Share the article
Subscribe for updates
Sardine needs the contact information you provide to us to contact you about our products and services.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

10x BSA/AML Compliance Effectiveness: Impact Without Headcount

10x BSA/AML Compliance effectiveness without 10x the headcount

The critical requirement for any Bank Secrecy Act (BSA) / Anti-Money Laundering (BSA/AML) program is to prove to examiners that program controls are effective. One mechanism for this is effectiveness testing to evaluate adherence, gaps and any insights for improvement. Many banks and financial institutions have second-line support teams and face increasing scrutiny from regulators on their BSA/AML effectiveness.

At Sardine, we built our financial compliance platform to provide the data compliance officers need to backtest against sanctions hits, chargeback data, and known bad identities. Our machine learning models also run 24/7 real-time transaction monitoring to catch bad actors and transactors and prevent transactions from becoming a case or a Suspicious Activity Report (SAR).

Compliance Effectiveness Testing Goals

The primary objectives of an Effectiveness Testing solution are:

  • Evaluate and measure a Fintech’s adherence to regulatory guidelines
  • Identify gaps and areas of non-compliance
  • Provide actionable insights and recommendations for improvement
  • Facilitate continuous monitoring and reporting on compliance metrics

Banking organizations play a crucial role in developing and maintaining effective AML programs to address money laundering and terrorist financing.

Key approaches to BSA AML compliance includes:

  1. Confirm that the rules/controls you have in place to satisfy regulatory requirements are working.
  2. Random sampling with manual reviews. For example, a compliance analyst may review 100 random users monthly to confirm key verification processes, such as sanctions, KYC verification, etc., were run successfully.
  3. Another process entails taking known sanctions hits/bad identities and running them through a system to ensure the outcomes are expected.

A strong effectiveness program confirms that the rules/controls you have in place to satisfy regulatory requirements are working.

BSA/AML Compliance Effectiveness Testing challenges

Often, compliance officers lack the tools, capacity, or access to engineering to run the techniques required to test their BSA/AML program’s effectiveness at the level they would like to. This makes it challenging to combat money laundering effectively.

  1. Today, validation is often manual and driven by spreadsheets and is prone to human error. Spreadsheets with raw payment file output are often ineffective at testing machine-learned models.
  2. Validate machine-learned models requires data science skills. Detecting problems with models requires analytical skills and an understanding of modern data warehousing and data engineering.
  3. Profiling or labeling data requires understanding payment system data outputs that are often confusing. Providing statistics and labeling the data allows firms to understand risk ratings within their transaction monitoring system fully. This can be a laborious task for compliance officers who may lack an understanding of data outputs from payment systems (which are often confusing and filled with codes).
  4. Data quality assessments require knowledge of what is good and bad data, which is often not obvious. Payment systems are full of quirks; fields may be missing, incorrectly formatted, or simply not populated by various financial institutions. One institution entering “NA” may intend “not applicable,” and a transaction monitoring system may confuse that for “Nambia”
  5. Model tuning (or above and below-the-line testing) is often costly or outsourced with many organizations not supporting at all. Changing rules engine and machine learning model thresholds requires periodic testing against historical data to see if eventual outputs improve. Without in-house data science teams or skills, organizations may often rely on 3rd parties to understand if these thresholds are effective but not have a full understanding internally
  6. Threshold Analysis and capacity planning are often recorded manually. These tests identify which rules cost the most time and where officers spend the most. Often this is manual or relies on officers to record this in spreadsheets. This data is unreliable, meaning teams struggle to be more effective or work at their best without analytics.

Improve BSA/AML Effectiveness without manual work or spreadsheets

The solution requires:

  1. Effectiveness Dashboards: Access to dashboards for real-time oversight without manual work
  2. Continuous traffic monitoring: to identify controls gaps on 100% of the user population
  3. Automated Machine-learned oversight: of BSA/AML effectiveness within institutions and their sponsored programs
  4. A data science team: to detect new controls, label data, assess quality, manage thresholds, and provide recommendations for reducing false positives
  5. Real-time transaction monitoring: to prevent alerts from becoming cases by blocking highly suspicious activity at transaction time

1. Effectiveness with compliance dashboards

Sardine provides real-time model validation against historical and labeled data for compliance officers for their transactions as well as any transactions and entities onboarded by sponsored programs. Using the Sardine dashboard, a compliance officer can identify control gaps across any part of their business or sponsored program in areas like

  • OFAC screening (identity and location verification)
  • CIP (name, DOB, SSN, user age and address verification)
  • BSA AML (CTR thresholds and UAR $ Aggregations)

2. Continuous and complete traffic monitoring for financial institutions' control gaps

The Sardine platform monitors all transactions and user traffic, covering 100% of the financial institution or Fintech program's population. The platform provides real-time alerts of suspicious activity or new control gaps in case creation. This significantly reduces the time to remediation and increases the speed of finding control gaps at a sponsored program.

3. Automated machine-learned oversight of program effectiveness

The platform monitors rules against historical data and SAR feedback from compliance officers and operations. Our machine learning anomaly detector will identify any rules that are causing high levels of false positives and automatically flag these to compliance teams. Similarly, if a rule is not firing or performs poorly, this can be flagged for follow-up. The platform automatically helps label, understand, and make sense of thresholds 

For example, If we find specific geography is causing a spike in sign-up SARs (or anomalies based on our real-time true location data), this may signal the need to look at onboarding rules, thresholds, or models.

4. A data science team working to reduce false positives and improve compliance effectiveness

The Sardine team is an extension of your team and will work to help manage thresholds, data labeling, and model tuning so you can make effective decisions about your capacity.

5. Real-time transaction monitoring to prevent suspicious transactions before they become cases

Every possible future alert declined at the transaction level is one less case to manage and one less SAR to raise. Sardine can provide real-time transaction monitoring with sub 500ms response time, meaning we can reject transactions in real-time in cases of suspected fraud or financial crime.

What if you could hire 100 data scientists to obsess over your compliance effectiveness?

At Sardine, we're obsessed with problem-solving. All risk problems can be broken into data problems and that partnering with compliance officers can 10x their effectiveness without 10x'ing their headcount. 

Share the article
About the author
Krisan Nichani
General Manager, Compliance

Krisan Nichani is the General Manager of Compliance Product at Sardine, bringing 14 years of expertise in risk, compliance, and fraud prevention. He previously served as Head of Risk and Compliance at Step, Civic Technologies, and Gyft.