Things to consider when trying to find the right AML software
Implementing anti-money laundering (AML) software is a big undertaking, and one that must take many factors into account. Some of the main factors that should be considered when selecting an AML software option include the following capabilities:
- Risk identification
- Data management
- Transaction monitoring
- Watch-list filtering
- Know Your Customer/Customer Due Diligence
- Risk scoring
- Predictive analytics
- Network analysis
- Machine learning
- Case management
- Workflow management
- Integration capabilities
- Embedded domain knowledge
Most organizations today want a single platform that allows them to manage all of their risk and compliance activities—point solutions that don’t provide a holistic view of risks and vulnerabilities won’t suffice. They want to be able to manage everything with one solution: understanding customer risk; customer profiling; monitoring transactions; and regulatory reporting.
Some key emerging capabilities that our customers are looking for is the ability to use advanced analytics to identify suspicious activity. They also want supplement a rules-based approach by implementing machine learning and predictive network analytics to identify high-risk situations in a more sophisticated way. This reduces false positives and allows financial institutions to broaden the intelligence used in their compliance program.
Equally sophisticated ways of dealing with alerts and managing cases are also necessary in order to engage the broader business in compliance efforts, which can’t be isolated just to the compliance department alone. You need to work to enroll the entire organization in a strong compliance culture, especially as regulatory compliance demands continue to increase.
Risk scoring is quite important because organizations should focus on highest risk items first. You need to know how the software will prioritize items, and this should not be a black-box approach. It’s very important that when you look at a single customer you understand what their risk score is and how it was derived. For example, are you detecting anything suspicious in their transaction activity? Are they turning up on a sanctions list? Are they a PEP (politically exposed person)? How many regulatory reports have you filed for them? This all ties back into the initial risk score determined at onboarding, and helps you see the trend of their score over a period of time.
It’s also important that the application an institution chooses is highly configurable—not just that it’s out of the box but that it can be configured to deal with new situations and scenarios. What tools does the application come with to help you address new situations and scenarios that may arise? There are rapid changes in this industry, so you need a solution that will allow you to adapt on the fly.
My final point is one that many vendors’ implementations overlook: data management. Where are they going to get the data from, how are the integration capabilities going to work—should that be left on the customer, or will the vendor assist with managing that? Data quality is also an issue: poor data quality will have a significant impact on many things, including the false-positive rate. It’s not just about accessing data—you have to manage it and ensure that quality data gets into the analytics to improve the quality of the alerts that are being generated.
We’re also seeing more customers asking for these capabilities to be performed in real-time in order to put them in a preventative mode as opposed to a post-transaction/reporting mode.
About Andrew Simpson
Andrew Simpson (LinkedIn | Twitter) is Chief Operating Officer at CaseWare RCM and has more than 20 years of experience building businesses in the fields of information systems audit and security, data analytics, Anti-Money Laundering and forensics. He is a regular contributor to conferences and a recognized thought leader in financial crime management.