1 / 33

AML Software A Systems Approach

AML Software A Systems Approach. Kevin Whelan kwhelan@ustreasury.hu. Software Systems Approach. Looks not just at one component of system, but interrelation of all components Understands the interfaces between/among components

salena
Télécharger la présentation

AML Software A Systems Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AML SoftwareA Systems Approach Kevin Whelan kwhelan@ustreasury.hu

  2. Software Systems Approach • Looks not just at one component of system, but interrelation of all components • Understands the interfaces between/among components • Understands that each component can work, but the system can still fail. • AML is a system with multiple components • AML does not work well in most places • Software can help with each component and with interfaces • But only after the necessary context has been established

  3. What is AML? • Money Laundering is the process of disguising illicit origins of criminal proceeds. • Anti Money Laundering (AML) is a system that: • Attempts to prevent criminal access to financial institutions • Attempts to detect and prosecute use of financial institutions for the purpose of money laundering • Provides tools that allow instances of money laundering to be investigated and prosecuted • Successful AML has the following beneficial effects: • Reduced Crime and Corruption • Enhanced Soundness and Integrity of Financial System • Encourages investment (especially foreign) and economic development

  4. Role of Technology • What Technology Cannot Do: • Cannot substitute for training • Cannot create a compliance culture nor implement standards of integrity and ethical behavior • Cannot think (at least not very well), cannot think for you • Cannot replace the human element, especially when dealing with the human element • Usually cannot define a business process • What Technology Can Do: • Reduce Compliance Costs • Manage large amounts of information • Enhance sharing of information • Assist in the analysis process, but only if it is known • Can help to integrate the whole system!

  5. FIU Technologies • All about information! • The idea is to synthesize information • To take isolated pieces of information and move them from a parochial view to a global view • Use global view to perform analysis • Example • Person depositing $9,000 cash not suspicious • Person declaring $10,000 taxable income not suspicious • Person depositing $9,000 cash with $10,000 taxable income is suspicious! • Use information to proactively create a suspicion!!! (rather than merely confirming or refuting a suspicion) • Acquiring Information is not easy • Can become overwhelmed with low-value mandatory information • Other gov’t agencies reluctant to provide information • Technical issues • Cost Issues

  6. AML Organizational Components Generally Two Levels: • Primary Level • Commercial entities that comprise the financial system • Banks, Insurance firms, Stock Brokerages, Metals Dealers, leasing firms, etc. • This is by far the best level at which to detect money laundering. • KYC happens here. • Low levels views of activity happen here • Governmental Level • Regulators of Financial Institutions • Financial Intelligence Unit • Law Enforcement/Prosecutors

  7. AML Organizational Components

  8. Primary Level Technologies • Risk Management Software • Designed both for regulatory compliance and protection of reputation • In general, software highlights two types of transactions • Those transactions which match a known pattern of financial crime • Those transactions which don’t match the normal patterns for the individual or legal entity • Example: a customer places several deposits each just below a mandatory reporting threshold. • Example: a business account for a small flower shop suddenly has a large wire transfer in and out of the account. • Example: several unusually large cash deposits are placed in (in different accounts) close proximity in time

  9. Primary Level Technologies • Risk Management Software (cont). • Can automate reporting requirements • Can automate record keeping requirements • Rare that these technologies are used in developing economies • Expensive • Works in conjunction with existing automated transactions processing systems • Many banks are pocket banks, with small number of customers and transactions. • Still possible to do same things at low cost • Identification Software • Watch List Matching (e.g. OFAC matching SW)

  10. Government Level Technology • Regulatory Technology • Not well developed • Especially important in developing economies without reliable primary level institutions • Management of Firms subject to Regulation • basic database application • Compliance Detection • Audit Selection • Key to Efficient Allocation of Audit Resources • Industry based, Geographically based • Tools to compare expected vs. actual level of reporting • Instances where large gap between expected vs. actual levels are subject to greater compliance examination

  11. Government Level Technology • FIU Technologies • Different types of Financial Intelligence Units • Administrative • Basically serves as a repository for mandatory reporting data. Acquires and organizes data in a manner suitable for retrieval by law enforcement • Performs Macro-level analysis (e.g. trend analysis) • Investigative • Same functions as Administrative, but also adds value through in-depth analysis and pro-active case development. • Typically has access to additional data beyond mandatory reporting data. • Both need data, but Investigative needs much more

  12. FIU Technologies-Data Sharing Agreements • Need to define formats for interchange of data. The format constitutes a contract between the FIU and the provider. • Some formats are better than others! (e.g. XML format usually better than delimitated format) • Well-defined formats can reduce costs on both sides by automating transfers and (depending on the format) potentially eliminating errors • Need to define mechanism for interchange • Security is an issue, but need to be realistic! • Use workgroups • Recognize mutual interest

  13. FIU Technologies—Making Data Useful • Need to “clean” data • Need to “normalize” data • Cleaning essentially enhances the quality of data. “Keveen” becomes “Kevin” • Use of dictionaries (surnames, given names, streets, cities, etc.) • Correction of transposition errors • Normalizing is putting in the same format. • For example, an address can be represented as one field, or as several fields. The order of fields may vary. • “Joey” or “Joe” become Joseph (gets tricky!) • Without cleaned and normalized data we can’t match, without matching, we can’t do significant value-added analysis. High-tech analysis tools won’t help.

  14. FIU Technologies • Basic FIU Technologies (common for both types) • Data Acquisition • Security. Encryption. Public Key Infrastructure. • Document Management • Document Formatting Standards (e.g. XML) • Communication Technology (e.g. internet, dial-up, magnetic media) • Data Organization and Data Quality • Database • Extraction, Load, Transformation (ELT) • “Cleaning” technologies for normalizing data • Data Retrieval • Query tools • Web-based tools • Advanced FIU Technologies (for Investigative FIUs) • Generally requires non-reporting data from other sources • Other government ministries • Other governments • Private sources (e.g. credit data) • Allows data from different sources to be matched

  15. Basic FIU Technologies • Document Management • Often overlooked by FIUs. A Key tool for any financial investigation. • Low tech, easy to use, low cost • Much (even most) useful data comes in “unstructured” formats. • Databases do not do a good job of dealing with unstructured data • E.g. Can be in unsuitable formats such as spreadsheets or word processing documents • May come in a paper form • Difficult to design a database that effectively captures and organizes unstructured data

  16. Basic FIU Technologies • Document Management Systems • Stores documents in a file system rather than a database. • Identifies documents by associating “meta-data” with the document, e.g. data about the document itself • Allows paper documents to be scanned to create an image • Images can then be converted to text via Optical Character Recognition (OCR) process • Text can be indexed and searched • Useful for all types of investigations (including FIU, of course) • Alphabets can be a problem (e.g. Georgian, Thai) • Language is usually not a problem

  17. Advanced FIU Technologies • Data Matching • First need to Identify Entities based on their attributes • Sometimes Entities can be matched exactly based on unique identifiers • Sometimes Entities can be matched “fuzzily”, based on a probabilistic estimate (A and B are “probably “ the same.) • Identification is a key Technology • Data Matching Allows Us To: • Match against national, international, and FIU Watch Lists • Build a comprehensive picture of an entity's financial and legal relations based on transactional and reporting data. • Investigate possible money laundering activity • Pro-actively develop money laundering cases • For example, if a entity in a report can be matched with a tax record, and if the declared income is not consistent with the amounts on the report, suspicion is heightened

  18. Currency Transaction Report (CTR) Unambiguous (exact) Match Ambiguous (“Fuzzy”) Match Tax Records

  19. Advanced FIU Technologies • Link Analysis • The “holy grail” of financial analysis • Uncover deliberately obfuscated webs of financial transactions by following links among people, accounts, physical objects, legal entities, activities, etc. • Match linked patterns with stored patterns of money laundering • Still a manual activity, but great potential for application of technology. • Data acquisition, cleaning, normalization, identification, and matching are prerequisites that are almost never met. • Can ask questions such as: What is the link between entity A and entity B?

  20. Example: Link Searching Question: What is the link between Ivan Smith and Ace Flower Ltd.? Answer 1: Telephoned Ivan Smith Bob Jones Ace Flower Ltd. Received Wire Transfer From Answer 2: Share Address Ivan Smith Alex Piper. Eva Piper. Employed By Owns Owns Acme Tools. Ace Flower Ltd.

  21. Advanced FIU Technologies • Link Visualization • Very Popular among FIUs • Often misunderstood as Link Analysis tools • Useful for rapidly communicating essential aspects of a case to managers and decision makers, law enforcement, prosecutors, juries. • Useful tool for analysts to store information about a case • Not very useful for analysis per se • Not a panacea, or anything close to it • Fundamental technologies already described are far more important, albeit less colorful and dramatic

  22. Governmental Level Technologies • Law Enforcement/Prosecution • Can use same tools as FIU • Case Management Tools • Forensic and Hacker Tools

  23. Case Management Tools • Possible Features • Serve as Repository for Case Related Documents (e.g. depositions, investigators notes, other documents) • Sometimes linked with Evidence Management Systems • Can control access to case files • Search features • Can generate “alerts” when case files are updated or viewed • Can coordinate activities of multiple investigators • Can be integrated with a workflow process for case initiation, case promotion, case referral, case closure. • Can have management functions for scheduling activities and resources, identifying cold cases, etc.

  24. Forensic and Hacker Tools • Turning the suspect’s computer into a weapon against him! • Creating the web of companies and accounts and transactions necessary for advanced money laundering is a complicated undertaking • The unsophisticated money launderer will keep paper records, that are subject to search and seizure • The more sophisticated money launderer will store this information on their computer • The most sophisticated money will store the information in an encrypted form

  25. Forensic and Hacker Tools • Computers are subject to the same search and seizure as documents. • Suspect computers can make an investigator’s life easier • Single storage location for all financial information • Lists of contacts • Easily Searchable • Can be monitored remotely in some cases using the computer equivalent of a wiretap. • When Data is Encrypted Hacker Tools Can be Employed • Social Engineering. • Getting a suspect to voluntarily reveal information (e.g. password) • Tools installed on a suspect’s computer • Key loggers • Tools for breaking encryption • “Brute Force” rarely works on modern algorithms • Dictionary attacks are very effective since many passwords are common words • Sometimes users store passwords in unencrypted files. Indexes of words (see Document Management) on user’s computer can be used for a dictionary attack.

  26. Integration • Multiple Kinds • User Interface • Business Process • Data • For AML, first priority is integration at Data Level • Think of a common form for exchanging information among FIUs as data level integration • Next priority is integration at business process level • Think of having that form integrated with your analytic system, and translation system, and e-mail system as being integration at the level of the business process

  27. Software SourcesCOTS, Freeware, or Custom? • Some Problems • No Comprehensive Commercial FIU Solution • Most products address only part of the problem • Need integration • E.g. OFAC List matching products, or data cleaning products for US-based addresses only • Borrowed software not “productized” • No support guaranteed • Documentation not always available • Not intended to be used in multiple environments • Shoehorning can be as expensive as building from scratch. • In general, unless something was designed to be shared, it won’t be easily sharable • Definitely no silver bullet! • Custom SW • Good news is that labor is cheap In many places where we work! • What is easily Reusable? • Processes • Requirements • Designs

  28. What Can You Do? • Develop a plan! • Begin at the beginning • Resist temptation to buy a product, no matter which expert recommended it! • Focus on free things first • Document Processes • Document Interfaces • Form workgroups with reporting subjects and data suppliers • Then focus on things that are necessary, but not glamorous • Collecting data • Cleaning it • Organizing it • Document Management • Writing matching algorithms that work for your jurisdiction • Then start thinking of basic manual analysis tools • Data retrieval tools • Data manipulation tools • Then start thinking about automated tools • Risk based selection • Watch list matching • Workflow • And don’t forget about security!

More Related