mind the gaps: aml and fraud global benchmark survey

Mind the Gaps AML / Fraud Global Benchmark Survey

06/2009

■ AML / Fraud Global Benchmark Survey 2009

Table of Content

© TONBELLER®AG All rights reserved. The content of the document is protected under copyright. Text and graphics may not be used, reproduced or excerpted in whole or in part in any manner whatsoever without the prior written permission of TONBELLER® AG. Siron® is a registered trademark of the TONBELLER AG.

1. Methodology.................................................................. ....... 4

2. Mind the Gaps...................................................................... 8

3. Key Compliance Findings................................................... 12

4. Key Fraud Findings.............................................................. 20

5. Enterprise-Wide Initiatives.................................................... 23

6. Appendix

Compliance Spending and ASP ....................................... 28

7. Closing Remarks ................................................................. 32

Foreword

Financial services companies spend 10.5 percent of their revenue on technology, more, by far, than any other industry sector. 1 I would argue that no industry is more dependent on IT to deliver innovation, drive down costs and protect the assets of customers and other stakeholders against operational risks. With the latter objectives in mind, an increasingly significant slice of the industry’s IT spend is being directed towards risk, compliance and other initiatives for fighting financial crime.

In March 2009 Tonbeller published the results of its Money

Laundering & Fraud International Benchmark Survey, Mind

the Gaps, which captured the viewpoints of 152 leading

compliance professionals from around the world.

Traditional approaches to managing money laundering,

which have been defined by the regulatory framework, did

not adequately address the true risk exposure of the finan-

cial institutions. Technology has enabled sophisticated fraud

schemes to work independent of geography, channel or pro-

duct, requiring financial institutions to rethink their ap-

proach to fighting financial crime.

However, compliance is now creating a more risk-aware

culture through the adoption of a risk-based approach that

allows for the assessment and categorization of potential

risks-based on their probability of occurrence and their

impact on the organization.

As insurance companies now come under the same kind of

regulatory scrutiny as the retail banks after 9/11, and are

consequently feeling the need to take action, insurers need

to look at their banking counterparts to comprehend the

challenges and success factors in order to ”mind the gaps”

while building an effective program to fight financial crime

and money laundering at the enterprise level.

Organizations are spending millions of dollars each year on

their compliance programs. However, many senior executi-

ves have become frustrated. Despite the high costs involved

in implementing compliance programs, they are seeing little

business value other than being able to pass an annual

audit. Is an investment in compliance truly a sunken cost or

are there ways to leverage this spending to capture the full

value of your compliance technology investments?

Torsten MayerPresident

1 Source: 2008 „State of the CIO surveyof 558 heads of IT. Note: Survey respondentsin financial services, government, health and wholesale/retail industries said they expect tobe hiring IT staff in the next 12 months.


4 5

Methodology

Tonbeller’s Money Laundering & Fraud Global Benchmark Survey draws

on the expertise of 152 compliance professionals working across the

entire financial services sector, bringing viewpoints from 41 countries

around the world.

The 152 participants completed the entire web-based questionnaire of

26 multiple choice questions. The survey was conducted in March 2009

and those who participated were rewarded with a complimentary copy.

The Money Laundering & Fraud Global Benchmark Survey examines the

inputs from the perspectives of geography, line of businesses, function

of organizational roles and organizational size. The majority of ques-

tions have been answered on a scale of 1 (not important) to 4 (very

important) and the answers are an average of the total sum divided

through the 152 participants. Tonbeller will continue to monitor the

financial services sector to detect trends and best practices in efforts to

fighting financial crime.

Figure 1: Which sub-sector within the financial services industry does your organization belong to?

ABC

D

E

F

G

H

I

J

K

L

M

# Sub-Sector %

A Leasing 2%

B Other 5%

C Money Services Business 2%

D Investment Management 12%

E Investment Bank 6%

F Payment Cards 2%

G Universal Bank 10%

H Credit Union 3%

I Retail Bank 14%

J Consultant 21%

K Brokerage 10%

L Regulator 3%

M Insurance 10%


Figure 2: What is your role within your organization specifically regarding financial crime or AML compliance?

A

B

CD

E F

G

HI

JK

L

M

# Role %

AMoney Laundering Reporting Officer

11%

BMember of Senior Management

10%

COperational Risk Management

2%

D Technology & Systems 4%

E Group Head of AML 3%

F External Consultant 10%

G Compliance Officer 22%

H Chief Risk Officer 2%

I Law Enforcement 1%

J Internal Auditor 1%

K External Auditor 1%

L Head of AML 9%

M Regulator 2%

N Analyst 6%

O Other 16%

NO

Figure 3: How many employees does your organization have?

38%

15%

5%

4%

11%

6%

21%

101-500

501-1000

1001-5000

5001-10000

10001-20000

20001+

10-100

6 7

Figure 4: Participating Regions *

Asia-Pac8%

5%

Eastern Europe

2%

Middle East & North Africa

7%

Nordics & Baltics

22%

North America

2%

South America

54%

Western Europe

* = 152 Participants


8 9

Mind the Gaps

Examining past, present and potentially future developments in AML

will help to better identify and understand the gaps and leverage

technology spend to gain business value for a compliance program.

Regulation-driven

Many financial institutions have acquired risk and compliance systems

in response to regulations such as Basel II, Sarbanes-Oxley, and Anti-

Money Laundering legislation. Consequently, many financial institu-

tions have multiple piecemeal systems in place for fighting financial

crime. Compliance professionals believe that there is a software

package that can handle every national and international regulatory

compliance issue: the best-of-breed approach, where everyone pursues

what they regard as the perfect solution to their particular challenge

and from their limited perspective, adding up the ticks on the regulato-

ry checklist. But from the point of view of the enterprise as a whole, the

inevitable result is a hemorrhaging of time and money on a succession

of projects, with no end in sight.

Regulation Driven

Risk Awareness

Enterprise Risk &

Compliance

Enterprise-Wide + + =

– Banks rushed to comply after 9/11

– First generation AML systems were focused on detecting and flagging – not on alert accuracy

– Rule based only

– Silo approach LOBs. within the same bank using AML from competing vendors

– AML approach driven by risks and not ticking of the regulators boxes

– Risk-based approach

– Risks are also integrated into KYC process – including account opening

– Enhance alert accuracy

– Creating a holistic view of AML across all services, products and geographies ...

– AML cockpits

– Integration of AML/Fraud

– Integration with competing vendors

– Overview of all financial crimes Risk Compliance Cockpits

– Linking compliance with other risk data (AML, Credit risk OpRisk, Market Abuse, Fraud, ...)

– Integration with CRM

– Risk based pricing

Compliance Business ValueAML Solution Revolution


Risk Awareness

Compliance is starting to create a risk-aware culture through the

adoption of a risk-based approach that allows for the assessment and

categorization of potential risks based on their probability of oc-

currence and their impact on the organization. Tonbeller’s experience

has taught us that a risk assessment profile at the regional or branch

level will always be inadequate when compared to a risk assessment

profile at the enterprise level.

Building a risk assessment profile is the perfect opportunity to create

an enterprise risk environment. This will help to eliminate gaps which

divide stakeholders, by finding out what information they have in

common. The most obvious benefit of establishing profiles based on

the true risks associated with crime is prevention. The risk assessment

exercise should be executed in conjunction with the operational risk

manager, as this individual should be the gatekeeper of risk at the

enterprise level, and because money laundering and fraud are defined

as operational risks under the Basel II accord.

Enterprise-wide initiatives

The frequency and variety of fraud and money-laundering schemes are

growing exponentially. An enterprise-wide approach will become a key

defense in the fight against financial crime and will enable financial

institutions to move beyond mere compliance and derive real business

value from their compliance investments.

Financial institutions have millions of customers; therefore they

generate hundreds of millions of customer records, often with many

different products and services distributed across many countries.

Criminals who identify a point of weakness can easily penetrate the

institution’s defenses for the purpose of fraudulent activity, for examp-

le by misrepresenting themselves on an online credit or loan applica-

tion by simply changing the way they spell their name, or by using a

false or stolen identity.

10 11

Therefore, a lot of the money-laundering and fraud schemes are all but

undetectable using data from one account. They only become obvious

when information is examined across multiple accounts. A cash

withdrawal or a new extension of credit on a single account by itself

may appear innocuous, but when seen next to unusual cash activity,

other extensions of new credit, and changes in account contact

information within other accounts held by the same individual, it can

become obvious evidence of fraud. (A good example is the London

bombings where investigators found two bank cards, at two different

bombing sites, belonging to one suspect; by the way, the suspect blew

himself up at the site of the first bombing. The bank cards had different

names of the suspect, but the same address. When investigators went

through his mail they found letters from the bank wanting to know

what steps he was going to take to repay his credit, after missing

several payments.)

Another benefit of rolling out an enterprise-wide program is of course

that it gives you the ability to monitor the effectiveness of your

institution’s financial crime fighting programs centrally. This integration

provides greater insight into the “genetics” of the financial crimes

associated with products, services, channels and regions, as well as

operations at the branch level. Enterprise-wide initiatives not only

mean systems work together, but also people. Consolidating informati-

on across multiple product lines, geographies, operational systems and

transaction types provides a substantial lift in early money laundering

and fraud detection.


Key Compliance Findings

Money laundering is priority number one in the fight against financial

crime. This ranking was independent of the company size, the role of

the participants or their geographies, with the exception of South

American respondents who ranked money laundering (2.0, Figure 5)

and terrorist financing (1.0, Figure 5) with a low priority.

The importance of these two issues in the eyes of compliance

professionals could be explained by the developments in national and

international regulatory driven initiatives such as the third EU

money-laundering directive, which is being implemented across most

of Europe. The Financial Action Task Force (FATF) country evaluations

have also exposed many countries and have provided impetus for

increased scrutiny and enquiry levels by national regulators in order to

refocus their regulatory commitment.

Figure 5: Which financial crimes are your organization‘s

highest priorities for 2009?

00,5

11,5

22,5

33,5

4

Policyholder F

raud

Internal F

raud

POS/ATM Fraud

Claims F

raud

Intermediary Fraud

Credit Card

Fraud

Money Laundering

Terro

rist F

inancing

Insider T

rading Fraud

Identity Theft

Importance given on a scale of 1 (not important) to 4 (very important)

2,26 2,97 2,09 2,29 2,49 2,22 3,32 3,03 2,57 2,95


The limitation of a one-rule-fits-all (rule-based) approach is demonstra-

ted by the enormous growth in suspicious activity reports (SARs) and

currency transaction reports (CTRs) being filed with regulators. The fact

that the majority of these reports will later be classified as false posi-

tives has resulted in financial organizations adopting a more risk-aware

culture and integrating a risk-based approach into their current AML

program. The big advantage is that financial institutions can allocate

resources according to their risk profile. The big disadvantage is that

financial institutions no longer have a regulatory checklist, in which

they can simply tick the boxes and say we completed every task

required by the regulators.

Regulation demands that institutions validate the identity of their

customers and understand the purpose and nature of their relation-

ship. It enables financial institutions to consistently monitor each

customer and their transactions based on the potential threat that a

client poses to the organization. Therefore, financial institutions are

required to integrate a risk-based approach in their customer due

diligence procedures and especially in their account opening process,

since prevention (stopping criminals from getting access to accounts

and resources in the first place) is the best cure.

14 15

It is not surprising that compliance activities, such as adopting a risk-

based approach (3,52, Figure 6) and enhanced customer due diligence

(3.18, Figure 6) have the highest priority among most survey partici-

pants. However, the first observation that leaps out at us when we start

slicing and dicing the data is Asia-Pacific (3,58, Figure 6) and South

America (3,00, Figure 6) as well as Money Service Businesses (3,00,

Figure 6), which all ranked “Automating the transaction monitoring

process” with a higher priority than adopting a risk-based approach.

This could signal that these regions and lines of business are lagging in

the adoption of basic AML technology. On the other hand, respondents

from Asia-Pacific (3,67, Figure 6) ranked “Establishing an enterprise-

wide AML compliance program” as their highest priority, imply that

even though they might be lagging with the implementation of basic

AML technology, they do have a long-term strategic vision regarding

their compliance programs.

Figure 6: Which compliance activities have the highest

priority in your organization?

0

0,51

1,52

2,53

3,54Importance given on a scale of

1 (not important) to 4 (very important)

# Compliance Activity

A Adopting a risk-based approach

B Enhanced customer due diligence

C Automating the case management process

D Automating the transaction monitoring process

E Establishing an enterprise wide AML compliance program

F Integrating AML and fraud data

G Enhancing Know-your-customer processes (customer acceptance)

H Consolidated risk view across all branches and areas

A B C D E F G H

3,52 3,18 2,62 2,89 3,18 2,81 3,17 3,04


Organizations’ enthusiasm for a risk-based approach is not only driven

by regulation, but also by an understanding of the operational enhan-

cements and cost efficiencies that it can deliver. By focusing resources

on those areas of greatest risk it allows the financial institutions to fight

financial crime with a customer-centric perspective; customers with

legitimate transactions and business intentions should not have to

experience any interruption.

This demonstrates that regulatory compliance and business drivers can

be aligned to add value, while lowering the overall cost of fighting

financial crime.

Figure 7: Irrespective of your country‘s regulation do you see value

in adopting the risk-based approach?

Not sure we are still analyzing how to apply the risk based-approach

7%

No

Yes

2%

91%

16 17

The main obstacles to the successful adoption of a risk-based approach

are poor data quality and access to data that resides in multiple

sources. There is a strong feeling that organizations, regardless of their

size, lack the quality of data which would allow them to identify and

prioritize risk. Moreover, most appear to believe that technology will

not help them to do so, which may explain the higher importance they

place on staff training & education.

If we break down the results shown in Figure 8 by line of business,

regulators (3.67) and leasing companies (4.00) are more critical of data

quality than any other line of businesses. If we examine the figures by

geography, western Europe sees all of the above as more or less equally

important obstacles to successful adoption of the risk-based approach

(lowest ranking 2,51 and highest ranking 2,96, Figure 8). The other

regions - Eastern Europe (3.71, Figure 8), Asia-Pacific (3.50, Figure 8),

Nordic & Baltic (3.27, Figure 8), North America (3.21, Figure 8) and South

America (4.00, Figure 8) - are more focused on the data quality hurdle.

When it came to staff training & education we were surprised to find a

large discrepancy between the two categories Group head of AML

(2.00, Figure 8) and members of senior management (3.01, Figure 8).

Figure 8: What do you believe are the main obstacles to

successfully adopting a risk-based approach?

0

0,5

1

1,5

2

2,5

3

3,5

4

Data quality

Accessi

ng multip

le data source

s


3,15 3,01 2,75 2,62 3,02 2,58

Internal c

ost/reso

urces

External c

ost/reso

urces

Staff training & educatio

n

Lack of IT

availabilit

y


When we asked, “Which compliance activities do you believe will

deliver the greatest business benefit?” the respondents placed the

highest importance on “Adopting the risk-based approach” (3.58,

Figure 9) followed by “Enhancing know-your-customer process

(customer acceptance) (3.24, Figure 9). When we sliced and diced the

responses we found some outsiders: Payment cards (4.0, Figure 9),

money services (4.0, Figure 9) and internal & external auditors (4.0,

Figure 9) still see “Automating the transaction monitoring process” as

delivering the greatest business benefit to their organizations.

With U.S. and international policy-makers – such as the Financial Action

Task Force (FATF) and the European Union – imposing tougher know-

your-customer (KYC) standards for banks they have become increa-

singly important to the prevention of identity-theft fraud, money

laundering and terrorist financing. One aspect of KYC is verifying that

Figure 9: Which compliance activities do you believe will deliver

the greatest business benefit if implemented successfully?

00,5

11,5

2

2,53

3,5

4Importance given on a scale of 1 (not important) to 4 (very important)

# Compliance Activity

A Risk-based approach

B Enhanced customer due diligence

C Automating the case management process

D Automating the transaction monitoring process

E Establishing an enterprise wide AML compliance program

F Enhancing Know-your-customer process (customer acceptance)

G Consolidated AML reporting view across all branches and areas

H Integrating AML & fraud

A B C D E F G H

3,53 3,11 2,79 3,04 3,22 3,24 2,85 2,88

18 19

the customers are not on any list of known fraudsters, terrorists or

money launderers, such as the Office of Foreign Assets Controls, United

Nations or European Union lists.

Beyond name matching, a key aspect of KYC is to profile the risk of

(potential) new clients before giving them access to the financial

organization’s resources. By focusing account monitoring activities on

clients with a high risk profile, organizations can reduce the overall

burden and expensive investigatory resources can be allocated more

effectively, limiting false positives and increasing the rate of investiga-

tive success. Furthermore, KYC enables financial institutions to fight

financial crime while having minimum impact on customers whose

business transactions and intentions are 100% legitimate.

Geography RiskAssessment Channels

ProductsCustomers

Transactions

High Medium

LowUnacceptable

Risk Assessment Model

The Risk Assessment is the foundation for building a risk based approach. Thereafter financial institutions should continually monitor and evaluate their risk profile. Risk profile is determined by – Customer features– Product features– Channel features– Transaction features– Geographic features– …

Risk levels can be described by four categories– Low– Medium– High– Unacceptable

The risks will then need to be benchmarkedaccording to probability of occurrence and their impact to the organization


Key Fraud Findings

The emergence of internal fraud (2.97, Figure 5) as the top priority

among fraud disciplines represents a significant change in the mindset

of financial organizations. In the past, financial institutions focused

technology spend on fighting external fraud and neglected the threat

of internal fraud. However, intense financial pressures during the

economic crisis have led to an increase in the number of internal fraud-

related crimes. With any economic turnaround still a couple of years

away, more layoffs are still to come and this will continue to jeopardize

internal control systems, making employee, intermediary, third party

contractor and service provider-related fraud the greatest threat in the

current economic environment. Asia-Pacific (3.58, Figure 5) and internal

auditors (4.00, Figure 5) ranked internal fraud as the highest priority

within their respective groups; they seem to understand the correlation

between economic downswings and internal fraudulent activity. We

should mention that identity theft (2.95, Figure 5) was a close second

among all participants.

Figure 10: Among fraud crimes which one do you believe will be

the toughest for your institution to detect?

POS/ATM Fraud

6%

31%

1% Claims Fraud

5%

14%

16%

27%

1%

Identity Theft

Insider Trading Fraud

Intermediary Fraud

Credit Card Fraud

Internal Fraud

Policyholder Fraud


“Desperate people do desperate things, commented ACFE President

James D. Ratley, CFE. “Loyal employees have bills to pay and families to

feed. In a good economy, they would never think of committing fraud

against their employers. But organizations must be vigilant during

these turbulent times by ensuring that proper fraud prevention

procedures are in place.“

Figure 11: What are your organization‘s biggest motivations

for managing fraud?

While the direct cost arising from fraud is a significant element to many

financial institutions, organizations recognize that a negative impact on

their reputation can cost them a lot more in the long term than the

immediate financial losses resulting from the fraud. This is because the

failure of a bank to detect fraud will inevitably expose the bank to

much critical media attention, which typically causes widespread

distrust and anger.

0

0,5

1

1,5

2

2,5

3

3,5

4Importance given on a scale of 1 (not important) to 4 (very important)

3,00

Direct c

ost of fr

aud

Reputational ri

sk

Regulatory

Ethical

3,283,603,12

22 23

Enterprise- wide Initiatives


Figure 12: Has your organization started integrating

AML and Fraud?

53% (Figure 12) of respondents are already managing AML either fully

or partially in tandem with fraud. Another 27% (Figure 12) will do so

within the next 24 months. This is a fundamental step towards creating

an enterprise-wide risk compliance program. These two disciplines are

typically handled by separate departments within larger financial

organizations. It is also very common for every individual line of

business to have their own AML and fraud units.

Since the first wave of (regulatory-driven) AML compliance, financial

organizations have started to exploit the synergies between their anti-

money laundering and anti-fraud programs. The key drivers are the

costs of maintaining financial crime programs – which have by far

exceeded everyone’s expectations – and the complexity of organized

crime schemes. These latter are leaving all financial institutions vulner-

able to attack, but especially those financial organizations that have a

silo approach to fighting financial crime.

The response has been an emerging trend of standardizing business

processes and synergies in AML and fraud technologies, which is a first

step in a more strategic restructuring of financial crime programs in

order to create an enterprise-wide compliance and risk program.

See no additional business value in doing so

Will do so in the next 12-24 months

Yes, only across selected geographies and business units

Yes, across all geographies and business units

21%

27%

17%

36%

24 25

Asia-Pacific (42%, Figure 12), Eastern Europe (43%, Figure 12) and South

America (50%, Figure 12) are the regions that seem to have the most

catching-up to do; however, nobody in Asia-Pac (0%, Figure 12) or the

Middle East (0%, Figure 12) denied that there is additional business

value to be gained from integrating AML and fraud programs. 64%

(Figure 12) of the insurance companies that responded had already

integrated their AML and fraud programs across all geographies and

business units.

There can be no question that this move towards an enterprise-wide

financial crime program is technologically enabled. In recent years

technology proliferation has left most financial institutions with a silo

of detection and investigation systems operating in isolation across

business lines. In the current economic climate, in which financial

organizations lack both the appetite and the budget for large scale

technology replacement, the emergence of agnostic technology

platforms, able to consolidate information drawn from the numerous

detection systems already in place, provides a means to leverage,

rather than abandon, existing technology investment.

Example – Siron®RCC Risk & Compliance Cockpit


Respondents ranked establishing an enterprise-wide AML compliance

program (3.22, Figure 9) just second to adopting a risk-based approach

(3.53, Figure 9) as delivering the greatest business benefit. Moreover,

the larger the financial organization, the higher it ranked the im-

portance of an enterprise-wide AML compliance program.

However, not everyone is convinced that the synergies between their

AML and fraud programs will bring additional business value; 50% of

the organizations with 10001 to 20000 employees as well as 75% of

respondents with the title Group Head of AML.

Figure 13: Which obstacles do you believe are your main

challenges for creating an enterprise wide compliance program?

0

0,5

1

1,5

2

2,5

3

3,5

4

Gaining executiv

e

level support

Accessi

ng data from

multiple so

urces


2,55 2,81 2,93 2,79 2,70 2,79

Data quality

Integrating m

ultiple AML

& complia

nce sy

stems

Group le

vel data

aggregration & re

porting

Core IT in

frastr

ucture

26 27

Many of our respondents are banks that are now in the critical imple-

mentation stages of their AML projects and are feeling the pain of the

challenge. According to our survey, the most acute pain is caused by

data quality (2.93, Figure 13). This confirms our experience, based on 38

years as a business intelligence vendor: Ensuring that the data pool is

clean, consistent and credible is a really key issue. The respondents

ranked the next most important challenges as accessing data from

multiply sources, integrating multiple AML & compliance systems, core

IT infrastructure and group level data aggregation & reporting.

Considering the economic rewards, financial organizations must

address these issues, ensuring that the data pool is clean, consistent

and credible. Financial institutions embarking on an AML implementa-

tion to meet regulatory timetables, should also consider how they can

leverage individual compliance programs as a part of a wider effort to

embed enterprise wide compliance and risk within their financial

organizations.


AppendixCompliance spending and ASP

Figure 14: Do you see investments in compliance being affected

because of the financial crisis?

5%

30%

No, investments have stayed the same

20%

13%

37%

Yes, investments have been reduced

Yes, investments have been increased

Not sure

Without a doubt, compliance spending has become a significant

portion of the IT budget and, while 37% (Figure 14) of the participants

have already witnessed budget reductions and cost-cutting measures.

% 1 Region

67 Middle East & North Africa

57 Eastern Europe

50 South America

48 North America

42 Asia-Pacific

31 Western Europe

27 Nordic & Baltics

1 Participants response per region


One can ask when budget cuts will change the way financial organiza-

tions address the deployment of their AML and compliance systems.

Will reducing investments alone be a driver for financial organizations

not only to consider an ASP model, but to realize it in practice.

Figure 15: Has your organization ever considered acquiring

compliance solutions through an ASP model?

No 69%

Yes 31%

Even though only 31% (Figure 15) of the respondents have ever

considered the possible move to an ASP model, they recognized and

acknowledged the key benefits as well as their main concerns.

Figure 16: What are the main benefits that your organization

would expect from an ASP model?

0

0,5

1

1,5

2

2,5

3

3,5

4

Reduced IT

cost

convenience

of someone

else m

anaging the se

rvice


2,63 2,26 2,55 2,41 2,74

Minimizi

ng up-front

investments

Pay-as-you-g

o pricing

Gain access

to in

dustry,

business

and tech

nology

experts30 31

Figure 17: What are your organization‘s main concerns when

considering acquiring compliance software through an ASP model?

0

0,5

1

1,5

2

2,5

3

3,5

4

Reliabilit

y of service

provider

Data secu

rity ris

ks


3,36 3,39 3,17 2,86 3,01

Data protectio

n laws

Loss of lo

cal contro

l

Inability to

implement

decisions im

mediately

Banks have long been applying Activity Based Costing and Six Sigma

techniques across a range of functions to identify the drivers of costs

and embed operational effectiveness. With compliance and AML in

particular this does not appear to have happened; clients often feel

that AML is simply a “must-do“ and offers no value beyond being able

to pass annual Audits. In practice, banks have discretion over how they

allocate their resources, and there are steps they can take to improve

efficiency and effectiveness.

Without this focus on costs, banks risk losing many of the opportunities

offered by process improvements made elsewhere in the bank; for

example, the benefits of increased automation of payments processing

are undermined if AML controls within the process continue to be

manual and cause downstream disruption.

However, as other functions have been outsourced, some banks have

had success in moving components of the AML process as well, for

example alerts management or customer due diligence data gathering.

In general, banks have had more success where they have outsourced

AML functions along with accompanying operational processes, rather

than in isolation.


Closing Remarks

We would like to thank all 152 participants for taking the time to submit

their data for this AML & Fraud Global Benchmark Survey.

We hope that the global insights and benchmarks provided by our

survey will support you in selecting your path toward a better enter-

prise wide compliance and risk program. If you have questions

concerning the survey please contact Paul Hamilton.

Paul Hamilton

Global Alliance Director

Project Manager & [email protected]: +49 6251 7000 - 372Mobile: + 49 172 722 3940

Bengt Hellbach

Manager Marketing & Communications

Layout & Graphic [email protected]: +49 6251 7000 - 350


TONBELLER AG

Werner-von-Siemens-Straße 2

D-64625 Bensheim

Fon: + 49 (0) 62 51 / 7000 - 0

Fax: + 49 (0) 62 51 / 7000 - 140

[email protected]

www.tonbeller.com