SlideShare a Scribd company logo

Crowe AML Model Risk Management Whitepaper

Brett Rosynek
Brett Rosynek
1 of 16
Download to read offline
August 2012 Effective AML Model Risk Management for Financial Institutions: The Six Critical Components A White Paper by John A. Epperson, Arjun Kalra, and Brookton N. Behm Audit | Tax | Advisory | Risk | Performance
As more banks and other financial institutions adapt their AML programs to meet more stringent regulatory guidelines, a new industry standard for model risk management is developing. Outlined here are the critical components of an effective AML model risk management program1 that complies with the more stringent requirements.
Effective AML Model Risk Management for Financial Institutions: The Six Critical Components Bank regulators are resolved to punish banks and other financial institutions that fall behind in the struggle to stay current with anti-money-laundering (AML) regulations. This hardline approach is evident in several recent high-profile enforcement actions, fines, and penalties assessed by regulators against financial organizations with lax controls over money laundering. Some of these actions were the result of a bank’s failure to appropriately apply the concepts of a model risk management framework to design, execute, and maintain the models it deployed to manage AML risk. As the financial institutions industry has evolved – offering new high-risk products, acquiring new types of customers, and adapting to frequently changing money laundering requirements – banks increasingly rely on complex models to meet the challenges of AML compliance. The Office of the Comptroller of the Currency (OCC) and the Federal Reserve Board issued “Supervisory Guidance on Model Risk Management,” important regulatory guidance, on April 4, 2011. According to the guidance, the term “model” refers to “a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates.”2 Financial institutions that rely on bank-specific models should use what regulators refer to as a “model risk management framework” for developing, implementing, and using these models. This framework enables banks to predict and identify risk more accurately and, therefore, make better top-level and line-of-business decisions based on model results. (See sidebar, “Reducing Risks in AML Models.”) To truly reduce risks inherent in AML models, a comprehensive and sustainable AML program should take into account a number of critical components, including the following: 1. Model inventory; 2. Model development, implementation, and use; 3. Model tuning and optimization; 4. Model valuation; 5. Model governance; and 6. Model foundation. Each of these six components is discussed in this white paper. www.crowehorwath.com 3
Crowe Horwath LLP Reducing Risks in AML Models Comptroller of the Currency Thomas J. Curry discussed operational risks facing national banks and federal savings associations during a recent speech to the Exchequer Club in Washington, D.C.3 “. . . [A]s the industry continues to heal from the credit and capital market challenges of the financial crisis, it is evident that another type of risk is gaining increasing prominence. That is operational risk – generally defined as the risk of loss due to failures of people, processes, systems, and external events.” Curry further explained, “An area where the intersection of operational and other risks is very evident today concerns Bank Secrecy Act and anti-money-laundering compliance. When things go wrong in those areas, not only is the integrity of the institution’s operations compromised, but national security and drug trafficking interdiction goals can be undermined, as well.” Financial institutions’ risks related to AML compliance programs might include: ■■A conceptual framework that is inconsistent with regulatory expectations; ■■Applying a logic or methodology not commensurate with the unique AML risks of an organization; ■■Failing to identify elevated risks associated with certain customers or transactions; ■■Reliance on unidentified models for aspects of AML compliance; ■■The absence of risk-based model controls consistent with the level of dependence, business assumptions, and regulatory impact of each system; ■■Unclear lines of authority and accountability; ■■A lack of appropriate resources and expertise to effectively manage model risk management activities; ■■Fundamental logic errors, which produce inaccurate output; ■■An inconsistent approach and a lack of detailed documentation and quantitative analysis to support model risk management activities; and ■■Failure to identify changes in an organization’s activities that have an impact on AML models. 4
Effective AML Model Risk Management for Financial Institutions: The Six Critical Components Meeting Business Needs and Regulatory Expectations A greater variety of AML models are being developed and implemented because of industry needs to meet regulatory requirements. Many banks are using AML models for customer risk scoring and customer due diligence risk. Most banks also are relying on automated transaction monitoring systems, cash aggregation and reporting systems, and watch-list filtering systems, all of which are considered models under the guidance. As models have proliferated, managing AML compliance risk has become more challenging for financial institutions. In some cases, banks have diluted the effectiveness of their AML programs by taking a piecemeal approach to compliance. This limited approach is often evidenced by highly fragmented operations and technology platforms, inconsistent top-down leadership, and a lack of enterprisewide accountability. Initially, banks interpreted the broad multi-agency guidance to apply only to their credit and financial risk modeling. Subsequently, however, regulators have made clear that the guidance applies to anti-money-laundering compliance. Hence AML models are being held to the same standard. The guidance provides banks with a basic framework for deploying an enterprisewide model risk management program, and examiners now expect banks to use the framework when designing, implementing, and improving all models, including operating models used for AML compliance. Examiners are looking for a formalized, prescriptive methodology dictating the three basic components of the model risk management framework that the guidance identifies and requires: 1. Model development, implementation, and use; 2. Model validation; and 3. Model governance. These expectations obligate banks to modify their approach to AML compliance in order to comply with the new industry standard. In addition, regulators expect organizations that use AML models to provide evidence that the model risk management framework in place effectively identifies and manages the risk arising from the bank’s reliance on models. Evidence might include, for example, documentation that the bank has identified where its data resides and who is responsible for the quality of that data meeting model governance requirements. Financial institution are struggling with how to adapt existing AML compliance programs to a model risk management framework. Many organizations already have enterprisewide policies and procedures for financial models but may not have extended a similar approach to AML-specific compliance components. Some banks are finding that reworking or enhancing existing AML model risk management processes to comply with supervisory guidance can be costly and complicated. Finally, in many cases, banks are realizing they have in place few of the model risk management components necessary for an effective AML program. www.crowehorwath.com 5
Crowe Horwath LLP Defining a Model Risk Management Framework Banks should build their AML models using the three requirements in the guidance but also with three additional critical components of effective model risk management (exhibit 1): model inventory, model tuning and optimization, and a model foundation. The model foundation components – business and regulatory alignment, supporting documentation, enabling technology, and project management – reflect overall supporting elements that further the effectiveness of AML models. The determination that these particular components are critical to AML model risk management is based on a Crowe Horwath LLP analysis of regulatory guidance, examination findings, dialogues with regulators, and client insights. Financial institutions that implement and optimize the six components explained here can more effectively build a comprehensive AML program that meets business and regulatory needs. Exhibit 1. Critical and Supporting Model Risk Management Components Business and Regulatory Alignment s y l Governanc Mode e del Validation Mo ning & Optimi lT za Supporting Documentation Supporting Documentation de ti Im Project Management o t on en M p n m le em lop me ent Deve Model tation Inventory Use Enabling Technology o 6
Effective AML Model Risk Management for Financial Institutions: The Six Critical Components 1. Model Inventory A model inventory takes stock of the implementing components – primarily the people, processes, and technology – that support AML models (exhibit 2). The inventory of existing models for AML compliance at any single financial institution may be large and can include both manual and automated processes and technology. Once a model inventory is completed, the organization should assess the enterprise risk of each item in the inventory in order to manage operational risks commensurate with the perceived risks in the model. Exhibit 2. Taking Stock of the Implementing Components for AML Models EL INVENTOR MOD Y Enterprise Identification Accountability Model Risk Assessment Completing an AML model inventory requires taking the following three steps: 1. Enterprise identification. Existing models that support AML compliance in the organization are identified. 2. Model risk assessment. The model’s enterprise risk is assessed. For example, the use of people, processes, and technology might represent an elevated risk that dictates the level and scope of the model risk management activities the organization applies to its particular AML model. Financial institutions should consider the materiality and complexity of the underlying model, the level of dependence for compliance and decision making, and the regulatory impact of each model, as well as the business assumptions on which the model is based. 3. Accountability. The organization clarifies who is ultimately accountable for controls, compliance, and oversight of the models identified in the inventory. www.crowehorwath.com 7
Crowe Horwath LLP 2. Model Development, Implementation, and Use An AML model must be well documented and tailored to the unique risk profile of the organization (exhibit 3). Due to the varying risk profiles and business requirements of different financial institutions, each AML model must be customized to meet the specific needs of the institution. When banks design models for AML programs, relevant stakeholders – including AML executives, IT personnel, and affected line-of-business leaders – should assess the design structure, implementation approach, and use of output from the AML model for efficacy and regulatory compliance. Exhibit 3. Designing and Using AML Models IM T P N LE E PM M Model EN LO Design TAT DEVE Model Data ION Definition and Management Requirements Continuous Analysis Feedback and Results Improvement SE 8
Effective AML Model Risk Management for Financial Institutions: The Six Critical Components Model Development and Implementation ■■ Model definition and requirements. According to the joint guidance, “An effective development process begins with a clear statement of purpose to ensure that model development is aligned with the intended use.” Banks must document model definitions and requirements for meeting business and regulatory needs. This development process involves the bank’s identification of the various sources of its functional data. The process also includes defining and documenting performance and technical requirements, and the result serves as the baseline justification for the model. ■■ Model design. An AML model must be designed based on the documented objectives of the model and various functional and technical requirements. Any limitations or merits of the model must be documented and appropriately considered as the model is developed. Model limitations – which could be tied to model inputs, the processing component of the model, or the way the model output is created – will be an important consideration when model risk is assessed. Examples of model limitations are a lack of key data elements needed to identify AML risk; limited functionality of a system to produce model results; or an absence of reporting metrics needed to analyze the effectiveness of a model. ■■ Data management. AML compliance relies heavily on data quality, and data is never perfect. Efforts must be made to assess the completeness, accuracy, and relevance of input data for the model. To verify that the AML model is being used in a manner consistent with business and regulatory needs, financial institutions should implement a feedback mechanism to learn from and improve the process during the development, implementation, and post-implementation of the model. Model Use ■■ Analysis of results. According to the guidance, “An understanding of model uncertainty and inaccuracy and a demonstration that the bank is accounting for them appropriately are important outcomes of effective model development, implementation, and use.” AML executives must analyze model results relative to limitations and design assumptions in order to assess the potential performance of a model before other stakeholders use the results. ■■ Continuous feedback and improvement. To verify that the AML model is being used in a manner consistent with business and regulatory needs, institutions should implement a feedback mechanism to learn from and improve the process during the development, implementation, and post-implementation of the model. For a process of continuous improvement, management must empower users of AML models to provide input and feedback to the model designers and managers. www.crowehorwath.com 9
Crowe Horwath LLP 3. Model Tuning and Optimization Tuning and optimization is the ongoing process of testing and enhancing the AML model. Model tuning is an important aspect of the development and implementation of an AML model as well as its ongoing management and sustainability. Following are the three primary elements of a comprehensive model-tuning program (exhibit 4): Exhibit 4. Refining and Optimizing AML Models ING AND OPTIM TUN IZ L AT E I D O O N M Gap Analysis Documentary Prescriptive Evidence Methodology 1. Gap analysis. Gap analysis helps ensure that all of the risks the bank faces are being monitored at an appropriate level for AML purposes. For example, gap testing might identify new products or services that pose significant risk but are not part of the overall monitoring program, or the testing might identify specific high-risk customer types that are being incorrectly stratified. To confirm that an organization’s AML risks are being covered appropriately, the organization or third-party vendor must remediate any gaps or limitations identified during this analysis. Furthermore, the organization should put into place a process for assessing gaps periodically. 10
Effective AML Model Risk Management for Financial Institutions: The Six Critical Components Without supporting docu- 2. Prescriptive methodology. Optimizing AML models requires a consistent methodology founded in quantitative analysis. Prescriptive methodology is a formal documentation of the mentation, the prescriptive comprehensive approach the bank is using to optimize the model. The methodology must methodology might not stand also define change-control procedures and the initiating events that require subsequent tuning. Examiners now call not only for the periodic assessment of model parameters but also for the up to a regulatory examination. definition of specific events – such as a change to an organization’s risk profile due to an acquisition – that warrant tuning. 3. Documentary evidence. Examiner and auditor expectations call for an audit trail of changes in the AML model’s parameters during the tuning process. Documentary evidence is used to demonstrate to regulators and auditors that the AML system is aligned to the prescriptive methodology for managing anti-money-laundering activities. Without supporting documentation, the prescriptive methodology might not stand up to a regulatory examination. The bank must maintain the documentary evidence for the life of the AML model. 4. Model Validation Ongoing evaluation of models is required to confirm that results are accurate and controls are adequate. The guidance defines model validation as “the set of processes and activities intended to verify that models are performing as expected, in line with their design objectives and business uses. It also identifies potential limitations and assumptions, and assesses their possible impact.” While the concept of validation is not new, the guidance expands the expectations for an effective validation review. The guidance states, “All model components, including input, processing, and reporting, should be subject to validation; this applies equally to models developed in-house and to those purchased from or developed by vendors or consultants.” www.crowehorwath.com 11
Crowe Horwath LLP Model validation confirms that an institution’s AML model is aligned with business and regulatory expectations and is properly executing on underlying risks. The approach to validation focuses on the following four components related to the conceptual design, system, data, and process for AML models (exhibit 5): Exhibit 5. Testing AML Models EL VALIDATIO MOD N Conceptual Design Validation Process System Validation Validation Data Validation 1. onceptual design validation. Do the conceptual design and capabilities of the AML model C meet the identified business and regulatory needs? In assessing the conceptual soundness of a model, AML executives should consider key metrics and evidence supporting the ability of the model to accurately predict AML risks. For example, validation processes should confirm that any unique products, services, customers, and geographies of an organization are appropriately factored into an AML model’s design. 12
Effective AML Model Risk Management for Financial Institutions: The Six Critical Components 2. System validation. All AML technology and automated systems implemented to support an AML model have inherent limitations. System validation independently confirms that the development, implementation, and ongoing use of AML technology are properly designed and integrated enterprisewide to support the model. For example, banks confirm that models are identifying and predicting AML risk accurately. 3. Data validation. Is the AML model capturing accurate and complete information? Data errors or irregularities impair results and might lead to the organization’s failure to identify and respond to elevated AML risks. 4. rocess validation. Verify that the design and ongoing sustainability of the AML model’s P processes are resulting in output that is accurate, managed effectively, and subject to appropriate controls. AML model validation is often complex and resource-intensive. Testing is generally done by individuals who have not previously provided input on either the design or implementation of the model. 5. Model Governance All financial institutions that rely on models for AML compliance should implement an appropriate governance program. According to the guidance, “Even if model development, implementation, use, and validation are satisfactory, a weak governance function will reduce the effectiveness of overall model risk management.” An organization’s governance policies, procedures, and processes should support controls and oversight to manage an effective and sustainable AML program. AML models should be implemented from end to end, starting with the board of directors and senior management, who design and oversee operating models; and including the line-of-business managers, who are responsible for implementation; third-party vendors or IT specialists, who implement technology components; and compliance risk managers, who must manage the risk that is inherent in the model. Effective model governance requires the following elements: ■■ Senior management and board involvement. Senior management and the boards of directors must set the direction and oversee the policies of a model risk management framework. AML models that are managed at the leadership level are more likely to be supported by well-thought- out policy and procedures as well as comprehensive methodologies that are executed consistently throughout the enterprise and managed through continuous improvements. ■■ Policies and procedures. At a minimum, the cornerstones of the guidance – development, implementation, and use; validation; and governance – must be addressed in formalized and enterprisewide policies. Implementing procedures should dictate the organization’s prescriptive methodology for managing the risks of models relied upon for anti-money-laundering compliance. ■■ Roles and responsibilities. Clear lines of reporting identify who owns model risk management processes and affirms the control structure that supports compliant anti-money-laundering procedures. When the bank lacks the knowledge to manage these functions, an individual should be responsible for augmenting the organization’s expertise in order to meet the bank’s model risk management standards. www.crowehorwath.com 13
Crowe Horwath LLP ■■ Enterprise risk management and reporting. Organizations with an enterprise risk management function should define key risks, events, or changes in the organization that could affect business processes. An effective model risk management framework promptly identifies such risks and assesses their potential impact on bank models. Clear lines of authority and reporting should be established to oversee how a model’s performance might change as a result of changes in the organization. ■■ Independent audit and testing. Auditing and self-testing effectively should challenge the model’s conceptual design, data reliability, and risk management controls. The role of auditing and self- testing is not to duplicate model risk management activities but rather to assess the effectiveness of a model risk management framework in meeting AML business and regulatory needs. Exhibit 6. Governance Controls and Oversight for a Comprehensive AML Program GOVERNAN DEL CE MO Senior Management and Board Involvement Independent Policies and Audit and Procedures Testing Enterprise Risk Roles and Management Responsibilities and Reporting 14
Effective AML Model Risk Management for Financial Institutions: The Six Critical Components 6. Model Foundation The model foundation is the final component critical to an effective AML model risk management program (see exhibit 1). A strong foundation adds structure, consistency, and efficiency to support program compliance. Following are the four elements of a robust model foundation: 1. Business and regulatory alignment. Regulators may deem a model risk management program to be ineffective if business needs are not aligned to regulatory standards. Misalignment could result in a bank’s failure to appropriately manage the risks inherent in AML models and thus lead to poor decision making and even regulatory fines and penalties. 2. Supporting documentation. Detailed document management and retention are necessary for all areas of model risk management, including but not limited to policies and procedures, periodic model validation results, detailed tuning and optimization analysis, and model inventory and risk assessment. 3. Enabling technology. Technology helps AML executives to manage the breadth of requirements for an effective model risk management program. Financial institutions must define their approach to using technology based on their size, regulatory standards, and the model risks they face. From simple spreadsheet maintenance systems to the purchase of an enterprisewide model risk management software solution from a third-party vendor, technology use varies from institution to institution. 4. Project management. Various internal and external stakeholders and third-party vendors often come together to develop and implement AML models. Experienced project management personnel are critical to managing resources effectively and implementing models successfully. Conclusion Minimizing AML compliance risk in an era of mandated model risk management standards requires a financial institution to design, implement, test, and improve its AML models on an ongoing basis. The model risk management framework outlined here is designed to lead banks through the critical components of building an effective and compliant AML model risk management program. Institutions that do not adopt a documented, consistent model risk management framework for AML programs risk incurring regulatory actions, fines, and other penalties. All aspects of model risk management require banks to provide robust supporting documentation that demonstrates to regulators and auditors that their AML models are effective and aligned to business and regulatory needs. Using a project management structure overseen by senior management contributes to consistency within the organization and the integrity of its AML models. Additional tools and strategies are available to help institutions with the daunting requirements of the guidance. Given the complexities of model risk management, many banks are turning to technologies available in the marketplace that can help them deploy a systematic and consistent approach to model risk management. Using technology also helps with the documentation, quantitative analysis, and tuning procedures that federal examiners have come to expect. www.crowehorwath.com 15
Contact Information John Epperson, CAMS, is with Crowe Horwath LLP in the Oak Brook, Ill., office. He can be reached at 630.575.4220 or john.epperson@crowehorwath.com. Arjun Kalra, CAMS, is with Crowe in the San Francisco office. He can be reached at 415.946.7449 or arjun.kalra@crowehorwath.com. Brookton Behm, CAMS, is a principal with Crowe in the Grand Rapids, Mich., office. He can be reached at 616.233.5566 or brookton.behm@crowehorwath.com. 1 Future articles from Crowe Horwath LLP will explain in further detail each of the six critical components of the AML risk management program described in this white paper. 2 Board of Governors of the Federal Reserve System and Office of the Comptroller of the Currency, “Supervisory Guidance on Model Risk Management” (OCC 2011-12 and SR 11-7), April 4, 2011, http://www.occ.gov/news- issuances/bulletins/2011/bulletin-2011-12.html and http:// www.federalreserve.gov/bankinforeg/srletters/sr1107.htm. 3 Office of the Comptroller of the Currency, “Comptroller Curry Discusses Operational Risk in the Banking System,” May 16, 2012, news release, http://www.occ.gov/news- issuances/news-releases/2012/nr-occ-2012-77.html. www.crowehorwath.com When printed by Crowe Horwath LLP, this piece is printed on Mohawk Color Copy Premium, which is manufactured entirely with Green-e® certified wind-generated electricity. The Mohawk Windpower logo is a registered trademark of Mohawk Fine Papers Inc. Green-e is a registered trademark of Center for Resource Solutions. Crowe Horwath LLP is an independent member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath International is a separate and independent legal entity. Crowe Horwath LLP and its affiliates are not responsible or liable for any acts or omissions of Crowe Horwath International or any other member of Crowe Horwath International and specifically disclaim any and all responsibility or liability for acts or omissions of Crowe Horwath International or any other Crowe Horwath International member. Accountancy services in Kansas and North Carolina are rendered by Crowe Chizek LLP, which is not a member of Crowe Horwath International. This material is for informational purposes only and should not be construed as financial or legal advice. Please seek guidance specific to your organization from qualified advisers in your jurisdiction. © 2012 Crowe Horwath LLP RISK13906

Recommended

Assessing AML Geographic Risk: a Methodology (November 2020)
Assessing AML Geographic Risk: a Methodology (November 2020)Assessing AML Geographic Risk: a Methodology (November 2020)
Assessing AML Geographic Risk: a Methodology (November 2020)Alessa
 
Understanding Money Laundering and Fraud Risks of Wire Transfers
Understanding Money Laundering and Fraud Risks of Wire TransfersUnderstanding Money Laundering and Fraud Risks of Wire Transfers
Understanding Money Laundering and Fraud Risks of Wire TransfersAlessa
 
Knowyourcustomer
KnowyourcustomerKnowyourcustomer
Knowyourcustomermohitronnie
 
Anti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment ProcessAnti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment Processaccenture
 
Anti Money Laundering - CDD & KYC
Anti Money Laundering - CDD & KYCAnti Money Laundering - CDD & KYC
Anti Money Laundering - CDD & KYCBesart Qerimi
 
Sanctions List Screening with World-Check and CaseWare
Sanctions List Screening with World-Check and CaseWare Sanctions List Screening with World-Check and CaseWare
Sanctions List Screening with World-Check and CaseWare Alessa
 
Elements of Customer Risk: Profiles and Relationships
Elements of Customer Risk: Profiles and RelationshipsElements of Customer Risk: Profiles and Relationships
Elements of Customer Risk: Profiles and RelationshipsAlessa
 
AML presentation
AML presentationAML presentation
AML presentationJowhar Roshan
 

Recommended

Assessing AML Geographic Risk: a Methodology (November 2020)
Assessing AML Geographic Risk: a Methodology (November 2020)Assessing AML Geographic Risk: a Methodology (November 2020)
Assessing AML Geographic Risk: a Methodology (November 2020)Alessa
 
Understanding Money Laundering and Fraud Risks of Wire Transfers
Understanding Money Laundering and Fraud Risks of Wire TransfersUnderstanding Money Laundering and Fraud Risks of Wire Transfers
Understanding Money Laundering and Fraud Risks of Wire TransfersAlessa
 
Knowyourcustomer
KnowyourcustomerKnowyourcustomer
Knowyourcustomermohitronnie
 
Anti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment ProcessAnti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment Processaccenture
 
Anti Money Laundering - CDD & KYC
Anti Money Laundering - CDD & KYCAnti Money Laundering - CDD & KYC
Anti Money Laundering - CDD & KYCBesart Qerimi
 
Sanctions List Screening with World-Check and CaseWare
Sanctions List Screening with World-Check and CaseWare Sanctions List Screening with World-Check and CaseWare
Sanctions List Screening with World-Check and CaseWare Alessa
 
Elements of Customer Risk: Profiles and Relationships
Elements of Customer Risk: Profiles and RelationshipsElements of Customer Risk: Profiles and Relationships
Elements of Customer Risk: Profiles and RelationshipsAlessa
 
AML presentation
AML presentationAML presentation
AML presentationJowhar Roshan
 
Trends in AML Compliance and Technology
Trends in AML Compliance and TechnologyTrends in AML Compliance and Technology
Trends in AML Compliance and TechnologySAS Institute India Pvt. Ltd
 
Money Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryMoney Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryBrandonRuse1
 
Writing Effective Suspicious Activity Reports (SARs): Start with WHY
Writing Effective Suspicious Activity Reports (SARs): Start with WHYWriting Effective Suspicious Activity Reports (SARs): Start with WHY
Writing Effective Suspicious Activity Reports (SARs): Start with WHYAlessa
 
Anti-money laundering presentation
Anti-money laundering presentationAnti-money laundering presentation
Anti-money laundering presentationElias Mose
 
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El NakibICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El NakibBachir El-Nakib, CAMS
 
AML Training uba capital
AML Training uba capitalAML Training uba capital
AML Training uba capitalSEGUN AREMU B.sc Banking and Finance (ACIB)
 
Customer Due Diligence Part 1 slides.pptx
Customer Due Diligence Part 1 slides.pptxCustomer Due Diligence Part 1 slides.pptx
Customer Due Diligence Part 1 slides.pptxSiniTizhe
 
Kyc
KycKyc
Kycsumitmalik13
 
Basics of Anti-Money Laundering : A Really Quick Primer
Basics of Anti-Money Laundering : A Really Quick PrimerBasics of Anti-Money Laundering : A Really Quick Primer
Basics of Anti-Money Laundering : A Really Quick Primercomplianceonline123
 
AML Presentation 2.pptx
AML Presentation 2.pptxAML Presentation 2.pptx
AML Presentation 2.pptxOlufemi Feyisitan
 
Whitepaper: DNB Guidance on the Anti-Money Laundering and Counter-Terrorist F...
Whitepaper: DNB Guidance on the Anti-Money Laundering and Counter-Terrorist F...Whitepaper: DNB Guidance on the Anti-Money Laundering and Counter-Terrorist F...
Whitepaper: DNB Guidance on the Anti-Money Laundering and Counter-Terrorist F...LexisNexis Benelux
 
Presentation AML
Presentation AMLPresentation AML
Presentation AMLMirsazzad
 
Trends in AML Compliance
Trends in AML ComplianceTrends in AML Compliance
Trends in AML ComplianceAmazon Web Services
 
How to conduct an AML risk assessment
How to conduct an AML risk assessmentHow to conduct an AML risk assessment
How to conduct an AML risk assessmentAsia Pacific AML
 
Aml basics
Aml basicsAml basics
Aml basicsDavid F Amakobe
 
Chapter 6 aml compliance programme
Chapter 6 aml compliance programmeChapter 6 aml compliance programme
Chapter 6 aml compliance programmeQuan Risk
 
Anti money laundering - PEPs
Anti money laundering - PEPsAnti money laundering - PEPs
Anti money laundering - PEPsBesart Qerimi
 
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK Melissa Cammarata
 
ANTI MONEY LAUNDERING REGULATIONS, UAE
ANTI MONEY LAUNDERING REGULATIONS, UAEANTI MONEY LAUNDERING REGULATIONS, UAE
ANTI MONEY LAUNDERING REGULATIONS, UAEJino M Kurian
 
KYC Know Your Customer
KYC Know Your CustomerKYC Know Your Customer
KYC Know Your CustomerTaha Khan
 
Monitis Transaction Monitoring
Monitis Transaction MonitoringMonitis Transaction Monitoring
Monitis Transaction MonitoringDM - Digital Marketing Consulting
 
How to conduct an anti-money laundering (AML) system assessment
How to conduct an anti-money laundering (AML) system assessmentHow to conduct an anti-money laundering (AML) system assessment
How to conduct an anti-money laundering (AML) system assessmentKeith Furst
 

More Related Content

What's hot

Money Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryMoney Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryBrandonRuse1
 
Writing Effective Suspicious Activity Reports (SARs): Start with WHY
Writing Effective Suspicious Activity Reports (SARs): Start with WHYWriting Effective Suspicious Activity Reports (SARs): Start with WHY
Writing Effective Suspicious Activity Reports (SARs): Start with WHYAlessa
 
Anti-money laundering presentation
Anti-money laundering presentationAnti-money laundering presentation
Anti-money laundering presentationElias Mose
 
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El NakibICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El NakibBachir El-Nakib, CAMS
 
Customer Due Diligence Part 1 slides.pptx
Customer Due Diligence Part 1 slides.pptxCustomer Due Diligence Part 1 slides.pptx
Customer Due Diligence Part 1 slides.pptxSiniTizhe
 
Basics of Anti-Money Laundering : A Really Quick Primer
Basics of Anti-Money Laundering : A Really Quick PrimerBasics of Anti-Money Laundering : A Really Quick Primer
Basics of Anti-Money Laundering : A Really Quick Primercomplianceonline123
 
Whitepaper: DNB Guidance on the Anti-Money Laundering and Counter-Terrorist F...
Whitepaper: DNB Guidance on the Anti-Money Laundering and Counter-Terrorist F...Whitepaper: DNB Guidance on the Anti-Money Laundering and Counter-Terrorist F...
Whitepaper: DNB Guidance on the Anti-Money Laundering and Counter-Terrorist F...LexisNexis Benelux
 
Presentation AML
Presentation AMLPresentation AML
Presentation AMLMirsazzad
 
How to conduct an AML risk assessment
How to conduct an AML risk assessmentHow to conduct an AML risk assessment
How to conduct an AML risk assessmentAsia Pacific AML
 
Chapter 6 aml compliance programme
Chapter 6 aml compliance programmeChapter 6 aml compliance programme
Chapter 6 aml compliance programmeQuan Risk
 
Anti money laundering - PEPs
Anti money laundering - PEPsAnti money laundering - PEPs
Anti money laundering - PEPsBesart Qerimi
 
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK Melissa Cammarata
 
ANTI MONEY LAUNDERING REGULATIONS, UAE
ANTI MONEY LAUNDERING REGULATIONS, UAEANTI MONEY LAUNDERING REGULATIONS, UAE
ANTI MONEY LAUNDERING REGULATIONS, UAEJino M Kurian
 
KYC Know Your Customer
KYC Know Your CustomerKYC Know Your Customer
KYC Know Your CustomerTaha Khan
 

What's hot (20)

Trends in AML Compliance and Technology
Trends in AML Compliance and TechnologyTrends in AML Compliance and Technology
Trends in AML Compliance and Technology
 
Money Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryMoney Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods Industry
 
Writing Effective Suspicious Activity Reports (SARs): Start with WHY
Writing Effective Suspicious Activity Reports (SARs): Start with WHYWriting Effective Suspicious Activity Reports (SARs): Start with WHY
Writing Effective Suspicious Activity Reports (SARs): Start with WHY
 
Anti-money laundering presentation
Anti-money laundering presentationAnti-money laundering presentation
Anti-money laundering presentation
 
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El NakibICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
 
AML Training uba capital
AML Training uba capitalAML Training uba capital
AML Training uba capital
 
Customer Due Diligence Part 1 slides.pptx
Customer Due Diligence Part 1 slides.pptxCustomer Due Diligence Part 1 slides.pptx
Customer Due Diligence Part 1 slides.pptx
 
Kyc
KycKyc
Kyc
 
Basics of Anti-Money Laundering : A Really Quick Primer
Basics of Anti-Money Laundering : A Really Quick PrimerBasics of Anti-Money Laundering : A Really Quick Primer
Basics of Anti-Money Laundering : A Really Quick Primer
 
AML Presentation 2.pptx
AML Presentation 2.pptxAML Presentation 2.pptx
AML Presentation 2.pptx
 
Whitepaper: DNB Guidance on the Anti-Money Laundering and Counter-Terrorist F...
Whitepaper: DNB Guidance on the Anti-Money Laundering and Counter-Terrorist F...Whitepaper: DNB Guidance on the Anti-Money Laundering and Counter-Terrorist F...
Whitepaper: DNB Guidance on the Anti-Money Laundering and Counter-Terrorist F...
 
Presentation AML
Presentation AMLPresentation AML
Presentation AML
 
Trends in AML Compliance
Trends in AML ComplianceTrends in AML Compliance
Trends in AML Compliance
 
How to conduct an AML risk assessment
How to conduct an AML risk assessmentHow to conduct an AML risk assessment
How to conduct an AML risk assessment
 
Aml basics
Aml basicsAml basics
Aml basics
 
Chapter 6 aml compliance programme
Chapter 6 aml compliance programmeChapter 6 aml compliance programme
Chapter 6 aml compliance programme
 
Anti money laundering - PEPs
Anti money laundering - PEPsAnti money laundering - PEPs
Anti money laundering - PEPs
 
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
 
ANTI MONEY LAUNDERING REGULATIONS, UAE
ANTI MONEY LAUNDERING REGULATIONS, UAEANTI MONEY LAUNDERING REGULATIONS, UAE
ANTI MONEY LAUNDERING REGULATIONS, UAE
 
KYC Know Your Customer
KYC Know Your CustomerKYC Know Your Customer
KYC Know Your Customer
 

Viewers also liked

How to conduct an anti-money laundering (AML) system assessment
How to conduct an anti-money laundering (AML) system assessmentHow to conduct an anti-money laundering (AML) system assessment
How to conduct an anti-money laundering (AML) system assessmentKeith Furst
 
Risk Based Supervision file
Risk Based Supervision fileRisk Based Supervision file
Risk Based Supervision fileVithyea You
 
Remote Deposit Capture Risk Management, May 2010 Update
Remote Deposit Capture Risk Management, May 2010 UpdateRemote Deposit Capture Risk Management, May 2010 Update
Remote Deposit Capture Risk Management, May 2010 UpdateJTLeekley
 
EU-Datenschutzgrund-Verordnung-Smart-Metering-2014-Energiewirtschaft-nuances
EU-Datenschutzgrund-Verordnung-Smart-Metering-2014-Energiewirtschaft-nuancesEU-Datenschutzgrund-Verordnung-Smart-Metering-2014-Energiewirtschaft-nuances
EU-Datenschutzgrund-Verordnung-Smart-Metering-2014-Energiewirtschaft-nuancesnuances
 
German_iSignthis Brochures
German_iSignthis BrochuresGerman_iSignthis Brochures
German_iSignthis BrochuresJohn Karantzis
 
Know More About KYC and Money Laundering Procedure by DHFL
Know More About KYC and Money Laundering Procedure by DHFLKnow More About KYC and Money Laundering Procedure by DHFL
Know More About KYC and Money Laundering Procedure by DHFLDHFL
 
Anti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of TerrorismAnti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of TerrorismPuni Hariaratnam
 
Business Intelligence For Anti-Money Laundering
Business Intelligence For Anti-Money LaunderingBusiness Intelligence For Anti-Money Laundering
Business Intelligence For Anti-Money LaunderingKartik Mehta
 
Industriestandards zur Bekämpfung von Geldwäsche in Deutschland
Industriestandards zur Bekämpfung von Geldwäsche in DeutschlandIndustriestandards zur Bekämpfung von Geldwäsche in Deutschland
Industriestandards zur Bekämpfung von Geldwäsche in DeutschlandBankenverband
 
Slide guide for consulting-style presentations
Slide guide for consulting-style presentationsSlide guide for consulting-style presentations
Slide guide for consulting-style presentationsreallygoodppts
 
LinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedLinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedSlideShare
 

Viewers also liked (16)

Monitis Transaction Monitoring
Monitis Transaction MonitoringMonitis Transaction Monitoring
Monitis Transaction Monitoring
 
How to conduct an anti-money laundering (AML) system assessment
How to conduct an anti-money laundering (AML) system assessmentHow to conduct an anti-money laundering (AML) system assessment
How to conduct an anti-money laundering (AML) system assessment
 
Risk Based Supervision file
Risk Based Supervision fileRisk Based Supervision file
Risk Based Supervision file
 
Geldw 3
Geldw 3Geldw 3
Geldw 3
 
Remote Deposit Capture Risk Management, May 2010 Update
Remote Deposit Capture Risk Management, May 2010 UpdateRemote Deposit Capture Risk Management, May 2010 Update
Remote Deposit Capture Risk Management, May 2010 Update
 
EU-Datenschutzgrund-Verordnung-Smart-Metering-2014-Energiewirtschaft-nuances
EU-Datenschutzgrund-Verordnung-Smart-Metering-2014-Energiewirtschaft-nuancesEU-Datenschutzgrund-Verordnung-Smart-Metering-2014-Energiewirtschaft-nuances
EU-Datenschutzgrund-Verordnung-Smart-Metering-2014-Energiewirtschaft-nuances
 
German_iSignthis Brochures
German_iSignthis BrochuresGerman_iSignthis Brochures
German_iSignthis Brochures
 
Know More About KYC and Money Laundering Procedure by DHFL
Know More About KYC and Money Laundering Procedure by DHFLKnow More About KYC and Money Laundering Procedure by DHFL
Know More About KYC and Money Laundering Procedure by DHFL
 
Risk based approach
Risk based approachRisk based approach
Risk based approach
 
Anti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of TerrorismAnti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of Terrorism
 
Business Intelligence For Anti-Money Laundering
Business Intelligence For Anti-Money LaunderingBusiness Intelligence For Anti-Money Laundering
Business Intelligence For Anti-Money Laundering
 
Industriestandards zur Bekämpfung von Geldwäsche in Deutschland
Industriestandards zur Bekämpfung von Geldwäsche in DeutschlandIndustriestandards zur Bekämpfung von Geldwäsche in Deutschland
Industriestandards zur Bekämpfung von Geldwäsche in Deutschland
 
Geldwäsche 1
Geldwäsche 1Geldwäsche 1
Geldwäsche 1
 
Slide guide for consulting-style presentations
Slide guide for consulting-style presentationsSlide guide for consulting-style presentations
Slide guide for consulting-style presentations
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management Framework
 
LinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedLinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-Presented
 

Similar to Crowe AML Model Risk Management Whitepaper

IFRS 9 Model Risk Management - Given the Short Shift ?
IFRS 9 Model Risk Management - Given the Short Shift ?IFRS 9 Model Risk Management - Given the Short Shift ?
IFRS 9 Model Risk Management - Given the Short Shift ?Sandip Mukherjee CFA, FRM
 
White paper model risk sept 2011
White paper model risk sept 2011White paper model risk sept 2011
White paper model risk sept 2011Bank Risk Advisors
 
Validating Qualitative Models
Validating Qualitative ModelsValidating Qualitative Models
Validating Qualitative ModelsJacob Kosoff
 
Best Practices in Model Risk Audit
Best Practices in Model Risk AuditBest Practices in Model Risk Audit
Best Practices in Model Risk AuditJacob Kosoff
 
Understanding and validating the uses of machine learning models
Understanding and validating the uses of machine learning modelsUnderstanding and validating the uses of machine learning models
Understanding and validating the uses of machine learning modelsJacob Kosoff
 
MRM: PwC Top Issues
MRM: PwC Top Issues MRM: PwC Top Issues
MRM: PwC Top Issues PwC
 
Quantifi newsletter Insight spring 2011
Quantifi newsletter Insight spring 2011Quantifi newsletter Insight spring 2011
Quantifi newsletter Insight spring 2011Quantifi
 
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...LexisNexis Benelux
 
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...Jacob Kosoff
 
5 AI Solutions Every Chief Risk Officer Needs
5 AI Solutions Every Chief Risk Officer Needs5 AI Solutions Every Chief Risk Officer Needs
5 AI Solutions Every Chief Risk Officer NeedsAlisa Karybina
 
Model Risk Management | How to measure and quantify model risk?
Model Risk Management | How to measure and quantify model risk?Model Risk Management | How to measure and quantify model risk?
Model Risk Management | How to measure and quantify model risk?Genest Benoit
 
2017 Top Issues - Changing Business Models - January 2017
2017 Top Issues - Changing Business Models - January 20172017 Top Issues - Changing Business Models - January 2017
2017 Top Issues - Changing Business Models - January 2017PwC
 
ERM-Middle-eastern-insurance-review 2010
ERM-Middle-eastern-insurance-review 2010ERM-Middle-eastern-insurance-review 2010
ERM-Middle-eastern-insurance-review 2010Mike Wilkinson
 
8 rajib chakravorty risk
8 rajib chakravorty risk8 rajib chakravorty risk
8 rajib chakravorty riskCCR-interactive
 
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadRISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadAlexei Sidorenko, CRMP
 
Risk based capital management preeti & warrier
Risk based capital management preeti & warrierRisk based capital management preeti & warrier
Risk based capital management preeti & warrierRama Warrier
 
Study on credit risk management of SBI Cochi
Study on credit risk management of SBI CochiStudy on credit risk management of SBI Cochi
Study on credit risk management of SBI CochiSreelakshmi_S
 

Similar to Crowe AML Model Risk Management Whitepaper (20)

IFRS 9 Model Risk Management - Given the Short Shift ?
IFRS 9 Model Risk Management - Given the Short Shift ?IFRS 9 Model Risk Management - Given the Short Shift ?
IFRS 9 Model Risk Management - Given the Short Shift ?
 
White paper model risk sept 2011
White paper model risk sept 2011White paper model risk sept 2011
White paper model risk sept 2011
 
Validating Qualitative Models
Validating Qualitative ModelsValidating Qualitative Models
Validating Qualitative Models
 
SR 11-7
SR 11-7SR 11-7
SR 11-7
 
Best Practices in Model Risk Audit
Best Practices in Model Risk AuditBest Practices in Model Risk Audit
Best Practices in Model Risk Audit
 
Understanding and validating the uses of machine learning models
Understanding and validating the uses of machine learning modelsUnderstanding and validating the uses of machine learning models
Understanding and validating the uses of machine learning models
 
MRM: PwC Top Issues
MRM: PwC Top Issues MRM: PwC Top Issues
MRM: PwC Top Issues
 
Building model trust
Building model trustBuilding model trust
Building model trust
 
Quantifi newsletter Insight spring 2011
Quantifi newsletter Insight spring 2011Quantifi newsletter Insight spring 2011
Quantifi newsletter Insight spring 2011
 
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
 
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...
 
5 AI Solutions Every Chief Risk Officer Needs
5 AI Solutions Every Chief Risk Officer Needs5 AI Solutions Every Chief Risk Officer Needs
5 AI Solutions Every Chief Risk Officer Needs
 
Model Risk Management | How to measure and quantify model risk?
Model Risk Management | How to measure and quantify model risk?Model Risk Management | How to measure and quantify model risk?
Model Risk Management | How to measure and quantify model risk?
 
2017 Top Issues - Changing Business Models - January 2017
2017 Top Issues - Changing Business Models - January 20172017 Top Issues - Changing Business Models - January 2017
2017 Top Issues - Changing Business Models - January 2017
 
ERM-Middle-eastern-insurance-review 2010
ERM-Middle-eastern-insurance-review 2010ERM-Middle-eastern-insurance-review 2010
ERM-Middle-eastern-insurance-review 2010
 
8 rajib chakravorty risk
8 rajib chakravorty risk8 rajib chakravorty risk
8 rajib chakravorty risk
 
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadRISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
 
SOLVENCY II & ERM
SOLVENCY II & ERMSOLVENCY II & ERM
SOLVENCY II & ERM
 
Risk based capital management preeti & warrier
Risk based capital management preeti & warrierRisk based capital management preeti & warrier
Risk based capital management preeti & warrier
 
Study on credit risk management of SBI Cochi
Study on credit risk management of SBI CochiStudy on credit risk management of SBI Cochi
Study on credit risk management of SBI Cochi
 

Crowe AML Model Risk Management Whitepaper

  • 1. August 2012 Effective AML Model Risk Management for Financial Institutions: The Six Critical Components A White Paper by John A. Epperson, Arjun Kalra, and Brookton N. Behm Audit | Tax | Advisory | Risk | Performance
  • 2. As more banks and other financial institutions adapt their AML programs to meet more stringent regulatory guidelines, a new industry standard for model risk management is developing. Outlined here are the critical components of an effective AML model risk management program1 that complies with the more stringent requirements.
  • 3. Effective AML Model Risk Management for Financial Institutions: The Six Critical Components Bank regulators are resolved to punish banks and other financial institutions that fall behind in the struggle to stay current with anti-money-laundering (AML) regulations. This hardline approach is evident in several recent high-profile enforcement actions, fines, and penalties assessed by regulators against financial organizations with lax controls over money laundering. Some of these actions were the result of a bank’s failure to appropriately apply the concepts of a model risk management framework to design, execute, and maintain the models it deployed to manage AML risk. As the financial institutions industry has evolved – offering new high-risk products, acquiring new types of customers, and adapting to frequently changing money laundering requirements – banks increasingly rely on complex models to meet the challenges of AML compliance. The Office of the Comptroller of the Currency (OCC) and the Federal Reserve Board issued “Supervisory Guidance on Model Risk Management,” important regulatory guidance, on April 4, 2011. According to the guidance, the term “model” refers to “a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates.”2 Financial institutions that rely on bank-specific models should use what regulators refer to as a “model risk management framework” for developing, implementing, and using these models. This framework enables banks to predict and identify risk more accurately and, therefore, make better top-level and line-of-business decisions based on model results. (See sidebar, “Reducing Risks in AML Models.”) To truly reduce risks inherent in AML models, a comprehensive and sustainable AML program should take into account a number of critical components, including the following: 1. Model inventory; 2. Model development, implementation, and use; 3. Model tuning and optimization; 4. Model valuation; 5. Model governance; and 6. Model foundation. Each of these six components is discussed in this white paper. www.crowehorwath.com 3
  • 4. Crowe Horwath LLP Reducing Risks in AML Models Comptroller of the Currency Thomas J. Curry discussed operational risks facing national banks and federal savings associations during a recent speech to the Exchequer Club in Washington, D.C.3 “. . . [A]s the industry continues to heal from the credit and capital market challenges of the financial crisis, it is evident that another type of risk is gaining increasing prominence. That is operational risk – generally defined as the risk of loss due to failures of people, processes, systems, and external events.” Curry further explained, “An area where the intersection of operational and other risks is very evident today concerns Bank Secrecy Act and anti-money-laundering compliance. When things go wrong in those areas, not only is the integrity of the institution’s operations compromised, but national security and drug trafficking interdiction goals can be undermined, as well.” Financial institutions’ risks related to AML compliance programs might include: ■■A conceptual framework that is inconsistent with regulatory expectations; ■■Applying a logic or methodology not commensurate with the unique AML risks of an organization; ■■Failing to identify elevated risks associated with certain customers or transactions; ■■Reliance on unidentified models for aspects of AML compliance; ■■The absence of risk-based model controls consistent with the level of dependence, business assumptions, and regulatory impact of each system; ■■Unclear lines of authority and accountability; ■■A lack of appropriate resources and expertise to effectively manage model risk management activities; ■■Fundamental logic errors, which produce inaccurate output; ■■An inconsistent approach and a lack of detailed documentation and quantitative analysis to support model risk management activities; and ■■Failure to identify changes in an organization’s activities that have an impact on AML models. 4
  • 5. Effective AML Model Risk Management for Financial Institutions: The Six Critical Components Meeting Business Needs and Regulatory Expectations A greater variety of AML models are being developed and implemented because of industry needs to meet regulatory requirements. Many banks are using AML models for customer risk scoring and customer due diligence risk. Most banks also are relying on automated transaction monitoring systems, cash aggregation and reporting systems, and watch-list filtering systems, all of which are considered models under the guidance. As models have proliferated, managing AML compliance risk has become more challenging for financial institutions. In some cases, banks have diluted the effectiveness of their AML programs by taking a piecemeal approach to compliance. This limited approach is often evidenced by highly fragmented operations and technology platforms, inconsistent top-down leadership, and a lack of enterprisewide accountability. Initially, banks interpreted the broad multi-agency guidance to apply only to their credit and financial risk modeling. Subsequently, however, regulators have made clear that the guidance applies to anti-money-laundering compliance. Hence AML models are being held to the same standard. The guidance provides banks with a basic framework for deploying an enterprisewide model risk management program, and examiners now expect banks to use the framework when designing, implementing, and improving all models, including operating models used for AML compliance. Examiners are looking for a formalized, prescriptive methodology dictating the three basic components of the model risk management framework that the guidance identifies and requires: 1. Model development, implementation, and use; 2. Model validation; and 3. Model governance. These expectations obligate banks to modify their approach to AML compliance in order to comply with the new industry standard. In addition, regulators expect organizations that use AML models to provide evidence that the model risk management framework in place effectively identifies and manages the risk arising from the bank’s reliance on models. Evidence might include, for example, documentation that the bank has identified where its data resides and who is responsible for the quality of that data meeting model governance requirements. Financial institution are struggling with how to adapt existing AML compliance programs to a model risk management framework. Many organizations already have enterprisewide policies and procedures for financial models but may not have extended a similar approach to AML-specific compliance components. Some banks are finding that reworking or enhancing existing AML model risk management processes to comply with supervisory guidance can be costly and complicated. Finally, in many cases, banks are realizing they have in place few of the model risk management components necessary for an effective AML program. www.crowehorwath.com 5
  • 6. Crowe Horwath LLP Defining a Model Risk Management Framework Banks should build their AML models using the three requirements in the guidance but also with three additional critical components of effective model risk management (exhibit 1): model inventory, model tuning and optimization, and a model foundation. The model foundation components – business and regulatory alignment, supporting documentation, enabling technology, and project management – reflect overall supporting elements that further the effectiveness of AML models. The determination that these particular components are critical to AML model risk management is based on a Crowe Horwath LLP analysis of regulatory guidance, examination findings, dialogues with regulators, and client insights. Financial institutions that implement and optimize the six components explained here can more effectively build a comprehensive AML program that meets business and regulatory needs. Exhibit 1. Critical and Supporting Model Risk Management Components Business and Regulatory Alignment s y l Governanc Mode e del Validation Mo ning & Optimi lT za Supporting Documentation Supporting Documentation de ti Im Project Management o t on en M p n m le em lop me ent Deve Model tation Inventory Use Enabling Technology o 6
  • 7. Effective AML Model Risk Management for Financial Institutions: The Six Critical Components 1. Model Inventory A model inventory takes stock of the implementing components – primarily the people, processes, and technology – that support AML models (exhibit 2). The inventory of existing models for AML compliance at any single financial institution may be large and can include both manual and automated processes and technology. Once a model inventory is completed, the organization should assess the enterprise risk of each item in the inventory in order to manage operational risks commensurate with the perceived risks in the model. Exhibit 2. Taking Stock of the Implementing Components for AML Models EL INVENTOR MOD Y Enterprise Identification Accountability Model Risk Assessment Completing an AML model inventory requires taking the following three steps: 1. Enterprise identification. Existing models that support AML compliance in the organization are identified. 2. Model risk assessment. The model’s enterprise risk is assessed. For example, the use of people, processes, and technology might represent an elevated risk that dictates the level and scope of the model risk management activities the organization applies to its particular AML model. Financial institutions should consider the materiality and complexity of the underlying model, the level of dependence for compliance and decision making, and the regulatory impact of each model, as well as the business assumptions on which the model is based. 3. Accountability. The organization clarifies who is ultimately accountable for controls, compliance, and oversight of the models identified in the inventory. www.crowehorwath.com 7
  • 8. Crowe Horwath LLP 2. Model Development, Implementation, and Use An AML model must be well documented and tailored to the unique risk profile of the organization (exhibit 3). Due to the varying risk profiles and business requirements of different financial institutions, each AML model must be customized to meet the specific needs of the institution. When banks design models for AML programs, relevant stakeholders – including AML executives, IT personnel, and affected line-of-business leaders – should assess the design structure, implementation approach, and use of output from the AML model for efficacy and regulatory compliance. Exhibit 3. Designing and Using AML Models IM T P N LE E PM M Model EN LO Design TAT DEVE Model Data ION Definition and Management Requirements Continuous Analysis Feedback and Results Improvement SE 8
  • 9. Effective AML Model Risk Management for Financial Institutions: The Six Critical Components Model Development and Implementation ■■ Model definition and requirements. According to the joint guidance, “An effective development process begins with a clear statement of purpose to ensure that model development is aligned with the intended use.” Banks must document model definitions and requirements for meeting business and regulatory needs. This development process involves the bank’s identification of the various sources of its functional data. The process also includes defining and documenting performance and technical requirements, and the result serves as the baseline justification for the model. ■■ Model design. An AML model must be designed based on the documented objectives of the model and various functional and technical requirements. Any limitations or merits of the model must be documented and appropriately considered as the model is developed. Model limitations – which could be tied to model inputs, the processing component of the model, or the way the model output is created – will be an important consideration when model risk is assessed. Examples of model limitations are a lack of key data elements needed to identify AML risk; limited functionality of a system to produce model results; or an absence of reporting metrics needed to analyze the effectiveness of a model. ■■ Data management. AML compliance relies heavily on data quality, and data is never perfect. Efforts must be made to assess the completeness, accuracy, and relevance of input data for the model. To verify that the AML model is being used in a manner consistent with business and regulatory needs, financial institutions should implement a feedback mechanism to learn from and improve the process during the development, implementation, and post-implementation of the model. Model Use ■■ Analysis of results. According to the guidance, “An understanding of model uncertainty and inaccuracy and a demonstration that the bank is accounting for them appropriately are important outcomes of effective model development, implementation, and use.” AML executives must analyze model results relative to limitations and design assumptions in order to assess the potential performance of a model before other stakeholders use the results. ■■ Continuous feedback and improvement. To verify that the AML model is being used in a manner consistent with business and regulatory needs, institutions should implement a feedback mechanism to learn from and improve the process during the development, implementation, and post-implementation of the model. For a process of continuous improvement, management must empower users of AML models to provide input and feedback to the model designers and managers. www.crowehorwath.com 9
  • 10. Crowe Horwath LLP 3. Model Tuning and Optimization Tuning and optimization is the ongoing process of testing and enhancing the AML model. Model tuning is an important aspect of the development and implementation of an AML model as well as its ongoing management and sustainability. Following are the three primary elements of a comprehensive model-tuning program (exhibit 4): Exhibit 4. Refining and Optimizing AML Models ING AND OPTIM TUN IZ L AT E I D O O N M Gap Analysis Documentary Prescriptive Evidence Methodology 1. Gap analysis. Gap analysis helps ensure that all of the risks the bank faces are being monitored at an appropriate level for AML purposes. For example, gap testing might identify new products or services that pose significant risk but are not part of the overall monitoring program, or the testing might identify specific high-risk customer types that are being incorrectly stratified. To confirm that an organization’s AML risks are being covered appropriately, the organization or third-party vendor must remediate any gaps or limitations identified during this analysis. Furthermore, the organization should put into place a process for assessing gaps periodically. 10
  • 11. Effective AML Model Risk Management for Financial Institutions: The Six Critical Components Without supporting docu- 2. Prescriptive methodology. Optimizing AML models requires a consistent methodology founded in quantitative analysis. Prescriptive methodology is a formal documentation of the mentation, the prescriptive comprehensive approach the bank is using to optimize the model. The methodology must methodology might not stand also define change-control procedures and the initiating events that require subsequent tuning. Examiners now call not only for the periodic assessment of model parameters but also for the up to a regulatory examination. definition of specific events – such as a change to an organization’s risk profile due to an acquisition – that warrant tuning. 3. Documentary evidence. Examiner and auditor expectations call for an audit trail of changes in the AML model’s parameters during the tuning process. Documentary evidence is used to demonstrate to regulators and auditors that the AML system is aligned to the prescriptive methodology for managing anti-money-laundering activities. Without supporting documentation, the prescriptive methodology might not stand up to a regulatory examination. The bank must maintain the documentary evidence for the life of the AML model. 4. Model Validation Ongoing evaluation of models is required to confirm that results are accurate and controls are adequate. The guidance defines model validation as “the set of processes and activities intended to verify that models are performing as expected, in line with their design objectives and business uses. It also identifies potential limitations and assumptions, and assesses their possible impact.” While the concept of validation is not new, the guidance expands the expectations for an effective validation review. The guidance states, “All model components, including input, processing, and reporting, should be subject to validation; this applies equally to models developed in-house and to those purchased from or developed by vendors or consultants.” www.crowehorwath.com 11
  • 12. Crowe Horwath LLP Model validation confirms that an institution’s AML model is aligned with business and regulatory expectations and is properly executing on underlying risks. The approach to validation focuses on the following four components related to the conceptual design, system, data, and process for AML models (exhibit 5): Exhibit 5. Testing AML Models EL VALIDATIO MOD N Conceptual Design Validation Process System Validation Validation Data Validation 1. onceptual design validation. Do the conceptual design and capabilities of the AML model C meet the identified business and regulatory needs? In assessing the conceptual soundness of a model, AML executives should consider key metrics and evidence supporting the ability of the model to accurately predict AML risks. For example, validation processes should confirm that any unique products, services, customers, and geographies of an organization are appropriately factored into an AML model’s design. 12
  • 13. Effective AML Model Risk Management for Financial Institutions: The Six Critical Components 2. System validation. All AML technology and automated systems implemented to support an AML model have inherent limitations. System validation independently confirms that the development, implementation, and ongoing use of AML technology are properly designed and integrated enterprisewide to support the model. For example, banks confirm that models are identifying and predicting AML risk accurately. 3. Data validation. Is the AML model capturing accurate and complete information? Data errors or irregularities impair results and might lead to the organization’s failure to identify and respond to elevated AML risks. 4. rocess validation. Verify that the design and ongoing sustainability of the AML model’s P processes are resulting in output that is accurate, managed effectively, and subject to appropriate controls. AML model validation is often complex and resource-intensive. Testing is generally done by individuals who have not previously provided input on either the design or implementation of the model. 5. Model Governance All financial institutions that rely on models for AML compliance should implement an appropriate governance program. According to the guidance, “Even if model development, implementation, use, and validation are satisfactory, a weak governance function will reduce the effectiveness of overall model risk management.” An organization’s governance policies, procedures, and processes should support controls and oversight to manage an effective and sustainable AML program. AML models should be implemented from end to end, starting with the board of directors and senior management, who design and oversee operating models; and including the line-of-business managers, who are responsible for implementation; third-party vendors or IT specialists, who implement technology components; and compliance risk managers, who must manage the risk that is inherent in the model. Effective model governance requires the following elements: ■■ Senior management and board involvement. Senior management and the boards of directors must set the direction and oversee the policies of a model risk management framework. AML models that are managed at the leadership level are more likely to be supported by well-thought- out policy and procedures as well as comprehensive methodologies that are executed consistently throughout the enterprise and managed through continuous improvements. ■■ Policies and procedures. At a minimum, the cornerstones of the guidance – development, implementation, and use; validation; and governance – must be addressed in formalized and enterprisewide policies. Implementing procedures should dictate the organization’s prescriptive methodology for managing the risks of models relied upon for anti-money-laundering compliance. ■■ Roles and responsibilities. Clear lines of reporting identify who owns model risk management processes and affirms the control structure that supports compliant anti-money-laundering procedures. When the bank lacks the knowledge to manage these functions, an individual should be responsible for augmenting the organization’s expertise in order to meet the bank’s model risk management standards. www.crowehorwath.com 13
  • 14. Crowe Horwath LLP ■■ Enterprise risk management and reporting. Organizations with an enterprise risk management function should define key risks, events, or changes in the organization that could affect business processes. An effective model risk management framework promptly identifies such risks and assesses their potential impact on bank models. Clear lines of authority and reporting should be established to oversee how a model’s performance might change as a result of changes in the organization. ■■ Independent audit and testing. Auditing and self-testing effectively should challenge the model’s conceptual design, data reliability, and risk management controls. The role of auditing and self- testing is not to duplicate model risk management activities but rather to assess the effectiveness of a model risk management framework in meeting AML business and regulatory needs. Exhibit 6. Governance Controls and Oversight for a Comprehensive AML Program GOVERNAN DEL CE MO Senior Management and Board Involvement Independent Policies and Audit and Procedures Testing Enterprise Risk Roles and Management Responsibilities and Reporting 14
  • 15. Effective AML Model Risk Management for Financial Institutions: The Six Critical Components 6. Model Foundation The model foundation is the final component critical to an effective AML model risk management program (see exhibit 1). A strong foundation adds structure, consistency, and efficiency to support program compliance. Following are the four elements of a robust model foundation: 1. Business and regulatory alignment. Regulators may deem a model risk management program to be ineffective if business needs are not aligned to regulatory standards. Misalignment could result in a bank’s failure to appropriately manage the risks inherent in AML models and thus lead to poor decision making and even regulatory fines and penalties. 2. Supporting documentation. Detailed document management and retention are necessary for all areas of model risk management, including but not limited to policies and procedures, periodic model validation results, detailed tuning and optimization analysis, and model inventory and risk assessment. 3. Enabling technology. Technology helps AML executives to manage the breadth of requirements for an effective model risk management program. Financial institutions must define their approach to using technology based on their size, regulatory standards, and the model risks they face. From simple spreadsheet maintenance systems to the purchase of an enterprisewide model risk management software solution from a third-party vendor, technology use varies from institution to institution. 4. Project management. Various internal and external stakeholders and third-party vendors often come together to develop and implement AML models. Experienced project management personnel are critical to managing resources effectively and implementing models successfully. Conclusion Minimizing AML compliance risk in an era of mandated model risk management standards requires a financial institution to design, implement, test, and improve its AML models on an ongoing basis. The model risk management framework outlined here is designed to lead banks through the critical components of building an effective and compliant AML model risk management program. Institutions that do not adopt a documented, consistent model risk management framework for AML programs risk incurring regulatory actions, fines, and other penalties. All aspects of model risk management require banks to provide robust supporting documentation that demonstrates to regulators and auditors that their AML models are effective and aligned to business and regulatory needs. Using a project management structure overseen by senior management contributes to consistency within the organization and the integrity of its AML models. Additional tools and strategies are available to help institutions with the daunting requirements of the guidance. Given the complexities of model risk management, many banks are turning to technologies available in the marketplace that can help them deploy a systematic and consistent approach to model risk management. Using technology also helps with the documentation, quantitative analysis, and tuning procedures that federal examiners have come to expect. www.crowehorwath.com 15
  • 16. Contact Information John Epperson, CAMS, is with Crowe Horwath LLP in the Oak Brook, Ill., office. He can be reached at 630.575.4220 or john.epperson@crowehorwath.com. Arjun Kalra, CAMS, is with Crowe in the San Francisco office. He can be reached at 415.946.7449 or arjun.kalra@crowehorwath.com. Brookton Behm, CAMS, is a principal with Crowe in the Grand Rapids, Mich., office. He can be reached at 616.233.5566 or brookton.behm@crowehorwath.com. 1 Future articles from Crowe Horwath LLP will explain in further detail each of the six critical components of the AML risk management program described in this white paper. 2 Board of Governors of the Federal Reserve System and Office of the Comptroller of the Currency, “Supervisory Guidance on Model Risk Management” (OCC 2011-12 and SR 11-7), April 4, 2011, http://www.occ.gov/news- issuances/bulletins/2011/bulletin-2011-12.html and http:// www.federalreserve.gov/bankinforeg/srletters/sr1107.htm. 3 Office of the Comptroller of the Currency, “Comptroller Curry Discusses Operational Risk in the Banking System,” May 16, 2012, news release, http://www.occ.gov/news- issuances/news-releases/2012/nr-occ-2012-77.html. www.crowehorwath.com When printed by Crowe Horwath LLP, this piece is printed on Mohawk Color Copy Premium, which is manufactured entirely with Green-e® certified wind-generated electricity. The Mohawk Windpower logo is a registered trademark of Mohawk Fine Papers Inc. Green-e is a registered trademark of Center for Resource Solutions. Crowe Horwath LLP is an independent member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath International is a separate and independent legal entity. Crowe Horwath LLP and its affiliates are not responsible or liable for any acts or omissions of Crowe Horwath International or any other member of Crowe Horwath International and specifically disclaim any and all responsibility or liability for acts or omissions of Crowe Horwath International or any other Crowe Horwath International member. Accountancy services in Kansas and North Carolina are rendered by Crowe Chizek LLP, which is not a member of Crowe Horwath International. This material is for informational purposes only and should not be construed as financial or legal advice. Please seek guidance specific to your organization from qualified advisers in your jurisdiction. © 2012 Crowe Horwath LLP RISK13906