njbankers 2016 cfo conference bsa validation...bsa/aml system validation approach h • review of...
TRANSCRIPT
![Page 1: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/1.jpg)
NJBankers 2016 CFO Conference
BSA Validation How to Evaluate Your Need
David Lutz, CAMSSenior Manager, BSA/AML
P&G Associateswww.pandgassociates.com
![Page 2: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/2.jpg)
Agenda • Regulatory Environment & Trends• Model Risk Governance Framework• BSA/AML Model Risk • BSA/AML System Validation• Engaging a Third Party • Benefits of BSA/AML System Validation• Key Takeaways• Q&A
![Page 3: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/3.jpg)
![Page 4: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/4.jpg)
Regulatory Environment
• Growing knowledge and expectations of examiners; greater scrutiny of AML models when assessing the soundness of BSA/AML Programs
• Majority of financial institutions regardless of size are using AML system technology
• Technology is not a panacea• Banks can’t just “Set it and Forget it”
• Understand• Validate• Calibrate• Support Settings, Configurations and Usage
![Page 5: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/5.jpg)
Trends in Examinations
• Focus on design and implementation of transaction monitoring systems in alignment with BSA/AML risk
• Expectation of an independent assessment of an institution’s utility of BSA/AML system
• When reviewing the validation report, examiners will:• Evaluate scope of validation work performed• Review validation findings report• Evaluate Management’s response to findings report, including
remediation plans and timeframes• Assess the qualifications of the resources that performed the
validation
![Page 6: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/6.jpg)
Model
Validation
ControlsOversightPolicies & Procedures
Roles & Responsibilities
Model Inventories
Security Controls
Change Control
Data Integrity
Model Documentation
Process Verification
Developmental Evidence
Outcome Analysis
Model Risk Governance Framework
Board & Senior Management
Line of Business Management
Internal Audit
Model Validation Resources
Risk Assessment
![Page 7: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/7.jpg)
BSA/AML Model Risk
• AML model pitfalls• Inaccurate configurations at product installation (e.g. use of
default settings)• Inaccurate mapping of products/services to AML system • The model may be used incorrectly or inappropriately
• Potential adverse consequences• Missing suspicious activities• Financial losses/penalties due to violations• Poor business and strategic decision-making• Reputational damage
• Validation: How effectively is your model operating?
![Page 8: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/8.jpg)
Key Components of aBSA/AML System Validation n• Review of BSA/AML System Design and Coverage• Transaction Code Mapping Analysis• Transaction Coverage Validation• Currency Transaction Reporting• Alert and/or Rule Verification
![Page 9: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/9.jpg)
OFACPEP
314A
Anti-Money Laundering Monitoring
Anti-Fraud Monitoring
Customer Activity
(Transactions)
Core System Transactions
Funds Transfers Activities
ATM/POS Activities
Electronic Banking
Activities
Cash Transactions
Check Deposit
Key Data Mapped to AML System
Case ManagementALERTS
Cash Aggregation & Reporting
BSA Dept./Officer
Suspicious Activity
No Yes
Understanding BSA/AML Systems Workflow
![Page 10: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/10.jpg)
BSA/AML System Validation Approach h
• Review of BSA/AML system design and detection scenarios coverage
• Analyze system scenarios to determine appropriate coverage of products and services identified in the Bank’s BSA/AML Risk Assessment
• The review will also determine if compensating controls exist to ensure coverage outside of the Bank’s BSA/AML system
• Identify coverage gaps and issue recommendations for coverage
![Page 11: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/11.jpg)
BSA/AML Data Validation Approach
• Verify that all applicable core transactions are identified and properly mapped and coded from the Core system to the AML system
• Ensure scope of testing performed by the vendor is comprehensive and provides a sufficient volume and scope of data integrity testing (e.g., sampling a handful transactions isn’t sufficient)
• Verify that all applicable transactions are properly interfaced to the BSA/AML system
![Page 12: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/12.jpg)
BSA/AML System Calibration & Tuning___
• Calibration is expected on an ongoing basis by regulators and examiners
• Are detection scenarios properly configured?• Are thresholds set too high or too low?
• The volume of system alerts should not be tailored solely to meet existing staffing levels
• Are alerts providing meaningful results (e.g. high rate of false positives vs. lack of hits)
• Utilization of the AML system should be constantly re-evaluated based on changes in the Bank’s products/service, customers and direction of risk
![Page 13: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/13.jpg)
Regulatory Compliance Operational Burden/Cost
Finding the Right Balance for Your BSA/AML System
![Page 14: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/14.jpg)
• Benefits of an independent BSA/AML system validation• Internal – Regulators may question the independence of the
work if performed internally • External – Most validations are performed by third-party service
providers• Expertise of system validation staff
• External – Ensure the vendor has worked with the system before, acquire references in the proposal process
• Decision to engage a third party or to perform a validation internally must not be solely based on cost, rather it should be based on the Bank’s risks, volume of transactional data, products/services and customer base
Engaging a Third Party for BSA/AML System Validation n
![Page 15: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/15.jpg)
Benefits of BSA/AML System Validation
• Confirms accuracy and completeness of inputs, outputs and reporting
• Reduces the risk of system errors• Reduced remediation and lookbacks• Increased operational efficiency • Greater cost-effectiveness over time
![Page 16: NJBankers 2016 CFO Conference BSA Validation...BSA/AML System Validation Approach h • Review of BSA/AML system design and detection scenarios coverage • Analyze system scenarios](https://reader030.vdocuments.net/reader030/viewer/2022040619/5f2db2543845301a1d19cc4c/html5/thumbnails/16.jpg)
Key Takeaways_________________
• Prior to engaging a third-party service provider, ensure the scope of work correlates to the testing and verification of the AML system functions
• Ensure the scope of work includes sufficient data integrity testing
• Transaction Code Mapping Analysis• Data Integrity Testing• AML System Alert Verification Testing
• Vendor should support the assessment and testing performed with sufficient workpapers and documentation