njbankers 2016 cfo conference bsa validation...bsa/aml system validation approach h • review of...
TRANSCRIPT
NJBankers 2016 CFO Conference
BSA Validation How to Evaluate Your Need
David Lutz, CAMSSenior Manager, BSA/AML
P&G Associateswww.pandgassociates.com
Agenda • Regulatory Environment & Trends• Model Risk Governance Framework• BSA/AML Model Risk • BSA/AML System Validation• Engaging a Third Party • Benefits of BSA/AML System Validation• Key Takeaways• Q&A
Regulatory Environment
• Growing knowledge and expectations of examiners; greater scrutiny of AML models when assessing the soundness of BSA/AML Programs
• Majority of financial institutions regardless of size are using AML system technology
• Technology is not a panacea• Banks can’t just “Set it and Forget it”
• Understand• Validate• Calibrate• Support Settings, Configurations and Usage
Trends in Examinations
• Focus on design and implementation of transaction monitoring systems in alignment with BSA/AML risk
• Expectation of an independent assessment of an institution’s utility of BSA/AML system
• When reviewing the validation report, examiners will:• Evaluate scope of validation work performed• Review validation findings report• Evaluate Management’s response to findings report, including
remediation plans and timeframes• Assess the qualifications of the resources that performed the
validation
Model
Validation
ControlsOversightPolicies & Procedures
Roles & Responsibilities
Model Inventories
Security Controls
Change Control
Data Integrity
Model Documentation
Process Verification
Developmental Evidence
Outcome Analysis
Model Risk Governance Framework
Board & Senior Management
Line of Business Management
Internal Audit
Model Validation Resources
Risk Assessment
BSA/AML Model Risk
• AML model pitfalls• Inaccurate configurations at product installation (e.g. use of
default settings)• Inaccurate mapping of products/services to AML system • The model may be used incorrectly or inappropriately
• Potential adverse consequences• Missing suspicious activities• Financial losses/penalties due to violations• Poor business and strategic decision-making• Reputational damage
• Validation: How effectively is your model operating?
Key Components of aBSA/AML System Validation n• Review of BSA/AML System Design and Coverage• Transaction Code Mapping Analysis• Transaction Coverage Validation• Currency Transaction Reporting• Alert and/or Rule Verification
OFACPEP
314A
Anti-Money Laundering Monitoring
Anti-Fraud Monitoring
Customer Activity
(Transactions)
Core System Transactions
Funds Transfers Activities
ATM/POS Activities
Electronic Banking
Activities
Cash Transactions
Check Deposit
Key Data Mapped to AML System
Case ManagementALERTS
Cash Aggregation & Reporting
BSA Dept./Officer
Suspicious Activity
No Yes
Understanding BSA/AML Systems Workflow
BSA/AML System Validation Approach h
• Review of BSA/AML system design and detection scenarios coverage
• Analyze system scenarios to determine appropriate coverage of products and services identified in the Bank’s BSA/AML Risk Assessment
• The review will also determine if compensating controls exist to ensure coverage outside of the Bank’s BSA/AML system
• Identify coverage gaps and issue recommendations for coverage
BSA/AML Data Validation Approach
• Verify that all applicable core transactions are identified and properly mapped and coded from the Core system to the AML system
• Ensure scope of testing performed by the vendor is comprehensive and provides a sufficient volume and scope of data integrity testing (e.g., sampling a handful transactions isn’t sufficient)
• Verify that all applicable transactions are properly interfaced to the BSA/AML system
BSA/AML System Calibration & Tuning___
• Calibration is expected on an ongoing basis by regulators and examiners
• Are detection scenarios properly configured?• Are thresholds set too high or too low?
• The volume of system alerts should not be tailored solely to meet existing staffing levels
• Are alerts providing meaningful results (e.g. high rate of false positives vs. lack of hits)
• Utilization of the AML system should be constantly re-evaluated based on changes in the Bank’s products/service, customers and direction of risk
Regulatory Compliance Operational Burden/Cost
Finding the Right Balance for Your BSA/AML System
• Benefits of an independent BSA/AML system validation• Internal – Regulators may question the independence of the
work if performed internally • External – Most validations are performed by third-party service
providers• Expertise of system validation staff
• External – Ensure the vendor has worked with the system before, acquire references in the proposal process
• Decision to engage a third party or to perform a validation internally must not be solely based on cost, rather it should be based on the Bank’s risks, volume of transactional data, products/services and customer base
Engaging a Third Party for BSA/AML System Validation n
Benefits of BSA/AML System Validation
• Confirms accuracy and completeness of inputs, outputs and reporting
• Reduces the risk of system errors• Reduced remediation and lookbacks• Increased operational efficiency • Greater cost-effectiveness over time
Key Takeaways_________________
• Prior to engaging a third-party service provider, ensure the scope of work correlates to the testing and verification of the AML system functions
• Ensure the scope of work includes sufficient data integrity testing
• Transaction Code Mapping Analysis• Data Integrity Testing• AML System Alert Verification Testing
• Vendor should support the assessment and testing performed with sufficient workpapers and documentation