Why Banks Must Evolve their AML Process to Manage Micro-Jurisdictional Risk

The Evolution of Sanctions

United States sanctions policies have evolved over the years, from country-wide embargos to more nuanced approaches targeting specific entities. According to Jacob J. Lew, Secretary of the Treasury, the sanctions implemented today are more focused on bad actors while trying to limit the negative externalities. Lew described his view on the traditional sanctions model at the Carnegie Endowment for International Peace which is eloquently summarized by this quote:

The old model was a country-wide embargo, which provided little flexibility to mitigate disproportionate costs on innocent civilians—both in the targeted countries and here at home.  At the same time, early efforts to ensure humanitarian relief sometimes fell short of the intended goal.

Lew went on to describe how the application of sanctions has evolved over the years, and through better financial intelligence, strategy, and design, the new model can home in directly on bad actors:

The sanctions we employ today are different.  They are informed by financial intelligence, strategically designed, and implemented with our public and private partners to focus pressure on bad actors and create clear incentives to end malign behavior, while limiting collateral impact.

The Evolution of US Trade Sanctions

The diagram below illustrates the evolution of US Trade Sanctions. Longstanding sanctions would generally indicate a country-wide embargo, as is the case for Cuba and Iran. However, the Cuban and Iranian sanctions policies are currently in transition, as the traditional sanctions model is becoming deemphasized and would now only be used in extreme circumstances such as the case with North Korea. Sanctions imposed on African countries in 2005-2006 as highlighted in the diagram below were targeted sanctions based on human rights violations, concerns of regional stability or entities involved in undermining the democratic process.

Jurisdictional Risk and AML Systems

The evolution of sanctions highlights how US regulators perceive risk. In the case of the African countries outlined above, sanctions were imposed to prevent the flow of money to the groups and individuals participating in local conflicts. The sanctions imposed were designed to prevent or at least slow down human rights violations. The question is, could this same perception of situational and jurisdictional risk be applied to anti-money laundering (AML) systems?

The Traditional AML Model

Cross-border transfers could be monitored based on a number of factors, but generally models are comprised of three main elements: 

  1.  Frequency: The number of transfers which occurred within a specific time period. Example: 3 transfers over a rolling 7 day time period.
  2. Amount: The value of each transfer. Example: A minimum threshold of X dollars could be configured in the monitoring system. Other elements would include round dollar amounts and amounts just below minimum reporting requirements.
  3. Jurisdictional risk: The risk level or score associated with each country. Example: Transfers flowing through high-risk jurisdictions would generally receive greater scrutiny than similar transactions which only flowed through low-risk jurisdictions based on the financial institution’s country risk ranking.

 

Financial Crimes Enforcement Network (FinCEN) Regulatory Guidance

On September 11, 2014 Financial Crimes Enforcement Network (FinCEN) released an advisory guide called “Guidance on Recognizing Activity that May be Associated with Human Smuggling and Human Trafficking – Financial Red Flags” which was intended to help financial institutions identify human trafficking red flags. The interesting part is that FinCEN specifically identified both US and Mexican cities on the Southwest border as areas which require additional scrutiny as described in the transactional and customer red flags listed below:

 “Multiple wire transfers, generally kept below the $3,000 reporting threshold, sent from various locations across the United States to a common beneficiary located in a U.S or Mexican city along the Southwest Border.

Source: https://www.fincen.gov/statutes_regs/guidance/pdf/FIN-2014-A008.pdf

Micro-Jurisdictions: The Southwest Border

The image of the Southwest border below illustrates that there are multiple cities in the United States and Mexico that would fall within FinCEN’s advisory.

How can financial institutions comply with the FinCEN advisory with their traditional AML systems which have been designed on the assumption that jurisdictional risk is based on a stable and unique country code?

Micro-Jurisdictions: The Tri-Border Area (TBA)

The Tri-Border area is the region where the borders of Brazil, Argentina, and Paraguay meet, which has been known as a criminal haven for organized crime groups, terror groups and drug traffickers. In a report titled “TERRORIST AND ORGANIZED CRIME GROUPS IN THE TRI-BORDER AREA (TBA) OF SOUTH AMERICA” the author describes various conditions in the Tri-Border Area (TBA) that are very favorable to organized crime and terror groups in the below quote:

In addition to Islamic terrorist groups, the TBA provides a haven that is geographically, socially, economically, and politically highly conducive for allowing organized crime and the corrupt officials who accept their bribes or payoffs to operate in a symbiotic relationship that thrives on drug and arms trafficking, money laundering, and other lucrative criminal activities.

The three cities which are highlighted in the report are Ciudad de Este, Foz do Iguaçu and Puerto Iguazú because of their proximity to all three countries’ borders.

Challenges of natural language processing (NLP)

Traditional AML systems usually have functionality to support a list of country codes which can be segmented into categories such as low, medium, high, and very high risk. As a result, transactions which flow through higher risk jurisdictions should, in theory, receive greater scrutiny than lower risk transactions. Financial institutions usually store country codes in various systems based on the International Organization for Standardization (ISO) standard (ISO 3166-1) which can be represented in three formats:

  1. ISO 3166-1 alpha-2: Two-letter country codes.
  2. ISO 3166-1 alpha-3: Three-letter country codes.
  3. ISO 3166-1 numeric: Three-digit country codes.

The guidance issued by FinCEN adds another layer of complexity to AML systems because the red flags are not contained in a predefined list of country codes, but in a free text field such as a city, which creates a number of challenges. 

The image below shows an address in Ciudad Juarez. Mexico and many financial institutions will have similar field definitions to capture addresses in various systems for client on-boarding or to facilitate a transaction. The only field which is based on a predefined list is the country code and sometimes the state/province, but most of the other fields are free text. However, some financial institutions will attempt to validate the address based on the information given, but not all organizations have the capacity to do so.

If most traditional AML models rely on country codes as a key attribute to determine suspicious activity, then how will a free text city be handled?

The Micro-Jurisdiction AML Model

Essentially, the FinCEN advisory is pointing to an extension of the traditional AML model where one of the additional attributes in the model would be a micro-jurisdiction. The main three components (Frequency, Amount and Jurisdictional risk) of the traditional AML model would still apply, but a fourth attribute would need to be added to the model and calibrated accordingly.

  1. Frequency: The number of transfers which occurred within a specific time period. Example: 3 transfers over a rolling 7 day time period.
  2. Amount: The value of each transfer. Example: A minimum threshold of X dollars could be configured in the monitoring system. Other elements would include round dollar amounts and amounts just below minimum reporting requirements.
  3. Jurisdictional risk: The risk level or score associated with each country. Example: Transfers flowing through high-risk jurisdictions would generally receive greater scrutiny than similar transactions which only flowed through low-risk jurisdictions based on the financial institution’s country risk ranking.
  4. Micro-Jurisdictional risk: The risk level or score associated with specific towns, zip codes or cities. Example: Transfers flowing through high-risk micro-jurisdictions would generally receive greater scrutiny than a similar transaction which only flowed through low-risk micro-jurisdictions based on the financial institution’s risk ranking.

 

The Implications of Micro-Jurisdictional Risk

If regulators continue to issue guidance which highlights specific geographic areas as part of a money laundering typology, then traditional AML systems must evolve or engage third party vendors which can process large volumes of data quickly, and without impacting the daily operations of the financial institution’s overall AML program.  Another question which comes to mind is to what extent financial institutions should be proactive?

Should financial institutions begin to gather their own intelligence to identify potential high-risk micro-jurisdictions or should they wait for advisories from their respective regulators? The amount of intelligence gathered could be relative to the financial institution’s risk appetite and geographic footprint.

Traditional AML systems may not be the optimal solution to process large volumes of data to extract towns, zip codes and cities from free text fields.  Hence, using a third party solution based on the latest advances in computing technology that can cleanse, prepare and risk rate the data before it is sent to the traditional AML systems would be beneficial to financial institutions.

Identifying and monitoring high-risk micro-jurisdictions could extend a financial institution’s AML program’s sophistication by focusing on the more granular attributes of transactional activity and consequently pushing the risk-based approach to new horizons.