Case Study: Fraud and BSA ComplianceHow Cross-Channel Patterns Improve Detection
Associated Bank is focused on compliance with the Bank Secrecy Act, and the $22 billion institution is on a tight deadline to shore up its money-laundering detection platform.
The bank, which has more than 250 locations in three states, is addressing BSA compliance and anti-money laundering at the enterprise level, hoping the approach also will eventually help it to more effectively tackle fraud.
To enhance money-laundering detection, the bank first needed to bridge gaps between siloed banking channels and business lines, says Nicole Kitowski, who oversees BSA compliance at Associated, which is based in Green Bay, Wis.
"That's something that we were looking to shore up, rather than facing it line-by-line or area-by-area. From an Associated Bank-Corp perspective, we looked at really bridging the gaps of information in our financial investigations area," Kitowski says in an interview with Information Security Media Group's Tracy Kitten (transcript below).
Associated Bank will use the same system to enhance cross-channel fraud detection by leveraging more information, Kitowski says.
Diversification in processes, procedures and systems across numerous banking channels also poses threats, because it's more challenging for banking institutions to detect and link fraud when differing business lines are not directly connected. "You have a risk that you don't have a fully glued together, fully customer-centric approach," Kitowski says.
Kitowski says institutions have to review their own needs to determine which AML and fraud-detection systems will work best. From her perspective, the most important step is ensuring that the system provides enhanced due-diligence, transaction monitoring and fraud detection for all new customer/member accounts.
Planning in advance to assure long-term sustainability also is important, Kitowski says, as is having the ability to accomplish cross-channel fraud detection.
"Don't hesitate to reach out [for advice]," she says. "There are a lot of institutions going through similar scrutiny, similar projects. There's certainly a lot of knowledge and tools that are available for institutions going through this process."
During this interview, Kitowski discusses:
- Unique risks Associated Bank identified and addressed through its enterprise-level approach to fraud-detection and AML;
- Why bridging technologies made sense; and
- Steps other banking institutions should take as they plan their own rollout strategies to comply with emerging BSA demands.
Kitowski is responsible for the overall administration of Associated Bank's BSA and AML functions. She is a certified project manager professional and AML specialist. During her tenure with Associated Bank, Kitowski has held numerous roles, including business analyst, systems analyst and technology solutions manager. Associated Banc-Corp, d.b.a. Associated Bank, ranks among the top 50 financial-services holding companies operating in the United States. The bank has more than 250 locations serving more than 150 communities throughout Wisconsin, Illinois and Minnesota.
TRACY KITTEN: Can you give our audience a little background about Associated Bank and the regulatory and compliance challenges your institution faces?
NICOLE KITOWSKI: Associated Bank primarily operates out of our three-state footprint in Wisconsin, Minnesota and Illinois, servicing around 250 branches. We do have services that run from the retail business lines, trust and private banking, and wealth services, as well as commercial and small-business banking. We also offer associated financial services and insurance. With the increased scrutiny in the BSA and AML area over the last year, Associated had several areas for opportunity and several areas, from a government perspective, that we needed to shore up.
With that being said, our challenges were really around the customer on-boarding processes, as well as transaction monitoring, and really hitting all of the various components of BSA/AML in an institution that has some silos in it. ... There were several areas that we needed to enhance across the board. We really focused on several different components within our program, and one of those is the transaction monitoring, as well as customer due-diligence components, and having a full BSA/AML program that would support a bank of our size.
KITTEN: What unique risks would you say that your institution faces where Bank Secrecy Act compliance and anti-money laundering are concerned?
KITOWSKI: I think that one of the risks that we face is the fact that we have several different business lines, as well as several different on-boarding systems and core systems that support our lines of business. Whenever you have that kind of diversification across your companies and several different systems, procedures, policies and training [programs] that get separated across lines, you have a risk that you don't have a fully glued together, fully customer-centric approach. ... That's something that we were looking to shore up, rather than facing it line-by-line or area-by-area. From an Associated Bank-Corp. perspective, we looked at really bridging the gaps of information in our financial investigations area. [Kitowski says having a cross-channel, enterprise-level view of customer activity also will improve suspicious activity reporting and help the bank more accurately identify and flag suspicious account activity.]
Fraud Detection and AML
KITTEN: I know this is a relatively new solution, but I would like for you to elaborate a little bit on the system's ability to tie fraud detection with AML. Why did you see that as being such as critical step?
KITOWSKI: We do, in fact, feel that will be a critical step for us in the future. As stated in one of my previous answers, our scrutiny really was first around BSA/AML, so when we went into vendor-selection mode, it was first and foremost to focus on the functionality to shore up the areas of concern that we had around that space. When we really dug into systems and vendors that were available and made our selection to go with [NICE] Actimize, part of the benefit was the fact that they had full fraud modules that would be able to leverage some of the existing information and start building a foundation of information to expand from BSA/AML and tying right into what would be a holistic fraud approach, when we get to that point in the future. [We're] not tackling fraud just yet, as our focus is first to get the foundation in place with the AML/BSA portions of the system. But [we] definitely saw that there was a lot of advantage to be gained by bringing it all together under one umbrella in the future and made the decision to purchase all the modules with that end goal in mind.
Enterprise-Level Fraud Detection
KITTEN: Your institution reviewed different solutions and then ultimately opted to invest in this enterprise-level fraud-detection solution that's provided by NICE Actimize. How has the solution helped you to look into the future of bridging silos? And could you tell our audience a little bit about what stood out about the NICE Actimize offer, relative to other solutions you reviewed?
KITOWSKI: With the focus being in the BSA/AML space, one of the things that really stood out about Actimize was the fact that it was certainly configurable and was able to be scalable for an institution of our size -- a mid-sized regional bank with aspirations of acquisitions in the future to grow. We thought that the software was big enough to support us now and scalable enough to support us in the future. It also had the configuration to allow us to make the decisions that we needed to be very specific for our book of business and our inherent risks within our model.
But then it was also not too off-the-wall, as far as customization that was needed to staff it. It didn't require tremendous amounts of people for ongoing support, so we felt it was really the right size to handle the complexity that we have and where we want to go in the future without needing such a cumbersome support system that it would have placed a burden on us in the future. We thought it was a middle-of-the-road option for our size of institution that will grow with us. And then it will allow the fraud modules to enhance it in the future, too, so that we're looking at all of the information to really dive right into fraud as soon as the BSA/AML portions of the software are in place.
Systems Integration Timeline
KITTEN: I wanted to also ask about systems integration. When you have a number of different financial channels that you're trying to bring together to give an enterprise-level perspective, it's a challenge, and it's a challenge for institutions across the board. I know that you're probably still in the process of deploying this solution, but could you give us some idea about how long something like this would take to deploy and integrate?
KITOWSKI: We were on an expedited plan because of the regulatory scrutiny on us at this time. As such, we really had a 13-month plan in place, which included vendor selection, contract signing and right down into the full implementation, which is scheduled for November of this year for the BSA/AML piece. It's quite a bit of work in that time frame, obviously. But, again, because of the scrutiny that was placed on us, we felt it was appropriate to do that. And we felt that with the support and the software, and the expertise that was around the Actimize solution, as well as some of the consultants in the space, that we would be able to meet that goal, and we're on target to do that.
From a fraud perspective, that project will kick off in the third or fourth quarter, and then we will implement around the 2013 timeline. That project plan hasn't evolved yet, but is currently on the radar screen for an implementation in 2013. There could be additional phases and configuration, obviously, that continues into 2013; but for all intents and purposes, we had the 12- to 13-month project plan in place for the BSA/AML portion.
Advice for Institutions
KITTEN: What advice could you offer to other institutions considering a similar solution?
KITOWSKI: There were several things from our side, and I'm sure that some institutions can relate to these, though some of these might be unique to Associated Bank. The first is tying customer on-boarding, enhanced due-diligence, transaction monitoring and then, ultimately, fraud together. When you start to look at how you're going to develop a full financial investigations unit and how you're going to tie all of your information together, you really have to look at all of the different components and how they interrelate, as well as how they integrate systematically. You also have to look at your training and policies and procedures to support it.
As in almost everything that we do in the technology world, planning out your data acquisition, your procedures, your rollout to the business lines and the integration is huge; the system has to be able to have some accountability behind it for long-term sustainability. And you have to think about: In the end, what is going to drive this from a behavioral perspective?
Finally, I would say don't hesitate to reach out. There are a lot of institutions going through similar scrutiny, similar projects; there's a lot of knowledge out there and folks who are willing to talk and leverage and give assistance. We've certainly reached out to other folks that have used or are in the process of implementing Actimize, as well as some consultants that support that space. So there's certainly a lot of knowledge and tools that are available for institutions going through this process.