Paul Reuben and Martin Chipperfield were classmates in Business School. After a gap of 7 years they run into one another a...
Case Study:Testing For Anti-money Laundering (AML) Compliance
Not having short listed any AML testing vendor they thought ...
Value Additions by the champion AML tester
• Recommended operational procedures to tie up the CTR
related communication be...
Disclaimer: All the documentation and other material contained herein is the property of Thinksoft Global Services and all...
Upcoming SlideShare
Loading in …5

Testing for AML Compliance ( Case Study)


Published on

Thinksoft's AML Testing Framework

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Testing for AML Compliance ( Case Study)

  1. 1. Paul Reuben and Martin Chipperfield were classmates in Business School. After a gap of 7 years they run into one another at Chicago’s O’Hare to find that coincidentally they are programme managers in two banks; one a European giant and the other a Community Bank. Not so coincidentally they are seized with the onerous task of staying on top of their jobs in implementing the provisions of the US Patriot Act and its significant and rapidly increasing updates. Their flights are late and they get to talking about their life and professional concerns. The BSA Act and compliance with its anti money laundering provisions are on top of their minds. The risks of non-compliance are high. More than safeguards against operational, legal and concentration risks the reputational risk as seen by the top management is severe. They wondered why they had not considered the perils of downplaying this aspect of testing so far. They muse; if only they could find an independent testing house that is an expert on the AML domain! If not, with the frequent ‘Federal Deposit Insurance Corporation’ (FDIC) audits and with their CFOs on their necks to ensure strict compliance, their jobs could be on the line. The banks were tuned to Yellow Hammer™ BSA and Prime™ AML applications. Yet, it was becoming hard to find an independent testing house that is comprehensively competent to test and certify the system for compliance with ‘Know Your Customer’ (KYC), ‘Enhanced Due Diligence’ (EDD), and ‘Customer Due Diligence’ (CDD) requirements, the various transaction risk monitoring procedures and ‘Office of Foreign Asset Control’ (OFAC) validations! Going into the details Paul and Martin find that their concerns were more or less the same and were centered on ‘Bank Secrecy Act’ (BSA) compliance structures, Core examination procedures, Currency transaction reporting, the MT 202 COV format, ‘Suspicious Activity Reporting’ (SAR), ‘Automatic Clearing House’ (ACH) transactions, trade finance and third parry payment processes. Prompt compliance with FDIC audit findings was a constraint that could no longer be wished away under the excuse of changing compliance structures. Winter was setting in. They had just a couple of months to find an independent and competent AML testing vendor. CASE STUDY: TESTING FOR ANTI-MONEY LAUNDERING (AML) COMPLIANCE
  2. 2. Case Study:Testing For Anti-money Laundering (AML) Compliance Not having short listed any AML testing vendor they thought they would check out with a few well known banking consultants. With Martin’s flight to Wisconsin being announced, they parted having decided to compare notes after a year or so. The story thereafter: Armed with their check list and in consultation with banking consultants and independent of one another both Paul and Martin found vendors who inspired confidence in them. They took the plunge. At Paul’s Bank:: In a couple of months of being contracted, with respect to the Yellow Hammer application, the AML testing vendor was able to: • Ensure that the peer group definitions for various ‘North American Industry Classification System’ (NAICS) codes were in order • Help the bank’s operational users to define and set up ‘new analysis definitions’ • Bring down the overall failure to 4.16% against the executed test count of 1,227 • Bring down the defect distribution (percentage of showstopper & critical defects over total defects) from the observed 9.81% to less than the allowed 5% during UAT • Help the bank in cleansing up all their data by initiating a separate data quality project • The need for cleansing arose because data analysis revealed inconsistencies between the TIN information of customers, appropriate NAICS codes and account closure dates • 40 per cent of the defects were found in the base product version in the consoles relating to reports, review risk rating and managing peer definitions At Martin’s Bank:: With respect to the Prime Compliance suite application the newly contracted vendor was able to help the bank validate CDD, BSA reporter and OFAC reporter modules • Bring down issues raised to 1.77% against the executed test count of 787 • Bring down the percentage of showstopper and critical defects over total defects to less than recommended 5 % from the observed level of 7% • Identify business critical defects, which were found to be 58% of the total defects identified Seven months later Paul and Martin met up at a seminar and that evening shared their success stories. Amazingly both had honed in on the same AML testing expert vendor. They compared their own experience and the formal feedback from the vendor. With their flights being further delayed they went into the details of how they would refine their search. They realized that they wanted an AML testing house that would: - • Understand their customer identification programs • Suggest improvements to existing ‘Account Due Diligence’ (ADD) and CDD procedures • Validate changes to a customer profile based on risk category • Clearly understand the existing SAR and ‘Currency Transaction Report’ (CTR) filling procedures. • Effectively validate risk assessment models and execute multiple data manipulations to ascertain the effectiveness of the current risk assessment • Conduct link analysis and link unrelated accounts based on transactional patterns (type, volume, amount etc.) • Provide accurate measures of the level of alerts generated by the system. • Validate the system’s accuracy in migrating data and provide risk based analytics
  3. 3. Value Additions by the champion AML tester • Recommended operational procedures to tie up the CTR related communication between Yellow Hammer and vertex (Back-end system) which will improve operational efficiency of the business users • Quality of the defects raised enabled the bank to identify customers and accounts involved in suspicious and fraudulent transactions and thereby install effective control procedures • Early and accurate unearthing of defects helped the bank to comply with BSA norms within the agreed timelines • Effective root-cause analysis performed on the data integrity/inconsistencies issues formed a basis for the banks to take corrective action in their respective source systems. • Identification of inconsistencies in risk rating console enabled the bank to enhance their current risk modeling and risk grouping • Proven business scenarios from the repository were reused to ensure a robust system against the existing suspicious activities. • Made the banks realize that AML testing was not to be treated as a one short exercise. It was to be an ongoing process, with testing to be done at least once in 6 months in addition to being in sync with new releases or when application/system changes are carried out. Now who is this champion AML testing vendor that both Paul and Marin were gung ho about? None other than Thinksoft Global Services Ltd. Some challenges faced by the AML testing vendor: • Lack of clarity within the bank in the definition of functional requirements and scattered documentation. • Access restrictions on the vendor due to the Data Protection Act. • Limited time window available to the vendor for testing the system Suggesting that a competent AML vendor be identified early in the core software acceptance phase! • Limited access to the test environment to set up new transaction rules, reports and work lists Suggesting that the business user needs to play a proactive role in having the software developer willingly coordinate with the independent AML testing vendor! • The vendor’s personnel had the necessary technical skills and people skills to overcome all the constraints with the minimal of friction Project Highlights • Business critical transaction related gaps were identified in the AML application during initial discussions with the business users as part of strategy discussions. • Loopholes linked with instruments other than cash were plugged • Issues relating to data mapping were identified during the planning phase resulting in eliminating down-time during execution. • Based on extensive experience the vendor was able to guess the clerical errors that could have crept up in mapping customers to their rightful NAICS codes • Functional scenarios were prepared for different consoles and reports • Transactional rule & risk assessments tested with masked production data. • The CTR console was tested for both CTR filing and exemptions to ensure effective monitoring of cash transactions • Appropriate data selection through effective analysis of transaction pattern covering different category of customers and periods to detect potential structuring and Smurfing activities • Periodical reports validated for different peer group Matching text algorithms and sanction data rules were validated as a part of OFAC programs
  4. 4. Disclaimer: All the documentation and other material contained herein is the property of Thinksoft Global Services and all intellectual property rights in and to the same are owned by Thinksoft Global Services. You shall not, unless previously authorized by Thinksoft Global Services in writing, copy, reproduce, market, license, lease or in any other way, dispose of, or utilize for profit, or exercise any ownership rights over the same. In no event, unless required by applicable law or agreed to in writing, shall Thinksoft Global Services, or any person be liable for any loss, expense or damage, of any type or nature arising out of the use of, or inability to use any material contained herein. Any such material is provided “as is”, without warranty of any type or nature, either express or implied. All names, logos are used for identification purposes only and are trademarks or registered trademarks of their respective companies. For more details visit, Case Study:Testing For Anti-money Laundering (AML) Compliance Thinksoft’s AML testing framework • Identify High Risk banking areas (products, services, customers, entities, and geographic locations) • Derive and agree on Project Scope • Understand KYC Procedures / Customer Identification Programs/Transsactional Monitoring • Analyze the Risk identification Programs • Business scenarios designed to ensure optimum coverage • Data selection to validate Boundary value and Negative testing scenarios • Functional matrix to highlight coverage • Risk based execution based on business criticality and functional complexity (e.g customer due diligence) • Structured Testing and Timely reporting • Agile Planning methods ensuring faster delivery