Avoiding the Suspicious Activity Monitoring Rabbit Hole

Josh Hawkins
October 15, 2019
Read Time: min

It has happened to all financial crimes investigators, the desire to keep digging until they get that last valuable piece of information before dispositioning an alert. It is difficult to not go deeper into the investigation rabbit hole, wasting valuable time and resources in the process. That, however, is not a healthy or sustainable approach for a successful BSA program.

Properly Staff Your Department

The cycle of suspicious activity monitoring begins with your transaction monitoring processes/software. A methodical approach to suspicious activity monitoring should help keep up with your institution’s alerts. As they come in, an institution’s most seasoned team members should be working alert triage. They should be able to sort through the alerts quickly (15-30 minutes per alert), escalating necessary ones to a case. If they are unable to disposition an alert in a timely manner and do not feel comfortable clearing the alert without further data, it should be moved to a case where the investigation can get more granular, and a final determination can be made. This saves the alert triage team the headache and wasted resources of jumping down the suspicious activity rabbit hole.

Newer and less experienced investigators should be placed on cases and Suspicious Activity Reports (SARs) where they can gain valuable experience and develop their “gut instinct.” This places seasoned team members on alert triage and allows for quick, experienced decision making on alerts while developing a strong alert and case monitoring team. An AML professional’s workload can be overwhelming but planning and staffing correctly can alleviate some of those pressures.

Additionally, customer due diligence and enhanced due diligence on higher risk customers should have their own policies and procedures for more thorough investigations on a periodic basis. The time frame for monitoring high and moderate risk customers will vary based on the risk profile of the institution, but this is equally as critical as working new alerts and filing SARs. If an institution’s procedures for timeliness do not match their risk, or if their reviews are overdue, they should be prepared for regulatory criticism.  

Staying on top of alerts is more than a full-time job. We can help.
learn more

Document Your Findings

When completing an alert investigation or higher risk customer review, the BSA professional only needs to know that the data and their gut are telling them that Something Ain’t Right (SAR), not that a specific crime is being committed. That investigation happens in the case phase and ultimately is decided by law enforcement.

Once an alert becomes a case investigation, document all decisions and clearly state why the activity has been deemed to be, or not to be, suspicious. One of the more frequent regulatory findings in an AML exam is that the alert or case documentation is not sufficient. Regulators expect case and SAR closure documentation to be as extensive and thorough as a SAR narrative. Justify each decision with confidence. An institution’s alert clearing template should be concise but thorough and include:

  • A description of the alerting activity
  • The review period
  • Business type/occupation if available
  • Source and use of funds
  • Previous SAR notations
  • A decision with a clear conclusion statement
  • A “why” statement describing why the activity is or is not suspicious

Not every alert should result in a SAR. False positives are needed to ensure that an institution is detecting all possible suspicious activity. If all alerts resulted in a SAR, this could mean other suspicious activity is not being triggered or reviewed and is being missed.

Optimize Your System and Staffing Levels

For best results, an AML transaction monitoring system should be optimized periodically to avoid excessive false positives and ensure that time is spent on alerts that could potentially be suspicious. “Periodically” is a term frequently seen in the FFIEC Exam Manual and is a risk-based time frame. Generally, your system should be calibrated every 12 to 18 months based on the size and risk profile of your institution, or sooner if your institution has had a significant event, such as new branch(es), acquisition or merger activity, or a change in risk profile. A tuning of parameters using your institution’s customer base to determine outlier activity confirms when you’ve hit that sweet spot. 

Additionally, institutions should not cap their alerts to their staffing levels. A 2018 FinCEN civil money penalty was issued against a financial institution for “willfully violating the Bank Secrecy Act.” One of the primary violations uncovered was that “(the bank) chose to manipulate their AML software to cap the number of suspicious activity alerts, rather than increasing staffing to comply with anti-money laundering laws in a timely manner.” This leads to costly repercussions for any financial institution, not to mention the reputational risk encountered with a penalty such as this.

Alerts keep coming. Even when adequately staffed, your alert monitoring system cannot consider the challenges you may face such as sudden staff turnover, staff medical leave, holiday and conference seasons, spikes in activity during tax season, etc. We can help! If you are looking for some relief, Abrigo has CAMS-certified team members who work with you to ensure your BSA program’s health is strong. We can help you review alerts, work cases, write SARs, perform EDD reviews, lookbacks, and more. We bring hands-on experience and industry knowledge to help you succeed. Learn more about the services we offer or contact our experts today.

About the Author

Josh Hawkins

Joshua Hawkins brings over a decade of experience within the financial services industry to Abrigo, starting his banking career in retirement services and eventually moving to the financial intelligence unit of Santander Bank. There he was responsible for AML investigations, SAR filing, customer risk rating, high-risk customer surveillance, enhanced due diligence processes, special investigations, and OFAC compliance. Today, as the Manager of the Financial Crimes Investigations Unit, he leads a team of experienced BSA professionals assisting community financial institutions with all of their investigation needs. Joshua is a certified anti-money laundering specialist (CAMS) and a member of the Central Texas chapter of the Association of Certified Anti-Money Laundering Specialists (ACAMS). Joshua earned his bachelor’s degree in business finance from southern New Hampshire University.

   

Full Bio

About Abrigo

Abrigo is a leading technology provider of compliance, credit risk, and lending solutions that community financial institutions use to manage risk and drive growth. Our software automates key processes — from anti-money laundering to fraud detection to lending solutions — empowering our customers by addressing their Enterprise Risk Management needs.

Make Big Things Happen.

 

Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!