Choosing an AML solution can be a complex and nerve-wracking process as the decision you make will impact your business for years to come. It’s a choice you need to get right first time.
With so many vendors in the market, it can be difficult to know where to begin when evaluating the strengths and weaknesses of each solution. This article will walk you through the process from start to finish to help ensure your investment generates long-term value and helps you meet your regulatory obligations.
Here are nine things to consider when selecting your AML provider:
Before you start looking at potential solutions, you should first consider the context in which your business currently operates and its future growth aspirations. Doing business across multiple regulatory jurisdictions adds complexity to your compliance operations, so you will need a solution that can handle global regulatory requirements and can scale quickly with your business. If you are planning on entering new markets or offering new products, your AML solution will need to support these objectives.
Other aspects to consider are regulatory expectation, the risks associated with the nature of your products and services, and the money laundering potential your offerings bring to your business. Working with an AML provider that can incorporate these factors and offer risk models that dynamically calculate ratings at a granular level based on your risk appetite can have a big impact on the effectiveness of your AML program.
Putting the pieces of this puzzle together – multi-jurisdictional regulatory requirements, growth plans, and your risk tolerance – will help you identify the kind of solution you need.
Moving towards an integrated AML solution that meets all your needs should take a step-by-step approach. Start with identifying the most critical capabilities that you need to support business continuity.
Listing your priorities by order of importance is a beneficial exercise and will pinpoint the features to look for in potential solutions. For example, do you want to integrate your screening results into a risk assessment, or is ID validation or UBO identification a key priority?
Having a business-use-case vs. solution-centric approach will help you choose the right solution faster. Satisfying the business requirements will allow you to clearly articulate your needs. For instance, if you are looking to set up AML checks for onboarding, you’ll need a combination of ID validation, AML screening, integration with your existing CRM, real-time response, and access to AML data as applicable to the jurisdiction. Focusing too heavily on having as many solution features as possible can lead to unnecessary delays in decision making and can result in a solution that is more complex and costly than it needs to be.
Choosing a solution is a balancing act between “must-have” and “good to have” features. For example, the ability to configure by source systems may be essential, whereas having integrated AML-KYC modules may be less so. Your selection should be driven by a business process approach, not by which features and functions the vendor offers.
Regulators provide clear guidance on incorporating proper data governance, data lineage, and data controls into your AML program. Making sure that all relevant data is fit for purpose, accurate, and flowing efficiently through your AML solution is a core expectation. One example of data that is fit for compliance screening purposes is being able to screen each name on a record individually. If you have multiple names in the same field or names hidden in address lines, it could result in a high number of false negatives. This would present serious hidden risk in your system and could subject your business to high levels of unnecessary risk.
More and more, data quality is having a direct impact on penalty assessments handed out to companies by regulators in the US, UK, and Europe. Previously, the mindset was that data quality is an IT issue and is therefore not within the scope of compliance departments. But this is no longer the case. The evolving regulatory landscape means it is now the role of compliance teams to ensure their data is fit –for purpose.
In this new regulatory paradigm, to say data quality should be a priority is an understatement. Be sure to check with your AML vendor for their view on data quality and how they can help you meet regulatory expectations related to data accuracy and control. Internally, before you start looking at solutions, building out a data governance framework will go a long way in making your AML program robust.
Now you can start considering how potential solutions will actually work in practice. Depending on their business requirements, organizations rely on two main processing technologies for integrating the solutions into existing systems and workflow: APIs and batch.
All business processes that need real-time decisioning require an API integration. For example, fintech companies that need to onboard customers and provision services in seconds need robust API integrations that are highly scalable in order to prevent disruptions. The other benefit of API-based integration is seamless workflow. This option requires coding, but some vendors do offer pre-built connectors to the popular CRMs and other core applications. Speak to your vendor to find out how they would meet the needs of your business.
Batch, on the other hand, is useful to update and monitor large volumes of customer data for changes in risk profiles at a scheduled frequency. Stronger processing power means millions of records can be checked for AML risk in a timely manner. The most important benefit of batch processing is that it eliminates the need for user interaction while continuously monitoring customer risk, even with the most granular configuration, based on your risk appetite.
You should check with your vendor to see if both options provide the same performance and capabilities. Based on your business use case and workflow requirements, you may need a hybrid of both options. For example, in payment screening, where quick results are necessary, API-based processing is more suitable, while ongoing monitoring is better achieved with batch implementations.
Choosing between a hosted or on-premise delivery model can have data privacy implications. Your IT team will likely have a preferred delivery option to support your company security and data privacy policies. Some vendors will provide multiple delivery options – but some will be limited to a single method.
With on-premise implementation, you will have to schedule updates and maintenance with your solution provider, whereas with a hosted solution updates are received automatically. With a hosted solution you will need to make sure that you are compliant with all relevant data privacy regulations – especially if dealing with sensitive customer data.
AML solution providers should be able to work with you to develop a flexible deployment strategy that fits your scalability, cost, security, data privacy, and regulatory requirements.
Risk and regulations never sit still. From the evolving sophistication of fraudulent techniques to emerging technologies and business expansion into new markets, your risk level is constantly changing. Part of the value of any investment in technology is what it enables you to do over the long term and selecting an AML provider is no different. Any solution you consider should be able to adapt and scale with you as well as add new functions as needed for your continued growth.
Implementing a new provider or migrating from an existing one is a big undertaking from a cost and resource perspective and carries the potential of introducing additional risk into your organization. When selecting an AML vendor, you want to be sure they continually invest in their products to develop new functionalities and products that evolve with changing regulations and financial crime techniques. Asking to see their product roadmap is a good way to understand their vision and commitment to their customers’ success. You may also want to ask if they have their own research and development (R&D) function, their position on disruptive technologies, and how they plan to future-proof your implementation. Once you and your new provider are partners, you want to make sure that you won’t have to changing vendors as your needs change.
Your solution provider should be your partner in establishing a strong culture of compliance and deciding how your AML framework should remain up to date with evolving regulatory requirements. They should be able to support your policies, procedures, and controls with clear and documented evidence of their ability to detect AML risks in your business.
Apart from ongoing training to employees on how to use the solution, vendors should also provide reporting and documentation with a complete audit trail for achieving full compliance. It’s not enough to know that your solution is performing at a level that exceeds your regulatory requirements – you also need to be able to demonstrate this to the regulators.
Talk to your vendor about what types of supporting documentation they can provide so that you can establish a strong culture of compliance within your organization.
Your matching technology provides the underlying framework of your AML solution. It compares customer records with AML databases to identify true hits. Different vendors will have variations in the way their matching technologies perform this vital task, with significant differences in their effectiveness, transparency, and coverage.
With that in mind, there is a shift in the industry away from black-box matching algorithms. Regulators require you to not only understand how your matching technology works, but also to demonstrate its efficiency in tackling financial crime for their business.
That efficiency is not only a result of the specific matching technology you choose, but also how configurable it is. To better identify risk, you need to adjust the configuration based on your customer risk profile, record type (individual or entity), and risk database. This will help you identify all true hits without also creating a surge in false positives.
The final thing to consider is whether your potential solution will drive productivity. One of the main reasons for investing in AML solutions is to decrease the workload of teams while also boosting accuracy and reducing costs.
Team productivity is linked to two things: the number of cases they have to review (the more false positives, the more cases), and the time it takes to review a case. Time to review can be improved through advanced user interfaces (UI) that let teams review, escalate, and remediate a case with one click, and transparency that makes it easy to understand why two records matched.
Be on the lookout for features that address productivity. For instance, ask your vendor how their solution addresses duplicate customer records and reduces review times. Ask whether the solution offers innovative approaches such as addressing data quality to bring down the alert volume, or if it provides standard features such as safe listing to eliminate the need to review previously cleared records.
Take the time to make the right decision
This article outlines the many critical factors you need to consider when choosing your AML solution. Your decision will have long-term effects on the efficiency of your compliance activities as well as the ability of your business to grow and take on new opportunities.
Most importantly, your new solution’s ability to detect risk, establish controls, and meet regulatory expectations will have a huge impact on business success. With so much at stake, it is worth taking your time and asking the right questions. And if you need any more insight or assistance, we are on hand to help.