|BSA software's cost versus promise (December 2010)|
Finding bad eggs, at the right price
Balancing BSA software’s costs and promises
Up until recently, Morrill and Janes Bank and Trust found a “manual” approach to Bank Secrecy Act/anti-money laundering monitoring satisfactory for keeping tabs on customer activity. Even when the $580.6 million-assets bank, based in Merriam, Kan., began offering online accounts, Chris Spellman, compliance officer and senior vice-president, believed that, with an extended period of special attention, the existing approach could continue to work.
At the outset, Compliance’s standards were quite strict: “If they missed one [factor],” said Spellman, “we weren’t going to open the account.” Adjustments were made over time.
But then, aggressive rate setting for the bank’s interest-checking product sent its account to the top of that category on Bankrate.com (in late November, it was still at #2). Online enrollments shot up.
“The volume kind of killed us,” says Spellman. “It was either throw people at it or throw technology at it.” Reducing the rate could have chopped volume, but management was pursuing a strategy and so the bank had a gap that needed filling.
When “manual” isn’t
Spellman spoke of this predicament as part of a panel on efficient use of BSA/AML technology in community banks at the ABA/American Bar Association Money Laundering Enforcement Conference held this fall.
There are many automated monitoring solutions, some designed chiefly for larger institutions, and some adaptable to banks of multiple sizes. Some are freestanding, others are available from core vendors. But the decision to spend on a vendor solution hinges on multiple factors, one being, what is meant by “manual”? For some, the term conjures images of nearsighted clerks with green-eyeshades poring over stacks of transaction slips. That’s not quite accurate, insofar as the speakers’ banks are concerned.
None of the three banks represented on the panel had bought an automated surveillance system, but they were well beyond eyeshades.
“When you are talking to examiners and you say you are ‘manual,’ that scares them. They don’t like it,” said co-panelist Elizabeth Snyder, senior vice-president and compliance officer at Leaders Bank, $636.6 million-assets, Oak Brook, Ill.
Therefore, Snyder emphasized that bankers ought to watch their terminology when talking to examiners. They may be condemning their efforts unnecessarily.
“While we don’t have an automated, integrated surveillance system,” Snyder said of her own bank, “we have all the components, which are automated reports. And every one of the core alerts you need for surveillance, we have.”
“I would love to get the technology,” said Snyder wistfully, “but I just don’t have the budget.”
Like Snyder’s bank, Spellman’s similarly used a combination of core reports and human evaluation. On the other hand, the third institution, $5.2 billion-assets Johnson Bank, Racine, Wis., chose to develop a home-grown automated approach.
John Topczewski, the bank’s senior vice-president and chief compliance officer, also advised listeners to avoid the word “manual.” Instead of flashing examiners such a red cape, he advocated simply telling them what the bank is doing for monitoring.
At his bank, Topczewski explained, a team determined what needed to be done to meet the challenge of monitoring. After reviewing vendor systems, the bank decided to develop a “rules set” that would look for factors indicating potential BSA concerns. This was then used to set up monitoring through a marketing database program that the bank already had from its core vendor. The bank expected a two-to-four year lifecycle, but found this approach had a longer viability. Much money was saved.
As noted earlier, “manual” had worked well at Morrill and Janes Bank, until online boomed and other remote banking took off. Spellman explained that the bank has a dual personality—in rural markets its staff literally knows every customer and can spot things through such knowledge. On the other hand, in its metropolitan branches, an increasing amount of business occurs through remote means, including remote deposit capture and ACH.
As remote banking increased in significance, Spellman said staff recognized something more would be needed. A case was made to the board, and, when the exam team came, regulators agreed.
“They said, ‘We strongly recommend that you purchase an automated surveillance system’,” said Spellman. “They actually put it in writing. That doesn’t [usually] happen. I thought, ‘Cool, I’ve got a budget’.” At the time of the conference the bank was evaluating its options.
Defending home-grown approach
Speakers stressed that every key decision about a BSA/AML program grows out of the individual bank’s formal risk assessment.
Johnson Bank’s Topczewski said that his institution reevaluates its approach annually based on risk. He characterized Johnson Bank as a “quick follower” that serves fewer money services businesses “than I can count on one hand,” but noted that because of its business affiliations (it shares family ownership with Johnson Wax) it has an active international department.
As a result, Topczewski and regulators have debated whether the bank has a high-risk profile. Most recently, he said, examiners told him it did, because the bank is situated in the corridor between Chicago and Milwaukee—known for a flow of drug traffic—and has a branch in Phoenix, Ariz., as well.
Nonetheless, the bank’s reevaluations find that its in-house adaptation of the marketing software does the job.
“In the end, you have to say, ‘Mr. or Ms. Examiner, show me what I’m missing’,” said Topczewski. “That assessment leads to success in having a ‘manual’ system.”
Topczewski stressed the need for a serious reexamination of any approach. Has the bank made major shifts in business methods, channels, product lines, or geography? Has BSA/AML technology come up in past exam reports? Are the bank’s strategy and tools proactive, keeping up with current and anticipated threats? The banker explained that Johnson Bank’s rule set remains fluid. Some early rules have been cut, and new ones added.
“But the underlying tools are adequate to deal with the risk that’s presented,” added Topczewski. He also pointed out that technology decisions need to be bolstered by realization that “compliance is risk management. It’s not meant to be perfection.”
Obligations that come in the box
Let’s say, however, that a bank decides to buy a vendor’s automated surveillance package. This becomes a cause with its own effects.
“One of the things that’s most interesting to me about going to a third party is the overwhelming amount of hits you’ll get and the tweaking that you have to do as a result,” said Elizabeth Snyder. In adopting such a system, Snyder predicted, her staffing needs would rise, in order to cope with false alarms, and other noise.
And there are risks on the other extreme, as well, she said. Over-tweaking, for instance, may inadvertently squelch alerts that the bank would want to see. And there will be consequences if regulators detect such misses.
Most bankers use Microsoft Word, and likely share Elizabeth Snyder’s observation that she uses a small fraction of that software’s capabilities. That’s a concern to her should she find herself in the market for a third-party solution. Will she likewise buy much more, by default, than her bank needs or will use?
Indeed, Chris Spellman said he’s come to the ABA money laundering and compliance conferences for years, and always makes a point of checking out vendor BSA/AML offerings and obtaining demos. Some vendors make it clear their products are way beyond his bank.
“But if they at least will say ‘hi!’ to you, you know you are in the right ballpark,” Spellman said. He said the bank narrowed its choices to three vendors and sent each a request for proposal.
While price naturally plays a part in the decision, Spellman and other speakers warned against basing the whole decision on that.
Surveillance systems must be wedded to the bank’s existing systems, and many opportunities exist for bad feeds across programs.
“Parts of it may be speaking French and parts of it may be speaking Greek,” warned panel moderator and veteran banking attorney Elliot Berman, now senior vice-president and general counsel at Johnson Financial Group, Johnson Bank’s parent.
Familiarity with the bank’s present systems and capabilities, and experience with banks of similar size and type, should count for something, speakers said.
Staffing expense cannot be divorced from the decision, either. “Technology generates output,” said Berman. “That output generates a separate expense—higher FTE—for managing that output.”
He noted that a $30 billion-assets bank client from his law-firm days adopted automated surveillance software and wound up increasing a small staff to a department of nearly 20 employees, most of them analysts for evaluating the data output.
“Once you’ve got the output,” Berman said, “you’ve got to do something with it.” •
Many sessions of the 2010 ABA Money Laundering Enforcement Conference are available for purchase online in multiple formats, including streaming video synched with session PowerPoints. See http://tinyurl.com/abaabamlc
The electronic version of this article available at: http://www.nxtbook.com/nxtbooks/sb/ababj1210/index.php?startid=44
| TechTopics Plus