Are Anti-Money Laundering (AML) Controls Effective?
Background
Prompted by an increased interest in AML from regulators and the public at large, a Bank is performing an audit of its AML controls. The team in charge focused on assessing the operational effectiveness of existing AML controls (mostly based on static rules applied on transactions or entity names), as well as on providing an informed view about the areas the bank needed to enhance more urgently. The scope of this project was the bank’s operations in SWIFT, an international payment system run by a conglomerate of banks around the world. The SWIFT system is a protocol for exchanging electronic messages, along with a series of corresponding banking relationships.
The Challenge
Working with any payments system presents unique challenges: a payment, from origin to destination, can be decomposed into smaller transactions. As well, the data set included messages that do not directly represent specific transactions, rather they were operational instructions among banks. Data quality was variable for two reasons: many transactions originated outside of our client bank and followed different quality standards; as well, the extraction process that pre-processed and translated transactions into tables in a database induced specific data quality issues.
Our Approach
As part of our standard procedure, the analysis started with a data quality assessment, based on which we rapidly identified several findings. In particular, we observed that some data fields such as name, address and country of residence did not consistently capture the information, which limited the effectiveness of downstream systems that verified compliance with lists of sanctioned entities and countries.
We used network analysis to understand the dynamics of the payments going through our client organization as origin, destination, or intermediary in all transactions. Based on this network analysis, we produced payment profiles for each member of the data set. We enriched the payment profiles with additional data about each entity’s business or economic activity. Using the enhanced data, we provided a sample of observations that required closer inspection by the audit team. For instance, our sample included entities with high payment velocity (large amounts of incoming and outgoing transfers, while maintaining a low balance) that did not correspond to the account’s expected activity (a personal account, for example).
As well, we verified by replication some of the static rules that had been implemented in the existing system. We enriched our analysis with an analysis of the logs produced by the automated systems that implemented the static rules. Through this analysis, we were able to determine if the rules were operating as intended and that they were run during the periods where they were supposed to be run. We also performed additional tests that allowed approximate (or fuzzy) matching of names in sanctioned lists.
The Benefit
Our client was able to provide a complete assessment of the AML process. We helped them identify areas of enhancement spanning the entire data pipeline: from importing and cleaning data, to the execution of rules, and reporting. As well, our client was able to identify areas of risk that a new and enhanced system should be able to address, thereby, providing senior management with an evidence-based set of requirements for future technology investment.
Contact us
