For the past two years, Rodney Bahr, like many IT executives in the financial-services world, has focused much of his attention on money launderers. That's because Bahr, a principal at St. Louis-based Edward Jones, is in charge of cash operations at the brokerage firm. One of his tasks has been to make sure the firm complies with anti-money-laundering (AML) requirements of the U.S.A. Patriot Act.
"Some of the challenges have been the sheer volume of transactions that need to be analyzed and go through some sort of surveillance," explains Bahr. "You have to sift through that data and really focus on the (transactions) that propose a risk of suspicious activity."
The U.S.A. Patriot Act was signed into law on Oct. 26, 2001 following the terrorist attacks of Sept. 11. It provided a wide range of new legislative requirements to fight money laundering and the financing of terrorist activity.
Section 352 of the legislation requires financial institutions to develop internal policies, procedures and controls to guard against money laundering. Under the legislation, institutions must also track and report suspicious activities. Those provisions became effective in 2002.
Section 326 of the act also requires firms establish a customer-identification program (CIP) in order to verify the identity of customers opening new accounts. Firms have to maintain records on customer information, including the methods taken to verify the customer's identity. They must also check those customers against a list of suspected terrorists.
Wall Street firms have been busy building systems to comply with the law and a number of vendors have emerged to help. "In terms of an IT effort, it's been a fairly sizable effort for the most part," says Edward Jones' Bahr, whose firm has built some of the solutions internally and relied on external vendors for other portions.
"In terms of tracking cash equivalents and looking at the structuring of transactions, we built that surveillance internally," he says. That's because the information was "embedded in all of our systems."
As for the customer verification, "We have gone out and engaged a vendor who helped with the data validation." Because Edward Jones is verifying the customer ID against outside sources of information, Bahr says it was easier to use an outside vendor for that task.
Alfred Petrillo, senior vice president of clearing operations at Jefferies & Company, a New York-based investment bank, elected to use an outside vendor for automating his firm's AML processes.
"We've always looked at new account set-ups" and "monitored fund movements in and out of accounts," he explains. "A lot of that was done manually."
Lists would be generated and checked and files sent to third parties for verification. "When the Patriot Act came around, we took a lead position to understand the mandates and came to the conclusion that we needed some sort of platform to assist us in being proactive," says Petrillo.
So Jefferies turned to an AML solution from Sybase of Dublin, Calif. "They minimize the mechanical effort," he says, adding the technology standardizes and scrubs the information for the compliance team to review.
Petrillo says, "What the technology does is allow you to minimize the mechanical effort involved and take the data and get it to the point you can truly analyze it. It gives you a lot of time to devote to looking at trends and historical patterns."
When it comes to industry preparedness for AML, Neil Katkov, a senior analyst with research firm Celent Communications, says most of the "big guys" have already announced their AML plans and selected vendors. Mid-tier firms and the "one-man shops, haven't" and "not all of them will," he says.
Katkov recently completed a study on the AML vendor space, noting the Patriot Act has been "driving a wave of spending in AML applications."
Katkov says when financial institutions are looking for an AML vendor, they should make sure the technology covers three main areas.
- Transaction monitoring: This includes scanning data in accounts and transactions and analyzing the information to identify possible money-laundering activity.
- Workflow: This involves filtering information and checking account holders and beneficiaries against watchlists.
- Reporting: The system must be able to prepare the necessary reports to meet regulatory requirements.
Katkov examined 16 vendors for both transaction monitoring and watchlist filtering and identified those best suited to large institutions versus small. For transaction monitoring and large institutions, vendors that got high marks included SearchSpace of London, Mantas of Fairfax, Va., and ACI Worldwide of Omaha, Neb.
For small and mid-tier institutions, Actimize of New York, STB Systems of London and Prime Associates of Clark, N.J. were cited as leaders.
In the category of watchlist filtering, firms like FircoSoft of Paris got the nod for large institutions, while Prime Associates, Americas Software of Miami, Fla. and Bridger Systems of Bozeman, Mont. were cited as top vendors for smaller organizations.
Dale Simonson, a senior manager at the Chicago office of consulting firm Cap Gemini Ernst & Young, says one of the problems firms face in building their systems is understanding exactly what regulators are looking for.
"A lot of brokerages are trying their best to meet the fairly vaguely worded requirements in a way that will pass muster with the various regulatory bodies," he says.
Katkov agrees, "Regulators have not been very good at giving any feedback." However, he says, as more firms file suspicious-activity reports and regulators build up a bigger history of what is going on, "I think regulators will start giving feedback."
Katkov says when it comes to money laundering, banks are more of a target than brokerages, which he estimates account for between 15-25 percent of activity, compared to 40 percent for banks.
But the technology to battle money laundering is not cheap. Simonson says when it comes to AML technology, "The primary solutions providers out there are quite expensive for the small broker/dealer."
He says most larger institutions are turning to outside firms, "because they feel that if they get a vendor who is AML compliant and recognized by regulators and readily accepted, they will short circuit the review process."