Data and Model Validation for Suspicious Transaction...

Data and Model Validation for Suspicious

Transaction Monitoring Systems3:20p| 27-September-2016

Bao Nguyen, Director of Regulatory Compliance, Kaufman, Rossin & Co.

Scott Nathan, EVP, BSA Officer, BankUnited, N.A.

Ivan A. Garces, Principal, Kaufman, Rossin & Co.

Daniel Haggerty, BSA/AML Examiner, Federal Reserve Bank of Atlanta

• Introductions

• Importance of system model validations and

best practices

• View from advisory firm perspective

• View from financial institution perspective

• View from regulator perspective

• Key takeaways and questions

Ivan A. Garces

Principal

Risk Advisory Services Practice Leader

Kaufman, Rossin & Co.

4

• Banks heavily rely on automated systems to

identify potential suspicious activity.

• Scenarios are based on judgmental and

quantitative considerations.

• Validation is an ongoing processes intended to

verify whether the suspicious activity monitoring

system is performing effectively and efficiently.

• The OCC and the Federal Reserve published

“Supervisory Guidance on Model Risk Management” (OCC 2011-12 & SR 11-7).

Validation, What Is It & Why Do We Need It?

5

• Evaluation of Conceptual Soundness

– Understand risk profile (customers, products

& services, geographies)

– Historical SAR experience

– GAP analysis

– Methods, assumptions and variables used

– System functionality & limitations, if any

Validation – Does Your System Make Sense?

6

• Data Input & Integrity

– Enterprise wide

– Customer

Information

– Transaction Data

– Data reconciliation

– Data mapping

Validation – Data Integrity

Ensure all appropriate customers & transactions are flowing into monitoring system

Core System Account/Transaction

Monitoring System

Wire System

Domestic and

International Wires

Profile

Exceptions

Cash Transaction

Aggregation

Wealth

Management System

CDD/EDD System

Expected Activity

Profiles

Ad-Hoc Reports

Flags/Alerts

7

• Evaluation of filtering criteria (rules, parameters

and thresholds)

– Should be commensurate with risk profile.

– Statistical analysis (customer & transaction

segmentation).

– Transaction testing to validate parameter

settings (ATL/BTL).

– Consider reasonableness of alert scoring.

– Evaluate efficacy of modifications to rules,

parameters & thresholds.

Validation – Testing the Parameters

8

Example – Rule captures any

business customer conducting

greater than $500,000 in wire

transfers (in/out) within a 30

day period.

82.7% of Avg.

Wire Activity

Above the Line /

Below the Line

Testing

Dollar

Threshold Percentile

Number of

Alerts

% of

Customers

Captured

% of Total

Wire Activity

Captured

less 5 percentile $ 357,444 80 154 20.0% 87.8%

less 2 Percentile $ 422,416 83 105 17.0% 84.9%

Current threshold $ 500,000 85 81 15.0% 82.7%

plus 2 percentile $ 645,579 87 46 13.0% 78.6%

plus 5 percentile $ 802,241 90 34 10.0% 74.3%

Business customers with Wire Transfers greater than $500,000

Validation – Rules Testing

9

• Evaluation of Reporting Process

– Back-testing of logic

– Productivity ratios

• Alert to RFI %

• Alert to investigation %

• Alert to SAR %

Validation – Does it Work?

10

Validation – Documentation

Model Inventory

Monitoring systems

Policies &

Procedures

Methodology &

approach

Types & source of

inputs

Data mapping

Data reconciliation

Model Inventory

Parameters & settings

Roles &

responsibilities

Reports

Date of last

assessment

Results of last

assessment

Limitations

Daniel HaggertySenior BSA/AML Examiner

Federal Reserve Bank of Atlanta

12

Validation for Suspicious Transaction

Monitoring

• FFIEC BSA/AML Exam Manual - Automated Account

Monitoring

• Parameters and filters should be reasonable and

tailored

• After parameters and filters have been developed,

they should be reviewed before implementation

• Once established, the bank should review and test

system capabilities and thresholds on a periodic

basis.

• The monitoring system’s programming methodology

and effectiveness should be independently validated

to ensure that the models are detecting potentially

suspicious activity.

13

FFIEC BSA/AML Examination Procedures:

Suspicious Activity Reporting

Step 5: Identify the types of customers,

products, and services that are included

within the surveillance monitoring system.

Considerations:

• Coverage of Products and Services

• Inventory of Bank’s Technology Systems

• Data Mapping

• Transaction Mapping

14



Step 6: Identify the system’s methodology for

establishing and applying expected activity or profile

filtering criteria and for generating monitoring reports.

Determine whether the system’s filtering criteria are

reasonable.

Considerations:

• Money Laundering and Terrorist Financing Red

Flags (FFIEC BSA/AML Examinational Manual –

Appendix F)

• Support for Filtering Criteria

• Data Integrity of Key Fields

15



Step 7: Determine whether the programming

of the methodology has been independently

validated.

Considerations:

• Roles and Responsibilities

• Frequency

• Scope

16



Step 8: Determine that controls ensure

limited access to the monitoring system and

sufficient oversight of assumption changes.

Considerations:

• Change Management Framework

• Oversight

• Policies and Procedures

• Documentation

Scott Nathan

EVP, BSA Officer, Director of Financial

Crimes Risk Management

BankUnited, N.A.

18

Data Inputs

Customer

Transactions

Accounts

Data Sources

AML Rules Engine

Segmentation and

Thresholds

Txn Monitoring

Alert Risk Scoring &

Analytics

Alert Alert

Alert Triage

Alert

Processing

ETL Logic

Output & Investigations

Rule Responsive

Quality Assurance

MI &

Reporting

Alert Disposition

Alert Case

SAR

• Understand sources and logic used• Data integrity and quality checks• ETL methodology and testing

• Model translations• Typology mapping• Population stats and segmentation• Tuning and analytics

• Outcome assessments• Rule responsiveness• MIS reporting• Quality assurance

1

2

3

Three Primary Components of Successful

Validation

19

• Validation / tuning processes are inconsistent between banks; model behavior will differ .

• Disconnect between “independent assessment,” “tuning” and “model validation” exercises.

• Consulting firms are not able to form an official opinion regarding outcomes in a manner useful to management or internal audit.

• Lack of visibility around system performance across data sets.

• OCC has yet to publish exam procedures specific to model validation.

• Definition of rules/models when translated from code to ‘English’ often differ from management expectations.

• Regulators are the only ones with perspective into what works and what doesn’t across the footprint.

Challenges with ‘Validation’

20

Typical Model Validation Exercise

Task Description Challenge

1 Identify and source dataLack of data governance strategy or resources

with knowledge of environments

2 Assess models/scenarios Understanding model functionality

3 Develop code to replicate model output Understanding model structures

4 Reconciliation of model alert output Understanding data architecture

5 Model threshold evaluationEvaluation of risk assessment and underlying

population statistics

6 Quality assurance reviewCooperation between parties with open

communication

21

Model Assessment Lifecycle

• The following six functions are representative of the model risk management lifecycle within our BSA Analytics department

Product & Service Inventory

Typology Mapping

Coverage Gap Assessment

Data Source Reconciliation

Source to Target Mapping

ETL Process Evaluations

Model Prioritization Data Assessment

Functional Requirements

Logic Definitions and Testing

Output Evaluations

Model Review

Data Segmentation

Threshold Tuning

Sensitivity Assessments

Model Optimization

Householding

Scoring/Triage

Case Enrichment

Event Prioritization

Performance Evaluations

Productivity Ratios

Logic Enhancement

Perpetual Model Management

1 2 3

4 5 6

22

Source to Target Assessment

• Defining, evaluating and testing source system data and transaction code impact is critical and requires dedicated BSA technology resources.

• We manage and evaluate over 560 active tran codes in our core systems and their downstream impact on the monitoring platform.

• System model code sub mappings (‘buckets’)

• Direction of payments and need for custom ETL for mixed trxn groups

• File enrichment programs (wire, ACH, trade)

• Monitoring environment – perpetual control evaluation model (ETL, FTP jobs)

23

Sample SQL Logic Evaluation

WITH TRANS

AS

(

SELECT AC.account_key,

AC.acct_first_name,

AC.acct_last_name,

AC.acct_num,

AC.acct_type_cd,

AC.acct_open_date,

trn.acct_currency_amount,

trn.transaction_date_time,

trunc(trn.transaction_date_time,'Month') AS transaction_date,

CASE WHEN EXTRACT(MONTH FROM

trn.transaction_date_time) = 3 AND EXTRACT(YEAR FROM

trn.transaction_date_time) = 2015 THEN 1 ELSE 0 END AS

is_current_month

FROM AML_STAGING_DB_TEMP.ACCOUNT AC

INNER JOIN

AML_STAGING_DB_.................................................................

…………………………………………………………………….

OK

X

SQL Statement Logic Gap Assessment

Validation of known logic defect associated with historical behavior model

24

Key Optimization and Validation Practice

• Develop data model to support the tuning and optimization process inclusive of the ability to traverse in multiple dimensions between ‘alerts’ and SARs.

FIU Data Model Intelligent Suppression

25

Key Takeaways

• Examiners are increasing their focus on BSA/AML data validation

• Understanding the filters in your system and how it works is critical to assessing the effectiveness of your monitoring program

• Select a team who understands the system, underlying data models, and model validating process

• Follow the data – ensure the mappings and structures make sense

• Document rationale behind your existing rules and thresholds, and that filtering criteria and parameters are reflective of your institution’s risk.

26

Please rate this session now on the

ACAMS Conferences App

Session & Speaker Feedback

From App homepage:

• Click on session

• Find bubble or ”thumbs up” icon

• Rate session and speakers

THANK YOU!

Data and Model Validation for Suspicious Transaction...

Documents

Transcript of Data and Model Validation for Suspicious Transaction...