THE ANTI-MONEY LAUNDERING ASSOCIATION AML SYSTEMS -- DATA VALIDATION OCTOBER 20, 2011 Kristen J. Stogniew, Shareholder Saltmarsh, Cleaveland & Gund.

Slides:



Advertisements
Similar presentations
HIGH-RISK: FOREIGN CORRESPONDENT BANKING
Advertisements

Bank Examinations Techniques Part Two James Wright Office of Technical Assitance U.S. Department of Treasury.
1 2 Note: The following slides represent suggestions to enhance the writing of a SAR narrative. This information should be used in conjunction with the.
Anti-Money Laundering and OFAC Compliance for Transfer Agents SSA Annual Conference July 25, 2008.
07-08Available from BankersOnline.com Bank Secrecy Act (BSA) For New Hires.
Yellow Hammer™ Risk Management Solutions
The Islamic University of Gaza
Anti-Money Laundering (AML)
KYC Norms & AML Standards Guidelines
1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.
Refunds More Hassle Than They’re Worth Utility Payment Conference.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Company and Product Overview The AMLA Doug Keipper, CAMS.
Prepared by. As stewards of a chapter’s money the chapter officers are responsible for the careful handling and dissemination of funds.
This tool can be found in the Banker Tools section of BankersOnline.com. 1 Bank Secrecy, Anti-Money Laundering & OFAC Director Education.
AML/BSA Certification Program Level I
Sanctions screening as a service Sibos 2010, Amsterdam Andy Schmidt, TowerGroup Nicolas Stuckens, SWIFT.
February 10, 2012 Michelle Hemerley Director, Compliance Consulting
Last update: 2010 Bringing Smart Policies to Life The basics: AML/CFT for financial inclusion.
Top 10 Things a New BSA Officer Must Know. What is Associated Risk Group? Premier provider of BSA/AML regulatory best practices to financial institutions.
Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.
Revisions to the FFIEC BSA/AML Examination Manual and Federal Reserve Board BSA/AML Examination Findings and Issues Timothy P. Leary Senior Special AML.
Line of Business AML Policies and Procedures
Banking: Checking Account What is a Checking Account? An account where money is deposited and kept for day-to-day expenses Also called demand deposit.
Banking:
Pre-Exam Process  Scope visitation  Prepare request letter  Review prior examination report and workpapers  Access BSA-reporting databases and other.
Bank Secrecy Act Staying One Step Ahead of Your BSA Examiner September 2009 AMLA Chicago Chapter Event.
Financial Resource Management Recommended Best Practices Training for Volunteers and Support Groups.
Global Treasury Services Latin America Operating Risk.
Bank Secrecy Act (BSA) Office of Foreign Assets Control (OFAC)
Fiduciary & Investment Risk Management Association
Chapter 16: Audit of Cash Balances
Best Practices for Banking MSBs
IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.
Legal Framework and Regulatory Regime Required for an effective AML/CFT System Richard Pratt 29 March 2005.
© 2007 Prentice Hall, Inc. All rights reserved.15–1 Chapter 15 Money and Banking.
MTRA 16 th Annual Conference November 14, 2006 The Banking Environment for Money Services Businesses Lisa Arquette FDIC Associate Director Anti-Money Laundering.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
Enterprise AML Program Assessment
Effective Bank Secrecy Act/ Anti-Money Laundering Audits Presented by K.D. Mehra, CAMS, CRCM Managing Director September 22, 2011.
BSA PROGRAM REQUIREMENTS.  Written, approved by the board of directors, and noted in the board minutes.  Based on the risk assessment  Fully implemented.
1 A Presentation for Members of the Bank Compliance Association of Connecticut (BCAC) June 12, 2008 Rebecca Williams FDIC Case Manager (Special Activities)
Bank Secrecy Act. Many Laws Make Up “BSA” Bank Secrecy Act Money Laundering Control Act Currency and Foreign Transactions Reporting USA PATRIOT Act.
Challenges and Opportunities in the Caribbean Financial Services Sector Rudolph F. Zepeda, Jr. Federal Reserve Bank of Atlanta Miami Branch.
ANTI-MONEY LAUNDERING COMPLIANCE PROGRAM FCM TRAINING
Centrix Solutions Inc. Western States Users Group Centrix Solutions Inc. ACH Risk.
Agenda  Background and Purpose  Money Laundering and Terrorist Financing  BSA Program Requirements  Risk Based Program Management  Suspicious Activity.
Correspondence Accounts and Wire Transfers
Presented by: Hany Faidy Senior Vice President, Head of Compliance Division March 2009 Procedures followed by FI’s when reporting Suspicious Transaction.
Effective Bank Secrecy Act/ Anti-Money Laundering Audits Presented by K.D. Mehra, CAMS, CRCM Managing Director September 22, 2011.
AML Compliance Findings & Observations Wyn Clark U.S. Treasury.
1 Banking and Reconciliation. 2 To Certify As A Cash Handler  Visit the training website  Review the Payment Card Industry (PCI)
World Bank International Standards and their Measures for Financial Institutions and Non-Financial Businesses and Professions to Prevent Money Laundering.
Copyright © 2007 Pearson Education Canada 1 Chapter 15: Audit of Cash Balances.
Check Disbursements Retail Check Request form requires minimum of rep signature (
Module 3 Processing Transactions. Section 1 Checking Accounts It is important for tellers to follow procedures with every transaction they complete. The.
Wire Fraud Prevention Training: Setting Your Organizational Structure to Mitigate Fraud Risk and Comply with Regulatory Expectations Presented by: Terri.
Bank Secrecy Act Training For Volunteers
Judy Graham, Program Officer
BankConnect Plus Presentation
Bank Secrecy Act SCEFCU June 21, 2005.
Foreign Bank Account Reporting (FBAR): Navigating the Bends in the Road Mohan Murali, President, Axletree Solutions.
USA PATRIOT ACT WHAT DOES IT STAND FOR?.
Bank Secrecy Act (BSA) (supplemental front-line training)
ACAMS Greater Philadelphia Chapter Learning Event September 7, 2017
Leaders Credit Union Board Presentation
Capital Assets Through the Eyes of an Auditor
Regulatory 101 Elizabeth Hammond and Patrick Brennan NC Office of the Commissioner of Banks August 1, 2019.
Presentation transcript:

THE ANTI-MONEY LAUNDERING ASSOCIATION AML SYSTEMS -- DATA VALIDATION OCTOBER 20, 2011 Kristen J. Stogniew, Shareholder Saltmarsh, Cleaveland & Gund

I am ---  16 years BSA & Regulatory Compliance consulting, including audit, monitoring, training  Attorney - Florida Bar Member since 1995  Accredited ACH Professional  A deep thinker… I am not ---  IT person  Regulator  Vendor representative 2

Agenda  Purpose of AML system  Examiner expectations  Improve your chances of passing data validation testing  Methodology for testing Determine what is brought in Determine how it is being used Test Input/Output 3

Why implement an AML system ? 4

Regulatory Expectations on AML/MIS systems, since 2005…. FFIEC Exam Manual: Independent Testing  The Independent Test should address…the integrity and accuracy of MIS used in the BSA/AML compliance program. MIS includes reports used to: identify large currency transactions, aggregate daily currency transactions, funds transfer transactions, monetary instrument sales transactions, and analytical and trend reports.  The programming of the Bank’s monitoring systems should be independently reviewed for reasonable filtering criteria.  Determine whether the system filtering criteria are reasonable and include, at a minimum, cash, monetary instruments, funds transfers, and other higher risk products, services, customers, or geographies, as appropriate. 5

Implementation Phase  Vital to success  Takes extensive time  Basis for data validation down the road  Map out where data is coming in…. “data feed” 6

Data feeds…. ACH Originator Beneficiary SEC code/IAT Indicator Core Systems Trust Loan Deposit Brokerage POD Fed file & other Wire System(s) “Other Side” name & address “Other side” Bank Payment order details International may be different Terminals Teller Proprietary ATMs Foreign ATMs POS checkouts Location Monetary instrument Purchaser Payee Method of payment Vendors OFAC XYZ AML System 7

Types of Currency Transactions… DDA CD IRA Savings Money market ATM Internal bank accounts, on customer’s behalf Deposits & Withdrawals Less cash / cash back On us non customer Transit check cashed Batched transactions Savings Withdrawal to Close account Loan payment Monetary instrument purchases General Ledger cash ins Loan disbursements Currency exchanges Cash orders Others 8

Implementation Phase, cont’d  What Transaction codes are being used? (are they being used correctly & consistently?). Example:  General debit or credit, or  Incoming domestic wire; Outgoing domestic wire; Incoming foreign wire; Outgoing foreign wire  Monetary Instrument sales – can implement unique code  ATM systems cannot always tell if cash or check deposit; can implement mitigating process… 9

 Select your customer sample for CIP/CDD  Select your transaction sample  Pull report that meets your sample criteria and check off against both lists; and  Pull customer report(s) and verify transaction appears, with all ancillary data.  Document, Document, Document Readiness Phase  Test, Test, Test  New account reports and any forms  Branch cash tickets/teller boards/night deposit logs  Wire transfers excel logs, or correspondent bank reports  Branch monetary instrument sales logs 10

During recent Independent Test… 11

Deeper thoughts on implementation…  Run parallel for a while…3-6 months  Join your system’s user group 12

Why Automated Solution for Monitoring ? 13

Regulatory Expectations, since 2005  FFIEC Exam Manual, Suspicious Activity Reporting - Overview “Management should periodically evaluate the appropriateness of filtering criteria and thresholds used in the monitoring process. Each bank should evaluate and identify filtering criteria most appropriate for their institution.” 14

Surveillance Monitoring Parameters  Initial Rule(s), examples:  Cash transactions between $7,000 and $10,000  3 or more wire transfers of less than $3,000 in a week  Wire transfer $5,000 or more in, followed by cash out $5,000 or more 15

Surveillance Monitoring Parameters  Filter(s), apply the rules to….  Subset or risk category of accounts Example, Personal accounts… Opened less than 3 months Example, Business accounts In high risk industries 16

Surveillance Monitoring Parameters  Intelligent systems  Review activity in context to other data  Adaptive based on historical activity  Can compare against peer group  “Behavior” norms 17

Regulatory Guidance – institution awareness  Management should document or be able to explain filtering criteria, thresholds used, and how both are appropriate for the institution’s risks. Recent test comments: “The BSA Officer was not aware of the AML system’s parameters that triggered the alert reports, and was not able to identify the triggers after researching the system during our review.” 18

Regulatory Guidance - setup  System filtering criteria should be developed through a review of specific higher-risk products and services, customers and entities, and geographies.  What customers, products and services are included within the surveillance monitoring system? Recent test comments: “Accounts rated as Charity, Jewel Dealer, and Non- traditional financial entities are not being assigned added points at account opening.” “DBAs are not being industry-coded.” 19

Regulatory Guidance - baseline  System filtering criteria, including specific profiles and rules, should be based on what is reasonable and expected for each type of account.  Monitoring accounts purely based on historical activity can be misleading if the activity is not actually consistent with similar types of accounts.  What is the system’s methodology for establishing and applying expected activity or profile filtering criteria and for generating monitoring reports? Recent test comment: “Customer Due Diligence data obtained at account opening is not being input to the AML system.” 20

Testing Transaction and Rules Sample screen shot where you can trace your sampled transaction into the system. Small box shows the transaction types (data feeds). 21

Vendor supplied Surveillance Parameters Institution created Constant Evaluation - Change Control Processes 22

Deeper thoughts on change control…  The volume of system alerts should not be tailored solely to meet existing staff levels.  System changes should be performed independently, and documented with:  purpose for the change,  evaluation afterwards, and  process to “un-do” if need be  BSA Officer should be involved/aware of all system updates. What is the impact on our filters/parameters?  Re-do testing where applicable! 23

Regulatory guidance on change control…  The authority to establish or change expected activity profiles should be clearly defined and should generally require the approval of the BSA Officer or senior management  Do controls limit access to the monitoring system and are there sufficient oversight of assumption changes? Recent test comment: “The BSA Officer can make changes to the parameters without IT or other independent review, and system maintenance reports do not provide a useful audit trail for parameter changes.” 24

Who uses AML system for Risk Rating?  Actual “high risk list” or something else?  Data validation can compare to Board and other reports of “high risk” customers …  Take transaction tests (performed earlier) and verify that “points” were properly assessed (or, transaction was appropriately identified by the filter).  Sample customers identified as high risk and validate appropriate. 25

Who uses AML system for recordkeeping?  Test recordkeeping and reporting for: Funds Transfers $3,000 or more Cash sales of Monetary Instruments $3,000 or more Customer Identification (CIP) Customer Due Diligence – Establish the risk level at account opening CTRs SARs Recent exam comment: “None of the CTRs thought to have been created and filed during this period were actually sent to FinCEN, as the system’s entire filing process was not ‘completed’.” 26

Who uses system for OFAC/314(a)?  Office of Foreign Asset Control  Test -- Date of list update(s)  Test -- Transactions searched  Test – name on list  USA PATRIOT Act 314(a)  Test -- records maintained  Test -- kept secure SAMPLE: Audit reports are available under Alerts – Watch List - Reports. Quick Search Log – provides a log of front line or teller searches against installed lists Watch List Analysis Audit Log – provides an audit trail of scans and list updates 314(a) Audit Log – provides a log of 314(a) files and any matches IAT Audit Log – provides a log of IAT import and any matches The “Installed List” panel on the dashboard also gives a snapshot of the lists the institution is using as well as when they were last updated. 27

Final deep thoughts…..  Each System is different  Read SAS 70 – SSAE 16 reports  Create test environment  Built in data validations & audit reports  Missing data reports  Daily # of new accounts brought in  Daily $ of transactions 28

Questions / Discussion ? 29