Financial institutions, such as banks or securities firms, have been under scrutiny for quite some time to identify potential threats, mitigate risks and maintain regulatory compliance.
Realizing that money laundering is also an issue of growing concern for other industries, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) last year announced new anti-money laundering (AML) compliance and reporting rules that went into effect in 2006. The rules mandate that certain insurance companies will soon be obliged to establish anti-money laundering programs and file required Suspicious Activity Reports (SARs) to improve transparency and cut down on financial crimes.
The primary question facing insurance institutions now is: Can this compliance program implementation happen at an acceptable pace? All insurance transactions after May 2 of this year have to be monitored for anti-money laundering detection, with the first round of audits likely to occur the following year. While not specifically required, many insurers will turn to technology for assistance–and the clock is ticking.
Many firms may be challenged with selecting, testing and implementing an effective AML monitoring system. To be successful, firms must be aware of the AML regulations, the costs of implementing and operating a solution, and the state of technology.
FinCEN’s anti-money laundering rules require insurance companies to develop written programs designed to prevent their products from being used in money laundering activities or for the financing of terrorist activities. These regulations represent the first time FinCEN has defined insurance companies as financial services providers or issued regulations regarding insurance companies. Permanent life insurance, annuity contracts and any other product with a cash value or investment feature are required to be under surveillance, while term life, group life and annuities, property-casualty, reinsurance, and health insurance are excluded.
A firm that chooses an automated monitoring solution may do so for a number of reasons, such as:
o Manual processes are labor-intensive and subject to error.
o Internal auditing is a critical component of an AML program.
o The firm’s AML policy should be applied consistently across different lines of business.
Compliance risk management software is designed to aid a firm with its regulatory compliance obligations. There are several methods to automate the job of compliance. The simplest, though not much of an improvement over manual methods, is to run exception reports against transactional data. The single largest problem with this approach is the timeliness of results from such a system. Reports that are run, for example, on a quarterly basis may only catch activity well after it has occurred. Reports run daily, on the other hand, will easily flood compliance personnel with exceptions.
Data-mining systems represent another time-tested method applied to AML monitoring. However, data mining is computationally intensive and does not scale well as data volumes increase.
Transaction monitoring analyzes every transaction to look for signs of money laundering. Powerful analytics compare each and every transaction against known “money laundering typologies,” usually represented as detection models or scenarios. Transactions that represent risk are deemed suspicious and trigger the creation of a compliance alert. Alerts typically are captured by a case management system for investigation by the compliance team. Sophisticated systems also incorporate risk-scoring mechanisms to ascertain the relative risk of each alert.
Not all AML solutions on the market are created equal. The following are some key issues to consider when choosing a solution that fits well with the firm.
Appropriateness–The FinCEN regulations provide common “red-flag” scenarios that warrant the filing of an SAR. (Banks have been required to file SARs for many years under the Bank Secrecy Act). The vendor’s fraud prevention and regulatory compliance solution must provide out-of-the-box analytic models and, at a minimum, have specific logic geared for these scenarios. For example, does the solution monitor policy-based changes, cash transactions and/or wires?
Flexibility–Insurance AML regulations are still in their relative infancy. Choosing a flexible and highly tunable system will help future-proof your investment in an AML system against potential changes in the regulatory climate.
Experience with complex systems–Insurance core systems are complex and often not representative of the most current technology. An AML system that can adapt to multiple data sources will simplify the task of monitoring all relevant transactions.
Test drive–Today, many vendors in the market can participate in a proof of concept, which allows firms to see how a vendor system operates within a controlled environment. A proof of concept can be a powerful way to see a system “in action” and give compliance personnel valuable hands-on time with the software.
Total cost of ownership–Does the AML solution require expensive servers? Are components such as Case Management built-in, or will you have to go to another vendor for required functionality? What are internal cost estimates for creating the required infrastructure?
Time to implement–A comprehensive AML program cannot be implemented overnight. Phased implementations, where portions of the system are brought online incrementally, instead of an all-or-none “waterfall” approach, may help you achieve results by targeted deadline dates.
By doing your homework and carefully selecting a solution that meets these requirements, you can eliminate many of the problems often faced when implementing new technology solutions and lower your AML compliance risk for years to come.