This document proposes an anti-money laundering (AML) framework with the following components:
1. The current AML capability has inconsistencies and gaps that need to be addressed to improve risk management, compliance, and effectiveness.
2. The target state aims to establish consistent AML processes, full business engagement, defined risk categorization, ongoing enhancement, and complex scenario coverage.
3. An investigative methodology is outlined involving determining needs, collecting data, examining results, and agreeing on action plans to address triggers like suspicious activity cases.
2. The AML Business Context
AML Framework
Policy
Driver
Procedures Controls Audit
Customers
Impact
Employees RegulatorMarket
Unlawful
Payments
Event
Fraudulent
Transactions
Cross Border
Reg. Breech
Tax
Evasion
Conduct &
Market Abuse
Screening
Capability
Transaction
Monitoring
Payment
Filtering
On
Boarding
Remediation
Analytics & Intelligence
Result
Risk Management
Operational / Regulatory / Data / Security / Reputation
3. AML Capability Model
AML Framework
Governance Ownership Responsibility Communication
Risk
Organisation
Risk Based Approach
Client On Boarding Transaction Monitoring On Going Management
Client
Risk Profiling
Client Screening
Client
Due Diligence
Client Acceptance
Identify & Track
Suspicious Transactions
On Going Client Due
Diligence
Investigation of Alerts Product Due Diligence
Monitoring Versus
Expected Activity
On Going Screening
Enhanced Due Diligence
Training Succession PlanningInformation Resource
Skills &
Knowledge
MLRO
Report
Suspicious Activity &
Alert Management
Compliance
Reporting
Management
Information
Case
Management
Payment Filtering Behaviour Profiling
Continuous
Innovation
Client Profiling
Methods
Monitoring &
Detection
Methods
Operational Risk
Review Methods
Best Practice
Methods
Life Cycle Client
Experience
Analytics
Methods
4. AML Direction & Target State
AML Framework
Risk
Organisation
Risk Based
Approach
Client On
Boarding
Transaction
Monitoring
On Going
Management
Skills &
Knowledge
Management
Information
Continuous
Innovation
Capability Current State Target State
Insufficient business oversight of AML risk and
inadequate engagement with AML stakeholders
Effective and consistent AML processes and
automated workflow driven by risk category
Defined applicable scenarios, complete coverage,
analytics measured with expected behaviour
In-depth, consistent, periodic and involved
reviews with formal governance & technology
On-going appropriate training, and customised
tools and specialist support made available
Applied rule based, data driven fit-for-purpose
information on a timely basis
Inconsistent AML processes, and manual
workflow
Inconsistent review process, limited reviews,
insufficient front office input
Basic AML training, inadequate awareness, no
specialist support or advanced tools available
Inefficient MLRO reporting, management
information not fit-for-purpose
No programme of continuous innovation or
enhancement
Limited coverage, inconsistent application and
ambiguous direction
Full business engagement and accountability of
AML risk including formal AML governance
Consistent application, defined direction,
structure and categorisation
On-going enhancement of AML practice,
adoption of best practice principle
Complex scenarios, inadequate coverage &
segmentation, ad-hoc alert management
5. AML Investigative Methodology
AML Framework
Determine
Need
Investigative
Analytics
Collect
Data
Investigative
Process
Assessment
Action
Plan
Examine and
evaluate data
for reliability,
completeness,
validity and
relevance;
integrate data
for analysis;
determine
additional
required
research;
assess events
and impact
Examine
investigative
results; utilize
analytics to
determine
completeness
and currency
to proceed
with
investigation
including
modification
of process as
required
Define data to be
collected and
methods; case
reviews,
investigation of
suspicious
activity; audit
reports and
external
regulatory
reviews including
adverse media;
results of periodic
and ad-hoc
investigations
Ascertain need
and determine
investigative
priorities at all
applicable
levels
including
involvement
of required
personnel;
define scope
and obtain
acceptance
Discuss results
with
stakeholders;
evaluate
driving factors;
review alerts
and suspicious
activity
triggers; agree
investigation
results; table
evolving trends
and patterns of
activity &
investigations
Confirm
actionable
items;
affix
responsibility
and timeline
to implement
actions;
redefine
requirements
of
stakeholders;
agree review
plan
TRIGGERS
Business Risk
Assessment
EDD
Referrals
Audits /
QA
Regulation / Law
Enforcement
Suspicious
Activity Cases
Adverse
Media
6. Integrated Target Architecture
AML Framework
โข KPI
โข Summarised Reports
โข Detailed Drill Down Reports
โข Case Management
โข Breech and Open Issues
โข User Customised View
๏ผ Board
๏ผ Group / Division / BU
๏ผ Regulator
โข Query Handling
โข Alerts
โข Handbook / Training
โข Risk Based Profiling
๏ผ Customer
๏ผ Transaction
๏ผ Business Unit
Dashboard & Presentation Layer
Generates
โข Predictive / Pre Event Analysis
โข Post Event Analysis
โข Behaviour Profiling
โข Detection Methodology
โข Materiality Based Mining
โข Payment Filtering
โข On-Boarding / On-Going Matching
ForensicTool
Analytics & Intelligence Mining
โข Target KPI
โข Specific Reports
โข Exception
Reporting
โข Remediation
โข Cases / Issues
Business Services
Operations
Risk
Compliance
Regulator
โข Report
Reconciliation
Engine
โข Integrated Report
Structure
โข Slice & Dice
Capability
Report Generation Engine
Data Screening Tool
Business Rules
Data Rules
โข Finance & Compliance Reconciled Common data for all Regulator AND Management Reporting
โข Data Management Structure โ Sourcing Peculiarities / Reconciliation Procedure
โข Data Gaps / Sources / Cleansing / De-duplication / Profiling โ Data Set Management Tools
โข KYC and Event Data
Data Layer