It has happened to all financial crimes investigators, the desire to keep digging until they get that last valuable piece of information before dispositioning an alert. It is difficult to not go deeper into the investigation rabbit hole, wasting valuable time and resources in the process. That, however, is not a healthy or sustainable approach for a successful BSA program.
Avoiding the Suspicious Activity Monitoring Rabbit Hole
Properly Staff Your Department
The cycle of suspicious activity monitoring begins with your transaction monitoring processes/software. A methodical approach to suspicious activity monitoring should help keep up with your institution’s alerts. As they come in, an institution’s most seasoned team members should be working alert triage. They should be able to sort through the alerts quickly (15-30 minutes per alert), escalating necessary ones to a case. If they are unable to disposition an alert in a timely manner and do not feel comfortable clearing the alert without further data, it should be moved to a case where the investigation can get more granular, and a final determination can be made. This saves the alert triage team the headache and wasted resources of jumping down the suspicious activity rabbit hole.
Newer and less experienced investigators should be placed on cases and Suspicious Activity Reports (SARs) where they can gain valuable experience and develop their “gut instinct.” This places seasoned team members on alert triage and allows for quick, experienced decision making on alerts while developing a strong alert and case monitoring team. An AML professional’s workload can be overwhelming but planning and staffing correctly can alleviate some of those pressures.
Additionally, customer due diligence and enhanced due diligence on higher risk customers should have their own policies and procedures for more thorough investigations on a periodic basis. The time frame for monitoring high and moderate risk customers will vary based on the risk profile of the institution, but this is equally as critical as working new alerts and filing SARs. If an institution’s procedures for timeliness do not match their risk, or if their reviews are overdue, they should be prepared for regulatory criticism.
Document Your Findings
When completing an alert investigation or higher risk customer review, the BSA professional only needs to know that the data and their gut are telling them that Something Ain’t Right (SAR), not that a specific crime is being committed. That investigation happens in the case phase and ultimately is decided by law enforcement.
Once an alert becomes a case investigation, document all decisions and clearly state why the activity has been deemed to be, or not to be, suspicious. One of the more frequent regulatory findings in an AML exam is that the alert or case documentation is not sufficient. Regulators expect case and SAR closure documentation to be as extensive and thorough as a SAR narrative. Justify each decision with confidence. An institution’s alert clearing template should be concise but thorough and include:
- A description of the alerting activity
- The review period
- Business type/occupation if available
- Source and use of funds
- Previous SAR notations
- A decision with a clear conclusion statement
- A “why” statement describing why the activity is or is not suspicious
Not every alert should result in a SAR. False positives are needed to ensure that an institution is detecting all possible suspicious activity. If all alerts resulted in a SAR, this could mean other suspicious activity is not being triggered or reviewed and is being missed.
Optimize Your System and Staffing Levels
For best results, an AML transaction monitoring system should be optimized periodically to avoid excessive false positives and ensure that time is spent on alerts that could potentially be suspicious. “Periodically” is a term frequently seen in the FFIEC Exam Manual and is a risk-based time frame. Generally, your system should be calibrated every 12 to 18 months based on the size and risk profile of your institution, or sooner if your institution has had a significant event, such as new branch(es), acquisition or merger activity, or a change in risk profile. A tuning of parameters using your institution’s customer base to determine outlier activity confirms when you’ve hit that sweet spot.
Additionally, institutions should not cap their alerts to their staffing levels. A 2018 FinCEN civil money penalty was issued against a financial institution for “willfully violating the Bank Secrecy Act.” One of the primary violations uncovered was that “(the bank) chose to manipulate their AML software to cap the number of suspicious activity alerts, rather than increasing staffing to comply with anti-money laundering laws in a timely manner.” This leads to costly repercussions for any financial institution, not to mention the reputational risk encountered with a penalty such as this.
Alerts keep coming. Even when adequately staffed, your alert monitoring system cannot consider the challenges you may face such as sudden staff turnover, staff medical leave, holiday and conference seasons, spikes in activity during tax season, etc. We can help! If you are looking for some relief, Abrigo has CAMS-certified team members who work with you to ensure your BSA program’s health is strong. We can help you review alerts, work cases, write SARs, perform EDD reviews, lookbacks, and more. We bring hands-on experience and industry knowledge to help you succeed. Learn more about the services we offer or contact our experts today.