Forces and Frameworks

Achieving Compliance Efficiencies Amid Heightened Regulatory

Scrutiny

2

Regulatory Expectations

Part 504 will apply to all entities chartered, or licensed, under NY state banking law; this includes banks, as well as, non-bank financial institutions (NBFIs).

Sarbanes-Oxley (CEO and CFO certification), Volcker (Appendix B – CEO certification), FATCA (FATCA Responsible Officer certification)

Applicability

Similar laws

Finding A Board resolution or “compliance finding” as set out in the appendix to the Rule must certify that the institution has taken all steps necessary to certify the transaction monitoring and filtering programs comply with the Final Rule.

LiabilityPart 504 will hold organizations responsible for ensuring their AML/OFAC programs are compliant with NYDFS and BSA/AML regulations. This includes that the regulation will be enforced pursuant to the NYDFS’ “authority under any applicable laws.”

NYDFS believes that lack of robust governance, oversight and accountability at Senior levels of the organization has contributed to shortcomings in Transaction Monitoring and OFAC Filtering Programs.

Why now?

NYDFS recently passed Part 504, effective 1 April, 2017. Amongst other tenets, certification and personal accountability have raised the bar for expectations and consequences for insufficiency in the realm of AML, tantamount to other financial reporting certification requirements.

3

Infraction

“[The firm] failed to ensure that the four or more individuals responsible for AML compliance at the Firm received appropriate BSA training. These individuals directly supported activities related to the Firm’s AML and CIP programs, such as gathering customer identification information, performing customer verification through the use of external databases, disseminating CIP disclosures to customers, reviewing accounts for suspicious transactions, reviewing and/or approving wire transfers, and maintaining records in accordance with BSA requirements.”

Sanction/Remedy

“This comprehensive training program shall provide for more extensive BSA/AML training for all operational and supervisory personnel assigned to the Bank’s BSA/AML department(s) and more targeted training for other personnel focusing on the individual employee’s specific duties and responsibilities. This comprehensive training program also shall include strategies for mandatory attendance, frequency of training, and timing for updating training programs and materials.”

AML TrainingPart of the Problem or Part of the Solution?

4

Model-based transaction monitoring and alert prioritization can aid in asking better questions during investigation process, and avoid many false positives.

Increasing Alert EfficiencyBetter alerts lead to more productive

investigations

A typical suite of detection scenarios asks a few simple questions, for example:

Statistical models ask more and better questions, permit comparison

• Most are false positives• Investigators must interpret

• Txn above threshold?

• Recurring relation?

• Activity burst?

• High risk country?

• High risk customer?

• Other?

!!!• Fewer false positives• Investigators aided in interpretation

5

Investigative process – 4 steps all of which also must be auditable and stand up to scrutiny

Changing the Investigative Process

Efficiency and Consistency Still in play to improve

case assign investigate narrate

• Static information sources

• Facts defined without context

• Case duplicates and combined events

• Investigative complexity needed not gauged

• Exhaustive search for information

• Time consuming copy and paste

• Manual correlation

• Completeness differs as does writing style

• Information pertinence judged by investigator

• Dynamic information integration

• Contextual awareness helps focus attention

• Case consolidation logic removes rework and paints truer picture

• Case complexity risk scores can help with assignment

• Automatically correlate events and focuses investigative attention

• Highlights missing information• Gathers information and

presents formatted case summaries

• Standardized case summary and narrative generation

• Supported by facts and auditable documentation

Current state of investigation

Improvement potential future state

6

PollWhich of the following deficiencies is most likely to be cited in compliance actions over the next year?

1. Not scaling resources to keep pace with transaction growth

2. Poor integration of relevant compliance data and applications

3. Inconsistent application of compliance processes4. Willful disregard for compliance activity5. None of the above

7

Challenge – “Fighting the last war”

SCALABILITY INTEGRATION CONSISTENCY

Can you grow efficiently?

Can you minimize evidence gathering and preparation?

Can you improve

accuracy with consistency?

AUDIT-READY

Do narratives provide transparent support

for staff, systems, and procedures?

8

Visualizing Alternatives

Human Machine

Scalability

‘Ad Hoc’

Procedure

Consistency

Silos

‘Fabric’

Integration

9

Goldilocks Dilemma in 3DSCALABILITY

• Scaling by hiring – inefficient

• Scaling by analytics – fragile

• Scaling by ‘the division of labor’ – proven, adaptable

INTEGRATION CONSISTENCY• Consistency through

training – inefficient to keep current

• Consistency by published procedure – ‘memory drift’ creates variance

• Consistency by embedded procedure – minimizes variance

• Integrate by centralization – access is the issue

• Integrate by application – custom development

• Integrate by virtualization – machine-driven federation

10

Take A ‘Maturity Level’ Perspective

11

Achieve Global ImpactEstablish Scalability

Increase CertaintyInstantiate Consistent

Procedure

Efficient OperationDeploy an

Information ‘Fabric’

Constant AgilityEmbrace Regulatory

Change

Select the Best Focal Point

1212

Sample Narrative

Single-screen with auto-generated Narrative

AML Investigator solution

Sample Case

Single-screen for all

Case information

13

Key Takeaways • Increased scrutiny and personal exposure increase

the importance of training

• Seek improvements in alert precision and investigative process to gain efficiency

• Counter to intuition, substantial efficiency improvements can happen amidst change

14