Winning the AML War: The Three Lines of Defense for Financial Institutions

Financial Services organizations face increasing pressure to improve their Anti-Money Laundering (AML) compliance programs—and there’s a lot at stake. Among other things, AML programs, which are defined by regulations and mandated by law:

  • Stop illicit use of global financial networks.
  • Prevent terrorist financing.
  • Detect and report suspicious activities that signal potential money laundering.
  • Curb the proliferation of shell and anonymous companies.
  • Reduce the risk of non-compliance.
  • Help institutions avoid hefty penalties and reputation damage, which, in turn, result in loss of customers and revenue.

The Building Blocks of AML

AML programs can be broken down into three essential building blocks: Know-Your-Customer (KYC), Suspicious Activity Reporting (SAR), and Transaction Monitoring (TM). KYC is the practice of verifying the identity of clients, in accordance with the legal requirements. SARs are reports that financial institutions must file with the Financial Crimes Enforcement Network (FinCEN) whenever there is a suspected case of money laundering, fraud or threat to public safety. Transaction monitoring works hand-in-hand with SAR to detect suspicious activity, such as dormant accounts suddenly becoming active, or flow-through accounts where money transits through within a short period of time.

The Three Lines of AML Defense

AML programs have become more complex because money launderers are embracing modern technologies that enable them to conduct illicit activity in new, elaborate ways. Due to their complexity and the amount of data involved, AML programs for most financial institutions are a multiple-front battle waged across three main areas of the business.

Business units, whether they are helping customers with checking accounts or investments, are the first line of defense. As the frontline for KYC, they handle customer onboarding, identification, and due diligence—all processes that require immense amounts of data, primarily acquired through lengthy customer questionnaires.

The second line of defense is the compliance department, the “behind-the-scenes” folks who develop policies and procedures, devise customer questionnaires and requirements, and maintain the technologies necessary to streamline KYC and AML processes. They also divide customers into risk categories and monitor ongoing SARs.

The third line is the internal auditing staff. They determine if everyone has established the proper controls. They must ensure that KYC programs are based on complete, correct information, through processes such as reviewing answers to onboarding questionnaires. Auditors also keep an eye on business unit performance, employee turnover, and major changes in business units’ risk profiles.

The Issue: Manual Efforts and Too Much Dirty, Duplicate Data

All of these processes seem like clear marching orders, but that’s not the case in practice. Current AML controls and processes are manually intensive and time-consuming. All three lines of defense have to work with vast, complex data: customer lists and personal information, transactions and SARs, HR and accounting systems, risk profiles, and more. Because this data is not unified, cleaned and normalized, cutting corners becomes an unavoidable reality.

On the first line of defense, there’s a high risk of inadvertent human error, especially in onboarding. Routine “bad” customer data–similar, erroneous or incomplete addresses, disparate last names, unclear contacts or phone numbers that are missing digits–become major risk factors if incorrect or duplicated. Additionally, employees don’t always have the ability to check existing databases or other software systems to see if a customer already exists. Incomplete due diligence can have dire consequences like causing a bank to do business with a sanctioned entity.

Compliance professionals, the second line of defense, are often unable to take a comprehensive look at all transactions and entities. Even though all suspicious activity alerts must be reviewed by law, it can be nearly impossible to review all of them in a timely manner. Compliance professionals may skip steps in clearing alerts, either by not having time to review them, or by creating ineffective transaction monitoring rules.

Auditors are equally challenged. Manual efforts to review stockpiles of onboarded customer data limits them to review only a subset. Adding to the challenge, suspicious activity is increasingly conducted via networks of accounts. Identifying these networks becomes a challenge with all the dirty, duplicate data involved.

The Battle Plan: AI and Machine Learning

Fortunately, technology can help all three lines of defense unify, clean and classify data and match it against various systems. With Tamr’s machine-driven, human-in-the-loop approach, our AI/machine learning models can handle integration of about 80% of data by taking a probabilistic approach (scientific guessing) versus a deterministic, coded approach (like Master Data Management), providing a much more scalable way to get data into usable form.

The system involves human experts only when necessary–for example, to resolve non-obvious relationships between two data records or fix other outliers, particularly good at higher-order tasks like clustering, mastering and entity resolution. This human intelligence gets continually fed back into the models, which get smarter and more autonomous over time.

Tamr is key to the first line of defense, helping them overcome issues of data quality and completeness. Tamr is particularly useful because it provides low latency matching, or the ability to check existing databases or other software systems to see if a customer already exists and check against sanction lists, even when records are incomplete or spelling is different. Then, each customer record can be enriched to catch spelling errors and duplicates, creating accurate golden records that act as a single source of truth.

With AML, so much is on the line. The world of money laundering is embracing modern technologies to find new ways to conduct illicit activity. So, if your institution is looking for a secret weapon to help you win the AML war, we’re here to help.

Contact us or sign up for a demo.

Mastering Financial Customer Data at Multinational Scale

Learn why traditional MDM systems don’t scale to meet the needs of large, multinational financial institutions.

Download Now


Aidar Orunkhanov is a Solutions Director at Tamr. He is responsible for researching and delivering new offerings that unleash the power of Tamr in various applications within Banking and Financial Services. Before joining Tamr, Aidar led audit, regulatory and compliance analytics enablement efforts for a global bank, and he worked as a fraud analytics consultant in North America and APAC prior to this. Aidar also serves as an Adjunct Lecturer at Boston University, teaching graduate-level Business Analytics courses.