Money laundering and financial crime is as hot a topic as ever in banking right now. We’ve talked recently about “Banking license revoked—a wake-up call to a watertight AML compliance framework” and “Bangladesh Bank Heist: 5 crucial lessons for more effective compliance.” If you’re a bank (or a customer of a bank), then chances are 100% that financial crimes are happening on your dime.
I recently spent some time with an ACL customer, a large bank headquartered in Asia looking after total financial assets under management of several hundred billion. There are some excellent lessons to be learned from them about how banks are fighting crime with ACL technology.
This bank is using ACL technology to help them stop financial crime (money laundering in particular), manage risk around their financial models, maintain compliance with their regulators, and conduct operational audits of their bank branches (which are located across five East Asian nations). This really is “governance, risk management and compliance” (GRC) in the broadest sense and, like the strongest use cases of our products, spans several activities: audit management, compliance management, fraud & corruption management, and risk management.
Here are a few areas where ACL is being applied to great effect:
Anti-Money Laundering: Criminals like terrorists, drug dealers and embezzlers who acquire money through illegal means have to “launder” their money to conceal the source of where it came from. If a drug dealer just shows up at a bank with $10 million dollars and deposits it, but there is no record of where that money came from, the government will know something fishy is up. So, criminals have to fake where it came from, pushing it into the banking system a little at a time in sneaky patterns. Banks are required by law to try and detect these patterns and report them—not to mention, it’s just the right things to do. In fact, one large bank was fined almost $2 billion a couple of years ago and ended up with headlines like this.
This bank applies a variety of methods to detect those sneaky patterns, and an important part of that is analytics (sorry, would-be launderers, I can’t spill the secret sauce). The internal audit team uses ACL to gain assurance that the bank is doing a good job of AML, keeping the criminals cashless and the bank out of Forbes magazine headlines.
Model Risk Management: Banks rely on complex statistical financial models to help them understand how much risk they can take, for example, on loans, which are in turn used to guide who can get a mortgage and who can’t. Even most small banks use upwards of 100 of these complex models to run the bank. If one of these models screws up, the bank takes on too much risk and, at the extreme, can go under (think 2008 US banking crisis; the model risk management was BAD). This bank I met with is using ACL to check these models and gain assurance that no one is screwing up (think spreadsheet errors on super-steroids!) thus risking the performance or stability of the bank.
Regulatory Compliance: A central bank typically regulates the entire financial sector in any country. They create many regulations, like the one above requiring banks to identify and report money laundering, with which all banks in that country must comply. ACL technology creates the evidence necessary to show regulators that a bank is doing the required things (like testing for money laundering activities), which satisfies the regulators to let the bank continue operating in the country.
Operational Audits: At the end of the day, it’s also important that the day-to-day operations of a bank are efficient and are done in line with internal policies and procedures. To verify this at this bank, the Internal Audit team will every year select a sample of the bank’s branches to audit. ACL is used to compare and analyze information about the branches, which first helps them decide which branches to go audit, and second identifies what might be the red flags to investigate when they actually get onsite at that branch.
The Next Step: Building a Data Analytics Center of Excellence
Now, the reason I was onsite with this bank is because they are embarking on a project to really step up their game from the great things they have already accomplished with ACL. In all of the use cases above, they are today limited to a small group of people that are driving the value described. They realized, therefore, that if they put this power into the hands of 200 GRC professionals (instead of just 10 or 15 internal auditors), they will compound the effect, while also enhancing the sustainability, security and efficiency of the program—and the bank itself.
We are now working with them to help them build their vision of a cross-functional team that will serve as their centralized “Center of Excellence for Data Analytics.” This center of excellence will, first, use ACL Analytics Exchange to centralize and manage their data extracts and their Internal Audit data repository and analytics. And, second, they will then extend the ability to leverage that data and those analytics to everyone in the 200-person team through the ACL Add-in for Excel and the Results Manager module of ACL GRC.
- Establishing three core tiers of users:
1. The core HQ Center of Excellence “data scientists” who build the data repository as well as the real hardcore analytics.
2. Local data analytics champions in each of their four regional headquarters who will be able to build impactful analytics for the teams in that region against the central data repository.
3. Analytic consumers (the rest of the 200-person team).
- Getting everyone engaged in the power of analytics, which I personally think is enormously important.
- Developing the program to live alongside the bank’s first and second line of defense programs primarily built on SAS (most banks use SAS extensively). They want ACL to be the independent tool for oversight and assurance with respect to what those other teams do in SAS.
- Building a multi-year roadmap where they begin serious continuous auditing and continuous monitoring, as well as beginning to handoff analytics they’ve built to other departments to maintain and monitor.
This bank, and its forward-thinking leadership, is another incredible example of why I love being a part of ACL and the difference we can make: stopping criminals through cutting off their funds, helping a major bank avoid big screw-ups that could cost them enormous sums of money, and empowering people in GRC roles to be more sought-after than ever.
Published with permission from ACL Services