentially suspicious activities

Far beyond simple if/then rules, the SAS solution can:

• Check entities against watch lists such as Office of Foreign Assets Control (OFAC) or other high-risk watch lists from any internal or external source.

A match to an external watch list, such as an Interpol or World-Check list, could be factored into the customer’s risk ranking or automatically trigger an alert. The bank can create and maintain an internal list to track customers they want to monitor more closely (perhaps the bank generated an investigation on that customer in the past) or to avoid spending time investigating trusted entities.

• Use analytics to reveal hidden risks instead of relying on labor-intensive and error-prone manual processes.

The SAS solution can assess combinations of risk factors – as many factors as you want to include. For instance, it is helpful to know that a customer suspectedofstructuringhasbeenthesubjectofapriorregulatoryreportorhasother accounts currently under investigation. Overlapping high-risk transactional behaviorscanbeconsideredinconcertwithhigh-riskKYCattributesandautomatically flagged for presentation to investigators.

Authorized administrators can add or change risk factors without having to rely on IT staff.

■ When multiple detection techniques

are combined, the system increases

the success rate of detecting

criminal activity while reducing

the number of false-positives. The

system can then rank suspicious

behaviors based on any number

of factors, including statistically

derived probabilities.

12


• Continually incorporate risk scores based on KYC/CIP data into transaction monitoring,notjustataccountopening.

Which customers are members of high-risk groups, as defined by your own risk assessment? Based on summary profiles of historical transactions, the SAS solution can calculate expected behavior. The system then applies scenarios and risk factors to monitor variances against normal or expected behavior.

Examples include dormancy, velocity of funds transfers, increased activity or higher-than-normal transaction value. Is this a business that expected to engage in one type of activity but now is demonstrating entirely another pattern? Has the business deviated greatly from expected deposits or transaction value per month, or from past trends?

This kind of insight is a big emphasis for regulators, who expect AML monitoring systems to review and document why actual activities are seen as inconsistent with normal behavior.

A combination of risk factors and scenarios determines the final alert prioritization score.

In this example, the customer on the bottom row matching Scenarios 1, 3 and n and Risk Factor 1 would have a significantly higher risk score than the customer on the top row who only matched Scenario 1.

■ Know Your Customer regulations

have required institutions to collect

information on expected activity,

citizenship, source of funds and

other risk indicators at account

opening. Risk scores based on this

information should also be used

to differentiate how the institution

monitors a customer’s behavior

over time.


13

Provide a structured environment for investigating and documenting alerts

A secure, Web-based interface gives investigators an automated, efficient way to process alerts. This interface presents aggregated profile and activity information in one central location, which saves time and energy. The system can display alerts generated by other transaction monitoring systems. Alert items can be investigated, sent for reporting or exported to a third-party case management system, if desired.

Know the what and why. The intuitive interface empowers analysts to quickly see thetotalityofacustomer’sbehavior,determinewhat’snormalforthesubject,reviewtriggering transactions and access CIP and other demographic information. Having a clear description of why the alert fired with supporting information means analysts can make decisions more quickly, consistently and efficiently.

Auto-create an audit trail. When compliance officers/investigators open and process alerts, a system of record is automatically captured. The case file stores comments, attached documents, pertinent dates and actions, etc. With this self-documenting facility:

• Userscanaddcomments,attachdocuments,e-mailcasestocolleagues,linktoprevious alerts or file regulatory reports directly from the investigation interface.

• Investigatorscanfocustheirenergiesonprocessingalertsratherthanonmanually documenting their actions.

• Allcasedetailistransferredifthecaseisreassignedorescalatedtoahigherlevelfor review.

• Theinstitutioncanshowregulatorsthateveryactionwasgovernedbyestablishedpolicies, procedures and controls, thereby reducing the risk of legal action, penalties or added scrutiny.

During an investigation, all relevant data is captured in the Knowledge Center data repository. This historical data provides an investigative audit trail and supports continuous self-learning that makes the solution more effective at predicting suspicious activity and reducing false positives. Administrators can fine-tune user permissions to mirror the roles, security policies and processes of the institution.

14


Sample alert workflow management screen

A secure, Web-based interface gives investigators an efficient and automated way to process alerts.

Sample risk factors – transparency

Inthissample,wecanseethatasubjectconductedanunusuallylargenumberofwire transactions but also has other high-risk characteristics, such as global trade finance and foreign wire activity.


15

Generate required regulatory reports and supporting documentation

Streamline regulatory reporting. If an alert warrants reporting to authorities, investigators can launch a secure, Web-based facility to generate files for electronic submission of regulatory reports – as well as tracking reports that detail the origin, contents and activity history of each submission. Many fields are pre-populated with information available from the system to increase productivity and reduce the chance of human error.

Dramatically cut the cost of regulatory filings. An investigator can create a new regulatory submission for an alert, save the in-progress form and retrieve it later to work on it some more. Once the investigation is complete, the completed report is flagged for filing. This automated function dramatically reduces the cost of these required reports, which can be as high as $8 to $15 per submission using manual methods.

Provide senior management with information on key performance metrics

Document AML performance. Senior compliance and risk management officers can have real-time access to the key performance metrics of the AML monitoring system. The Web-based portal can provide summary information on the types of alerts generated, staff productivity, geographic exposure and effectiveness of analytic techniques. Providing this information on demand reduces the dependence on IT staff and ensures transparency among stakeholders.

Sample standard management report

The SAS solution includes a number of standard management reports for reviewing alert output, analyst productivity, alert aging and more.

16


Optimize the AML system.GiventheescalatingcostsofAMLcomplianceandthecurrent economic climate, financial institutions need to do more with less – mitigate their most significant risks more efficiently, often with smaller staff. In addition, regulatoryexaminersexpectinstitutionstojustifytheirruleparametersettingsusingstatistical methods.

For all of these reasons, SAS Anti-Money Laundering includes award-winning SAS analytics that can be used to fine-tune the system. With advanced analytics, you can mine past historical alerts and investigations and use that knowledge to set optimum thresholds for any parameter. Policies can then be tuned to generate more relevant work items and suppress low-value alerts. Compliance departments then focus their resources on actual risk exposures based on proven experience.

The sample decision tree below was generated with SAS Enterprise Miner™ software to score alerts based on known “good investigations.” In this example, knowledge provided by the application enables an analyst to determine the optimal threshold for number of wire transactions.

A decision tree created with SAS Enterprise Miner helps fine-tune the AML system to increase hit rates and reduce false positives.

■ With advanced analytics to mine

historical alert and investigation

data, the system can be tuned to

generate more relevant work items

and suppress low-value alerts.

Compliance departments can

optimize their policies based on real

knowledge – and use staff time even

more effectively.


17

SAS business intelligence software is bundled with the solution

Managers can take advantage of drill-down dashboard reporting to monitor the overall health of the AML program.

Monitor and manage system access and utilization

In a user-friendly, point-and-click graphical environment, authorized system administrators can manage security and system parameters for:

• System access – Authorized users/groups and their permissions to use various system functions.

• Data extract, transform and load (ETL) processes – Source and target data structures, data transformation logic, load parameters and refresh cycles.

• Alert-generation methods – Scenarios, rules, risk factors and detection models that reflect the most up-to-date knowledge of customers and world conditions.

• Investigative workflow – Customized rules for distributing the workload to compliance analysts, conducting investigations and making regulatory filings.

18


Closing thoughts

A number of niche vendors offer basic transaction monitoring systems that generally offer limited detection abilities and no integrated environment for investigating and managing alerts. Even with higher-end systems, transparency and scalability can be issues. AML staff might not be able to drill into the logic and transaction history that triggered an alert or be able to adapt the methodology as needed.

Financial institutions that chose static, packaged systems based on low initial cost of ownership may now find themselves having to replace and retool.

SAS Anti-Money Laundering enables more accurate, efficient and adaptable AML processes while reducing the overall cost of compliance. A unified technology platform integrates the key capabilities of an end-to-end AML technology solution, including:

• Industry-specific data models to provide an essential, enterprisewide view of customer and account activity across disparate data sources.

• Transaction monitoring against multiple scenarios and detection techniques to identify potentially suspicious associations, patterns or transactions.

• Know Your Customer (KYC) classification and assessment, at automatic intervals, and used to uniquely monitor customer segments based on risk profile.

• Watch-list filtering to identify matches of customers or counterparties who appear on government sanctions lists or black lists.

• Advanced analytic techniques that monitor behavior typologies, including transactional networks of unrelated parties and accounts having similar behavior to known illicit accounts.

• Automated generation and submission of regulatory reports to appropriate financial intelligence units.

• Compliance analytics to refine monitoring systems, improve hit rates, reduce staffing requirements and minimize risk exposure.

The monitoring process is transparent, and the entire platform is adaptable to each institution’s unique risk profile. Scenarios and risk factors are driven directly from the institution’s AML risk assessment and can be easily changed as risks change for the organization or for the industry as a whole.


19

SAS Anti-Money Laundering has proven its value for financial institutions on every continent, with assets from less than $1 billion to more than $1 trillion, representing all financial sectors.

Because no two financial institutions have the same AML monitoring needs, SAS offers the proven methodology via distinct solution offerings:

• SAS Anti-Money Laundering provides an integrated risk scoring, alert management and reporting platform for Tier I, Tier II and mid-market institutions ($1 billion to more than $100 billion in assets).

• SAS Money Laundering Detection provides the same robust SAS methodology in a solution tailored for small to mid-sized financial institutions.

• SAS Solutions OnDemand give customers in the Americas the option of having SAS host the AML application as a service.

To find out more about how to mitigate risk while reducing the cost of compliance, visit us on the Web at www.sas.com.

SAS Anti-Money Laundering

Accurate – Monitor transactions using multiple detection techniques and enterprisewide knowledge.

Scalable – The solution monitors more than 1 billion transactions nightly for one of our largest customers.

Efficient – Focus resources on the most likely high-risk events rather than chasing all simple alerts.

Flexible – Adapt to keep pace with changing customer knowledge and regulatory requirements.

Transparent – Easily understand the monitoring process, including the “what” and “why” for any given alert.

20


Checklist for selecting an anti-money laundering solution

While searching for such an anti-money laundering solution, financial institutions should be looking for four key capabilities and asking some critical questions:

Adaptable methodology: To keep pace with change

• Willthesystemgrowastheinstitutiongrows?

• Canthesystemadapttonewmoneylaunderingrisksastheyemerge?

• Canthesystemadapttonewchannels,suchasmobilebankingande-payments?

Configuration with transparency: To match unique business processes and risks

• Willthesystemincorporateourin-depthknowledgeofpolicies,proceduresand controls?

• Willthesystembetailoredtomonitorallrisksidentifiedinourriskassessment?

• Willthesystemenableustoadequatelyexplaintherationalebehindourdecisions to auditors and regulators?

Accurate detection: To reduce false positives and unnecessary investigations

• Doesthesystemprovideascoring/prioritizationmethodforallocatingworkitems?

• Doesthesystemlearnfrompriorinvestigationstogeneratemorerelevantwork items?

• Doesthesystemprovidefeedbackreportsthatdrivechangestomonitoring policy?

• Doesthesystemsupportadhocanalyticstoimprovehitrates?

Open and extensible architecture: To reduce total cost of ownership

• Isthesystemopenandextensiblesomystaffcanbetrainedtotakeon support?

• WillIhavetoupgradetoanewreleaseeverytimeregulationschange?


21

About SAS

SAS Anti-Money Laundering is developed and supported by SAS, the leader in business intelligence software and services with millions of users at more than 45,000 sites in 111 countries, including 91 of the top 100 companies on the 2008 FORTUNEGlobal500® list.

SAS software delivers business intelligence for more than 3,000 financial institutions worldwide,including97percentofbanksintheFORTUNEGlobal500®.Infact,financial services is SAS’ largest industry segment – representing 42 percent of revenues in 2007.

Only SAS offers leading data integration, intelligence storage, advanced analytics and traditional business intelligence applications within a comprehensive enterprise intelligence platform. Since 1976, SAS has been giving customers around the world THE POWER TO KNOW®.

SAS Institute Inc. World Headquarters +1 919 677 8000 To contact your local SAS office, please visit: www.sas.com/offices

SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. Copyright © 2008, SAS Institute Inc. All rights reserved. 103744_479096.1208

reducing the cost of aml compliance pdf

Documents