To many people outside finance, money laundering became a real issue following the horrible events of September 11th. Thwarting money laundering efforts-whether by terrorists, drug traffickers or a wide-ranging gaggle of white-collar criminals-has been a major concern to banks for decades. But the terrorist attacks on the World Trade Center and Pentagon, and the subsequent passage of the USA Patriot Act, changed the anti-money laundering landscape dramatically-and ushered in a whole new, complex layer of compliance issues for banks to deal with on a daily basis.
Right in the thick of things with the nation's banks and thrifts is SAS Institute, a Cary, NC-based software company formally founded in 1976, but whose origins reach back to North Carolina State University in the 1960s. There, founder and CEO Dr. James Goodnight was analyzing statistical data for agricultural experiments; that work would later give way to a robust business analytics software company.
Today, SAS Institute is one of the largest privately held software companies in the world, with 9,000 employees globally and annual revenues exceeding $1 billion. With 1,700 full-time software developers, it specializes in business analytics software, including data warehousing and data mining, as well as information analysis on business risk and performance. SAS provides business intelligence software for many industries, and it claims to work with 90 percent of the Fortune 500. "We are going to be a very key player in the financial services intelligence space, and it is my goal to be the number one software vendor there," says Goodnight.
To that end, the company is pouring enormous resources into developing sophisticated financial services software, and has dedicated 100 developers specifically to that market. "We decided there were things like anti-money laundering that we didn't do that we ought to supply to our customers," Goodnight says, adding that 36 percent of SAS's revenues comes from non-AML products it provides to the financial sector.
Money laundering is big business, and so, too, is fighting it. Experts estimate that between $1 trillion and $2 trillion is laundered through financial companies around the globe annually. It's not surprising, then, that there's a large market for anti-money laundering platforms. Celent estimates that, between 2003 and 2005, financial companies will spend about $632 billion on anti-money laundering platforms. By 2006, 94 percent of big banks will have implemented new AML technologies, while 74 percent of mid-tier banks and 49 percent of smaller banks will do the same.
To say AML technology is hot right now is an understatement. "Two or three years ago, there were just a handful of vendors who provided off-the-shelf solutions for anti-money laundering," says Dale Simonson, senior manager for Cap Gemini Ernst & Young's banking practice in New York. "That has mushroomed from a handful of providers to just about everyone."
The competition is stiff, with 16 contenders now on the field. In addition to SAS, other prominent vendors vying for the space include ACI Worldwide, Mantas Inc., Searchspace Corp. and Sybase Inc.
SAS made its AML expertise known in less than two years, reeling in a small, but impressive financial client roster. Among the banks and brokerages currently using its AML platform, called SAS Anti-Money Laundering, are Bank of America Corp., BB&T Corp., Morgan Stanley and Wachovia.
The company has impressed industry experts with its speed stepping into the AML market by leveraging past experience. "Their expertise in business intelligence and neural networks and enterprisewide applications is all very applicable to anti-money laundering," says Neil Katkov, an analyst for Boston-based Celent. "They were able to develop a strong product very quickly."
Breffni McGuire, senior analyst of global payments practice for TowerGroup, based in Needham, MA, agrees. "SAS was very fast at developing an AML solution once they decided to do it," she says, noting that its existing technology, analytical capabilities and relationships with large financial institutions and multinational corporations helped jumpstart things.
SAS's anti-money laundering platform gathers data from the millions of transactions a financial services company completes each day-everything from deposit and automated teller activity to brokerage and mortgage transactions-and it analyzes that data based on a set of about 130 different scenarios.
Those scenarios can be further analyzed in three different ways. First, they can be examined based on a set of rules or facts. For example, if someone moves a large amount of money from one account to another country or jurisdiction, that would raise a red flag.
Secondly, the software can create profiles, so if customers perform transactions that do not fit into their normal pattern of their behavior, that might also generate an alert.
Finally, the transaction data also can be analyzed by a neural network, which attempts to predict possible money laundering behavior in the future. "The system has a learning component," says Mark Moorman, vp of financial services practice for SAS. "It learns from what the individuals have done."
Wachovia selected SAS because its customer-focused solution meshes with the bank's philosophy. Wachovia plans to have the solution fully integrated some time in 2004. "Their approach is an enterprise solution, as opposed to one that focuses on a particular line of business or demand. It is across all lines of business and built on basic scenarios of each business, but at the end of the day, you pull it together and look at the aggregate," says William Langley, chief compliance officer at Wachovia.
Wachovia says the SAS anti-money laundering system is more advanced than its previous system, supplied by another vendor that it would not name, because the old system only examined individual business units and did not look across the enterprise. "The solution we needed would look at a number of customer accounts and have an aggregate view of them," says Langley, who cautioned that banks need to be careful when looking at the predictive modeling capabilities of AML systems. "You need to be careful you are not modeling a money launderer. You must know the customer and what is normal and this presumes you know the customer."
Simon Moss, chief executive of rival Mantas, argues "profiling is more two dimensional" and not very effective. Instead, he contends "link analysis" is a more effective way to discover money laundering activities. Link analysis uses mathematical algorithms to find common denominators and patterns in massive amounts of data across an enterprise.
TowerGroup's McGuire says "adaptive profiling" such as that employed by SAS and its competitor Searchspace, could be a critical part of an AML platform. "Each piece of data is added to the profile of what you know about a user," she says. "And the system learns from every transaction."
Institutions of all sizes need to consider AML technology, and there is room for penetration in the mid-tier and smaller banks. But SAS does not see that as its goal. Moorman says the company would be comfortable with between 50 and 100 bank clients for its AML platform. "We are building software for super-regional and global banks," he says.
Moorman says SAS might find opportunities where AML platforms integrate with other data mining platforms that banks may want, either for marketing or customer relationship management. "[Banks] have invested money in getting transaction and customer data into an [AML] system so they can manage it, and we are looking at opportunities like fraud and marketing off the same platform to save money," he says.
Moorman adds there is much more to this technology than simply fighting crime. "You are churning through all this data and customer transactions and patterning them for things that might be illegal," he says. "You could also look for growth or change that might be signs of lifestyle change or attrition that you would like to be a part of, and we are working with a customers now on this."
Wachovia's Langley says this is something that might interest the Charlotte bank down the line. "This is an approach that more and more large banks with large data warehouses could pursue," Langley says. "A lot of what we are doing today is about adhering to regulations and at the same time being sensitive to customer needs, while managing risk and respecting privacy."
Dr. Goodnight says the real power of SAS for financial services companies and others is its data segmentation and data mining capabilities. "We have these great capabilities in data warehousing, followed by business analysis and general business," he says. "You can use this software to help select the subset of customers you want to market to."
If only it were that easy. A host of regulatory challenges in the wake of September 11th has implications for AML and related risk management platforms, such as section 326 of the USA Patriot Act, which requires bankers to "know their customers."
Other regulations require banks to understand their customers' relationships with offshore institutions, and to monitor transactions of $10,000 or more, among other things.
Added to the mix is Sarbanes-Oxley, a post-Enron law that requires banks and brokerages to increase financial transparency and create an audit trail of potentially suspicious activity. And looming on the horizon is Basel II. "Most banks need one AML solution, not five, and you don't have to change every year or two," says Simonson of Cap Gemini Ernst & Young. "I see a little bit of calming in the industry, whereas there was a real flurry in 2001 and 2002 as banks scrambled to address the new regulations."
This plays well into SAS's desire to become more deeply involved in financial services beyond AML systems. SAS Institute is focusing more broadly on compliance, particularly as it relates to Sarbanes-Oxley and protecting against corporate malfeasance and rogue employees. The company sees opportunity where others see scandal-lots of it, up and down Wall Street. "We are losing faith in our financial systems. ...Enron and Tyco were giants and considered stable," says Moorman.
In late 2003, for example, SAS launched Broker Surveillance, software that relies on advanced analytics to monitor sales practices and trading compliance. The objective of Broker Surveillance is to help a firm protect its revenues and reputation by proactively identifying suspect behavior within the firm. That means accessing data in disparate systems across various lines of business.
SAS Broker Surveillance enables financial firms to collect and consolidate data from disparate sources and millions of transactions per day to profile all account, customer, broker and trading activity; use data mining and heuristics to compare transactions with acceptable scenarios; and generate alerts when scenario conditions are breached.
Its sales surveillance component flags excessive trading, asset turn and churn; incorrect calculations of breakpoint discounts; mutual fund switching, short-term trading, market timing and late trading; and front-running, parking, and unauthorized trading and excessive trading.
Long overdue? Likely, but so far only Bank of America is an SAS Broker Surveillance customer. Moorman says the software company is working with domestic and international trade groups, though, to promote the new product. "It is critical for their businesses that [financial firms] present a well respected, capable and knowledgeable representation of what's going on in-house and outside," he says.
