The Problem
At a $2.6 billion bank, the governance and internal controls related to the Anti-Money Laundering (“AML”) system, and their prior independent model validation, were deemed to be inadequate by the bank regulators. The overall model risk management process came under criticism and the regulators challenged the bank’s ability to demonstrate that the AML system was functioning as intended, and that the quality of alerts used for suspicious activity reporting was appropriate for the bank. As a result, the bank became “at risk” for regulatory penalties and sanctions. However, the bank was fortunate, and this time only received a regulatory criticism, albeit one that required an immediate management response to avoid incurring a more serious outcome in the future.
While they dodged that bullet, it turned out that the AML system was also producing an elevated level of false positive alerts. These were causing inefficiencies in the AML function because the AML team had to waste time researching and resolving each alert as if it were valid.
Bank’s Attempt to Resolve
With above noted problems looming, executive management and the board determined that it needed an independent assessment to help evaluate and address the inadequate model validation, and other underlying weaknesses with its model risk management processes. So, they called RGS.
RGS Solution
With the clock ticking, RGS quickly deployed an experienced team that combined both AML and system technical expertise who had evaluated many similar models and related governance earlier. RGS project plan included both a comprehensive AML system validation and an assessment of the model risk management governance policy, controls, and related practices. The regulators reviewed and approved the project plan.
RGS executed the project with urgency and was able to complete it ahead of schedule. In addition to the validation of the AML system and its underlying rules and parameters, RGS identified areas for process and internal control improvement that would strengthen reporting including AML alert results, potential suspicious activity and related KPIs. Also noted was a rule that was performing differently than intended and when rectified would reduce the rate of false positive alerts that were currently being produced by the system. In addition, RGS identified a conflict of interest in user rights that would have allowed the user to make unauthorized changes to the system rule settings which could have severely impacted the bank’s reputation and that of its management and the board.
Result
Throughout the process, RGS worked closely with management to help devise solutions to address the deficiencies noted and reviewed corrective actions that were implemented promptly by bank management.
RGS issued a formal report which included details of the validation procedures performed, observations for improvement and actions required to be taken by the bank.
In addition, the RGS report was provided to the regulators who were satisfied with the results and the actions for improvement undertaken by the bank. The regulators concluded that the proper model risk management was now in place and decided to close the issue within three months of the date of the RGS final report issued in the matter.