Money laundering remains an ongoing concern for countries and companies worldwide.
According to data from the United Nations, between $800 billion and $2 trillion is laundered every year as criminals look to “wash” ill-gotten gains by moving them away from the point of the crime and then layering them within other transactions to appear legitimate.
To combat this concern, businesses that conduct financial transactions — including banks, fintech firms, cryptocurrency trading companies, and casinos — must develop anti-money laundering (AML) practices that satisfy compliance obligations under the Bank Secrecy Act (BSA).
Failure to comply with these regulations can lead to audits, investigative action, fines, and even suspension of business operations. What’s more, lacking AML frameworks can put companies at risk of being used for money laundering efforts, putting them at risk of legal challenges and significant reputation damage.
So how do companies get from AML expectations to effective compliance? It starts with an AML model, which is a process that helps businesses ensure that current practices align with existing regulations.
In this piece, we’ve created a step-by-step guide to help your company build, test, and validate your AML model.
Let’s get started.
What is an AML Model?
An AML model is a set of processes that work together to help identify potential money laundering operations and reduce overall risk.
In practice, this means an AML model isn’t a single software or hardware tool but rather a combination of processes and procedures that include software solutions, human expertise, and emerging technologies such as artificial intelligence (AI) and machine learning (ML) to detect the telltale signs of money laundering before fraudulent transactions can be completed.
Historically, these models have relied on qualitative human measurements — the ability of experts to recognize specific actions as part of more significant money laundering operations. As criminals have become more sophisticated, however, their methods have evolved to include digital tools and techniques designed to obfuscate actions and make it challenging for AML teams to detect potential problems.
Today, AML models combine qualitative and quantitive metrics to provide a complete picture of the risk and compliance landscape. For example, a purpose-built AI tool might scan transactions for common signs of fraudulent behavior, then notify AML staff of the findings. From here, AML teams analyze both the data itself and the market at large to assess their overall level of risk and determine effective action.
To fully protect yourself from any threats, you'll want to mesh your fraud and AML efforts, ensuring both teams are working together closely.
How to Develop an Effective AML Model: 8 Steps to Success
When it comes to building an AML risk assessment model, there’s no “one size fits all” approach — the type, volume, and location of transactions conducted by your organization will inform the best fit model for your business.
There are, however, eight common steps to success that can help any business looking to develop and deploy an effective AML model.
Set Specific Goals
Before starting any AML model development, it’s good to set specific goals. This is critical given the scope of money laundering efforts — attempting to catch every action from every customer will result in models that are simply ineffective across the board.
This means it’s a good idea to determine your priorities in practice. What are you looking to accomplish with your model? For example, is the goal to reduce the volume of transactions from a specific area or ensure an in-depth analysis of transactions over a specific monetary threshold?
By establishing clear goals up-front, you can tailor your model to meet desired outcomes, rather than trying to shoehorn in particular actions after the fact.
Create a Clear Framework
When it comes to AML models, a clear process framework is critical. This means sitting down and mapping out what your AML workflow looks like. For the greatest chances of success, you'll want to plan out a comprehensive fraud and AML program to make sure you have all your bases covered.
For example, will AI and ML tools handle the initial analysis of customers and transactions before passing them on to human experts, or will technology and talent work in tandem? If AI solutions are responsible for assessing and reporting potentially problematic transactions, what is the threshold for human interaction, and which transactions can be handled automatically?
Pinpoint Tools and Technologies
Next, your team needs to consider the tools and technologies that will underpin your AML model. This might include an onboarding orchestration tool to help pinpoint high-risk customers and validate ID, or it could mean incorporating transaction monitoring and case management tools capable of using well-defined data sets to conclude money laundering.
This step also speaks to integration: How will these tools and technologies work together to produce the desired result without creating redundancy?
Develop Consistent Controls
Controls must be consistent across your entire AML model to maintain compliance throughout the process.
This means creating a framework that delivers the same results in the same format every time — if processes change based on circumstance or due to a lack of robust documentation, the results of any AML assessments won’t be reliable or verifiable.
Ensure data accuracy
Accurate data produces accurate results. When developing AML models, this means pinpointing relevant data sources and ensuring that AML tools and technologies access these databases.
However, it also means limiting access to these relevant sources — while adding more data may provide additional context, it can also lead to results that are not relevant to the question at hand.
Test, Test, Test
Once you have a good idea of what you want to measure, how you’re going to measure it, and what steps you’ll take to ensure data accuracy, it’s time to test. And test. And test. The more you test your model, the better your chances of returning timely and actionable results.
Continually Monitor Outputs
Effective AML model development doesn’t stop when the first accurate outputs emerge. Instead, companies must continually monitor outputs to ensure that outputs remain consistent and compliant.
Regularly Reassess the Impact
AML compliance regulations aren’t static. For example, consider the expanding need for strong customer due diligence (CDD), which requires companies to identify and verify the identity of customers and beneficial owners along with understanding the nature and purpose of customer relationships to develop risk profiles.
As a result, AML models must be regularly assessed to ensure they remain compliant — if not, they must be updated.
Four Signs of an Ineffective AML Model
To help improve AML model design and deployment, it’s also worth knowing when things aren’t going to plan. For example, suppose you’ve spent weeks working on an AML model. In that case, it’s better to see where the model doesn’t live up to compliance expectations — rather than spending months on development only to discover that it can’t satisfy BSA requirements.
To help give you a head start on making sure that your model lives up to expectations, here are four signs of an ineffective AML model: If your current framework displays any of these characteristics, consider going back to the drawing board and developing a new approach.
Substantial Alert Backlogs
If your model produces substantial alert backlogs that aren’t being addressed in a timely fashion, there may be a disconnect between processes and outputs.
Inconsistent Policy Application
If high-risk customers or transactions aren’t generating regular alerts, this may indicate a problem with the current risk thresholds of ML or AI tools.
Recurring False Positives
If you face a host of recurring false positives or alerts for customers who have already been verified, your risk level analysis may require adjustment.
Sudden Changes in Alert Volumes
If alert volumes vary wildly from month to month, your process application may be inconsistent across all data sources.
You can fix all of these problems with predictive scoring for your alerts. This helps your risk and compliance team easily visualize the severity of different alerts and prioritize them accordingly.
Understanding the AML Model Validation Process
Validation is critical to ensure your AML model can reliably detect and report suspicious activity.
But what is model validation in AML? Put simply; it’s the process of ensuring that your model does what it’s supposed to do. For example, suppose your model is designed to initiate in-depth identity verification (IDV) for customers logging in from geographic locations with higher-than-average money laundering rates. In that case, validation ensures that this is actually happening. If these customers aren’t being flagged and sent for additional IDV, you may need to re-examine your model.
Standard validation approaches include conceptual soundness, ensuring that your model processes are backed by documentation and empirical evidence. It’s also good to validate output data to assess its relevance and accuracy. Over the long-term, meanwhile, gap analysis can help determine where models have improved current operations and where there is still work to be done.
Best Practices for AML Model Development
Regardless of your AML model goals and frameworks, several best practices can help keep your efforts on track:
Simple models are less likely to break, are easier to understand, and are more likely to be adopted by staff and customers alike.
Improve Data Quality
Better data means better model outputs. By prioritizing the collection of high-quality, relevant data, you can improve model accuracy and speed.
Stay Up-to-Date on Customer Data
Customers aren’t static. Their circumstances may change, in turn changing their risk profile. Therefore, regularly reassessing customer data is critical to align with AML expectations.
Pinpoint Scope Creep
As customer and data volumes grow, it’s easy for the scope of AML models to “creep” upward, in turn lowering their efficacy. So be on the lookout for this creep to help keep your model on track.
Making the Most of Your AML Model
A practical and in-depth AML model is critical to help your company pinpoint potentially fraudulent transactions and ensure regulatory compliance.
And while there’s no such thing as a “perfect” model — the dynamic nature of money laundering efforts means that continual monitoring and ongoing changes are part of effective deployments — you can increase the efficacy of your model by following our 8-step framework, watching out for the telltale signs of ineffective models, implementing powerful validation and ensuring alignment with AML model development best practices.