As a share of the estimated $50 billion-plus pie of bank technology spending, the $147 million that U.S. institutions spent on anti-money laundering compliance products last year was barely a flake of crust.
Yet the headache of AML compliance is the casus belli of the banking industry's calls for change. The costs of analyzing and acting on information generated by automated AML tools has gone well beyond bankers' expectations. Frustration mounts that the more than half-million suspicious-activity reports filed by banks last year-on top of a nearly similar number filed by money-services businesses, insurance firms and brokerage houses-were of no use to apathetic or overwhelmed government authorities.
Adding to the misery is the heightened scrutiny of regulators now measuring the effectiveness of AML programs, plus the subsequent deluge of false alarms from systems wired to be ultra-cautious. "I get a chuckle out of it," says David Caruso, founder and CDO for AML consultancy Dominion Advisory Group, and a former regulator who was tapped by Riggs Bank in 2003 to recover from massive money-laundering woes. "These AML compliance groups are hiring statisticians to help better tune the software they spent millions of dollars to implement."
It's no wonder that more senior management executives-71 percent, according to KPMG's 2007 global banking survey on AML systems and processes-plan on taking a more hands-on role with AML in the coming years. The same survey also found the costs of AML/Bank Secrecy Act compliance has risen 58 percent over the last three years-well above the 43 percent increase most banks expected to fork over when last polled in 2004. Over the next three years, U.S. banks, which have been the front-runners in adoption and use of AML products, still expect compliance costs to rise an average of 28 percent annually.
"I'm not surprised at the increase in costs, because it's not inexpensive to have a good program in place, and it's not a place to cut costs," says Teresa Pesce, head of KPMG Forensic's AML service line and a former federal attorney who specialized in money-laundering cases-including Broadway National Bank, the first bank prosecuted for an inadequate AML program in 2002.
Expense trends have aligned with the regulation-relaxation crusade by U.S. Secretary of the Treasury Henry "Hank" Paulson. Treasury and its Financial Crimes Enforcement Network have proposed a more "intuitive" risk-based exam process for AML compliance.
One problem, however, is that Paulson's plan focuses just on community banks-a puzzling move, in Caruso's opinion, since small institutions already receive comparatively little examiner AML scrutiny, he says.
According to Celent, only 10 percent of these lower-tier institutions have AML- transaction monitoring in place, compared to 80 percent of large banks, and are increasingly being targeted with scaled-down affordable "AML Lite" software that should lighten their regulatory expenses. "The costs involved with some of those [lower-end] products are in the tens of thousands of dollars," says Caruso. "Not a lot of money."
Without their own regulatory white knight on the horizon, large banks are turning to new AML applications or fine-tuning existing systems with more behavioral-based characteristics and analytics. Besides providing more in-depth watchlist analysis and including risk-based views on transactions, the tools are helping alleviate the human-based investigatory work and building synchronous AML compatibilities throughout operations.
In one recent major bank shift in AML oversight, Detroit-based Comerica Bank deployed transaction-monitoring software from Actimize to follow money and people across its retail, commercial, securities and trust divisions. Actimize evp Amir Orad saw that while "retail banking once got all the attention, now the regulators are looking at other financial executions in insurance risk and brokerage" as well as diving deeper to ensure that proper precautions are being taken in the account-opening process. Comerica officials declined to be interviewed for this story.
In an analysis of the vendor space last year, Celent identified 19 providers and the niche areas many have staked out. They are a mix of the watchlist vendors that arose out of the Patriot Act guidelines for government information sharing, and the newer breed of transaction-monitoring software developers. To improve automation and effectiveness across business lines, these tools are merging, often through in-house growth or acquisitions that improve case management and data-workflow needs.
These players are largely falling into niche tier-level deployments. Analysts and observers note that i-flex solution's Mantas, Fortent (formerly SearchSpace) and SAS are primarily installed with the global Tier 1 institutions, while specialists like Actimize and Norkom Technologies are among providers working primarily with regional banks plus securities and insurance firms, two verticals that now regularly file SARS. Actimize and Norkom are also gaining traction in bank efforts to stem insider fraud.
Besides bank demand, AML vendors are becoming hot commodities as acquisition targets by other monitoring firms or even core platform companies. Mantas was purchased by i-flex last fall for $122.6 million, and Actimize was bought out by NICE Systems this summer for $280 million. Fortent was formed when private equity firm Warburg Pincus acquired AML systems firm SearchSpace and merged it with the know-your-customer platform of its Semagix subsidiary.
Where vendors see green, banks are seeing red. One of the most deleterious issues for AML compliance is with legacy data silos, where signs of criminal activity may be lost in translation among product divisions, disparate compliance operations and incompatible case-management systems. "We have clients where it takes them anywhere from six to 12 hours to load data into an AML engine, and that's six to 12 hours of exposure every evening when they run their global batch job," says Mark Dunleavy, a data-quality manager for data-integration firm Informatica. "Because there's no explicit data- quality function within their architecture, their concept of data quality ultimately is log-file analysis on the other end."
And through that spigot is usually a lot of unremarkable information, which, given reams of SARS reports, increases the difficulty in spotting connections that could unearth drug money or terrorist financing. SARS have exploded since 2004 (381,671 to 567,080 in 2006), with a majority of bank SARS (61.7 percent) related to the pain point of unregistered money-services businesses. The work on due diligence keeps growing. According to KPMG, 81 percent of banks ramped up scrutiny of new account holders, compared to just 55 percent in 2004.
"There is not a panacea there," says KPMG's Pesce. "It still requires ongoing vigilance in knowing what the system is giving you, and tweaking the system to come up with better scenarios and better typologies to better understand your customers."
