AML technology spend continues

The survey recently conducted by OpRisk & Compliance and Protiviti provides some interesting insights into the financial services industry's use of technology to support its efforts to monitor money laundering. Not surprisingly, more than 70% of the survey respondents representing all major segments of the industry indicate they use automated systems for monitoring. Of those respondents lacking automated systems, 23% expect to install a system within the next 12 months. Of more interest, perhaps, are the participants' responses on the extent to which they continue to upgrade automated systems, the degree to which they use multiple systems, their reliance on manual monitoring to supplement automated systems and their lack of metrics to measure system performance.

To put the survey results into perspective, it might be useful to share some additional information about the demographics of the respondents. Although survey participants represent financial institutions across the globe, more than 75% of the respondents are financial institutions headquartered in the EU and North America. Two-thirds of all respondents operate in more than one country. More than 50% have total assets of more than $10 billion, including 20% with total assets greater than $250 billion. In summary, the majority of respondents are large, diversified financial services companies that are domiciled in jurisdictions with well-developed and defined anti-money laundering (AML) regimes.

Two-thirds of the survey participants have centralised monitoring functions, 30% have dispersed functions, and the remainder have outsourced monitoring. Two-thirds of the respondents also report a growth in headcount assigned to AML monitoring in the past two years, with almost 18% reporting growth of more than 50%. While 44% of the respondents report that AML monitoring reports to an AML compliance officer, about 19% state that AML monitoring reports to the business line. On this latter point, the responses from EU and North American financial services companies were significantly different, with only 11% of North American, but 26% of EU respondents reporting to the business line.

Of the more than 70% of the respondents that use automated monitoring systems, more than half report using multiple systems for different products (29%) or in different countries (7%). Of this same population, 70% indicated they have upgraded or changed systems in the past two years. Despite this continuing investment in technology, nearly 75% of all respondents (83% for North American respondents) indicate they use manual monitoring to supplement their automated monitoring systems and 30% report that the automated system they purchased has fallen short of what the vendor represented. All of these responses suggest there might still remain significant opportunities to enhance automated monitoring capabilities to meet the needs of the industry, although some degree of manual monitoring will always be necessary and desirable.

While one might expect that companies selecting systems would place heavy reliance on whether or not their peer institutions used the same system, this factor, while still important to many of the respondents, trailed considerably behind the audit trail, user-friendliness, customisation and security features of the system. Ninety-three percent of the respondents indicate they took steps to customise the software they purchased, either working with the vendor (52%) or conducting their own analyses (41%) to determine which of the vendor-provided customised scenarios were appropriate for their institutions.

Despite all the time, money and effort the survey suggests institutions are putting into the design and maintenance of effective AML monitoring systems, almost one-third of the respondents have established no metrics for measuring the effectiveness of their AML monitoring systems and another third rely on regulator feedback and whether or not their staff can handle the number of alerts produced to tell them whether they are effective. Only slightly more than 25% of the respondents have developed objective standards - such as the correlation between alerts investigated and suspicious activity reports filed - to measure the efficiency and effectiveness of monitoring efforts. As the pressure grows on financial services companies to control their costs of compliance, we should expect to see greater focus - and greater demand by boards of directors and executive management - on the establishment of meaningful key performance measures to support the investment in technology.

- For more information on this survey, please contact the author at carol.beaumier@protiviti.com.