The Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) have been the most important compliance matters in the financial industry since 9/11. Many financial institutions have invested large amounts of capital in BSA/AML software products but still miss true money laundering and terrorist financing cases. Worst of all, these BSA compliance problems have severely endangered our homeland security and the future of our nation.
The primary cause for these BSA compliance problems is due to the fact that many BSA/AML products do not even detect basic money laundering cases as promoted, and senior managers of financial institutions have difficulty distinguishing the critical differences among the products. Many vendors utilize a fraud detection principle to detect money laundering activities and some even mix fraud cases and money laundering cases in one single detection engine. However, in reality, money laundering is very different from fraud. A fraud detection product can easily compare an account holder’s current activities with the account holder’s historical activities and detect possible fraud if the current activities deviate from the expected activities. For example, if a fraudster steals a credit card from a victim, the fraudster will conduct purchase activities that are different from the victim’s historical activities. It is just a matter of time before the credit card company will detect the suspicious activities and stop payment on that credit card. If a new account does not have sufficient historical records yet, a fraud detection product will compare the account holder’s current activities with what the account holder said during the account opening process. Since the goal of a fraud detection product is to stop losses as soon as possible, financial institutions usually need to run the fraud detection or risk-scoring in real time, or at least once daily.
In contrast, real-time risk scoring, real-time detection, daily risk scoring and daily detection methods that are effective for fraud detection cannot detect many basic money laundering activities. The following case is a simple example of how BSA Officers can waste a significant amount of time reviewing their real-time risk scoring or daily risk scoring results, and still miss true money laundering cases.
1. Client A sends less than $3,000 to XYZ around the 5th day of each month.
2. Client B sends less than $3,000 to XYZ around the 8th day of each month.
3. Client C sends less than $3,000 to XYZ around the 12th day of each month.
4. Client D sends less than $3,000 to XYZ around the 17th day of each month.
5. Client E sends less than $3,000 to XYZ around the 24th day of each month.
6. Client F sends less than $3,000 to XYZ around the 29th day of each month.
7. A, B, C, D, E and F are individuals and are not related at all.
8. XYZ is a drug dealer in Los Angeles with no prior criminal record.
In the above example, if a BSA Officer compares a client’s current activities with the client’s historical activities, the BSA Officer would not detect anything suspicious because the clients have been consistently conducting similar transactions every month. If the tellers ask the clients about the purpose of the fund transfers, the clients can easily lie. Since these clients conduct their transactions on different days throughout the month, a BSA Officer would not be able to detect any risk on any given day of the month. Furthermore, these clients are not related, and therefore the BSA Officer would not see their aggregate activities. In addition, because each transaction only involves a small dollar amount occurring once a month and the recipient of the funds resides in a U.S. city with a large population and heavy commercial activities, none of these clients would be viewed as high-risk or suspicious based on these transactions. As a result, a fraud detection product used under the guise of BSA/AML compliance will miss these basic money laundering cases despite the fact that the BSA Officer is working diligently with the product every day.
The correct approach to detecting these money laundering cases is to conduct data mining across all the transactions of all clients for a period of 30 days or longer. As one can easily understand, data mining a huge amount of transactional data of all clients of a financial institution accumulated over a long period will take hours even in a very small financial institution. A product promoting real-time risk scoring or daily risk scoring to detect money laundering activities obviously does not conduct such important data mining. Furthermore, since a financial institution will not lose any money in a money laundering case, according to the regulatory guidelines, a BSA Officer has up to 30 days to file a Suspicious Activity Report. The previous example illustrates that it is a waste of time and resources to conduct real-time risk scoring or daily risk scoring that actually misses true money laundering activities. Thus, using real-time risk scoring or daily risk scoring to detect clients’ money laundering activities is a serious red flag for BSA compliance problems.
The following are some common red flags that a product based on fraud detection principle is being promoted under the guise of BSA/AML compliance and is incapable of actually detecting money laundering activities:
1. A product that mixes fraud cases and money laundering cases in one single detection engine.
2. A product that is based on real-time risk scoring to detect money laundering cases.
3. A product that is based on daily risk scoring to detect money laundering cases.
4. A product that does not conduct data mining over a long period of historical data of all clients at the same time.
5. A product that does not monitor the aggregate activities of unrelated clients.
Since the above red flags can be easily used to identify BSA compliance problems, BSA Officers and Anti-Money Laundering professionals will be able to quickly recognize ineffective products. It is our hope that this document will help all financial institutions conduct true BSA/AML transactional monitoring in the future, and as a result BSA Officers and Anti-Money Laundering professionals will be empowered to build a safer tomorrow for our nation.
Executive Summary available at: http://www.nxtbook.com/nxtbooks/sb/ababj1010/index.php?startid=70
- White Paper – Banish the Separative Approach to Risk Management
- White Paper - Get ahead of demand: Cloud and mobility can shape your business strategy
- White Paper - After a breach: Managing identity theft effectively
- White Paper: Educate, listen and improve equipment performance to increase RDC adoption
- Roundtable: Meeting the challenge of identity theft