Bank Secrecy Act | By John Meyer
Bank Secrecy Act compliance officers stand in a unique position to defend our communities by identifying potential tax evasion, drug trafficking and other criminal activity. BSA officers have the opportunity to work hand-in-hand with law enforcement to identify criminal activity and provide evidence used in the prosecution. Though this role is rewarding, it can also be very difficult to keep up with the weight of regulatory compliance.
For BSA officers at community institutions, this important job is getting much more difficult in the aftermath of the high-profile BSA/AML regulatory scrutiny aimed at the larger U.S. banks such as JPMorgan, Bank of America, Citigroup and HSBC over the past couple of years. Thomas J. Curry, comptroller of the currency, stated before the Senate Committee on Banking, Housing, & Urban Affairs in March 2013 that “as large banks improve their BSA/AML programs and jettison higher risk lines of business, we are concerned that money launderers will migrate to smaller institutions.” The June 2013 BSA/AML Developments and Trends Report to the American Association of Bank Directors echoed his concerns, adding that “regulators are thus cautioning these smaller institutions to understand and allocate the resources and personnel necessary to effectively manage recent upticks in higher-risk activities.”
The consensus is that increased money laundering risk is a growing threat for community financial institutions; however, there are ways for banks to improve BSA programs to mitigate the increasing risk.
Stop Using One-Dimensional rules
For most BSA officers, the monitoring process begins with a canned core processor report of cash transactions over a certain dollar amount, exported into Microsoft Excel. Those with basic BSA/AML software in place can pull reports to detect more than just structuring. However, what both of these processes have in common is that the reports only filter activity based on one “rule” at a time, such as a transaction limit or type. Most of the activity filtered by a single report is not suspicious unless it is combined with the results of another report or additional variables, adding multiple dimensions. This methodology is the next generation of BSA monitoring because it helps catch more suspicious activity while reducing overall alerts.
Use statistics to understand Norms and find outliers
Banks need to know what is normal activity for their customers before they can know what is truly unusual or suspicious. Organizing customers using peer-related groups, like similar businesses or consumer groups, because they can vary drastically. Then, within each segment, determine the standard deviations for the overall financial activity and individual transaction types for that group. Activity that lands more than two or three standard deviations away from the mean may be considered statistically significant, allowing banks to pinpoint and focus on truly suspicious activity. Making this an ongoing process, periodically updating the analysis to determine if risk factors have changed at the institution, will allow BSA officers to proactively modify thresholds for filtering suspicious behavior. Some institutions refresh this analysis annually, but pick an interval or instance that makes sense for your institution, especially if new risk is being introduced in the form of new products, mergers or market segments.
Apply Monitoring THresholds That Make Sense
Just because a customer shows up on a large cash report doesn’t mean that the customer is doing something wrong, and recurring false hits are a fact of life. But should they be? Today, more advanced automated systems allow for individual customer-level monitoring at thresholds that make sense for that customer’s business. Monitoring against individual parameters is superior to exempting, because if that customer starts performing extremely out of the ordinary, that behavior can still be caught. Setting and forgetting an exception or variation to one account, and then never revisiting, is dangerous, because the account’s activity may change over time. Make sure the system is built to send reminders when individual parameters need to be reviewed.
Measure efficiency by tracking hits versus sars filed
It is important to track the alerts that actually become SARs, because it allows the BSA program to become more efficient. If you are able to present these ratios and show they are reasonable, you will give yourself, and your regulators, greater confidence in your program.
Track alert production over time
This goes hand-in-hand with tracking the ratios. It is critical to be aware of and document how many alerts are monitored as part of the BSA program over time, so you can be aware of changing trends. Do not set and forget parameters; constantly improve them by working to reduce the amount of false hits to which the program is exposed. Look for ways to reduce false positives while still monitoring the true hits.
Document your changes
Keep a detailed audit trail, so you can track when and why you make changes to your program. This way the bank, and the regulators, will know what is working at the institution and what isn’t.
Working in BSA is about to get more difficult. Community banks still have the ability to keep watch over our neighborhoods. It won’t be easy, and financial institutions will need to continually arm themselves with knowledge and better tools, but it can be done.■