Redesigning a Bank’s BSA/AML Customer Risk Scoring Model and Enhanced Due Diligence Strategy

CellFunds Compliance was engaged by a community bank to overhaul its BSA/AML customer risk-scoring model and provide tools so that it could more effectively manage its Enhanced Due Diligence (EDD) program for high-risk customers.

Assessing the Challenge

BSA/AML risk is dynamic and must be continuously managed. It is critical that risk ratings accurately reflect current risks, are credible assessments that lead to practical steps to mitigate those risks and undergo periodic reviews to ensure that ratings stay aligned with customer risk profiles. Customers who pose higher money laundering or terrorist financing risks, based on relevant factors, are rated higher in a risk scoring model because they present increased exposure for banks. When these conditions are not present, due diligence policies, procedures, and processes should be enhanced.

When CELLFUNDS COMPLIANCE was retained, our client was under an agreement with regulators that required the bank to develop and implement an Enhanced Due Diligence program for all customers identified as high risk. The bank was using a popular, off-the-shelf BSA/AML compliance software package that had not been properly calibrated to its BSA/AML risk profile. The software identified a very large number of high-risk customers, many of which were being double-scored, had incorrect scores assigned, or were reaching the high-risk threshold on transaction activity alone. Therefore, the bank’s high-risk customer list included a significant percentage of accounts that should have been scored as medium or low risk. CELLFUNDS COMPLIANCE was tasked with aligning the software’s risk scoring model with the bank’s risk profile and sharpening its EDD procedures.

Designing the Approach

Our client needed a new customer risk scoring model that reflected its overall BSA/AML risk profile and provided for identification of a list of high-risk customers that was meaningful and manageable with respect to conducting enhanced due diligence. CELLFUNDS COMPLIANCE started designing its approach to meeting this need by assessing the bank’s EDD policy and procedures through document review and on-site discussions with key bank personnel. The objective of the assessment was to identify areas in the bank’s EDD program and current EDD efforts that could be enhanced to more effectively manage and perform enhanced due diligence on customers that presented high risk. This assessment included scrutinizing the software’s customer risk scoring model to better tune it to reflect the institution’s overall BSA/AML risk profile, as well as current BSA/AML regulatory policy and guidance.

CELLFUNDS COMPLIANCE also conducted a comprehensive review of the procedures and multiple EDD profile forms bank analysts were using to conduct EDD and collect information for high-risk customers. We reviewed different customer risk category forms and discussed analysts’ EDD research strategy procedures with the EDD Manager to determine what changes, if any, needed to be made to improve EDD research efficiency. As a result, CELLFUNDS COMPLIANCE made many specific recommendations to streamline and enhance the collection of customer EDD information.

CELLFUNDS COMPLIANCE identified multiple areas in the client’s software programming that required revision. These areas included: double scoring of customer accounts; scoring risk factors too high or too low in relation to low, medium, and high-risk thresholds assigned by the bank; scoring on the basis of outdated NAICS codes and FAFT/OFAC risk lists; scoring on risk factors that did not apply to the client bank, etc.

Implementing the Solution

Using a development platform in the client’s BSA software, CELLFUNDS COMPLIANCE tested different risk scoring scenarios. We devised a process for removing some scores, adjusting scores higher or lower depending on relevance and proportion to the scale definitions of low-, medium-, and high-risk, and consolidating standard analytic questions into a customized question-set for our client. After completing this testing, we collaborated with our client to create a final set of parameters for a new risk-scoring model. We documented the rationale for making each of these adjustments and delivered it to our client, both to serve as a baseline for subsequent model tuning to provide records -for sharing with regulators.

For the client’s EDD work, CELLFUNDS COMPLIANCE delivered one universal EDD profile form that incorporated all of the high-risk customer categories and included a section to assign a stratified risk rating for each customer account after the EDD review. The high-risk customers were further differentiated as high-high, high- medium, and high-low. Customers categorized as high-low risk were recommended for annual review. Customers categorized as high-medium risk were recommended for bi-annual review, and the customers whose risk rated as high-high would be reviewed quarterly.

CELLFUNDS COMPLIANCE delivered a revised risk-scoring model and accompanying documentation to the bank that correlated with its overall BSA/AML risk profile and aligned with regulatory guidance. The new model produced a high-risk customer list that was aligned with the bank’s risk tolerance thresholds and therefore much more meaningful. The list included customers whose BSA/AML risk factors require enhanced due diligence and excluded customers that did not warrant such extra scrutiny, making the bank’s EDD task more manageable. The updated EDD profile form that CELLFUNDS COMPLIANCE devised provided the bank with a more efficient means of conducting that enhanced due diligence on those high-risk customers.