Author picture

Are AML monitoring systems correctly parameterized?

By: Karla Valdés


In this week’s Compliance Blog we are going to comment on an issue that is an integral part of an Anti-Money Laundering (AML) program. I am referring to the AML monitoring system, which some companies call an automated system, AML system, or transaction monitoring system.

What is the AML monitoring system?

The AML monitoring system is a regulatory requirement for banks, brokerage houses, SOFOMES, fund operators, and fintechs; it monitors all operations made by the organization’s clients and validates any suspicious activity between the transactional profile reported by the client and the operations carried out.

There are many software solutions to manage this issue, from internal developments to systems provided by domestic or international external providers, these tools must preserve confidentiality and other characteristics that I will mention later.

What elements does the system need to comply with?

  • Integrity, you must have complete records with correctly captured information. Avoid, for example, having two different records for the same customer.
  • Availability of information, both for the users of the system and for the regulators, in case any information is required.
  • Auditable, the system must have audit trails that identify which user accessed the system, who modified the system data, among others.
  • Confidentiality, the system must have access controls and protect customer information in order to avoid unauthorized access or “hacking” of information.

What are the monitoring system alerts?

In the implementation of the system, different patterns and variables are designed in order to generate alerts, which must be monitored effectively. For example, if a client reported that they would do 2 operations a month for 50,000 pesos, and after 2 months they do 10 operations for 100,000 pesos, the system must flag these operations so that the AML team can review, analyze, and document unusual operations, providing sufficient elements to mitigate this risk.

Why is it important to parameterize the system correctly?

There are several advantages of having a correctly parameterized system:

  • Allocated time and human resources to the analysis of transactions that are unusual.
  • Avoid the review of “false positives”, that is, alerts that do not represent a real risk and that generate a high administrative burden for AML teams.
  • Cover/mitigate risks correctly in accordance with the organization’s risk model.
  • Report to the authorities possible unusual operations that involve Money Laundering in order to initiate investigations through the corresponding authorities.

This issue is one of the most frequently audited by regulators and this is usually because either the system is not correctly calibrated or parameterized, because the regulatory reports do not meet the requirements, because the supporting documentation to rule out an unusual operation is insufficient, the information is not available, or there are no audit trails regarding the analysis carried out, among others.

We hope this post has been useful, at Miranda Compliance we are certified to help you efficiently implement or parameterize your monitoring system. If you require advice, we will be happy to support you.


C O N T A C T 

Miranda – Compliance

Karla Valdés Posada


Ernesto Gómez Gallardo