Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

AML/CFT Advisory Services AML Training BSA Rules and Regulation SAR Fraud Prevention Fraud Trends

Optimizing your AML program with above-the-line/below-the-line testing

Terri Luttrell, CAMS-Audit, CFCS
December 13, 2023
Read Time: 0 min

Address risk by fine-tuning your AML transaction monitoring program

Financial institutions must stay on top of their scenarios and settings. Above-the-line/below-the-line testing can help get the right parameters.

You might also like this resource: "AML investigations checklist: Red flags for detecting money laundering."

Watch webinar

Takeaway 1

False positives within a suspicious activity monitoring program can be frustrating. It's difficult to determine the sweet spot for each scenario and setting.

Takeaway 2

Above-the-line/below-the-line testing is used to validate and tune AML software settings to ensure it fits your unique risk profile.

Takeaway 3

Regular testing helps maintain a robust defense against illegal activity. Well-documented adjustments will please regulators.

Financial institutions must regularly assess and enhance their anti-money laundering (AML) programs to include a specific focus on the effectiveness of their transaction monitoring systems. According to the Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual, institutions should tailor their AML programs to align with their unique risk profiles. Transaction monitoring platforms must employ reasonable and risk-based criteria, independently verified for optimal performance.

False positives within a suspicious activity monitoring program are frustrating and an inefficient use of valuable AML resources, but what if adjusting parameters leads to too few alerts and suspicious activity is missed? Financial institutions must determine the sweet spot for each scenario and risk rating setting within their AML software

Testing process

Calibrate your program with above-the-line/below-the-line testing

One of the best ways to address dynamic and emerging risks is conducting above-the-line/below-the-line (ATL/BTL) testing to ensure your software operates at its peak efficiency. Above-the-line/below-the-line testing is a statistical exercise that rigorously analyses transaction monitoring parameters to identify the optimal settings for suspicious activity monitoring for your institution’s unique risk profile.

The ATL/BTL process involves testing thresholds at three levels: the baseline, below the line, and above the line. The goal is to generate productive alerts that might represent illicit activity while ensuring no suspicious activity goes undetected.

  • Baseline testing: Begin by establishing a baseline for transaction monitoring parameters. This represents the standard against which adjustments will be tested. Generally, the baseline is the current parameter or setting used in the software.
  • Above-the-line testing: Test the parameters by elevating them above the baseline. This identifies the threshold at which false positives might increase, potentially overwhelming investigators with non-suspicious alerts.
  • Below-the-line testing: Conduct tests by lowering the thresholds or criteria below the baseline. This helps identify the point at which the system may generate false negatives, thus missing potentially suspicious activity.
  • Iterative adjustment: ATL/BTL testing is an iterative process. Adjustments to parameters should be made based on the outcomes of below and above-the-line analysis until an optimal balance is achieved, maximizing the effectiveness of the monitoring software.

Let’s look at an example of ATL/BTL testing in practice. For illustration, we’ll use a wire scenario with current parameters set at $50,000. This means that any wire meeting this threshold will create an alert. To test that this is the appropriate threshold, you would increase the setting (testing above the line) to $100,000 and generate the alerts. Through a sample review, you would determine whether these alerts were quality alerts with actual potential suspicious activity.

Keep in mind that seeing some false positives during this test is necessary to ensure nothing is missed. Currently, there is no regulatory guidance on the acceptable rate of false positives. A financial institution must rely on testing and expertise to determine what is appropriate for its unique program.  If sample testing determines that $100,000 is not the suitable threshold, analysis should be performed above or below the $100,000, depending on which direction the results lead. If your testing results in a parameter with no possible suspicious activity detected, that parameter is not the sweet spot. Below-the-line testing is conducted the same way but in the opposite direction, with a starting point possibly at $40,000 in our example.  

Better detection

Benefits of above-the-line/below-the-line testing

The primary advantage of ATL/BTL testing is the significant efficiency gains it offers. By accurately tuning parameters, financial institutions can enhance the effectiveness of their AML program, ensuring that suspicious activities are promptly identified while minimizing disruptions caused by false positives.

Another essential benefit is documentation for auditors and examiners. The documentation generated during ATL/BTL testing is a valuable resource during regulatory examinations and audits. It provides a clear rationale behind the selection of specific parameters and settings, demonstrating the institution's commitment to a risk-based approach in combating money laundering and terrorist financing. All working papers, alert analysis, and testing data should be retained in a clear and organized manner.

Ensure AML/CFT compliance with this webinar, "Credit unions - monitoring, managing, and reporting risk."

Keep me informed Register

Culture of proactivity

Testing frequency and triggering events

ATL/BTL testing must be performed periodically, but what does that mean? Transaction monitoring parameters should be regularly reviewed every 12-18 months. This periodic assessment ensures the system remains aligned with the evolving risk landscape and the institution's characteristics. In addition, financial institutions may find it beneficial to engage in ATL/BTL testing under various triggering circumstances. Whenever such events occur, a reassessment of parameters and settings is prudent. Triggering events include:

  • Significant organic growth: Rapid expansion in asset size may necessitate a reassessment of AML parameters.
  • Merger or acquisition: Merging two risk profiles through a merger or acquisition almost always changes the enterprise-wide risk assessment.
  • Introduction of new products or services: Innovative offerings, especially higher-risk products and services, demand a review of monitoring parameters.
  • Opening of new branch location(s): Geographic expansion can impact your institution’s risk landscape. Considerations such as cannabis banking in some geographic areas increase the importance of a parameter review.
  • Shifts in the market area or customer base: Changes in the institution's market demographics necessitate a corresponding AML setting adjustment to reflect the customer base.
  • Changes in false positive rates: An uptick in false positives may indicate the need for adjustments to reduce unnecessary alerts. In contrast, an increase in false negatives may require a relaxation of criteria to capture more suspicious activities.
  • Inadequate documentation for prior parameters: Perhaps your financial institution has received regulatory criticism for lack of documentation or discovered records are missing from your last reevaluation. Either way, shoring up your documentation is crucial.
  • Outdated parameters: Technological advancements or changes in regulatory AML requirements may render existing parameters outdated. Keep up to date with industry knowledge to know when your program may need a refresh.

Conclusion

Prepare for your next exam with ATL/BTL testing

Above-the-line/below-the-line testing is a fundamental practice in optimizing the effectiveness of AML monitoring software. It maximizes efficiency and ensures adaptability to evolving risks and regulatory landscapes. Regular reviews and proactive adjustments ensure the monitoring system remains a robust defense against money laundering and terrorist financing activities. Regulatory authorities will expect periodic tuning with thorough process documentation. If you feel that ATL/BTL testing is overwhelming, contact Abrigo Advisory Services for assistance, and be ready to impress at your next BSA examination.

Download this infographic for details on 5 examples of fraud typologies affecting your institution:

Keep me informed Download
Blog
AML Training AML/CFT BSA Rules and Regulation Card Fraud Check Fraud Financial Crime Fraud Prevention Fraud Trends

Reg CC: Funds availability requirements and fraud

Learn More
Blog
AML Training AML/CFT BSA Rules and Regulation Customer Due Diligence Financial Crime

Prevent ‘pig butchering’ scams: Safeguarding against investment fraud

Learn More
Blog
AML Training AML/CFT BSA Rules and Regulation

6 Steps to build an AML staffing plan for unexpected changes

Learn More
About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.