The Importance of Partnerships between BSA/AML and IT Teams

Did you ever start a project or a task and work on it really hard only to realize that you could do no more? Perhaps you came to a point where you had to either abandon your project or seek someone's expertise to meet your end goals. Maybe you realized that you could finish your project alone, but that it would be so much better if you had help from someone with a different skillset than your own. I have been in this spot more than once. What I have learned is that teaming up with others can sometimes really make your life easier and result in a better end product.

As a manager of a team of bank examiners who specialize in the Bank Secrecy Act (BSA), I have had the opportunity to work with and observe bankers whose job it is to operationalize BSA, to identify and mitigate the associated risks and to make sure their companies comply with this broad-reaching law. AML professionals have a tough job and it is getting tougher. The current market is ripe for acquisitions and they are happening and challenging anti-money laundering (AML) professionals even more. They have to make the right decisions about system conversions, data acquisition and management, along with making the business case to their board for the right BSA/AML resources and infrastructure for their larger organization.

What I am seeing and what BSA officers are telling me is that the information technology (IT) skillset is needed more than ever in this current environment. It is almost as if the market is demanding that AML professionals have at least a working knowledge of IT to effectively perform the role. Why? Well there are the aforementioned mergers, which generally require the merging of automated systems used for BSA. There is also the regulatory landscape, which is currently necessitating that BSA officers implement the Financial Crimes Enforcement Network's (FinCEN) final rule on customer due diligence (CDD) and beneficial ownership. There are also banking market innovators, who are constantly introducing new products and services to offer in an electronic environment. And there are many more reasons. If you do not have the IT skillset, do what I do: reach out to your IT team. Here are top 10 reasons you should get to know your IT partners, both internally and externally.

Number One: FinCEN's CDD Rule

FinCEN has amended the BSA to require explicit CDD procedures, including the collection of beneficial ownership information for legal entity customers. Compliance is required in May 2018. Your approach to complying with the rule will likely involve your core provider and possibly your automated tool. Therefore, you will need to have conversations with your IT partners to figure out what adjustments to your process might be needed (e.g., how you will gather the ownership information, how you will store it, etc.).

Number Two: You are Getting Bigger

For some of you, mergers are a fact of life right now, necessitating an understanding of what AML systems the acquired entity is using and whether and/or how they will work with your systems and data. How will you use the historical data on customers you have acquired through the merger in your system? As your companies merge and grow, you may also have to make decisions about your systems like whether the system you are currently using makes sense for your expanded organization. Does it have the capacity and features you need? Your IT partners can help you understand these issues.

Number Three: FinCEN's Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crimes

In October 2016, FinCEN published an advisory encouraging collaboration between in-house "cybersecurity units" to identify suspicious activity. This means you will need to know when your organization has been attacked, as well as when any bank customers have been attacked, so that you can comply with suspicious activity report filing requirements associated with cyber events.

Number Four: Customer Demands and Product Innovation

Customers are demanding higher levels of convenience, which likely means faster electronic transactions. Market innovators continue to supply new products that you may have to initiate or offer electronically. IT partners can help you do this.

Number Five: Vendor Issues

The IT group at your organization can help you solve challenges you may be having with your core provider or software provider(s)/vendor(s). Their knowledge can be invaluable to helping you make suggestions to your vendors on adjustments or refinements to their tools or software to help you comply with the BSA. For example, adjustments or parameter/threshold changes can be discussed with your AML software provider. Also, when asked why it is important for BSA to partner with IT, Rebecca Robertson, senior vice president and director of AML compliance at South State Bank responded, "External IT partners must be able to identify how the systems a bank is running will work with their system to determine data feed challenges and/or how to correct issues that may arise. Without this understanding, the system will work minimally, or maybe not at all."

Number Six: Your Career

Gaining IT exposure and experience as a BSA/AML officer makes you a more valuable AML professional. In a recent ACAMS Today article titled Resume Tips for the AML Professional, Amy Wotapka advises that "you ensure your resume highlights industry-specific systems you have worked in or with. When possible, list the experience you have with the system (e.g., implemented BAM+, including testing and setting parameters for a $4.3 billion community bank)." So having experience with various systems used for AML may help in securing a job.

Number Seven: Project Management

You will need your IT partners in most compliance projects that you undertake, at least those that involve data. They may have project management software that can help or you may need them on your project team to help resolve data or other issues.

Number Eight: Incident Response Requirements of Regulators

Federal and now some state regulators require the reporting of cyber incidents to them and the filing of SARs as warranted. For example, New York State's cyber law went into effect on March 1. Financial institutions must follow certain steps to protect their networks and customer data. As the filer of SARs within your organization, your IT partners will need to keep you in the loop when cyber incidents occur.

Number Nine: Data Validation/Model Validation

With the expectation of model and system validation, internal IT departments must be able to assist if/when needed to verify file creation, file size, numbers of items within the files, etc., for file transfer to the system vendor if using an external provider, according to Robertson. This is also critical if using an in-house system because the same needs are present for validation.

Number Ten: Automated Systems

Most of you use automated systems to comply with the BSA. Many automated systems come in the form of tools used to monitor suspicious activity. Your IT partners need to understand dataflow into these systems. If the wrong data is going in or the needed data is omitted, you may have trouble identifying suspicious activity, which is a serious matter—take it from a regulator.

If you're struggling with technology in your job, get to know the IT team within your organization and your vendors. They can help you understand what's needed to make the technology more effective; thus, making life as an AML professional easier and your compliance program stronger.

Elaine Yancey, CAMS, MBA, managing examiner, Federal Reserve Bank of Richmond, Richmond, VA, USA,

Leave a Reply