Can anyone give me any insight as to the point at which you think a bank should have an automated AML system? Is there an asset threshold that you think triggers it or have you had any input from examiners as to their thoughts on this issue?

I was at a multibank holding company of about 1 billion that had a manual system with no AML software. I thought the organization was crazy, but they didn't see the need to pay for it. When I took over the BSA Officer position, I trippled the size of my policy and created workflow charts for every high and moderate risk area. I had the process as air tight as possible but knew the day would come when the examiners would want an automated system. Frankly, I would have felt better with an automated system but I would have needed another employee to manage the program, which I couldn't get either.

However, the examiners liked my processes and they did prove to be air tight. We were in a fairly low risk area with a very stable customer base, so it never became an issue, though it will at some point.

The answer to your question has to be risk-based and there really can't be a standard for this, though I think it is good to have for any sized organization if the organization can afford it.

Frankly, once you start having any kind of BSA issues, the examiners start to say that you need to get an automated AML system.

A lot depends upon what kinds of reports and monitoring you can put into place without such a system. Some core systems have alert types of reports now; combining that with other reports such as kiting, cash aggregation, etc. can go a long way.

The main factor relies on your institutional risk. What does your risk assessment says? Are you confident that your manual processes adequately and effectively manage the risks?

Another factor relies on the effectiveness of your manual processes. Have you had issues with your internal controls? have you risk-rated them during your risk assessment process?

Further, the other factor to consider is independent audits and regulatory examinations. Have they brought up any concerns or potential issues? Have they evaluated your monitoring, investigating, and reporting proceses? if so, have they been satisfactory...

Don't forget your teller system when designing your program. A good teller system can be used to aggregate transactions based on your thresh hold levels, trigger tellers to identify persons conducting transactions at your specified levels and generate reports of customers and transaction amounts. I found doing research on our teller system yielded better and much faster results than using our core system.

When I identified a single potentially suspicious cash transaction on our daily cash report, for example, $9800, I could pull the customer's cash transactions of $7k - $10k for the past 3 months in just a few seconds. That enabled me to quickly determine whether I was dealing with an isolated situation or a pattern of activity. I would note results on the daily cash report and proceed accordingly.

Our examiners tried but were unable to find problems with our processes and we were able to rely on our core reports and teller system reports for many years - well into being a multi-billion dollar bank. They would usually leave with a "verbal" recommendation to consider more automation as we continued to grow (which, of course, we were doing anyway).

I've seen banks install systems that required them to add 2-3 people to staff just to manage output. Determining and maintaining appropriate system parameters were also a big challenge. Based on their feedback to me the systems did not result in better surveillance or results...just more work.

As previously mentioned, there's no magic size. It must be based on your customers, type/volume of transactions, services offered by the bank (and the ability to integrate support systems for these business lines) and your core system.