Every quarter we conduct a survey on important topics to anti-money laundering (AML) professionals. A recent survey covered the topic of the use of BSA/Transaction Monitoring software. Although having an automated transaction monitoring software is not required for financial institutions, having a technology—whether it be a manual process through spreadsheets, or something through an automated software—will strengthen an AML program. Transaction monitoring for the Bank Secrecy Act (BSA) takes up a financial institution’s time, money, resources, and staff. This article reviews AML-ology’s BSA Software Survey from 2020 and compares this year’s results to the first time we ran this survey in 2016. The purpose was to get a better understanding of the associated costs, software satisfaction, customization levels, and other facets of our participants BSA/transaction monitoring software, and if that has changed over time.
Although automated transaction monitoring software is not a regulatory requirement, the most common form of BSA/transaction monitoring is using a commercially available software or a proprietary third-party software. Smaller institutions are more likely to review their reports manually using Excel spreadsheets. This can be confirmed with the results from AML-ology’s 2020 and 2016 survey reporting the majority of participants utilizing a form of BSA/transaction monitoring software. For those financial institutions that do utilize a form of software, there are multiple types of software’s on the market for them to choose from. Some of the most common software systems used by our participants are FCRM, Verafin, Actimize, Yellow Hammer BSA, Patriot Officer, Abrigo, and Everi Compliance.
To get a better understanding about the types of BSA/transaction monitoring software that are available to financial institution’s, let’s define the two options available: hosted BSA/transaction monitoring software and licensed BSA/transaction monitoring software. A hosted environment, although a cost savings, has several limitations. With a hosted environment, the bank will have no access to a test environment—which contains a clone of production to test rule changes, false positive tuning, or conduct model validations. Although more expensive, a licensed environment comes with much less limitations as long as the financial institution’s AML vendor allows for additional test systems and backup systems. Licensed systems allow for additional customization including the constant changing AML compliance requirements, upgrades, and additional maintenance. The results from AML-ology’s 2020 survey reported that more than half the participants work with a hosted BSA/transaction monitoring system, while only 27% work with a licensed software. Similar to the 2016 survey participants, the majority work with a hosted system, but 45% of participants reported working with a licensed software. Comparing the results, we can see the popularity of working with hosted solutions increasing within the past four years.
All software allows for some customization, the question is often how much. In some cases, the user can make the adjustments, in others the software vendor has to make the changes. BSA/transaction monitoring software is the same. Most software allows some changes to be made, such as thresholds and parameters. It is also common for software to allow financial institutions to add rules and complex products. Another factor of BSA/transaction monitoring software to consider is whether they give the financial institution access to a test server that contains a complete replica of production. AML-ology’s 2020 survey found that it is nearly split evenly between financial institution’s having access to a test server or not. It is common for most BSA/transaction monitoring software to provide profiling to financial institutions, defined in our survey as comparing previous behavior to current behavior of customers. Having a BSA/transaction monitoring software that profile’s customers can also send alerts of abnormal activity to the financial institution.
For the BSA/transaction monitoring software that allow customizability, there are rules related to wires, structuring, and control functions that financial institutions can choose to utilize. Below is a list of the most common rules by our participants found in AML-ology’s 2020 Survey, utilized by financial institutions:
- Wires Rules
- High risk country
- Multiple originators sending to the same beneficiary
- OFAC hit circumvention
- Same beneficiary/same bank/different account
- Structuring, Dollar Amount, Profiling, Layering, Velocity, CTR Rules
- Large dollar amount
- Structuring – cash
- Structuring – all items
- Layering – velocity – multiple accounts
- CTR (Currency Transaction Report)
- Control Rules
- Early loan repayment
- Dormant to active
- Excessive loan repayment
Another feature of BSA/transaction monitoring software is having alert/case management. It is particularly useful to have a software that allows for annotation and notes for the record keeping purpose, presenting investigation information and other resources, and having the ability to attach evidence—i.e. screenshots—to the case. Most BSA/transaction monitoring software also has a dashboard. This dashboard allows financial institutions to select links within the dashboard in order to drill further into the data given.
The Federal Financial Institutions Examination Council (FFIEC) manual outlines multiple pre-implementation tasks that need to be completed when implementing a new BSA/transaction monitoring software. Remember having the software is not a regulatory requirement, but if you do have it, you are responsible for how it performs. These pre-implementation tasks may be performed by the financial institution or by a third-party vendor/consultant. Some of the most common tasks our participants said they do complete are the following (but there are some that many FIs tend to skip, which are not listed below):
- Business requirements documentation: software requirements to match their AML program
- Request for proposal: objective, documented evaluation of at least three software vendors prior to the selection based on business requirements
- Status reports: periodic updates that should track the project plan
- End-to-end system integration
- User acceptance testing (UAT)
- Unit testing on each interface
Since it is not required for financial institutions to utilize a BSA/transaction monitoring software, it’s important to evaluate the reasons given by financial institution’s on why they choose not to use an automated system. Looking at AML-ology’s 2020 survey, participants were evenly split between reporting they were “exempt from monitoring transactions” and having “a low volume of transactions”. Comparing these answers to the 2016 survey participants, the results differed some. The majority of 2016 participants reported they do not utilize a BSA/transaction monitoring software due to budgetary constraints. Similar to the 2020 survey, the remaining participants reported they were exempt from utilizing a software.
Considering that BSA/transaction monitoring can come with a rather large ticket, it’s essential to consider the annual cost that comes with a BSA/transaction monitoring software. The most common price range for a software, according to our 2020 survey respondents, ranges between $20,000 to $99,999 or between $100,000 to $199,999 annually. There were a few respondents that indicated their financial institute utilized a software and paid less than $20,000 annually.
AML-ology’s survey found that the majority of participants that currently utilize a BSA/transaction monitoring software felt somewhere between neutral and satisfied regarding their software. A very small percentage of participants rated feeling unsatisfied with their current software. Of those participants that were unsatisfied, they reported their current software was lacking functionality. Some also reported that their software no longer met the needs of their institution—examples given were the financial institution outgrew their current software, or they recently modified their current AML program. Other reasons for being unsatisfied given by participants were their current software lacked customizability with rules and/or they had issues with vendor relationships. All of the 2020 survey participants that reported they were unsatisfied indicated they were considering a new BSA/transaction monitoring
After a financial institution takes into the consideration the features of potential BSA/transaction monitoring systems, chooses the proper system for their needs, and completes pre-implementation tasks, it has become an industry best practice to conduct an independent AML Model Validation as a post-implementation task. In order to validate the system in an adequate amount of time, it is suggested to schedule a Model Validation three to six months after production. After spending the time, money, staff, and resources on implementing a BSA/transaction monitoring system, it is critical to make sure the system is working the way it is intended to.
In the last four years, we are able to conclude that it has remained consistent for the majority of our survey participants to utilize a BSA/transaction monitoring software. For those participants that do not utilize a software, we can conclude that the main reason is no longer due to budget, but instead because the financial institution is exempt from monitoring. It can also be concluded that it has become more popular for FI’s to not have access to a test server and work on a hosted environment. Finally, we can determine that it has become an industry best practice to conduct an independent AML model validation as a post-implementation task due to the large majority of participants who reported conducting one within a year after production.
