Did anyone get a chance to read the BSA Red Flags paper that the CEO of Global Vision put out? In it he points out that many of the banks are missing obvious money laundering flags because they are using systems that do real-time risk scoring instead of data mining accross all transactions in all clients for 30 days. We are a small community bank with a staff of one and not a lot of money to buy a system that would do this type of monitoring. any thoughts out there? does anyone out there doing data mining manually?
I'm stumped

Sorry but when I read the paper I just got out of it that it was good advertising for Global Vision. I did not like "Furthermore, since a financial institution will not lose any money in a money laundering case..." I am sure that some of our posters employeers have lost money due to CMP's.
Additionally I did not like "The correct approach ..."

Just my opinion.

Some of those papers are bit ridiculous, as they all conclude that the best approach is whatever snake oil they're selling. I once heard a pitch from a vendor who said the reason their approach was the best one was "because they locked a bunch of Ph.D's in a room, and this is what they came up with."

The best approach is the one that mitigates the AML risk of the products you are monitoring.

Would I like to have an Audi A-8? Yeah, I really, really would. While my Saturn doesn't do everything that I want; e.g. turn heads, it certainly does everything I need.

Look at what your institution based on its size, number of high risk customers, location, etc. actually needs. You may not need any AML or SAM software at all.

This is pathetic, but I need to admit it for the greater good. Every time I go to the ABA-ABA conference I sit in on demo after demo of AML software during those never ending breaks. Every vendor makes the same claims and issues the same warnings. However, what I come away with a reinforced opinion about what is and what is not worth knowing about customer activity, a better idea of how much money each incrememtal amount of information is worth, and some really good insight into how to replicate the same information gathering at a fraction of the cost..

Ditto, Ken. I have seen community banks pressured into buying into some of these systems only to be left with stacks of output and no way to manage it. They sometimes end up throwing more people at the problem with no better end results in their ability to identify and manage red flags.

I think when it comes down to it, what actually differentiates a lot of the software vendors isn't the underlying technology (as long as the system actually works) anymore as I think the market has weeded, or will weed anything bad out; but rather the support they provide to make it work, and make it function as promised.

Bankers shouldn't be afraid to go to their vendor and tell them 'your product, fix it' if it is producing an awe-full volume of useless work. A system is designed to help you. If it doesn't help you, and the vendor wont make it help you, dump it and find one that will.

Unfortunately, the pat answer is - the system can do whatever you want it to do for you, you just have to figure that out and establish your parameters. The process of setting those parameters, testing and resetting if over-whelming to most community banks. Not because the bankers are not smart enough - it is an "hours of daylight" issue. By the time a typical community banker finishes running the bank for the day, very little time is left to programming.

Obviously, some vendors are more helpful than others, but it can be hard.

I found that I could tweek my normal system reports and tools already in place and identify the same issues with much less effort in my prior banking environment and we had grown to be a large community bank. There is, of course, an asset size and product volume/makeup where that becomes impossible.

My point is that community bankers should not assume that an automated system is a silver bullet that is going to solve their AML detection and red flag monitoring problems.

I know of two systems that have flat out stated they don't monitor for structuring. (??!!!)

One vendor says they don't have a structuring report and have no plans to offer one.

Another system failed to catch someone who made three $5,000 deposits in the space of three days. The systems rep said each of the deposits wasn't "large" enough to be considered structuring.

Nice.

OTOH - I will have to say that some systems to produce a huge volume of "flags", "reports", "incidents" or whatever you want to call them. A lot of those items are pure junk. My favorite was the "structuring" report that listed everyone who had direct deposit.

Why?

Because the account had at least two transactions per month consisting of the same dollar amount.

(That sound you just heard was "head hitting desk")

Most of these well known systems come with "canned" rules that they role out with the software. They all can be changed to better meet the risk profile and customer activity of a specific bank. If you buy one of these program and think the "canned" parameters are an end-all, fix-all, you are sorely mistaken. If you have a system that is spitting out meaningless information, change your parameters or the regulators are going to dismiss the system as useless regardless of the price you paid for it.

Ditto what everyone else said. Most of these programs identify your cash intensive customers as suspicious. We finally gave all of our well known CI customers a different risk code so that they don't appear on the monthly reports every month. We look at their activity separately to make sure they aren't doing something suspicious and maintain a "high risk" file with information about their business etc. This has made things more manageable for us and produces a lot less paper!