The regulators are upping their game and are becoming more familiar with Automated Monitoring Systems. They are starting to push the boundaries of a model validation and their expectations for a “complete” model testing review. Some examiners are more advanced than others, but the word is being spread and soon they’ll all catch on! This was stressed by all the regulators at a June BSA event TCA attended. Also, they’ve started to requested a Gap Analysis for the AMS, but what do they want to see?
Before we get started with what’s in a Gap Analysis, we need to define a couple terms, just to ensure we are all on the same page. As we explain these terms, I think the requirement for a GAP Analysis will become obvious.
What is a Model?
For the purposes of AMS, a model can be defined as a quantitative method, system or approach that applies statistical, economic, financial, or mathematical theories, techniques and assumptions to process inputted data into quantitative estimates as defined in the OCC 2011-12 bulletin on Model Guidance. A simpler definition is it generally consists of three components; input, processing, and reporting and these three factors are what’s reviewed in an AMS model validation. A typical model validation consists of the basics of looking at the data as it flows from the core system into the AMS, the behind the scenes process analysis and output reporting of generated alerts.
What is a Gap Analysis?
A Gap analysis is simply a document that describes the gaps between the AMS/ BSA Risk Assessment to the manual processes that are still used every day to identify suspicious activity.
A gap analysis is based upon the risk that is incumbent in any model. Models typically do not consider all parameters in the processing phase. A Gap Analysis brings to light these gaps. Based on these gaps an understanding can be built around what the model can and can’t do. There are always limits! What are the limits in your AMS?
What gaps should you look for?
Any process that is manual is a gap. These manual processes are not built into the automated system and hence the system cannot build that information into processing customer data. In other words, these are gaps because the customer data in AMS is not integrated into the analysis steps. This adds some risk into the overall review process, since the missing information could be pertinent, even critical, to the set of transactions that are being reviewed to generate alerts.
Gaps can come in many forms, but here are a couple of examples. Wire transfers are sometimes difficult to import into the AMS and they are handled via a manual processes. Sometimes the process is as simple as identifying the wires as domestic vs. international, because they both have a different impact on the potential for triggering suspicious activity.
Another example arises when a BSA Risk Assessment factor is not defined by an AMS rule. In each of these cases, manual processes may be necessary to ensure that these activities are not missed when reviewing customer transactions.
Additionally, gaps could be created based on the rules and parameters chosen. When preparing a Gap Analysis, first look at your BSA Risk Assessment. What concerns are described in the risk assessment? These concerns should provide the foundation for your rules and AMS alerts. If they don’t, the question is why? The Gap Analysis should document these gaps as well. A Gap Analysis is not only important for an examiner, but it’s also useful for the bank.
Also, if the bank is considering a different AMS platform, knowing and understanding the Gaps in the current system can assist in creating a needs list for the new platform.
A Gap analysis can also provide the motivation to automate all the pieces of the AML puzzle. For example, if you know that wires aren’t feeding into the AMS and there are a significant number of wires, it makes sense to invest time to determine why they aren’t imported into the AMS and how they can be now or later.
Beneficial Ownership Question
Question: We have an LLC that has common and preferred members. The preferred members do not have any decision making authority. Does beneficial ownership apply to them?
Answer: Possibly. Businesses may establish authority and ownership structures according to preferred and common status, but the beneficial ownership rules still apply to natural person that have more than 25% ownership interest in the legal entity. If preferred members have no decision making authority, it is likely that the control prong would not originate from that pool, but they still may have a 25% or more ownership interest. The Bank should ask the person opening the account to provide the details of the ownership structure and certify to the best of their knowledge the identifying information of those natural persons that own 25% or more along with the one control person.
CTR Question of the Month
Question: I have a customer who makes a $11,000 cash deposit to her employer’s business account (normal business proceeds). On the same day, her husband makes a cash deposit to their joint DDA of $1,000. Does that $1,000 get included on the CTR? Both transactions are completely unrelated except that the conductor (on behalf of another) for one transaction is also the account owner (on behalf of) for the second transaction.
Answer: You would not include it. There is not a common conductor, nor a common beneficiary
Did you know TCA performs BSA/AML automated monitoring system and model validation? Contact TCA’s Jim Baron to discuss how a TCA solution can bring added value to these mandatory requirements.
E‐Mail the BAT at [email protected] with your BSA/AML/CIP/CDD/OFAC Questions!