Contributors:
Jeremy Lankster | Senior Manager, Risk Advisory Services
Julianna Casey | Manager, Risk Advisory Services
While statistical model validations were once the domain of larger financial institutions, there has been a recent regulatory focus on periodic model validations for financial institutions both big and small.
This change followed the 2021 release of the which intended to better align validations with anti-money laundering models.
AML model validations are increasingly important for banks of all sizes to ensure regulatory compliance and that AML models are operating as intended. Regulators have prioritized compliance and determined that failure to achieve compliance .
There have been many recent instances of regulators enforcing these mandates.
- The Metropolitan Commercial Bank encountered a $29.5M fine for inadequate Customer Identification Program (CIP) and third-party risk management (TPRM) practices. The bank was subsequently required to create a new product review program and enhance its practices.
- The First Federal Savings & Loan Association of Lorain was mandated by regulators to enter a formal agreement to remedy unsound practices due to its failure to appoint a BSA officer or develop adequate customer due diligence (CDD) procedures.
- The City National Bank of Los Angeles was charged by regulators with a consent order and a $65M penalty due to inadequate controls surrounding:
- Personnel roles and responsibilities
- Usage of appropriate model thresholds
- Periodic model testing
- Threshold change records and approval process
- The First Citizens Bank of Butte was mandated by regulators to enter a formal agreement to enhance previously inadequate BSA controls, including:
- Deficient CDD procedures
- Suspicious activity report and currency transaction report filing violations
- Transaction monitoring
- Suspicious activity documentation
What Is a Model?
Models collect data from various sources to understand customer behavior patterns and detect unusual activity including money laundering, terrorist financing, or fraud. The Office of the Comptroller of the Currency (OCC) asserts that a model consists of three components:
- Inputting Information
- Processing
- Reporting
While unusual customer behavior is important to detect, the utilization of an inefficient or inappropriately configured model can result in a high volume of false positives.
What Is Model Validation?
Model validation is a process used to verify that a model is receiving sufficient data and is accurately and efficiently alerting the institution of unusual customer activity.
The model validation process can include:
- Transaction data testing or mapping
- Sensitivity analysis of alert data
- Review of parameter and threshold settings
While Cherry Bekaert typically recommends performing model validations every three years, validations may need to occur more frequently if your institution changes its model or risk profile or adjusts parameters or thresholds.
Advantages of periodic model validations include:
- Opportunities for tuning or reconfiguration
- Increased confidence in alert information
- Reduced institutional risk
- More efficient use of resources
Why Is Effective Model Validation Important?
The more a bank relies on a statistical model, the more imperative model accuracy and proper functionality become. Typically, as a bank grows, so does the institutional reliance on a specific model. Without thorough model validation, risk increases and can result in
Additionally, model validation assesses the risk threshold of a specific system when it analyzes customer data. If the risk threshold is too low, banks may not be properly alerted to suspicious activity, and potential fraud may fly under the radar. Validation can also uncover vulnerabilities in the model and identify opportunities for tuning.
Common validation findings can include:
- Incomplete or outdated documentation
- Incomplete screening of all relevant data
- Incorrect transaction code mapping
- Inconsistent model testing and monitoring
Enforcement action may also be taken against banks if suspicious activity flies under the radar due to a model that either was not validated or was not validated frequently enough.
Who Performs Model Validations?
Regulatory agencies on either the state or federal level oversee the model validation process and outline audit requirements. These agencies include the:
- Office of the Comptroller of the Currency (OCC)
- National Credit Union Administration (NCUA)
- Federal Deposit Insurance Corporation (FDIC)
- Board of Governors of the Federal Reserve System (FRB)
Financial institutions must appoint a BSA/AML officer to ensure the institution has an adequate audit program that maintains compliance with the BSA’s anti-money laundering regulations. Validation should be completed by an independent party that is not responsible for developing the bank’s audit program.
Regulatory agencies conduct regular examinations of , as well as other federal associations, to ensure compliance. Independent testing can be conducted through outside auditors, consultants and other qualified third parties.
How Can Cherry Bekaert Help?
Cherry Bekaert can serve as a qualified advisor to perform an effective model validation. Our professionals are equipped to evaluate and validate model input and output data and offer suggestions for optimization.
Our team’s in-depth banking and financial institutions industry experience allows us to provide unique regulatory compliance, internal audit, risk management and advisory solutions. Contact our financial institutions team today to learn how we can help your organization maintain compliance and stay ahead of the latest regulatory updates.