This document proposes an anti-money laundering (AML) framework with the following components:
1. The current AML capability has inconsistencies and gaps that need to be addressed to improve risk management, compliance, and effectiveness.
2. The target state aims to establish consistent AML processes, full business engagement, defined risk categorization, ongoing enhancement, and complex scenario coverage.
3. An investigative methodology is outlined involving determining needs, collecting data, examining results, and agreeing on action plans to address triggers like suspicious activity cases.
2. The AML Business Context
AML Framework
Policy
Driver
Procedures Controls Audit
Customers
Impact
Employees RegulatorMarket
Unlawful
Payments
Event
Fraudulent
Transactions
Cross Border
Reg. Breech
Tax
Evasion
Conduct &
Market Abuse
Screening
Capability
Transaction
Monitoring
Payment
Filtering
On
Boarding
Remediation
Analytics & Intelligence
Result
Risk Management
Operational / Regulatory / Data / Security / Reputation
3. AML Capability Model
AML Framework
Governance Ownership Responsibility Communication
Risk
Organisation
Risk Based Approach
Client On Boarding Transaction Monitoring On Going Management
Client
Risk Profiling
Client Screening
Client
Due Diligence
Client Acceptance
Identify & Track
Suspicious Transactions
On Going Client Due
Diligence
Investigation of Alerts Product Due Diligence
Monitoring Versus
Expected Activity
On Going Screening
Enhanced Due Diligence
Training Succession PlanningInformation Resource
Skills &
Knowledge
MLRO
Report
Suspicious Activity &
Alert Management
Compliance
Reporting
Management
Information
Case
Management
Payment Filtering Behaviour Profiling
Continuous
Innovation
Client Profiling
Methods
Monitoring &
Detection
Methods
Operational Risk
Review Methods
Best Practice
Methods
Life Cycle Client
Experience
Analytics
Methods
4. AML Direction & Target State
AML Framework
Risk
Organisation
Risk Based
Approach
Client On
Boarding
Transaction
Monitoring
On Going
Management
Skills &
Knowledge
Management
Information
Continuous
Innovation
Capability Current State Target State
Insufficient business oversight of AML risk and
inadequate engagement with AML stakeholders
Effective and consistent AML processes and
automated workflow driven by risk category
Defined applicable scenarios, complete coverage,
analytics measured with expected behaviour
In-depth, consistent, periodic and involved
reviews with formal governance & technology
On-going appropriate training, and customised
tools and specialist support made available
Applied rule based, data driven fit-for-purpose
information on a timely basis
Inconsistent AML processes, and manual
workflow
Inconsistent review process, limited reviews,
insufficient front office input
Basic AML training, inadequate awareness, no
specialist support or advanced tools available
Inefficient MLRO reporting, management
information not fit-for-purpose
No programme of continuous innovation or
enhancement
Limited coverage, inconsistent application and
ambiguous direction
Full business engagement and accountability of
AML risk including formal AML governance
Consistent application, defined direction,
structure and categorisation
On-going enhancement of AML practice,
adoption of best practice principle
Complex scenarios, inadequate coverage &
segmentation, ad-hoc alert management
5. AML Investigative Methodology
AML Framework
Determine
Need
Investigative
Analytics
Collect
Data
Investigative
Process
Assessment
Action
Plan
Examine and
evaluate data
for reliability,
completeness,
validity and
relevance;
integrate data
for analysis;
determine
additional
required
research;
assess events
and impact
Examine
investigative
results; utilize
analytics to
determine
completeness
and currency
to proceed
with
investigation
including
modification
of process as
required
Define data to be
collected and
methods; case
reviews,
investigation of
suspicious
activity; audit
reports and
external
regulatory
reviews including
adverse media;
results of periodic
and ad-hoc
investigations
Ascertain need
and determine
investigative
priorities at all
applicable
levels
including
involvement
of required
personnel;
define scope
and obtain
acceptance
Discuss results
with
stakeholders;
evaluate
driving factors;
review alerts
and suspicious
activity
triggers; agree
investigation
results; table
evolving trends
and patterns of
activity &
investigations
Confirm
actionable
items;
affix
responsibility
and timeline
to implement
actions;
redefine
requirements
of
stakeholders;
agree review
plan
TRIGGERS
Business Risk
Assessment
EDD
Referrals
Audits /
QA
Regulation / Law
Enforcement
Suspicious
Activity Cases
Adverse
Media
6. Integrated Target Architecture
AML Framework
• KPI
• Summarised Reports
• Detailed Drill Down Reports
• Case Management
• Breech and Open Issues
• User Customised View
Board
Group / Division / BU
Regulator
• Query Handling
• Alerts
• Handbook / Training
• Risk Based Profiling
Customer
Transaction
Business Unit
Dashboard & Presentation Layer
Generates
• Predictive / Pre Event Analysis
• Post Event Analysis
• Behaviour Profiling
• Detection Methodology
• Materiality Based Mining
• Payment Filtering
• On-Boarding / On-Going Matching
ForensicTool
Analytics & Intelligence Mining
• Target KPI
• Specific Reports
• Exception
Reporting
• Remediation
• Cases / Issues
Business Services
Operations
Risk
Compliance
Regulator
• Report
Reconciliation
Engine
• Integrated Report
Structure
• Slice & Dice
Capability
Report Generation Engine
Data Screening Tool
Business Rules
Data Rules
• Finance & Compliance Reconciled Common data for all Regulator AND Management Reporting
• Data Management Structure – Sourcing Peculiarities / Reconciliation Procedure
• Data Gaps / Sources / Cleansing / De-duplication / Profiling – Data Set Management Tools
• KYC and Event Data
Data Layer