How to derive value from an anti-money-laundering compliance investment

Today it is difficult to remember a world before 9/11, before Enron and corporate scandals, before the USA Patriot Act, before a more energized Office of Foreign Assets Control (OFAC), Sarbanes-Oxley, and Basel II. Nonetheless, it was only 48 short months ago that banks enjoyed a calmer regulatory environment, when meeting Bank Secrecy Act (BSA) mandates meant dealing with well-understood record-keeping and reporting requirements for currency structuring, certain funds transfers of more than $3,000, and transactions of more than $5,000 that might be indicative of money laundering. True, there were indications of change in the wind even then. Up on the Hill, Sen. Carl Levin was actively investigating the need for further regulation of correspondent banking and other offshore transactions, but major "know your customer" legislation had been defeated some time before, and the Bush administration was not agitating for change.

The evolving environment

Today, bankers face a very different environment. The USA Patriot Act regulation reaches into every corner of the organization and has become part of the very fabric of the bank. Moreover, in this new world, banks must confront and conquer a variety of challenges including:

Early last year, industry surveys indicated that U.S. banks were preoccupied with concerns about imminent Sarbannes-Oxley deliverables and increasing risks relative to regulation, both national and international, although money laundering headed the list. Large, global banks also had to make progress on Basel II requirements, but most had not started to address operational risk holistically. Twelve months later, these issues are still on the table. However, it is the changing nature of supervision, with its apparent lack of consistency, and the more stringent enforcement environment, especially for anti-money laundering (AML), that is now capturing bankers' attention—and also pushing the agenda for technology change.

Regulatory compliance clearly is not first and foremost a technology issue. Compliance is a function of a bank's corporate culture and governance structure and management's approach to risk. It should be directed from the top through corporate policies, standards, and controls that are implemented consistently across business units and throughout subsidiaries and affiliates. However, it is important that the CIO sits at the table as part of the process, as is happening in larger banks, because software solutions, and the IT architecture, are critical to the success not only of a bank's compliance efforts but also to its overall business performance. This approach has not always been the case, and, in fact, is still not the case today among many mid-tier and smaller banks.

Top of page

AML obligations

Historically, the purchase of AML software was part of the checklist compliance, cost-benefit mentality that most banks brought to BSA compliance. This attitude was understandable given that compliance software was perceived as an expense that brought no bottom-line benefit to the bank. Looked upon as a necessary cost of doing business, BSA compliance software products were implemented only as necessary to address those specific statutory and regulatory requirements that could be effectively automated. Typically, this meant that banks implemented software products as point solutions within high-risk areas of the bank such as the wire room.

Since 9/11 the situation has radically altered. The USA Patriot Act ushered in a host of new provisions in numerous areas as well as a new focus on deterrence and detection. Not surprising, bankers developed a new interest in tools and technologies to satisfy the Act's mandates, particularly those that would help them identify activity that might indicate money laundering or terrorist financing. Today the case for AML monitoring solutions has been made. The largest banks have renewed their technology architectures for AML, and next-tier banks that have not strengthened their infrastructures have at least recognized the need to do so. The question now facing banks, regardless of whether they have a new system or are looking to purchase one, is how they can derive value from their AML compliance product.

Top of page

Deriving value

Deriving value means different things to different banks, but value can be achieved in two major ways. Banks can use the AML product to comply more effectively and to reduce a variety of institutional risks (legal, regulatory, reputation, and now relationship risk), all of which are essential in the current enforcement environment. In some cases, depending on the vendor and technology selected, banks can take advantage of the technology used for AML compliance to tackle many of the evolving challenges noted earlier—in essence, AMLplus. The former provides primarily qualitative benefits such as protecting the bank’s reputation, meeting legal requirements, satisfying regulatory examination requirements, and participating in merger and acquisition activity. Moreover, effective compliance can lead to quantifiable advantages in overall bank performance if implemented in an integrated way at an enterprise level.

TowerGroup has estimated that as much as 30 percent of IT compliance spending can be considered "waste" that results from redundant or inefficient investments in multiple businesses across the enterprise. Banks, therefore, should align AML technology to business strategies to maximize efficiencies and returns under the corporate compliance and risk management framework. They should also ensure that the CIO and the Chief Risk Officer (or compliance executive) work in tandem to optimize results across business silos. A joint approach is essential given regulators' renewed focus not only on the AML program but also on whether banks are taking commercially-reasonable steps to protect themselves from a technology perspective. This means achieving not only a clean reputation but also making technology investments that are appropriate to the risks of the business. These factors speak to the need for integrated systems that attack AML comprehensively and, importantly, have the functions and scale to support enterprise-wide anti-money-laundering objectives so that banks get the biggest bang for their AML compliance buck.

Top of page

New technologies offer benefits outside AML core

The other alternative, which builds on the first, is for banks to move beyond the AML core and to use the AML solution for other purposes. Such purposes include more specialized compliance in related areas, comprehensive fraud and risk management, or customer relationship management and marketing. Banks at the top end of the market have already recognized the need and the opportunity and are buying technology-based, multipurpose solutions. However, multipurpose solutions are important as well for next tier, regional banks looking for a quantifiable return on investment (ROI) that can be associated with the underlying AML compliance purchase.

Historically, software solutions for BSA compliance were relatively inexpensive because they are point solutions developed over time to meet emerging regulatory mandates. The AML technology-based solutions that have been brought to market in the last four to five years, however, have come with higher price points due in large part to the technologies used, and the fact that in some cases banks are paying for platform capabilities up front. Providing transaction monitoring tools to detect behavior that is potentially indicative of money laundering is the baseline requirement. However, these systems all offer capabilities outside the AML core, and the technologies and the data offer banks the capability to derive quantifiable value from their investment. In addition to integrated or layered applications, these systems help break down system silos to provide a more holistic view of risk and customer transaction activity. Analytics, data mining, real-time capabilities, and even neural net technologies are now available to attack fraud and risk.

Many vendors have recognized that banks want to derive additional value from their transaction monitoring solutions and are offering either integrated AML solutions or additional applications for non-AML purposes. Some of these vendors offered other types of solutions before focusing on AML; others have worked from AML out, but all are evolving their products in line with the changing environment. The technology vendors are at an advantage for AMLplus solutions, with the payoff at the high and midtiers of the market where banks need, and can afford to implement, multipurpose solutions at an enterprise level.

Top of page

Conclusion

Banks now have an opportunity to derive value from their AML investment. Whether or not a given bank takes advantage of this depends on its approach to compliance. If a bank's objective is compliance, then the result will be compliance—meeting mandated regulatory obligations. There is nothing wrong with this approach, but if a bank’s objective is strategic and business advantage, then an AML compliance solution can offer a framework to drive technology innovation and, potentially, a return on the investment. Banks must decide where on the compliance spectrum they sit and consider what might be the most appropriate way to use technology to their advantage. While larger banks may have greater resources, many banks can look to their IT investments in compliance not only to ameliorate the burden of regulation but also to become more efficient. Compliance can be, and often should be, a catalyst to use technology to automate and streamline processes to achieve productivity, performance, and even profitability gains.

Breffini McGuire is a Senior Analyst at TowerGroup a leading advisory research and consulting firm focusing on the global financial services industry. She can be reached at bmcguire@TowerGroup.com.

Top of page