40 JULY / AUGUST 2022 Customize Your Model Validation For greater accuracy DIRECTORS / SENIOR MANAGEMENT The 2020 Anti-Money Laundering Act requires FinCen to encourage the innovation of technology and evaluate its effectiveness in identifying and reporting money laundering and terrorist financing. Today’s technology primarily consists of rules- or behavioral-based models. Rules-based models have set thresholds and generate alerts if transactions(s) exceed them. Such models allow institutions to define specific activity patterns that they consider suspicious based on their analysis of industry trends and their prior experience in identifying suspicious activity. The drawback of rules-based models is that they can generate a large volume of false positives because they apply the same thresholds to all customers. There is a better approach to model validation that results in greater accuracy, ensures that suspicious activity gets caught and minimizes examiners’ concerns. Following are several smart strategies. Choose thresholds based on risk profile, customer characteristics. Models that allow customization may establish different thresholds for consumer and commercial accounts or business types. Some models can provide greater refinement to generate better results, but require human intervention and analysis to ensure that thresholds are reasonable relative to an institution’s size, complexity and risk profile. Behavioral-based models compare actual to anticipated activity and current to previous activity, generating alerts when activity exceeds a percentage or deviation from what is considered “normal” for a given customer. In addition, these models allow for more specific customization for each customer. Know your customers. To be effective, institutions must have strong customer due diligence processes to collect anticipated activity volumes at account opening to ensure that deviations from the norm can be accurately identified. Regulators expect institutions to evaluate the types of products, services and customers that the model is to monitor and ensure that data is accurately mapped into the system so that parameters generate accurate results. Regulators also expect banks to validate the model’s performance periodically through independent validation. Avoid manufacturers’ plug-’n-play settings, and challenge assumptions. When establishing a model, many third-party vendors assist in developing the model’s initial parameters. It is common for institutions to use the model’s default settings, resulting in no outcomes analysis to evaluate the effectiveness of parameters. Most third-party model validations have the same essential components: % Evaluate the institution’s policies, procedures and processes for model governance – - Review model risk assessment. - Review model policy. - Review user access. - Review change management. - Review vendor management, backups and business contingency. % Review data integrity – - Review transaction code mapping. - Sample transactions for accuracy. % Review parameter output – - Verify alerts are generated consistent with their programming. - Review inactive alerts to determine if there are transaction types for which the model does not monitor. This basic type of validation leaves the most critical part of the analysis incomplete. Although it includes a review to validate that results are consistent with their programming, it does not assess whether the parameters are reasonably designed. Thus, this strategy Brian Crow Managing Partner and Co-President TCA Compliance b_crow@tcaregs.com TCA Compliance is an associate member of the Indiana Bankers Association.
RkJQdWJsaXNoZXIy MTg3NDExNQ==