Selecting an Anti-Money Laundering Software for Your Institution (Part 2 of 3)

12/1/2020 - By Dede Nolan, CFSA, CAFP

Welcome back! In the previous blog, we discussed the importance of the planning phase when selecting your financial institution’s anti-money laundering (AML) software because it is a highly critical and expensive decision. Now that you have done your risk, vendor, technology, and cost assessments let us move on to the next phases: implementation and initial testing.


Implementation is a bit of an intimidating step. The software can feel overwhelming at first, but remember, you have planned well and have done your homework so it should go smoother than you think.

Rule Selection

Any software you select will have a set of rules or scenarios that are included and will aid you in identifying and monitoring suspicious or high-risk activity by generating alerts or worklists for your review. With most systems, you can pick and choose which rules or scenarios that best match your institution’s risk profile. Ideally, your software would also allow you to create your own rules to cover those activities or customers that may be specific to your institution.

So, what should you consider regarding your rule selection?

  • Rules should be determined by the institution, not the vendor. You know your customers and their activity best.
  • Your rules should include common red flags based on Federal Financial Institutions Examination Council (FFEIC) guidance and areas of inherently high risk as noted in your risk assessment.
  • When possible, your rules should include account, customer, and peer comparisons.
  • Rules can be enhanced by excluding your institution’s internal and operating accounts.

Rule Thresholds

Once you have determined the rules for your institution, you will want to set some thresholds (or parameters) for alerts and worklist generation. This will vary widely from institution to institution.  A large institution located in a metropolis will likely have very different thresholds from a smaller institution located in a rural area.

Here are some tips for determining thresholds:

  • Once again, just like when you selected the rules, the thresholds should be determined by the institution, not the vendor. Hopefully, you have performed some type of analysis to aid in threshold settings.
  • For common red flags, regulatory thresholds can be used. We all know what the thresholds are for Currency Transaction Reports.
  • Currency Transaction Reports (CTRs) and structuring thresholds should be easy to incorporate into your rules.
  • Standard deviation analysis can be used to determine what is “normal” activity. As a very simplified example, say you want to set your threshold for wire transfers set at $25,000. Do most of your customers have average wire activity that falls within either 25% above or below that threshold? If you find that many of your customers are outside of that range, then it’s time to rethink that threshold.
  • Develop “acceptable” scenarios. Based on your risk appetite, levels of activity can be allowed without creating an alert. (Do we really care if John Doe takes $500 out of his account this month using an ATM card?)

Initial Testing

Now it’s time to move on to Initial Testing. It is important to test your anti-money laundering software and components to make sure your data is being captured correctly based on your rules and thresholds.

Here are five tips to keep in mind when doing your initial testing:

  • COMPARE – Compare alerts to previous Suspicious Activity Reports (SARs) to ensure that activity is being captured.
  • CHECK – Check for faulty data feeds. You want to ensure all appropriate data is being captured.
  • LOOK – Look for duplicate alerts that are being generated by two or more rules.
  • ENSURE – Ensure existing staff is adequate and trained appropriately.
  • DETERMINE – Determine final threshold rules.

By now, you should be well on your way to developing a plan of selecting and implementing that perfect software. We will wrap things up in part three of this series by covering activity analysis and ongoing maintenance. 

If you have questions or would like assistance as you begin selecting and implementing your institution’s AML software, please reach out to me or a member of our team.

About the Author | Dede Nolan, CFSA, CAFP
Dede is a Certified Financial Services Auditor and has been an important member of the consulting team in Saltmarsh’s Financial Institution Advisory Group since 1989. She has worked extensively with our financial institution clients, providing Bank Secrecy Act (BSA), BSA model data validation, deposit compliance, trust internal audits and other consulting services. Connect with Dede on LinkedIn!

Related Posts