By: Edward Pugh, CAMS, CAMS-Audit, AAP, CFE, Consultant
For many financial institutions, the concept of a BSA/AML Model Validation is new. In the past, model validations were in the domain of larger financial institutions, typically with $1 Billion or more in assets. In general, model validations are a component of model risk management (MRM), and the guidance for MRM doesn’t easily conform to AML models, particularly models purchased from vendors. To rectify this, the regulatory agencies released an Interagency Statement of Model Risk management for Bank Systems Supporting Bank Secrecy Act/Anti-Money Laundering Compliance in April 2021. We have found that subsequent to the release of this guidance, examiners are frequently requesting that model validations be completed for financial institutions of all sizes.
The purpose of Anti-Money Laundering (AML) model validation is to evaluate the effectiveness and accuracy of an AML model in identifying potentially suspicious transactions and preventing money laundering and terrorist financing activities.
A model validation consists primarily of three components:
- Conceptual Soundness – This entails (among other considerations) the review of documentation and empirical evidence used and variables selected for the model. Much of this information is found in the implementation documentation.
- Ongoing Monitoring – This component confirms that the model is appropriately implemented and is performing as intended. Additionally, the processes and procedures for changes to the model are evaluated. For example, when an agent is added or thresholds are changed, what is the process leading up to the change?
- System/Outcome Analysis – This verifies that the alerts generated are indeed valid. On the flip side, is the model missing transactions due to parameter settings or data issues?
As more financial institutions are having model validations performed, we have found some common findings, both in validation reports and examination reports. Below are some of the most common findings. Reviewing these findings may help a financial institution prepare for its first validation. These include:
- Data Quality Issues – Appropriate data is not flowing to the model. This often includes monetary instrument information, wire information, ATM activity, and NAICS codes. A particular concern is 314(a) lists – data from closed accounts and non-customer transactions (such as monetary instrument purchases) is not included in the searches.
- Inadequate Model Governance – This includes lack of model documentation, lack of proper oversight and controls, and lack of model testing.
- Lack of Documentation of Filtering Thresholds – This includes documentation as to why thresholds were selected, as well as why/how any subsequent changes were made.
- Missing or Incomplete Mapping Documentation – Mapping documentation demonstrates how inputs from various systems flow into the AML Model. This information is usually included in the implementation documentation, though issues often arise when new products and services are introduced.
- No Reconciliation Procedure – Institutions should periodically reconcile the data between the system feeding the data into the model and the model. This ensures that transactions are appropriately monitored.
While this list is not exhaustive, it does shed some light as to what auditors and examiners are looking for when it comes to model performance. Addressing these issues prior to a model validation or examination can help the process go more smoothly.
BSA/AML model validations are essential for both financial institutions and regulatory bodies to ensure that AML models are working as intended and regulatory requirements are being met. Young & Associates performs customized BSA/AML Validations and Reviews and collaborates with many of the AML software providers throughout the validation and review to provide a seamless process for our clients. If you would like more information on this article, or on how we can assist your organization, please contact me at firstname.lastname@example.org or 330.422.3475.