Anti-Moneylaunderingtechnology: Aml Technology P Roducts & Services

Anti-Money Laundering Technology
AML Technology Products & Services:

Overview and Comparison of Product Features and Functions
s
Technologys Role in the Fight Against Money Laundering How to Determine if a Software Product is the Right Tool for Your Organization Project Planning and Implementation of AML Software
I. Introduction (by Howard Steiner) II. Task Force Members III. Articles and Editorials Table of Contents
Intelligent detection of money laundering and other financial crimes Ralph Wyss and Dr. Laurence Jacobs International name and address handling Barry Shapiro Overview of appliance of technology Kenneth Bryant Approximate name matching Steve Craycraft Case review procedures Dwight Dingwall Comparative methods for transaction monitoring Shawn Shiff Project planning and implementation of AML software Howard Steiner Its all about the data Marie Kerr
i 1
3 7 10 15 17 19 21 24 27 90 91
IV. AML Technology Products and Services Grid V. Other Anti Money Laundering Resources VI. About ACAMS & Membership Application
All rights reserved - Association of Certified Anti-Money Laundering Specialists 1101 Brickell Avenue Miami, Florida 33131 USA Phone: +1 305-373-0020 Fax: +1 305-373-7788 Web: www.ACAMS.org E-mail: info@acams.org
Introduction
By Howard Steiner
U.S. security and counter terrorism experts understood the philosophy and intent of AlQaeda and groups like it for years prior to September 11, 2001. But those experts did not know how adept the enemy is at turning the worlds infrastructure against itself. In The Age of Sacred Terror by Daniel Benjamin & Steven Simon, the authors suggest that surprise attacks must now be regarded as the natural order of things, requiring government and industry leaders to unshackle their thinking and disregard no possibility because it seems unlikely. The authors of the USA Patriot Act noted that the ability to mount effective countermeasures against international money launderers will require tools specially designed for that effort. In response, the information technology industry has risen to the challenge. The range of systems and software available to counter the element of surprise and foil criminal use of the international financial system is impressive. Since its inception, ACAMS has been on the forefront of advancing the knowledge and skills of those dedicated to the detection and prevention of international money laundering. With the formation of its Technology Taskforce, the Advisory Board underscores technologys vital role as an essential element of anti-money laundering efforts. The Taskforces mission is to promote AML issues and awareness and bridge the information gap between the technology and end-user communities. The ACAMS AntiMoney Laundering Technology Directory, the result of dedicated work by taskforce members and ACAMS staff, reflects that mission. It has been a privilege serving as the Taskforce Chairman.
Howard Steineris Chairman of the ACAMS Technology Taskforce and a financial systems/AML project management consultant. E-mail questions or comments to hsteiner@sprintmail.com.
i
Technology Task Force Members

ACAMS is extremely grateful to all the members of the Technology Taskforce for their assistance in preparing this AML Technology Solutions Directory, and for their loyal support to ACAMS. We especially thank Howard Steiner for serving as the Chairman of the Task Force. Howard Steiner - Chairman ACAMS Technology Task Force Howard Steiner is president of KB Consulting LLC, a technical project management firm, and a partner at ImpactAML LLC, a firm dealing specifically with anti-money laundering solutions and AML software implementations. Howard has over twenty years experience in all aspects of securities trading, trade processing and risk management. He holds an Industrial and Operations Engineering degree from the University of Michigan in Ann Arbor, and a Masters of Business Administration in Finance from Fordham University in New York. He served five years as a naval aviator in the United States Marine Corps. He can be reached at hsteiner@sprintmail.com . Kenneth L. Bryant, MSCJ, CPP, CFE, CRP, CAMS, ACoI Mr. Bryant is a Director of KYC Outsourced Services (www.kyc.com a Division of ), Internet Financial Services [IFS], Ltd., based in the Cayman Islands. He has fifteen years experience as a laundering investigator, money laundering reporting officer, enforcement regulator and an AML consultant. He has a Masters Degree in Criminal Justice and holds several board certifications. Mr. Bryant is a Certified Charter Member of ACAMS and currently serves on the Certification, Education and Technology Task Forces. He is also the Chairman of the Eastern Seaboard of the Americas Region (Latin America and the Caribbean) for the UK based Compliance Institute. He can be reached at klbryant@candw.ky . Marie G. Kerr Marie G. Kerr is President and Principal Consultant of the Shamrock Consulting Group LLC. She specializes in project management, software selection, vendor management and AML systems. She is a member of the ACAMS Technology Taskforce and is a certified project management professional (PMP). For more information contact her at mkerr.shamrock@us.net . Ed Levy, J.D. Ed Levy, J.D., is a Certified Anti-Money laundering Specialist (CAMS) and a member of the ACAMS Technology Task Force. In addition to his legal background, Mr. Levy has extensive experience in Information Technology. He has been a Business Analyst, System Architect, Data Modeler, and Project Manager at Merrill, Prudential Investments, and Manufacturers Hanover, among others. He currently specializes in the intersection of Anti-Money laundering and Information Technology. He can be contacted at edlevy@comcast.net r www.impactaml.com o . Fred Meyers Fred is Law Enforcement Policy Advisor (Contract Employee) with U.S. Treasury Department, International Affairs, Office of Technical Assistance. He is also a Consultant to SAIC on FBI/State Department contract regarding Financing of Terrorism. He worked twenty-seven years with Internal Revenue Service, Criminal Investigation Division, and has extensive international experience working with foreign governments, private industry groups, and banks on laundering, law enforcement, and bank regulatory issues.
Technology Task Force Members
1
Technology Task Force Members (cont.)
Dirk Mohrmann Dirk Mohrmann is responsible for marketing and business development at WorldCompliance (www.worldcompliance.com Miami, Florida. He holds a German ) in MBA equivalent in finance and corporate marketing. His past experience derives from positions with global players like Dresdner Bank AG, cutting edge biometric technology companies like IriScan/Iridian, Inc., international software companies like Advisa Research, Inc., and a number of local firms. Mr. Mohrmann has been featured in several international financial magazines and has spoken at a variety of seminars and conferences. He can be reached at dirkm@worldcompliance.com . Shawn Shiff Shawn Shiff is an ACAMS member and independent software consultant specializing in banking applications and middleware. He can be contacted at shawnshiff@rcn.com . Ralph Wyss Ralph Wyss (born 1966), Attorney at Law, studied law at the University of Berne (admitted in 1993, doctorate in 1996). Starting his career in 1993 he worked several years at PricewaterhouseCoopers. In 2000 he joined a Swiss internet banking project as head of legal and compliance matters and after completion became self employed in 2001. Today he is owner of Wyss Legal Services, Zurich (www.wyss-legal.ch a Swiss law ), firm focussing on finance and IT law. He acts as Chairman of TvT Compliance Ltd., a Swiss company providing services to banks and governmental authorities around the world. He can be reached at Ralph.wyss@wyss-legal.ch .
2
Articles & Editorials
W
Intelligent detection of money laundering and other financial crimes
By Laurence Jacobs and Ralph Wyss
hat, exactly, is possible to combat financial crime? As it turns out, and as we discuss in this article, a great deal is possible. If the will is there, modern conceptual and technological means and, indeed, commercially available products exist that can fundamentally change the world of financial crime. Combating financial crime Just as with biological disease, financial crime can be either prevented by acting before it happens or diagnosed once it has occurred. Prevention is most often understood in terms of fixed compliance measures, either procedural, or on the basis of pre-established, quantifiable risks. An example of the former is the account-opening process in a bank, where certain steps, such as a formal verification of a new customers identity, are mandated. An example of the latter is the assignment of risk measures to customer or transaction parameters, such as customer country of domicile, origin of a deposit, or other transaction-related attributes. Diagnosis generally addresses more complex aspects of financial activities, such as the relationships between a set of transactions associated with an account or customer, or activity-based relationships between different accounts and/or different customers. The more complex potential risk signals involved in diagnosis are generally referred to as patterns. Some risks can be mitigated by a judicious choice of prevention rules, but the majority of cases of financial wrongdoing can only be detected after they have occurred. A priori risks and risk groups It is clear the effectiveness of prevention and, to some extent, diagnosis, depends critically on a correct assignment of certain a priori risks. Regulatory and other agencies periodically review and update several risk measures associated with specific individuals or countries and make these data publicly available. Other mandated prevention measures are essentially the formalization of best-practice guidelines, such as the specification of the account-opening process at a bank. These more simple, well-defined risks are amenable to real-time intervention. The implementation of measures to accomplish these real-time actions is generally of low technical complexity. Other risks, however, are far too complex to formalize as fixed compliance rules. In addition, these risks are generally not static, but change over time. Most importantly, though, most of these complex risks are sensitive to the context in which they occur. Real-time actions based on these more complex risk measures are generally not possible or even sensible. In many cases, the technical complexity associated with these intricate risks can be very high. Rule-based detection There are strengths and weaknesses associated with fixed rules. Among the strengths are that fixed rules are technically simple to implement, can be very fast, and are generally easy to understand. The main weakness here is that only known risks can be implemented through fixed rules. Apart from the basic compliance rules described above, fixed rules in a sense summarizing past experience of regulators are practically useless to detect criminal activity perpetrated by sophisticated criminals. But then again, not all criminals are sophisticated. 3
In addition, many methods of money laundering are known, well-understood, and some of these can be expressed as rules with a varying degree of complexity. False-negative and false-positive alerts Any signal detection, however intelligently done, is prone to error. This basic, unavoidable fact must be understood, and safeguards against it must be implemented. The effects of misdetection fall into two broad categories. The first, and most dangerous one, is associated with false-negative alerts, that is, with criminal activity that remains undetected. Fraudulent events that are subtle and difficult to detect can be the most damaging, because, when they surface as many eventually do the damage to the victim institution and principals is bound to be large. False-positives, on the other hand, affect mainly customer satisfaction, institution prestige, and, potentially, customer loyalty. They also generate great costs to the institution in that unnecessary human effort is spent investigating irrelevant events.
The price paid by society, and financial institutions for the failure of implementing adequate safeguards to combat financial crime, is extremely high higher, without doubt, than the most expensive anti moneylaundering systems available today.
Supervised and unsupervised learning In the context of fraud detection, the most powerful signal detection and identification systems known today are based on one of two possible methods, known as supervised learning and unsupervised learning. These two methods form the basis of what is popularly known as data mining. Supervised learning leads to models that use one or more characteristics of cases in the historical data to build classes. A class is a subset of the data where one or more attributes are most likely to have a particular value. Classification models could, in principle, be used to score the risk that a transaction is fraudulent. In the case of money laundering, however, this is generally not possible. The main reason for this is that supervised learning requires that a relatively large proportion of the cases in the historical record be known to be fraudulent, which is not the case for any given financial institution. A related limitation is that the accuracy with which such a classifier would score new cases cannot be high enough to be practical in the context of money laundering or other equally relatively rare types of financial crime. The process of unsupervised learning, on the other hand, looks for similarities between events (such as the activity profiles of customers in a bank), and groups these into distinct segments. These segments, generally known as clusters, are characterized by the fact that an event in one cluster is more similar to other events in the same cluster than it is to events in any other cluster. This is ideal for the problem at hand, where the goal is to identify suspicious events. Suspiciousness of an event is then the extent by which the event departs from expectation. The core of an effective detector of suspicious behavior is a procedure that detects anomalies in the data. By definition, an anomalous event is one that does not fit its context. What remains, then, is to define the context in which an event occurs. As the context changes, so should the measure of suspiciousness change. This is the meaning of adaptive learning; an effective method of detecting and measuring the degree of suspiciousness associated with an event must be able to adjust itself to changes in the context in which the event occurs, and it must do so in an unbiased, self-consistent manner. Two contexts In the general area of financial crime detection, there are essentially two contexts in which to place an event, such as a transaction, in order to assess whether the event is anomalous. The first context is the historical profile of activity of the individual customer (or 4
account) associated with the event. In simple terms, normalcy in this context is measured by the degree to which the event under consideration is expected compared with the rest of the events that define the activity profile of the customer in question. We refer to the analytical methods in this context as self-history analysis. The second main context is the historical profile of activity of the peer group to which a customer or account belongs to. A peer group are sets of customers or accounts that somehow fit together. A simple example of a peer group might be the set of cinemas in the Zurich area. Normalcy in this context refers to the degree to which the event under consideration fits the expected patterns associated with the peer group. We refer to the analytical methods in this context as peer-group analysis. Peer Groups How are peer groups defined and built? The example we mentioned above, that of a particular type of banking customer in a particular geography, is an instance of one of two general kinds of peer groups, namely a segmentation that is defined deductively using the values of one or more attributes (two in this case) associated with customers. The other general kind of peer group is directly induced from the data and is thus called inductive segmentation. If KYC is understood correctly, Inductive segmentation, which can, in principle, use all the attributes however, its powers as a associated with customers, including their activity profiles, is an example of unsupervised learning. business driver become obvious. KYC as a business driver This brings us to an often-overlooked point. Financial institutions mostly view compliance as a necessary, but generally unattractive, task an often expensive, unprofitable, and time-consuming burden on their normal business operations. If KYC is understood correctly, however, its powers as a business driver become obvious. When looked at in detail, an unexpected change in a customers profile, or a switch of peer groups, is not always a signal of malfeasance; it can also lead to a business opportunity for the financial institution. Examples abound. A simple one is the discovery of a customers migration to a peer group that has a higher profitability measure, associated, for example, with more a profitable investment profile. Knowledge of this development allows the financial institution to react to the change in a way that profits both the customer and the institution. Link Analysis Finally, link analysis is the investigation of relationships between separate entities involved in financial transactions. Several known methods of money laundering are based on the use of networks of accounts that are not known to be legally related. Some of the most powerful aspects of link analysis are only possible when implemented as a downstream component of a multi-stage detector that includes both self-history and peer-group components. Limitations The main limitation of the analytical picture sketched in this article is in the nature, quality and amount of data that are available for analysis. The clearest example of this limitation is in the analysis of networks. Whereas a great deal of information is available to a financial institution in investigating characteristics of networks of its own accounts, it generally knows almost nothing of nodes in the network that correspond to accounts in different financial institutions. Role of investigators An area not often mentioned in the context of money laundering, and not at all well5
represented by commercial solution providers, is the process of investigation performed by the various financial investigation units after a suspicious case is reported to them by a financial institution. With modern methods of analysis, while the human effort for financial institutions is bound to decrease, the number of cases reported to financial investigation units is likely to increase as a result of a growing number of reported cases of potentially higher complexity. Dealing with an increase in the number of potentially more complex cases will require new methods of analysis as support for these investigators. Current technology in the areas of supervised and unsupervised learning in general, including text mining, could have a profoundly positive effect on how such investigations are conducted. In particular, issues of effectiveness, consistency and speed could be substantially improved using modern analytical methods. Of course, this area of application of modern analytical methods suffers from some of the same limitations we have just addressed, but in many ways, the problem is simpler than the initial detection of suspicious activity. Among other things, financial investigation units have access to many more suspicious cases than any single financial institution, making supervised learning methods If KYC is understood correctly, potentially applicable. In addition, and most importantly, such agencies have access to data from all financial institutions in their however, its powers as a jurisdiction, and are thus not affected by some of the limitations we business driver become obvious. have mentioned. Conclusion The analytical methods we have discussed in this article are not simple. Given that the volume of daily transactions in a bank can reach into the millions, the demands on computational systems implied by sophisticated detection technologies can be enormous. A practical implementation of a detector that can deal with large volumes of data while meeting the most stringent constraints on accuracy must use state of the art technology in computing hardware and associated data organization and handling software. However, given the current state of development of these technologies, systems that scale gracefully to attack even the largest problems in this field are readily available today. It might seem that the use of the most powerful analytical and computational methods necessarily carries with it a large price tag for financial institutions. In fact, the opposite is true. There are two reasons for this assertion. First, state-of-the-art methods of analysis, and state-of-the-art computing platforms and other support systems are not necessarily expensive. Second, the price paid by society, and financial institutions for the failure of implementing adequate safeguards to combat financial crime, is extremely high higher, without doubt, than the most expensive anti money-laundering systems available today. In addition to the powerful analytical techniques we have discussed in this article, a successful attack on financial crime requires a comprehensive approach, including deep domain knowledge, powerful support and delivery technologies, and collaborative, enlightened and sophisticated regulators. Dr. Laurence Jacobsis the Chief Technical Officer of Kdlabs AG in Zurich, Switzerland. Kdlabs provides products and services in the area of Knowledge Discovery and Application. Dr. Ralph Wyss Attorney at Law in Zurich, Switzerland, advises financial institutions doing , business in Switzerland in legal and regulatory matters. He is a professional ACAMS member and can be reached at Ralph.wyss@wyss-legal.ch.
6
T
The Patriot Act and Challenges of International Name and Address Handling to Banks, Brokerages and Securities Companies
By Sanjib Mallik & Barry Shapiro
he Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA Patriot) Act was passed in October 2001 to address the tracking and capturing of financial resources that fuel egregious terrorist activities. As a result, the U.S. and its partners have publicly identified and designated various lists of terrorists or terrorist supporters. Additionally, the newly-created Department of Homeland Security will act as the central agency for creating new regulations, enforcing these regulations and ensuring that businesses are within regulatory compliance. Heavy fines, legal recourse and public identification of noncompliant businesses will be the rule, not the exception. The USA Patriot Act signifies a new breed of regulations that present challenges to the old ways of checking prospects, customers, and financial transactions. The USA Patriot Act imposes strict rules that require know your customers (KYC) beyond banking companies to a range of financial companies. Financial institutions including banks, credit unions, brokerages and security dealers, money transfer agents, investment bankers, insurance agents and other non-financial agents must comply with four main requirements. They must have: 1. Internal compliance policies and procedures in place 2. A compliance officer to monitor compliance 3. A compliance training program 4. An independent audit to test and verify compliance program With these new requirements, having good, automated solutions that will help monitor, report and manage the complexities of handling compliance and sensitive data will mark the difference between those struggling to meet requirements and those who have protected their businesses. To determine if a companys current customers, prospects or service requestors are among the ranks of known terrorists, data such as name, address, date of birth, telephone, drivers license or passport number, etc. must be matched against several U.S. governmental watchlists, such as the Office of Foreign Assets Control (OFAC) List and others available from private companies. In the event of a match, relevant reports must be generated and submitted to government agencies, and business must be suspended with the suspect names until confirmation from designated government agencies arrives with recommended action. The complexity of matching name, address and associated data rises exponentially when dealing with international names and addresses that vary greatly according to customs and conventions. False positives, expensive analyst intervention and poor customer service will result if special care is not taken to manage automated processes for matching names and addresses. The new international dimension The Patriot Act has rudely awoken the financial community to some serious customer service and business execution challenges: how to effectively match text-based individual and company data against text-based governmental watch lists; how to deal with foreign-sounding or phonetically similar names; how to match data that may have nicknames in it, aliases, misspellings and misplaced or inconsistent information; how to reduce false positive matches that result in a perfectly upstanding citizen having business dealings suspended while his terrorist status is being checked; how to ensure truly suspicious persons are effectively identified and reported. The challenges are more acute than screening the 5 million legal visitors who pass through our countrys borders and airports annually. Financial companies are now confronted with screening 200 million people in the United States who are seeking banking or brokerage services. What used to be the problem of just very large banks
7
dealing with foreign entities is now on the radar screens of all banks, securities and insurance companies. One relevant concern is how companies can rapidly arm themselves with new compliance solutions without spending the millions of dollars that very large banks have invested. Another is how companies can familiarize themselves quickly with the problems of name and text-based matching in order to find a quality solution that will serve them well for many years to come. Lets look at some examples to understand the nuances of name-based matching. Consider differentiating or matching Mr. John Smith Sr., John Smith Jr., Mrs. John Smith, or J Smith, Jon Smith, John Smith, John Smit, Jack Smith, John L. Smith, Lawrence John Smith, and Joan Smith. Depending on related information, some of these could be considered matches, others would not. But careful observation easily shows how complex an Having good, automated solutions will mark automated approach needs to be in order to compare these names correctly. the difference between those struggling to In the international community or dealing with international names meet requirements and those who have either as input or on watchlists, the challenge becomes more protected their businesses. complicated. In the U.S., a name can be as simple as John Gatori, a persons first and last name. Lets look at a name like Senore Giovanni Gotari. If nothing is known of this name and we apply straight rules, we would assume that Senore is the first name, Giovanni is the middle name and Gotari is the last name. But an intelligent tool would be able to determine that Senore is an Italian title, Giovanni is the first name and Gotari is the last name. In fact, a smart tool will even know that Giovanni in Italian is the equivalent of John in English, hence a natural alias will be Mr. John Gotari. Thus, quality of match in domestic and international markets is everything. Bottom-line, in an application where perfection is known to be impossible, fine tuning quality of match is the ultimate challenge. Generalized match algorithms that deal with data in strings such as full name and/or full address are far too problematic. True quality is achieved in fine granularity and the ability to adapt a systems approach to various situations. In Brazil and Mexico, for example, we can find double first names and double last names. For example, Jose Maria Gonzales Perez and Maria Jose Gonzales are not the same person. Jose Maria Gonzales Perez and Jose Gonzales might very well be a match. Additionally, there can be considerable complementary information within Brazilian and Mexican address lines not essential to matching. But if these elements are not detected and weeded out, they could lead to important matches not made and in some cases even lend toward false positives. Very often international data can also be inconsistent. Name data might be found in a company name field or address line; a company name might be found in an address line and so on. In order to achieve high quality matching, not only does a match system need to compensate for nicknames, misspellings, differing gender and the like, it also needs to be able to identify misplaced data and, in many cases, cross-match fields where data is commonly misplaced. Now, let us consider countries where clear mixed cultures exist. Singapore, important though small, provides an interesting example. Here there are Malay or Islamic style names: Leela bin Ramesany or Leela D/O Ramesany. There are also Chinese names: Lee Chi-ki. In this example, Lee is actually the last name of this person. Our automated name-matching system needs to be able to detect this. There is nothing deliberate in the data to flag that a given name is in first-last or last-first order. There are also Western
8
In order to achieve high quality not only does a match system need to compensate for nicknames and misspellings, it also needs to be able to identify misplaced data and, in many cases, cross-match fields where data is commonly misplaced.
style names in Singapore: James Martin. What if we have the name Lee Marvin? How do we establish proper name handling of Lee Marvin where Lee is the first name and Lee Chi-ki where Lee is the last name? Finally, when deconstructing a name like Ahmed Al-Doha Bin Hamdi, it is important to understand that there is only one name present, Ahmed, and the rest is to identify where the man is from and who his father is. Thus, software is needed that can identify key essentials and knows how to match properly and effectively with them. There are many more intricacies and nuances involved in name and text-based matching. This simple discussion can only illustrate that such challenges for automation process can only be met by software that is highly adaptable, able to work with data on a granular level and able to customize quite easily to a variety of situations without programming. Such software will help companies meet the standards of reasonable compliance set by governments now matching, and in the future. Barry Shapiro and Sanjib Mallik are both technologists working in the field of name matching for anti-money laundering and anti-fraud applications. Comments or questions? E-mail us at barryhshapiro@earthlink.net
9
T
Application of technology to antimoney laundering/ combating the financing of terrorism (AML/CFT) compliance programs
By Kenneth Bryant
he world of international financial services regulation is changing rapidly, and so is the increasing cost of business for every Financial Services Provider (FSP). Ensuring compliance with all relevant regulations requires every FSP to review its strategy and improve its business practices. FSPs around the world are increasingly recognizing the importance of ensuring their institutions have adequate policies, procedures, systems and controls in place so they are not used for criminal or fraudulent purposes. These systems and controls are often required by the various regulators around the world. Without such compliance safeguards, FSPs can become subject to reputational, operational, concentration and legal risks, which can result in significant financial costs. Moreover, taking a positive approach to regulation can improve performance, enhance profitability, accelerate growth and build competitive advantage. The key to the prevention and detection of money laundering and combating the financing of terrorism is an effective compliance program. An effective compliance program should, at a minimum, consist of the following key elements: policies, procedures and controls; customer identification and due diligence; monitoring, reporting, training and record keeping. Integrating technology can be particularly useful in the areas of customer identification and due diligence, and monitoring, reporting, training and record keeping. There is no doubt the financial and administrative burden of regulatory compliance is increasing daily and can be devastating. For many large FSPs, the application of technology to the compliance process may very well be the only means to meet their compliance obligations effectively. Technology is fast becoming a viable solution in almost every aspect of compliance, and it allows FSPs to focus on their core competencies. In some cases, the application of technology may well result in a greater degree of compliance than those FSPs operating without it. It is interesting to note that a stunning 92% of the compliance professionals who participated in the international survey for the ACAMS Job Task Analysis indicated they performed the evaluation, implementation and operation of AML tools as a part of their job function. Customer identification and due diligence With respect to customer identification, the accessing or interfacing of various public records databases can serve to either authenticate identification presented or provide a means of non-documentary verification. It must be recognized that original identification documents, including those issued by a government entity, can be obtained illegally and might be fraudulent, which would indicate identity theft. Non-documentary verification is defined as methods used to verify identity other than relying on original documents. Some examples in which this might occur are: when an individual is unable to present an unexpired government-issued identification document that bears a photograph or similar safeguard; the bank is not familiar with the documents presented; the account is opened without obtaining documents, because some customers might legitimately be unable to present those customary forms of identification when opening an account, such as an elderly person who does not have a valid drivers license or passport); the account is not opened in a non face-to-face transaction (an account is opened by telephone, mail or over the Internet); and the type of account increases the risk the bank will not be able to verify the true identity of the customer through documents, such as for a corporation, partnership or trust. Section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act, outlines three types of verification in this regard that can easily be facilitated by the use of technology. They are: comparing the identifying information provided by the customer against fraud and bad check databases to determine whether any of the information is associated with known incidents of fraudulent behavior (negative verification); comparing the identifying information with information available from a trusted third party source, 10
such as a credit report from a consumer reporting agency (positive verification); and analyzing whether there is logical consistency between the identifying information provided, such as the customers name, street address, ZIP code, telephone number, date of birth and valid social security number (logical verification). Section 326 of the USA Patriot Act also requires reasonable procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations provided to the FSP by any federal government agency. Technology can be used to automate this comparison list checking with both governmental and other proprietary databases or watch lists. In the area of customer due diligence, technology could be used to conduct Enhanced Due Diligence (EDD). This would include comparing lists for prospective high-risk customers, such as politically exposed persons (i.e., senior foreign political officials), persons engaged in types of business activities or sectors known to be susceptible to money laundering (i.e., A stunning 92% of the compliance correspondent banking, money exchangers, bureaux de change, Internet gambling, money remitters, electronic financial services, professionals who participated in online casinos, cyber cash, and other non face-to-face financial the international survey for the services) and the financing of terrorism (i.e., charitable, non-profit, ACAMS Job Task Analysis indicated non governmental organizations of a religious, political, social or cultural nature). Additionally, lists can be checked for persons they performed the operation of AML residing in, or having substantial business in and/or having funds tools as a part of their job function. sourced from countries identified by credible sources as having: inadequate anti-money laundering standards; jurisdictions that have been designated by the United States as a primary money laundering concern or have been designated as non-cooperative by an international body; or individuals and entities based in high risk countries, representing a high risk for crime, drugs, terrorism and corruption and/or subject to international sanctions. There are a variety of lists currently available by various governments and international bodies, such as the Financial Action Task Forces list of Non-Cooperative Countries and Territories, Financial Crimes Enforcement Network Advisories, Office of Foreign Assets Control, United Nations Sanctions, European Union Sanctions, Transparency Internationals Corruption Perception Index, the Central Intelligence Agencys Chiefs of State listing, and the U.S. Department of States International Narcotics Control Strategy Report, to name just a few. There are also several proprietary and third-party databases compiled from news media and other public sources that specifically identify individuals or entities worldwide that are known, suspected or substantially alleged to be involved in either directly or indirectly money laundering, fraud, drug trafficking, terrorism, public corruption, or are subject to official sanction. The future of the application of technology to this area of customer identification and due diligence may well be in relation to the proposed Section 326 regulation of the USA Patriot Act, which allows for similar safeguards in the identification and verification process. Ultimately, this would enable FSPs to permit the use of any biometric identifiers that may be used in addition to, or instead of, photographs, for example. Monitoring Once the identification and verification procedures have been completed and the client relationship is established, FSPs should monitor the conduct of the account/relationship to ensure it is consistent with the nature of business stated when the account/relationship was opened. To that end, FSPs are expected to have systems and controls in place to monitor on an ongoing basis the relevant activities in the course of the business relationship. The nature of this monitoring will depend on the nature of the business. The purpose of this monitoring is for FSPs to be vigilant for any significant, unexpected and unexplained change in the behavior of an account or 11
inconsistencies in amount, origin, destination, or type with a customers known legitimate activities. This inconsistency in the pattern of transactions is measured against the stated original purpose of the accounts. Technology could be implemented to monitor possible areas such as: transaction type, frequency, amount, geographical origin/destination and account signatories. It is often recognized that the most effective method of monitoring accounts is achieved through a combination of computerized and human manual solutions. A corporate compliance culture combined with a properly trained, vigilant staff through their day-to-day dealing with customers would, for example, form an effective monitoring method as a matter of course. Computerized approaches may include the setting of floor levels for large cash transactions, high turnover or thresholds for monitoring by amount, by class or category of account, account profiling, wire transfer screening and by analyzing transaction patterns. At the monitoring stage, it would be desirable for FSPs to incorporate There are a variety of software packages anti-fraud mechanisms or detection systems for check kiting or check counterfeiting, in addition to dealing with anti-money laundering available to manage the images, whether the issues. The more robust and well-rounded a monitoring system is, the institution does its own scanning or more valuable it can be to the institution. Furthermore, the ongoing nature of monitoring can allow for comparison list checking on a outsources the scanning to a scan house. monthly basis against all account holders since last checked and not just at the time of the opening of the account. Transaction monitoring has been, by far, the most popular and prevalent solution offered by technology vendors to date. Typically, this suspicious transaction detection software uses detection and discovery algorithms. Detection algorithms match the institutions information with predictive models and profiles a pre-programmed idea of what a suspicious transaction could be. Discovery algorithms apply artificial intelligence techniques by finding new patterns that fall outside the usual pattern and/or refine the original predictive model. Lastly, this technology communicates the output and can assist with workflow and case management as human intelligence deals with the red flags generated by the system. The level of human intervention required also varies by product. Reporting In the area of reporting, management exception reports can be printed and reviewed on a regular basis for certain high-risk clients and/or transactions. Emerging best practice has sought the use of a highly secure network to allow financial institutions to electronically file Currency Transaction Reports (CTRs) or Suspicious Activity Reports (SARs) via an Internet-based e-filing system, such as the Patriot Act Communication System (PACS), as developed by the Financial Crimes Enforcement Networkd in the U.S. In those cases, where the national reporting authority does not provide such a mechanism, FSPs can develop a private intra-network between themselves and the reporting authority. This network could conceivably carry the responses to requests for production and regulatory requests. Timely training The communication of an FSPs policies and procedures to prevent money laundering and the training on how to apply those procedures underpin all other anti-money laundering strategies. A documented training program is essential and any training provided to staff should be certified. Most jurisdictions do not specify the exact nature of training to be given to staff, and therefore each FSP can tailor its training programs to suit its own needs, depending on size, resources and the type of business they undertake. Employees should be trained in a timely manner and prior to the opening of new accounts or the handling of any transactions. Over time, there is a danger that staff 12
may become less vigilant concerning money laundering. It is therefore vital that all staff receive appropriate refresher or recurrent training to maintain the prominence money laundering prevention requires, to remind them of their obligations arising from it and to ensure they fully appreciate the importance their employer places on it. As such, training should be held on a regular basis, at least annually, and in the case of operations personnel, perhaps more frequently. Depending on the number of employees an FSP has, this can be a daunting process. FSPs could consider enterprise-wide solutions, such as computer- or web-based training to facilitate the process. Best practice has been to move away from CD-Rom based products, which remove the issues of packaging and distribution and the risks and costs associated with loading software on desktops and/or over existing networks. In addition, a web-based product allows for the course material to be current which is critical with ever-changing regulations, legislation and guidance. Besides being designed to be highly interactive to increase comprehension and maintain employee interest, other features that can be built in are: bookmarking to remember where the user left off during multiple sessions; diagnostic tools to monitor the employees course progress and remedial issues; content management to incorporate an FSPs own internal policies and procedures; assessment which allows for testing; and a certification printing or tracking option to document completion for regulatory purposes. Record keeping Often the only valid role a financial institution can play in a money laundering investigation is through the provision of relevant records particularly, where the money launderer has used a complex web of transactions specifically for the purpose of confusing the audit trail. FSPs should keep appropriate records relating to the evidence of client identification, the verification of identity and records of transactions. Client identification consists of the identifying information, provided by the customer, the type of identification document(s) reviewed, if any, the identifying information and identification number of the document(s), and a copy of the identification document(s) itself. Verification records relate to the means and results of any additional measures undertaken to verify the identity of the customer and the resolution of any discrepancy in the identifying information obtained. Adequate records identifying relevant financial transactions should also be kept. Typically, these records must be maintained by the FSP for five years after the date the account is closed. Where there has been a report of a suspicious activity or the FSP is aware of a continuing investigation into money laundering relating to a client or a transaction, records relating to the transaction or the client should be retained until confirmation is received that the matter has been concluded. Best practice has found that document management and archiving systems (e.g. digital imaging) are effective in retrieving files for production requests in a timely and cost-effective manner. There are a variety of software packages available to manage the images, whether the FSP does its own scanning or outsources the scanning to a scan house. Access to records could be web- or network-enabled, or it could be secured through the use of compartmentalized encryption, including access for only authorized persons by biometric devices. Regardless of whether these additional applications of technology are implemented and, in turn, create additional records, normal vital business records are critical to the operation of the business and will need to be protected. Current technology is particularly effective in the area of disaster recovery, such as with data replication and various fail-over systems. As more and more regulators around the world require a business continuity program as a condition of the license holder, business continuity becomes less and less of an option.
13
is
Concluding thoughts While some vendors offer hardware, others offer only a software-based solution, while even other vendors offer services on-line. The price tag for these solutions can range from the relatively inexpensive to the extremely expensive. Some systems can amount to several million dollars in the first year. Regardless of cost, all of these products have experienced a massive upsurge in business since the terrorist attacks of September 11, 2001. No matter what the product, an FSP should not rush to judgment. The application of new technology is not always the solution to every problem; it does have limitations and should not be the first course of action. Besides the expense, it is incumbent on the FSP to determine whether it is sufficient to leverage existing systems, which may decrease the eventual reliance on new technology. For example, most compliance management reports can be generated from the output of existing systems. Failing the use of existing systems, clearly the most The application of new technology successful business model will incorporate a project management approach. There must be a clear specification of what is needed and not always the solution to every problem; how it will suit the needs of the FSP. Besides handling the myriad of it does have limitations and should not implementation issues, the effectiveness of the application will largely be the first course of action. depend on how well the new technology is integrated into existing systems. There is no question an FSP can achieve a greater degree of compliance, as well as save time and money, through the effective use of technology. This is especially true for larger institutions. Eliminating or reducing the compliance burden becomes even more imperative, not just from a regulatory compliance standpoint, but from a business standpoint, as it becomes more and more difficult to drop profit to the bottom line as institutions face increasingly tighter margins. Kenneth L. Bryant MSCJ, CPP, CAMS, CFE, CRP, ACoI, is a Director with KYC Outsourced , Services, and has experience as a laundering and fraud investigator, money laundering reporting officer, enforcement regulator, and as an AML consultant. Ken is a certified charter member of ACAMS and cur rently serves on the ACAMS Certification and Technology Task Forces. He can be reached at klbryant@kandw.ky.
14
W
Approximate Name Matching
By Steve Craycraft
atch list filtering used to be the simple comparison of customer names against the Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) list. Over time, filtering has become more burdensome and complex. The number of names on the OFAC SDN has grown. Additional watch lists have been created and must be checked. Examples of these additional lists are the Bureau of Export Administration (BXA) Designated Persons List (DPL) and the Bank of Englands Consolidated List. Other countries or their central banks also issue lists, including Canadas OSFI and the United Arab Emirates Central Bank. In addition to customer names, counter parties, guarantors, beneficiaries, and employees need to be scrubbed. If volume were the only issue, the problem might be solved with faster, more powerful computers or a lengthening of the processing cycle. However, the true complexity lies with the multiple ways in which a name can be spelled or misspelled, accidentally or deliberately. Names are spelled differently in different languages, often reflecting local pronunciations. Titles, suffixes or abbreviations can also be introduced. When a customers name (or the beneficiary) matches exactly a name on one of the watch lists, further investigation is necessary and likely worthwhile. However, how close must a name match for to be certain that additional investigative time will be well spent?
Managing the trade off Many financial services companies are now in the process of automating the task of comparing their customer lists against a series of suspicious entity lists prepared by outside agencies. While the general concept of name checking is rather simple, in practice, name checking can be considerably complex. This complexity arises primarily from the fact that the same entity appearing on two lists may not be entered in the exact same manner. Abbreviations, misspellings and keypunch errors can mean the same entity may appear on two lists without looking like the same entity. Companies are now required to make a due diligence effort to identify these entities as well, which means The true complexity lies with the multiple that some sort of approximation methodology must be employed. ways in which a name can be spelled or The use of approximation techniques introduces the basic problem faced by the Compliance Officer: too loose an approximation yields a great misspelled, accidentally or deliberately. number of false positives (entities that are returned as suspicious but are in fact legitimate), too tight an approximation yields false negatives (entities that are truly suspicious but are not identified). An additional concern arises because some approximation techniques are not always appropriate for very large source data sets. A well-constructed name searching methodology can be implemented, however, that will minimize both of these dilemmas. Name searching methodologies can make use of a number of available algorithms, each with its own strengths and weaknesses. Commonly used algorithms fall into three categories: Pattern Matching - The use of wildcard characters to increase the likelihood of a match. For example, searching for J*Smith would return both John Smith and Judy Smith. Pattern matching is reasonably efficiently but suffers from the problem that the pattern searched for must be known in advance. Phonetic Coding - Reduction of the original entity names to a code of specified length based on the sound of the characters in the names. A match is returned if the names on both the source and target lists have been converted to the same code. Metaphone, Soundex, and NYSIIS are all phonetically based algorithms. Phonetic codes compute efficiently, but will return matches only if the exact same code is returned for both source and target names. This weakness can be partially alleviated by the use of more than one phonetic algorithm, as different algorithms permit alternative phonetic code conversion assumptions to be recognized. This greatly increases the likelihood that 15
available algorithms, each with its own strengths and weaknesses.
one of the algorithms will return the same code. Numeric Scoring - Assignment of a numerical value to measure the closeness of the match between two text strings. Edit Distance and Jaro-Winkler are examples of numeric scoring algorithms. The great advantage of numerically scored algorithms is that source and target names that are reasonably close do not have to match exactly or go through a conversion routine. By utilizing a combination of the algorithms, an efficient name-searching routine can be employed that takes advantage of each algorithms particular strengths while minimizing individual weaknesses. A well-conceived routine will not only run efficiently, but will also be constructed in such a way that the algorithms work effectively together to identify records of interest while discarding inappropriate matches, permitting some degree of control over the false positive/false negative problem. For example, a process could be implemented which first utilizes the faster-running algorithms to return a preliminary set of matched Name searching methodologies records based on loosely defined selection criteria. The larger the list of names that must be checked, the more valuable an efficient namecan make use of a number of searching methodology becomes. Algorithms currently used in name checking Exact: Character by character (not case sensitive), space by space and punctuation (e.g. apostrophes, dashes) must match exactly. It is excellent for the first few passes through a large customer database. Its weakness is that even slight misspellings or an elided apostrophe will fail to find an otherwise true positive. Pattern Matching: This algorithm is similar to exact but superior inasmuch as wildcard symbols permit the identification of a greater number of potential matches. The largest deficiency is the risk of large numbers of false positives. This algorithm should be used on entire customer lists after exact matching has been used. Soundex: Names are coded phonetically by reducing the name to first letter with following letters assigned alphanumeric characters. Soundex reduces matching problems from different spellings. It is best used with single name searches, starting with the longest Soundex. Metaphone: This algorithm codes names as heard in English into 16 consonant sounds. This reduces matching problems due to different spellings. Double Metaphone: This codes names phonetically into only 12 consonant sounds. It is best used as the intermediate step between exact and soundex. Jaro-Winkler: This algorithm compares two names and assigns a numeric value based on the number of common characters and position of these characters in the names. Its refinements include corrections for common typing/keypunch errors and assignment of a greater weight to characters at the beginning of a name compared to characters at the end of a name. Like the edit distance algorithm listed below, jaro-winkler is best for single name searches. NYSIIS: Developed by New York State and New York City to maintain records of immunizations and attendance of public school students, this algorithm converts a name to a phonetic coding of up to six characters. Additional fields that may be used for checking include date of birth, age, and current or former addresses. Edit Distance: The smallest number of insertions, deletions and substitutions required to change one name into a second one. This algorithm is best run in background and when results from a search of a full customer file are not time sensitive. It performs well when running single-name searches. Steve Craycraft is a technology and anti-money laundering consultant based in New York City. Send questions or commentsspcraycr@optonline.net. to
16
P
Defining an appropriate suspicious case review procedure
By Dwight Dingwall
rovisions of the USA PATRIOT Act mandate that financial institutions make a due diligence effort to identify customers that either appear on any number of suspicious entity lists prepared by various agencies (watch list filtering) or who engage in patterns of activity suggestive of money laundering. Watch list filtering is generally handled through the application of name matching algorithms that compare customer lists against the watch lists, with some attempt made to account for abbreviations and misspellings. Likewise, additional rules-based automated procedures are employed to sift through a firms transaction records in an effort to identify situations that meet the AML criteria. Records returned by the running of these routines will inevitably include a mix of both truly suspicious cases and those that are deemed not suspicious (referred to as false positives). A compliance officer must make sure each case is investigated to determine its true status. A well-conceived process will provide the compliance officer with the information needed to continually track the status of each case review from conception to resolution and also demonstrate to authorities that due diligence requirements have been met. Existing management information system (MIS) components may be leveraged to build a case management tool, or software may be developed or purchased to assist with this task. In any case, a complete case management procedure/tool should include the following functionalities: Assign cases to designated individuals for investigation Monitor status of cases that have entered the case management system, including the running of summary reports Directly assign customers who entered the Case Management system but deemed not suspicious to a white list to prevent their repeated appearance in the future Capture all actions taken as a case moves through case management Automatically generate required reports such as Suspicious Activity Report or Currency Transaction Report upon determination that an event is suspicious Set user permissions by activity To illustrate how a case might work its way through a case management system, assume two customer names have been identified through the application of a watch list check using a name-checking algorithm. The following events might occur: 1. The events are each assigned a unique case number and entered into the case management system, including such information as date/time, customer name and test applied. Each receives a preliminary case status of unassigned. 2. At the same time, a record for each case is added to a case activity log, capturing case number, date/time, and the designation Initiated. 3. A screen on the desktop of the compliance officer shows the addition of two new cases. The officer has the ability to take a number of actions at this time, including, for example, Dismiss, Assign, and Un-assign. Assume the first case is assigned to investigator A, and the second to investigator B. Comments can be entered at the same time as the assignment. 4. The assignments result in the status of both cases changing to Assigned, and records added to the case activity log might show the actions and to whom the cases were assigned. 5. Assume that Investigator A determines that his case is not suspicious, and sends the customer to an appropriate log or list. Doing so changes the status of the case to completed, and a record is added to the case activity log showing that the case was completed, was deemed not suspicious, and the name was added to the white list.
17
6. Assume that investigator B determines that his case is suspicious and must be reported, and requests the generation of an SAR report. Doing so changes the status of the case to completed, and a record is added to a case activity log showing that the case was completed, was deemed suspicious, and the fax-ready report produced. This simple example demonstrates the basic features of what a comprehensive case management application might accomplish. First, all cases are immediately entered into the system and the compliance officer notified. Second, the compliance officer is informed at all times of the status of all cases. Filtering options can be placed on both his screen and in reports that would allow access to the desired information. For instance, filters can be included that limit selections by status or date range. Next, all steps taken on a case are captured and can be reported on. This provides evidence that due diligence efforts were applied to each case. Finally, automated required report production simplifies the tasks of the compliance officer. Note that the ability to assign A well-conceived process will privileges through a security management interface would provide the compliance officer with give the compliance officer complete control over the case management process. the information needed to continually
track the status of each case review from conception to resolution.
Dwight Dingwallis a technology and AML consultant based in New York City . E-mail questions and comments dwightdingwall@att.com. to
18
T
Comparative Methods for Transaction Monitoring
By Shawn Shiff
here are two major ways that transactions are currently monitored for suspicious activity: based on rules or on neural network training. In addition, statistical sampling techniques can be used to increase the effectiveness of both approaches. Neural network A neural network is software that simulates the structure of the brain. It has both layers of neurons and connections between these neurons. The strength of the connection between any two neurons is what makes the entire network able to identify whatever it has been trained to look for. The neural network is trained using sample data that should represent both suspicious and normal transactions. The training data also must contain an extra field that identifies whether the transaction is suspicious or normal. Training is accomplished by running all of the data repeatedly through the neural network. The network decides whether the transaction is suspicious or not, and then checks the field that tells it whether it is correct. If the neural network is wrong, one or more of the connection strengths between neurons will be adjusted. The sample data may have to be run through the neural network hundreds of times before most of the transactions are properly identified as suspicious or normal. Once the neural network has been trained in this way, it can be used to evaluate actual transactions and determine whether they are suspicious or not. One of the advantages of a neural network is that the training occurs automatically by simply running the data through it repeatedly until it learns. The neural network may also identify more subtle aspects of a transaction that the user may not have suspected. Since the user is not required to set up any rules, and the network learns the rules itself, it is possible that the neural network will produce better results than a rules-based system. Rules-based A rules-based system uses certain rules to define when a transaction will be considered suspicious. An example: if amount is greater than $10,000, then flag the transaction as suspicious. The rules definition language varies from vendor to vendor, but the basic idea is the same. Although the user needs to know what constitutes a suspicious transaction in order to set up the rules, it is possible to simply copy them from regulations, the vendor or a compliance body best practices. One good aspect of a rules-based system is that it is easy to document what is being checked. All of the if statements and the resulting actions can simply be copied into a document and provided to regulators. One problem with a rules-based system is that the rules are brittle. If the goal of a rule is to look for transactions that are $10,000 or higher, $9,999.99 will not be caught. It is therefore easier for a perpetrator to trick the system if he or she knows the monitoring rules. Statistical sampling Statistical sampling is used to explore and produce an accurate profile of the data. This guides the user toward creating rules or neural network training data. For example, by analyzing the amount field in a years worth of payments data, the user gets a very accurate picture of the average transaction amount, the distribution of the amounts around this average, and, more importantly, a level above which an amount would be statistically unusual. Statistical analysis is an iterative process. The user initially analyzes certain aspects of the data and the results lead them to focus on other fields in the transaction, relationships between various fields and issues concerning data aggregation. For example, the user might want to analyze the number of transactions in the past six months that each customer sends or the total amount in the last six months versus the total amount sent in the past week. The statistical analysis will therefore start by casting a wide net, and 19
iteratively the user will work to identify statistics that measure important aspects of a transaction or a set of transactions. Doing statistical analysis is great for determining which aspects of a transaction will give the best results when monitored and what levels to set for triggering further scrutiny. But statistical analysis requires a user with statistical training and a good statistical package to properly conduct the analysis. Software purchases are similar to buying a watch. When deciding to buy a watch, consumers rarely care how or why the watch works, as long as it tells time accurately. Software purchases are similar in that users are more interested that the software does its job, not how it does the job. With transaction monitoring software, customers do not have the luxury of the ignorance is bliss philosophy. The systems technology underpinnings have far-reaching effects within the enterprise. For example, interaction with the software may drive the need for additional training or new business processes. Pre-sale research conducted prior to committing to a specific technology will surely pay dividends in your anti-money laundering program. Shawn Shiffis an ACAMS member and independent software consultant specializing in banking applications and middleware. He can be contacted awnshiff@rcn.com. shat
20
A
Project Planning and Implementation of AML Software
By Howard Steiner
t the peak of the dot-com era hysteria, pundits and venture capitalists were fond of telling anyone who would listen that the internet changes everything. Well, it certainly changed the way many folks out there steal music and access pornography, but it hardly changed everything! The reason it failed to meet the hype was that many dot- com entrepreneurs and hapless investors failed to realize that business requirements drive technology acquisition, not the other way around. Just because pet supplies or groceries can be sold electronically using the latest high-tech wizardry does not make it a good idea! The same is true for the anti-money laundering arena. With a distinct sense of dj vu, we in the AML industry hear the drum beat of technology consultants, vendors and regulators who are quick to tell us that the PATRIOT Act changed everything. Technology in AML certainly has its place, but it is time to take a deep breath prior to signing on to the revolution. Compliance manuals: then and now Many compliance manuals published before the September 11 attacks, mention using technology as part of a comprehensive AML compliance effort. However, while the PATRIOT Act has turned up the heat, the call for adopting technology-driven efficiencies is more evolutionary than revolutionary. Copious research and analysis of implementation and integration aspects of AML technical tools are essential to ensure that a chosen technical solution solves the right problem. Fortunately, regulators dont go into much detail concerning just how technology should be applied or even what specific technologies they are talking about. Regulators are vague because there is no single solution for every firm, and the costs of implementing technology solutions can be prohibitive. When regulators speak of monitoring transactions, for example, they arent necessarily suggesting the use of electronic monitoring tools, but rather, practicing diligent oversight of the life cycle of a transaction. When they speak of systems being in place, they are referring to a set of policies, procedures and controls, not necessarily high-tech tools. Most importantly, regulators do not want to see or hear that a firm has bought into a technology as a substitute for, rather than as a component of, an overall AML program. Until further notice, the cornerstone of any AML effort remains KYC - know your customer. Selecting tools, justifying costs In business, especially compliance, there is no room for frivolous purchases. There are likely other people and projects competing for the funds compliance officers seek. And those business units make compelling cases of how theyre going to use those same funds to actually add to the bottom line. Compliance is often viewed as a cost center. Questions from management When it comes time to request a budget to spend funds on compliance technology, its best to have done a comprehensive study of how the mission of the compliance office can better be accomplished utilizing the proposed purchase. In other words, how does the business drive the acquisition need? When a compliance officer seeks money from management for newly chosen technology, he or she is like likely to face these questions: If a regulator is not requiring financial institutions to have this, why does our organization need it? And, If our institution is in compliance without it now, why spend additional funds? Compliance professionals are often expected to be salespeople! AML debates at the senior management level range from hostility (to the implication that that a company should take on a law enforcement role) to passivity (due in part to a lack of awareness on several fronts). 21
Systematic approaches Compliance officers must justify a project proposal by building a compelling case for technology spending and employ a requirements management approach. This is a systematic approach to eliciting and documenting the requirements of a compliance program. These requirements may be based upon new trends of enforcement action and regulatory oversight, or a comparison with competitors deployment of technology in their programs. Going through this exercise, besides as a means to justify spending, has the added value of forcing compliance officers to take a disciplined overview of just how well an existing AML program is integrated throughout the enterprise. It will either validate certain assumptions or challenge the efficacy of existing efforts. Either way, it is bound to enlighten to senior management who are not aware how difficult a task it is to run an effective AML compliance office. Documenting requirements must, at a minimum, address issues such as: What technology exists that will fulfill the needs at the level of funding available? Senior management is not aware how How will it fit into the organization? difficult a task it is to run an effective AML Whos going to implement it? compliance office. How will the technology fit into the existing systems architecture? What should the compliance officers role in this be versus the role of the technology staff? Designing a program or technology to thwart money laundering activities is difficult because of the complex nature of the crime. Placement, layering and integration activities span many different financial processes and involve multiple business units and their personnel. Sometimes it is the sheer volume of activity, such as wire transfers, that provide cover for launderers, and other times, the cover is provided because the AML controls have not been engineered into specific business processes. Insufficient training, lax enforcement policies, low motivation, and lack of strong senior management sponsorship also play key roles in hindering the creation of effective programs to thwart money laundering activities. In addition, a compliance officers responsibilities will broaden as the regulatory environment becomes more rigorous. Now, to effectively implement technology as part of a compliance program, compliance professionals must consider disparate business unit processes, the existing systems each uses to process transactions, and an understanding of how the IT department utilizes the software development lifecycle model when adding new systems to the existing architecture. Project managers After developing and documenting a proposal, and developing convincing business case justifications, compliance officers must sell management on the whole idea. Assuming the pitch is successful, its important that the program have secured funding and established sponsorship from the appropriate staff, so that the project manager has sufficient authority to manage change and assign accountability. Financial institutions must also decide whether to outsource the project managers role. Professional project managers are familiar with the standard methodologies employed in the trade, and can relieve compliance officers of chores that may distract them from primary job responsibilities. Whatever the decision, keep in mind that utilizing established best practices will increase the odds of project success and actually reduce costs in the long run.
22
Polling vendors Next, look at what technology solutions are available to address the specific needs, or gaps, in compliance efforts. Getting this part right the first time is tremendously important because it prevents costly delays associated with rollbacks, re-analyzing, retesting, re-programming and re-deployment. Find out what is available from vendors. Construct requests for information (RFIs) and send them to identified vendors. The final candidates will be asked to submit proposals via an RFP, or request for proposal document. The next steps are assembling the project team members and putting an issues tracking system in place. Other elements of running an implementation project include setting up new business processes and procedures for every job affected by the new system, providing training for all stakeholders who interact with the new system or a derivative process and setting up a performance measurement metric to allow optimization of the output. Professional project managers are familiar If the new system requires periodic involvement of the vendor, it will with the standard methodologies employed also be important as part of a post-implementation plan to assign a in the trade, and can relieve compliance contract management role to the appropriate individual. officers of chores that may distract them Taking a disciplined and requirements-based approach to implementing technology solutions in AML efforts is the best from primary job responsibilities. insurance against problems and helps assure successful selection and integration of a financial institutions chosen AML technology. Howard Steineris Chairman of the ACAMS Technology Taskforce and a financial systems/AML project management consultant. E-mail questions or comments to hsteiner@sprintmail.com.
23
A
Its All About the Data
By Marie Kerr
financial institution can have a comprehensive anti-money laundering program, a staff of experts, and a million-dollar (or more) specialized computer system in place and yet still miss potential problem customers because they failed to collect or use important data. In the end, it all comes down to data-discrete pieces of information that need to be collected, analyzed and presented in meaningful ways-to make a successful anti-money laundering program. No matter what automated or procedural anti-money laundering programs you have in place, the success of the program depends on meaningful data. One of the first steps in creating an effective program, then, is to develop a data plan to understand what data must be captured, how to capture it, how to analyze it, how to report it and how to use it. At one mid-sized bank where a new automated system was about to be installed, a debate arose over the use of a particular field. The new stand-alone system takes daily downloads from various mainframe systems and analyzes the transaction data to look for out-of-profile activity. It looks for variations in number of transactions and dollar amounts of transactions over a specific time period based on the profiles (expected activity) created by account officers. Thats its basic function-to report daily on unexpected activity and flag accounts for further analysis. However, the system also allows for other types of analysis, but this can be done only if the data is available from the systems that feed it. It also depends on whether or not the bank takes the time to learn and use the system in imaginative ways. Lets take a look at one simple data field and whats involved in using a system in creative ways. The NAICS code, or North American Industry Classification System (formerly known as the Standard Industrial Classification code, or SIC) is used as the index for statistical reporting of all economic activities of the United States, Canada and Mexico. It can also be very useful to financial institutions. If all corporate customers are identified with their NAICS designation, financial institutions can analyze transaction activity in the aggregate as well as on an account-specific basis. Individual accounts could be compared to the averages of all similar accounts, and results could be reported graphically. Since money laundering often lurks behind the mundane, mostly cash businesses, lets use nail salons as an example. NAICS classifies nail salons as follows: 812 Personal and Laundry Services 8121 Personal Care Services 81211 Hair, Nail and Skin Care Services 812111 Barber Shops 812112 Beauty Salons 812113 Nail Salons If your institution captured the NAICS, you would be able to produce a graph like the one below that might cause you to look more closely at your customer, Lady Luck Nail Salon. Compared to its peers-all the nail salon accounts in your bank-Lady Luck shows an odd lack of monthly deposit fluctuations. Unlike its peers, Lady Luck has no peaks during June and December; its deposits are roughly the same each month. It might be worth flagging this account for further analysis. Using the NAICS code allows you to know not only your customer, it also allows you to know your customers industry trends. Tracking your customer against its industry trends can help you spot any number of interesting possibilities, from an incipient bankruptcy to money laundering to cross-selling new bank products. Which brings us back to the discrete data field called NAICS and how to make sure it will be used. The mid-sized bank that was installing a stand-alone anti-money laundering system did not capture the NAICS code at account opening. In fact, there were at least three different account-opening systems, which lacked uniformity, and only one allowed for the entry of the NAICS code. In addition, at the back end, the bank had 24
a hodgepodge of legacy systems: the deposit system had a 4-digit field called SIC code that wasnt used, and the commercial loans system had a 5-digit field that was used only occasionally (and the codes had not been updated to the new NAICS codes). The antimoney laundering system had room for all six digits of NAICS, but the bank could only use this capability if they could capture the code at account opening and then store it in their deposit and loan systems. 1 Important functionality in any system, whether legacy or new, always comes down to discrete data elements. Are the data captured, are the data stored, and are the data used uniformly throughout the enterprise are the questions that must be answered. 1 Worth noting is that it takes six digits to identify nail salons as a discrete business type. Since there are thousands of NAICS codes, it would be quite burdensome for account officers to comb through the entire list . It would probably be accurate enough to use just the 4-digit Personal Care Services code, 8121. Marie G. Kerr is President and Principal Consultant of the Shamrock Consulting Group LLC. She specializes in project management, software selection, vendor management and AML systems. She is a member of the ACAMS Technology kfor e and is a certified project management as T c professional (PMP). For more information contact her at err.shamrock@us.net. mk
25
CONDOR BUSINESS SOLUTIONS

Condor Business Solutions is an innovative technology & financial consultant firm, among a full set of products and services, like AML training and advising, we count with MINDS, a high level anti-money laundering monitoring application, that is so simple yet
MINDS
HIGH LEVEL ANTI-MONEY LAUNDERING MONITORING APPLICATION
So simple . . . yet so powerful.
powerful, to fulfill all the needs in this matter, MINDS detect suspicious activities, cash flow, KYC & documents administration and relationship between clients, easy and affordable, compliant with most of Latin-American laws & regulations.
Montecito 38, 22nd floor, Suite 3 Napoles, C.P. 03810 WTC Mexico, Mexico D.F. tel: 5488-3151 fax: 5488-3151 email: condorbs@condorbs.com web: www.condorbs.com.
AML TECHNOLOGY PRODUCTS AND SERVICES

All listings in this directory are paid listings, with information provided by each company.
ACI
ACI Worldwide, Inc
Number of full time employees: 1400 Year founded: 1975 330 S. 10th Street Omaha, NE, USA Tel: 1-402-390-7600 Fax: 1-402-330-7528 Website: www.aciworldwide.com
Preventing fraud requires the earliest possible detection and the quickest possible response. ACI Worldwide offers ACI Proactive Risk Manager, a complete fraud monitoring and detection solution that combines the pattern recognition capability of neural-network technology and custom risk models with expert rules-based strategies and advanced client/server account management software. ACI Proactive Risk Manager is a cost effective solution that can return the investment in months, not years. Vistit www.aciworldwide.com.
ACI Proactive Risk Manager

Application Name(s) Application Types Types of Customers Number of Customers Number of Fortune 500 Customers Architecture Server Operating System Recommended Server Hardware Minimum and Recommended RAM Minimum and Recommended Hard Drive Client Platform Client GUI Type Client GUI Programming Language Server Programming Language Database Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates Application License Cost Application Maintenance Fee Other Points to Emphasize That are not Covered by the Questionnaire Type of Transaction Monitor Name of Monitor Used Transaction Types Monitored Proactive Risk Manager Transaction Monitor Bank/Brokerage/Insurance/Money Remmittance 47 Several Client server MVS/Windows/Solaris/HP Nonstop SunFire 15K/Pentium IV 1ghz/Xeon 256 MB/512MB 1GB/20GB Windows/Solaris Windows/Browser/X Windows Java Swing C++ Oracle/SQL Server Yes Yes Yes Yes Training Included in Services Package Yes Provided on Request Depends on size of system And functionality Offers Sophisticated Rulest System with options to enhance with neural scoring and extended case management Artifical Intelligence/Rules based/Statistical Profiling ACI Payments
27
ACI
Message Types Monitored Interface to Receive Transaction Data Analysis Occurrence Rule Definition Method Ease of Changing Rules Best Practices for Monitoring Rules Method for Managing Suspicious Transactions Types of Built-in Surveillance Reports Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check? Interface with External Resources Ability to Send Data to Other Applications? Interface to Send Data Data Types Sent Types of Built-in User Reports Any Flat File/Queue/API Real-time/Batch Neural Network Training/Rules Definition Language Easy Yes Automatic alerts with analyst review SAR/PAC Interface/CTR/Reporting Extensible through user templates E-mail/Printer/Electronic User Initiated No OFAC/Otyher Suspicious Customer database(s)/Third party name checking DB system Yes Flat File/SQL XML/Swift/Any-integrated Rendering Definition Extensive Operations Reporting
28
ACL Services, Ltd.

Number of full time employees: 150 Year founded: 1987 1550 Alberni Street Vancouver, B.C. Canada V6G 1A5 Tel: 604 - 669-4225 Fax: 604 - 669-3557 E-mail: info@acl.com Website: www.acl.com
For more than 15 years, ACL's flexible, scalable software and services have helped financial services organizations of all sizes detect fraud, audit areas of operational and credit risk, and respond to both internal and external regulatory compliance requirements - including recent legislation such as the USA PATRIOT Act and Sarbanes-Oxley Act. With an international customer base that includes 89 of the Fortune 100 and over half of the Global 500, ACL delivers its solutions in more than 100 countries.
Describe your solution (database, transaction monitoring, case management, investigative)
Application Name Application Types Types of Customers Number of Customers Number of Fortune 500 Customers Who are some other clients that use your solution?
How long has your solution been on the market? Are you a small, medium or a large market solution?
Who is your ideal customer?
What separates you from your competitors?
Explain the process you used in developing this solution? What scenarios or case studies are already coded, tested and in production?
ACL is a fast, flexible solution that is cost effective and provides a quick ROI. Combining financial industry insight and transaction analysis expertise with powerful technology, ACLs AML solution can be individually configured to automatically detect suspicious transactions, perform intelligent transactional and/or client profiling, OFAC compliance monitoring, and much more. ACL Business Assurance Solution: Anti-Money Laundering and Compliance Account and Transaction Monitor / Repository / KYC / OFAC / Fraud Detection Bank/Brokerage/Insurance/Money Remittance/Government/Gaming Over 130,000 licenced users in more than 150 countries in all vertical industries; 1305 active banking sites using ACL technology 89 of Fortune 100; 334 of Fortune 500 North America: Citigroup, Wells Fargo, Bank of Montreal, Union Bank of California, First Tennessee, Compass Bank, Navy Federal, ATB Financial, Unitransfe Europe: Banque de France, UBS AG, Nordea AB, Banco de Espana, DZ Bank AG Asia: HongKong Shanghai Bank (HSBC), Bank Mandiri (Persero) PT, Researve Bank of India, Malayan Banking Berhad KL HQ, PT. Lippo Bank Latin America: Bradesco Since 1987, ACL has been used to audit and augment compliance programs and perform detailed transactional analytics. The low entry price of ACL technologies and applications configured s system and rapid ROI makes our solution more accessible and accessible to small to mid-sized markets, though larger institutions can also benefit to augment existing processes. Small to mid-sized financial institutions ($1 B+). Initial full scale ACL implementations in retail financial institutions (e.g. banks) and money service businesses. Also pursuing broader range of financial services including brokerages, insurance companies, credit card issuers, mutual fund companies, independent financial advisors, etc. Key differentiators include: Low entry price, rapid ROI, ability to run independently of existing systems, ability to analyze data from across data sources & platforms, and flexibility to be a full AML compliance technology solution or augment and audit existing AML solutions. ACL has a suite of analytical techniques representing best practices in transactional analysis. We collaborate with our customers to determine the most appropriate techniques and tests to fit the specific requirements. This process may involve 1) assessment (business objectives definition)
29
ACL
2) requirements (solution design document) 3) configuration (functioning application) and 4) implementation (continuous monitoring). Yes. The flexibility of ACL applications allow customers to fully contribute to the operational requirements of the solution. The purpose of the implementation strategy is to identify specific, customer requirements and incorporate them into the standardized best practices offered by ACL. Our applications offer the flexibility for users to have pre-defined monitoring criteria; flexible parameters for user input of criteria; and functionality to support ad-hoc analysis on an ongoing basis. Clients can also adjust analytical models, tune filter parameters to refine results, and create ad hoc tests. The user can interact with the application through a workbench, client server interface or java enabled browser interface. Yes ACL Professional Services Group provides implementation and consulting support to clients to analyze their current compliance program and determine the most appropriate ACL solution for each client. ACL also provides training and system support services. ACL conducts rigorous internal QA testing and user acceptance testing with clients. Yes Yes Yes ACL software is highly scalable with the number of concurrent users being determined by customer needs. There is no set limit for concurrent user processing. ACL reads unlimited volumes of data and its analytical capacity is restricted solely by the data limits of the operating system or hardware platform. New data fields, new data sources and new applications can be quickly added as business requirements change and legislation evolves. ACL Professional Services Group works with our clients to manage new regulatory requirements and updates where appropriate. ACL can be easily adapted to address new threats or challenges posed by changing regulatory requirements and new business rules. ACL software is highly scalable with the number of concurrent users being determined by customer needs. ACLs continuous monitoring capabilities allow users to monitor 100% of their data, view and identify control exceptions, abnormal behavioral patterns, and investigate suspicious transactions. Clients can change the workflow or monitoring process in order to improve efficiency, refine the behaviors it wants to observe, weight certain items higher then others in the analysis process, and change the output report to focus on items it views as important, and much more. There are no fees based on the number of transactions. ACL pricing structure will vary by client, depending on the scale of implementation to include any/all of the following: Software License Fees Consulting/Implementation Fees User Training Support Services Annual fees are required to maintain Support services. Yes
Is your product customizable? How much input does the customer have in the development of the organizations software package? How much say does the customer have in the look, feel and behavior of the solution?
Is the solution installed on site? What type of quality assurance will your product provide my company? What steps are taken to test the final product before production?
Is confidential information shared over a secured line? Does your software solution work with on-line data? Can your solution process information using the batch processing method? How does the software accommodate change and growth within the clients organization?
How do they adapt to new threats and changes to regulatory requirements? How do they keep their clients informed of these changes? How scalable and flexible is your software? For example: Can the client change the workflow or monitoring process in order to improve efficiency or refine the behaviors it wants to observe? Can the client weight certain items higher then others in the analysis process? Can the client change the output report to focus on items it views as important?
What fees are involved with this product? Explain whether there are annual licensing fees? Explain whether there are fees based on the number of transactions?
Would it be possible for the client to see a demonstration of the product, with actual test data?
30
ACL
Does the client have a free look period or trial period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information? How are you updated on industry or environmental changes around the issue of money laundering? When new versions of software are developed, does the client have final authority on implementation of the new versions? Yes 1 4 months ACLs liability is limited to the amount of the license fees paid by the customer for the software. ACL holds exclusive licensing rights to its products and services. ACL has available non-disclosure agreements and privacy policies. ACL practice leaders and subject matter experts regularly track regulatory requirements and changes to keep abreast on the issues pertaining to money laundering. Yes, the client has the final authority on implementation of new versions.
Technical Data
Architecture Server Operating System Recommended Server Hardware Client Platform Client GUI Type Client GUI Programming Language Server Programming Language Database Client-server or web-based. ACL can be used as a standalone and network application. Native interfaced for OS/390 and Windows and Unix IBM System 390 and compatible machines. Any Windows-based server platform. Microsoft Windows 98, ME, Micorsoft Windows NT and Windows 2000. Windows/Java C++ / C and Visual Basic for client/server interface and custom application dialogues. JAVA for web interface. C++ / C ACL software does not use an internal database to perform analytics. Data is read in a variety of formats and file types spanning from legacy data to flat files to relational databases and XML. ACL allows the client operating system to define user access / authentication ACL allows the client operating system to define user access / authentication. In the ACL server, user access and priveledges are based on the users O/S access rights. Yes Yes Varies on the scale of implementation Yes Varies on the scale of implementation and resources required AML solutions run from $25k-100k, depending on the O/S, the number of data sources, and number of users. Varies on the scale of implementation The ACL Desktop Edition can be configured to act as a client application to the ACL Server Edition. Connectivity is via TCP/IP. The ACL Server can access flat files, VSAM data, and print image files on the mainframe. It also has direct database interfaces to IMS, DB2, and ADABAS database systems. The ACL Desktop edition can access data on the mainframe through the client/server connection, or alternatively, via ODBC when accessing
Security: Password Protection Method Security: Access Control Based on Different User Privileges
Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates Application License Cost Application Maintenance Fee Other Points to Emphasize That are not Covered by the Questionnaire
31
ACL
compliant relational database systems. The ACL Desktop Edition also features an application level data access add-on to SAP R/3 systems called Direct Link for SAP R/3. ACL software reads transactional data from any source. Typical data access is at the database level and is unaffected by the applications front ending the input and processing of data. ACL software reads transactional data from any source. Proprietary ACL software reads transactional data from any source. Typical data access is at the database level and is unaffected by the applications front ending the input and processing of data. ACL software reads transactional data from any source. Typical data access is at the database level and is unaffected by the applications front ending the input and processing of data. Flat File/Queue/API/SQL/direct database interface to IMS, DB2 and ADABAS rdbms, and Oracle. Adhoc (real time) /Batch (continuous) Models, Formulas, Deviation Analysis Rules easily established and edited in ACL syntax language. Customer specific depending on the application and business environment. Standard tests are already defined. We bring a toolkit to collaboratively define risks. Exception reporting, electronic notification. All SAR, customs, internal/other custom designed for internal use E-mail/Printer-Mail/Electronic/User Interface Both Automatic and User Initiated Yes ACL can be configured to automatically check OFAC Yes. Typically done through automated data access to other data sources and compared against customer data sets. Yes. Extensive export capabilities Dependent on delivery mechanism and format Any ACL provides full flexibility to met regulatory requirements (eg. FINCEN, USA Patriot Act, OFAC) customized for each client installation. ACLs analytics engine is highly flexible and can instiute sophisticated KYC rules so that anomalous transactions may be uncovered when tested against know and established customer patterns. XML/Any-Integrated Parsing Definition Flat File/Queue/API/SQL/direct database interface to IMS, DB2, ADABAS rdbms. Adhoc (real-time)/Batch (continuous) Customer dependent, electronic notifications Application dependent, electronic notifications, data outputs All SAR, customs, internal/other custom designed for internal use Exception reporting, electronic notification Both Automatic and User Initiated
Type of Transaction Monitor Name of Monitor Used Transaction Types Monitored
Message Types Monitored
Interface to Receive Transaction Data Analysis Occurrence Rule Definition Method Ease of Changing Rules Best Practices for Monitoring Rules
Method for Managing Suspicious Transactions Types of Built-in Surveillance Reports Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check? Interface with External Resource Ability to Send Data to Other Applications? Interface to Send Data Data Types Sent Types of Built-in User Reports
Method for Enforcing Quality of Customer Information
Received Data That Can Be Understood Interface to Receive Customer Information Analysis Occurrence Method for Managing Suspicious Customers Method for Managing Incomplete Customer Data Types of Built-in Surveillance Reports Surveillance Reporting Method Surveillance Reporting Occurrence
32
ACL
Built-in OFAC Check Interface with External Resources (for example OFAC, other suspicious customer database(s) maintained by 3rd parties, including government lists) Interface to Send Data Data Types Sent Types of Built-in User Reports ACL can be configured to automate OFAC checking Yes. Typically done through automated data access to other data sources and compared against customer data sets. Application specific via data extracts or exports. XML, Text, Word, delimited, MS Access, Excel, standardized exception reports Full flexibility to met regulatory requirements (eg. FINCEN, USA Patriot Act, OFAC) customized for each client installation. Can include list of suspicious customers, list of missing customer information, etc. ACL can also exclude exempt customers through filters (institutions discretion). ACL software does not require a central data repository. Record storage is managed as part of each clients operating system to best meet the needs of each client. ACL software does not require a central data repository. Record storage is managed as part of each clients operating system to best meet the needs of each client. Flat File/SQL SQL/Other Query Type/GUI Selection All SAR/CTR/custom designed for internal use ACL provides full flexibility to met regulatory requirements (eg. FINCEN, USA Patriot Act, OFAC) customized for each client installation. ACL offers full training services, including web-based training as well as instructor-led and on-site training. Training Suspicious Customer Database ACL software reads transactional data from any source. ACL has developed automated and integrated functionality to access to the most up-to-date Watch lists for use in watch list monitoring. SQL/Flat File No ACL is read-only, preserving the integrity of the audit trail Both Automatic and User Initiated
Transaction Types Stored
Message Types Stored
Interface to Receive Transactions Lookup Method Types of Built-in Surveillance Reports Types of Built-in User Reports Subject Type Suspicious Customer Database Source of Suspicious Customer Information
Interface to Receive and Send Information Ability to Update Central Database? Update Occurrence
33
Ciant Corporation
Number of employees: Less than 50 Year founded: 1994 1750 North Collins, Suite 116 Richardson, Texas 75080 USA Tel: 972-235-5555 Fax: 972-437-3707 E-mail: info@ciant.com Website: www.ciant.com
CIANTs DataScout solutions reduce cost of compliance, flexibly enable Customer Identification and KYC Programs, and allow enterprise-wide convergence of Risk and Fraud Systems. CIANTs DataScout Compliance solutions include: Periodic audit reviews of customer/prospect databases and transaction records for fulfillment of company Compliance Policies; API Based In-House Installation for concurrently checking with OFAC/other watch lists, and internal fraud/delinquent files Out-Sourced Web-based Solutions, interactive and batch processes
DataScout
Application Name(s) Application Types Types of Customers Number of Customers Number of Fortune 500 Customers Architecture Server Operating System Recommended Server Hardware Minimum and Recommended RAM Minimum and Recommended Hard Drive Client Platform Client GUI Type Client GUI Programming Language Server Programming Language Database Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates Application License Cost Application Maintenance Fee Type of Transaction Monitor Name of Monitor Used Transaction Types Monitored Interface to Receive Transaction Data Analysis Occurrence Rule Definition Method Types of Built-in Surveillance Reports Surveillance Reporting Method DataScout OFAC Filtering, CIP/KYC Applications, Fraud Solutions Bank,Brokerage,Insurance, Money Transfer, Government, Private Equity Customer list available through contacting CIANT directly Customer list available through contacting CIANT directly Client-server, and Web-Services Windows/UNIX, Linux Server Agnostic Flexible Sizing Flexible Sizing Windows/UNIX Windows and Browser-Based JSP, Java Swing, Microsoft Browser DLL s Java and Microsoft DLL All Major Database Vendors Accepted Yes Yes Yes Yes Flexible Pricing Professional Services Available Flexible Pricing Flexible Pricing Models Flexible Annual Maintanance Fees Rules Based, Text-Based, Phoenetics Proprietary Flexible Transaction Processing Flat File,Queue,API Real-time and Batch Rules-based, Pattern-Matching and Programming API Ability to create all required govenmental reports and custom/Ad-hoc reports E-mail, FTP, API Messaging
34
CIANT
Surveillance Reporting Occurrence Built-in OFAC Check? Interface with External Resource Ability to Send Data to Other Applications? Interface to Send Data Data Types Sent Types of Built-in User Reports Method for Enforcing Quality of Customer Information Received Data That Can Be Understood Interface to Receive Customer Information Analysis Occurrence Method for Managing Suspicious Customers Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check Interface with External Resources (for example OFAC, other suspicious customer database(s) maintained by 3rd parties, including government lists) Interface to Send Data Data Types Sent Types of Built-in User Reports Transaction Types Stored Message Types Stored Interface to Receive Transactions Lookup Method Types of Built-in Surveillance Reports Types of Built-in User Reports Subject Type Source of Suspicious Customer Information Interface to Receive and Send Information Ability to Update Central Database? Update Occurrence Other Comments Automatic and User Initiated Yes OFAC, All required governmental lists, additional world lists, and selected private lists Yes Flat File or API Ability to send in any data type All required Reporting types available and custom/ad-hoc reporting where required Patent-pending algorithms for handling and enforcing data quality Parsed or un-parsed data can be imported Flat File, Queue, API Real-time and Batch Risk Score Reporting Email, Reports, and API Messaging Automatic or User Initiated Yes Yes, including all major world watch lists
Flat File/Queue/API/SQL Ability to handle any formats List of Suspicious Customers/List of Missing Customer Information Flexible Ability to Store one/many types Ability to handle any message type Flat File,Queue, API GUI Selection and Web-based SAR,CTR, and Custom Designed Reports Number of Transactions Stored by Date, Risk Scoring Reports, etc. COMPUTER BASED TRAINING Flexible Training plans available On-site training or web-based Member Banks, OFAC, World Watch Lists, PEPs Flat File, API, FTP Yes Automatic and User Initiated
35
Comprehensive Software Systems, Inc.

Number of employees: 154 Year founded: 1993 25178 Genesee Trail Road Golden, CO 80401 Tel: (866) 733-7277 Fax: (212) 618-1705 E-mail: sales@csssoftware.com Website: www.csssoftware.com
Comprehensive Software Systems, Inc. (CSS) offers Q Securities Processing Software architected specifically for the financial services industry. We offer Q Front which includes functionality such as account administration, customer relationship management (CRM) market analysis, portfolio management, document processing and 2-click access to trading designed to increase a firms productivity and profitability. Q Middle and Q Back are built to streamline the order management process, reduce risk, ensure compliance and improve overall business efficiency.
Q Securities Processing Software

Describe your solution (database, transaction monitoring, case management, investigative) Application Name(s) Application Types Types of Customers Number of Customers Number of Fortune 500 Customers Who are some other clients that use your solution? How long has your solution been on the market? Are you a small, medium or a large market solution? Who is your ideal customer? What separates you from your competitors? CSS has developed a rules-based system. Reports filter data to help spot suspicious activity, ensure required information capture, and monitor high-risk accounts. The system maintains historical proof of compliance with the Act. Q Securities Processing Software Transaction Monitor/KYC Brokerage/Bank/Insurance 8 3 None to date Since 2002 Medium Securities Broker/Dealer, Bank Broker/Dealer Easy reference to imaged documents and case notes. Real-time customer views and CSS is developing a flexible data mart in which to store all AML-necessary data. Data and processes are well defined and consistent. Analysis of AML regulations with a focus on capturing and analyzing the required customer information was well as building in flexible date and money ranges to spot suspicious activity. Very flexible. Customers have available a proven method of input for enhancements and improvements to our product. Departments have the ability to work together in a Web-based, collaborative environment to track suspicious activity. Yes Exhaustive beta testing is done on real data as supplied through our existing customers Yes Yes Yes User defined data and money ranges. Customer required information (Account Profile data base) is totally configurable by user. Reports and levels of access to the investigation(s) are entitled by user.
Explain the process you used in developing this solution?
Is your product customizable?
Is the solution installed on site? What type of quality assurance will your product provide my company? What steps are taken to test the final product before production? Is confidential information shared over a secured line? Does your software solution work with on-line data? Can your solution process information using the batch processing method? How does the software accommodate change and growth within the clients organization?
36
COMPREHENSIVE SOFTWARE SYSTEMS, INC.

How do they adapt to new threats and changes to regulatory requirements? How do they keep their clients informed of these changes? How scalable and flexible is your software? Experienced legal and compliance experts who stay in contact with securities laws changes. Quarterly meetings with clients in order to stay abreast of any regulatory rule proposals. Data ranges and money thresholds can all be set by the user. Customer identification data is also customizable and can be checked against the users database. User may choose which reports to emphasize and organize customer information in one comprehensive screen. Application fess are based on per install/license. Consulting fees are standard. Training fees are minimal. Yes Free look is not necessary as value is presented prior to contact
What fees are involved with this product? Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a free look period or trial period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information? How are you updated on industry or environmental changes around the issue of money laundering? When new versions of software are developed, does the client have final authority on implementation of the new versions? What type of training is involved with the software? Are there charges for customer service or training-related interactions?
Varies Proprietary software. Company does hold the exclusive licensing rights to our software. Secure lines Attend brokerage industry seminars. Subscriptions to industry publications. Automatic electronic notification by NASD of rule changes. User group has opportunity for input on all releases and we require approval CSS Professional Services staff supports in all details of conversion, implementation and training process. We work hand-in-hand and onsite.
37
Technical Data
Architecture Server Operating System Recommended Server Hardware Minimum and Recommended RAM Minimum and Recommended Hard Drive Client Platform Client GUI Type Client GUI Programming Language Server Programming Language Database Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates Application License Cost Application Maintenance Fee Type of Transaction Monitor Name of Monitor Used Transaction Types Monitored Message Types Monitored Interface to Receive Transaction Data Analysis Occurrence Rule Definition Method Ease of Changing Rules Best Practices for Monitoring Rules Method for Managing Suspicious Transactions Types of Built-in Surveillance Reports
Client-server Microsoft Windows, Datacenter 2000, Advanced Server SunFire 15K or RS6000 or Pentium IV 1 ghz or Xeon 256MB/512MB 1GB/20GB Microsoft Windows, Datacenter 2000, Advanced Server Windows Visual Basic C++ SQL Server Yes Yes Yes Yes Minimal; Generally less than $10K Yes Standard Per Install Per License Rules based Proprietary Payments/FX Trades/Securities Trades/Deposits/Withdrawals SWIFT /Fedwire/FIX/Any Flat File Real-time/Batch Programming API Easy User defined Report driven KYC Information, Foreign Account Activity, P.O. Boxes Accounts, ACH Activity, Foreign Correspondence., Missing Information, Private Banking Accounts, Outgoing Money Movements, Currency Activity, etc. Electronic User Initiated No OFAC/Other Suspicious Customer Database(s)/Third party name checking DB system Yes Flat File XML List of Suspicious Transactions Mandatory information fields. Missiing information exception reports
Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check? Interface with External Resource Ability to Send Data to Other Applications? Interface to Send Data Data Types Sent Types of Built-in User Reports Method for Enforcing Quality of Customer Information
38

Received Data That Can Be Understood Interface to Receive Customer Information Analysis Occurrence Method for Managing Suspicious Customers Method for Managing Incomplete Customer Data Types of Built-in Surveillance Reports Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check Interface with External Resources (for example OFAC, other suspicious customer database(s) maintained by 3rd parties, including government lists) Interface to Send Data Data Types Sent Types of Built-in User Reports Transaction Types Stored Message Types Stored Interface to Receive Transactions Lookup Method Types of Built-in Surveillance Reports Types of Built-in User Reports Subject Type Source of Suspicious Customer Information Interface to Receive and Send Information Ability to Update Central Database? Update Occurrence XML Flat File Real-time/Batch Reports: In-house written policy determinant Exception Report Internal Printer-Mail/Electronic User Initiated No No
Flat File/Queue/API/SQL XML/SWIFT/Any-Integrated Rendering Definition List of Suspicious Customers/List of Missing Customer Information Payments/FX Trades/Securities Trades SWIFT MT100/Fedwire/FIX/Any Flat File SQL custom designed for internal use Number of Transactions Stored by Date KYC/Compliance Test/Training User-defined Flat File Yes Automatic
39
Condor Business Solutions S.A. de C.V

Number of employees: 25 Year founded: 1997 Montecito 38, 22nd floor, Suite 3 Ncipolis, C.P. 03810 WTC Mexico, Mexico D.F. Tel: 5488-3151 Fax: 5488-3151 E-mail: condorbs@condorbs.com Website: www.condorbs.com.
Condor Business Solutions is an innovative technology & financial consultant firm, among a full set of products and services, like AML training and advising, we count with MINDS, a high level anti-money laundering monitoring application, that is so simple yet powerful, to fulfill all the needs in this matter, MINDS detect suspicious activities, cash flow, KYC & documents administration and relationship between clients, easy and affordable, compliant with most of Latin-American laws & regulations.
Minds
Describe your solution (database, transaction monitoring, case management, investigative) Minds is a Multidimensional mathematical system to analyze customer behavior via the creation of individualized patterns per product variable per customer. It also creates a tracking database for following up flagged transactions (flag, analysis, decision, reporting) A unique multi-dimensional mathematical approach to analyze customers behavior and a very flexible platform that can be mounted on virtually any database. The mathematical model is based on the premise that ML can be spotted mainly when there is a change in customers behavior. With this in mind, Minds determines what is historically normal for each client. Minds Transaction Monitor/KYC Bank/Brokerage/Insurance/Money Remittance 13 12 JP Morgan Chase, Deustche Bank Comerica Bank, Ixe Banco and Bancomext in Mexico among others. Since 2001 Small
Application Name(s) Application Types Types of Customers Number of Customers Number of Fortune 500 Customers Who are some other clients that use your solution? How long has your solution been on the market? Are you a small, medium or a large market solution? What separates you from your competitors? Explain the process you used in developing this solution? Is your product customizable?
Is the solution installed on site? What type of quality assurance will your product provide my company? What steps are taken to test the final product before production? Is confidential information shared over a secured line? Does your software solution work with on-line data? Can your solution process information using the batch processing method? How does the software accommodate change and growth within the clients organization? How do they adapt to new threats and changes to regulatory requirements? How do they keep their clients informed of these changes?
Minds is fully customizable to fit most clients needs. It is a system conceived to be the most flexible solution, from an architectural standpoint as well as from a database structure. Yes An analysis of your company is performed prior to installation. In the process each and every step is tested and reported to the client for approval before continuing. Yes No Yes Minds was conceived modular, to fit all product lines typically handled by a financial institution. Virtually, any product can be easily incorporated in the system for analysis. Our experts team is continuously trained to have always the up-to-date information about trends and coming up regulations.
40

How scalable and flexible is your software? Minds allows clients to create Customers groups to analyze them more closely; in fact, it can be done per customer, allowing analyzing as detailed as necessary. New behaviors can be implemented. We have several options to choose from depending on the clients necessities (ASP, Leasing, yearly fee, among others). Yes No
What fees are involved with this product? Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a free look period or trial period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information? How are you updated on industry or environmental changes around the issue of money laundering? When new versions of software are developed, does the client have final authority on implementation of the new versions? What type of training is involved with the software? Are there charges for customer service or training-related interactions?
2-3 months Minds is an analysis tool already tested and working, however, there are no bullet proof solutions for ML. Yes, Condor Business Solutions holds all the licensing and copyrights. We are very conscious about the sensitivity of the information we are handling, Hence, we sign with ALL our customers a confidentiality agreement and so we do it with all of our associates. Our experts team is continuously trained to have always the up-to-date information about trends and coming up regulations We continuously improve to offer the best solution available for banks. We guarantee that full support will be available for a period for each version. Thus, the client has certainty about the investment they are making.
41
Architecture Server Operating System Recommended Server Hardware Minimum and Recommended RAM Minimum and Recommended Hard Drive Client Platform Client GUI Type Client GUI Programming Language Server Programming Language Database Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates Application License Cost Application Maintenance Fee Other Points to Emphasize That are not Covered by the Questionnaire Type of Transaction Monitor Name of Monitor Used Transaction Types Monitored Message Types Monitored Interface to Receive Transaction Data Analysis Occurrence Rule Definition Method Ease of Changing Rules Types of Built-in Surveillance Reports Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check? Interface with External Resource Ability to Send Data to Other Applications? Interface to Send Data Data Types Sent Types of Built-in User Reports Method for Enforcing Quality of Customer Information Received Data That Can Be Understood Interface to Receive Customer Information Analysis Occurrence Method for Managing Suspicious Customers Method for Managing Incomplete Customer Data Types of Built-in Surveillance Reports
Technical Data
Client-server Window/Linux Pentium IV 1ghx/Xeon 256MB/512MB 20GB Windows Windows Visual Basic C++ Oracle/SQL Server Yes Yes Yes Yes Yes Yes Case by case $50,000-$65,000 10% of License Developed in Mexico, search and detect unusual operation, cash flow and worry some. Artifical Intelligence/Rules based/Statistical Profiling Proprietary Payments/FX Trades/Securities Trades Any Flat File/Queue/API/SQL Batch Rules Definition Language/Programming API Easy Other: Report Printer/Electronic User Intiated Yes DB system Yes Flat File/Queue/API/SQL Any-Integrated Rendering Definition List of Suspicious Transactions KYC rules and alarms Any Integrated Parsing Definition Flat File/API/SQL Batch Alarm Report Alarm Report Proprietary
42

Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check Interface with External Resources (for example OFAC, other suspicious customer database(s) maintained by 3rd parties, including government lists) Interface to Send Data Data Types Sent Types of Built-in User Reports Transaction Types Stored Message Types Stored Interface to Receive Transactions Lookup Method Types of Built-in Surveillance Reports Types of Built-in User Reports Subject Type Source of Suspicious Customer Information Interface to Receive and Send Information Electronic User Initiated Yes No
Flat File/API/SQL Any-Integrated Rendering Definition List of Suspicious Transactions Payments/FX Trades/Securities Trades Any Flat File/API/SQL SQL/GUI Selection KYC/Compliance Test/Training OFAC API/SQL/Flat File Yes Automatic
43
Gifts Software
Number of employees: 35 Year founded: 1995 360 Lexington Avenue, 6th Floor New York, NY 10017 Tel: 646-865-1301 Fax: 646-865-1308 E-mail: sstone@giftssoft.com Website: www.giftssoft.com
Gifts Softwares anti-money laundering & OFAC solution is changing the way companies address growing regulatory requirements like the USA PATRIOT ACT of 2001. Comprised of four powerful modules, BSA Inquiry, Transaction Profiler, Transaction Patterning, and OFAC Module, GIFTSWEBB EDD is the solution to Knowing Your Customer! For a free online demo of how this solution can work for you, contact Paul Campanaro or Paul Gdanski at 646-865-1301, Ext. 217 or 240. Visit us at www.giftssoft.com.
GIFTSWEB EDD
Describe your solution (database, transaction monitoring, case management, investigative) Application Name(s) Application Types Types of Customers Number of Customers Who are some other clients that use your solution? GIFTSWEB EDD is a web-browser based solution that allows institutions to proactively detect suspicious transaction and account activity & respond to regulatory subpoenas. GIFTSWEB EDD consists of four modules: BSA Inquiry, Transaction Profiler, Transaction Patterning, & OFAC Module. GIFTSWEB EDD Enhanced Due Diligence Anti-Money Laundering & OFAC Solution Transaction/ CIF/Accounts Monitoring/Repository/KYC/OFAC Bank/Brokerage/Insurance Over 35 Some of our clients are: Banca Intesa; Banco Santander Central Hispano; Bank of Communications; Danske Bank; Dresdner Bank; Habib Amercian Bank; IDB Bank; National Bank of Kuwait; Sun Bancorp; Union Bank of California GIFTSWEB EDD was introduced in February 2001 Our solution is operational in small, medium and large institutions. GIFTS provides solutions to all tiers of the market. The GIFTS team combines over 100 years compliance experience. Our staff has the business & technical expertise to understand our clients AML & OFAC needs. We provide the highest level of 24 hour support. GIFTSWEB EDD was developed with the input of over 15 various sized banks that provided detailed AML/KYC requirements via several focus groups and extensive research of regulatory practices. Many best practice scenarios are delivered with the system. Yes. The system is delivered with a flexible rules based engine that allows the user to develop custom queries to look for unusual activity by transaction type, product group or unusual fluctuations in customer and transaction activity. Yes Our internal staff performs quality assurance testing before a version is released. When the product is delivered to the institution, GIFTS staff runs a set of test cases before the system is handed over for user acceptance. No Yes Yes GIFTSWEB EDD architecture is flexible and scalable so changes and growth can be accommodated.
How long has your solution been on the market? Are you a small, medium or a large market solution? Who is your ideal customer? What separates you from your competitors?
44
GIFTS SOFTWARE
How do they adapt to new threats and changes to regulatory requirements? How do they keep their clients informed of these changes? How scalable and flexible is your software? Our staff attends several seminars every year and subscribes to regulatory notices and white papers. In addition, GIFTS receives feedback from the GIFTS user group. Updates are also placed on our website and sent via email. A Flexible rules engine is provided to allow the customization of the system to meet individual requirements of the user client. The workflow process is user definable. A Risk rating analysis is provided. There is only a one time perpetual license fee. There is no recurring annual license or fee based on number of transactions. Yes If required this can be arranged.
What fees are involved with this product? Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a free look period or trial period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information? How are you updated on industry or environmental changes around the issue of money laundering?
An average implementation cycle is approximately 6 to 10 weeks. GIFTS License Agreement provides liability protection. Yes. GIFTS Software holds the exclusive licensing rights to the GIFTSWEB EDD System. The standard GIFTS License agreement provides for both of these issues. We are active participants in several anti-money laundering organizations, for example, ACAMS, Money Laundering Alert, etc. and are constantly being apprised of impending changes through these organizations and our numerous GIFTSWEB EDD users. New versions of the software that include mandatory regulatory changes to the core product are provided under the standard software maintenance agreement. No new versions are installed without a prior approval of the client. The system is designed so that it can be used intuitively by the client. In addition user training is provided at a fixed cost.
When new versions of software are developed, does the client have final authority on implementation of the new versions?
What type of training is involved with the software? Are there charges for customer service or training-related interactions?
45
GIFTS SOFTWARE
Architecture Server Operating System Recommended Server Hardware Minimum and Recommended RAM Minimum and Recommended Hard Drive Client Platform Client GUI Type Client GUI Programming Language Server Programming Language Database Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates Application License Cost Application Maintenance Fee Other Points to Emphasize That are not Covered by the Questionnaire Type of Transaction Monitor Name of Monitor Used Transaction Types Monitored Message Types Monitored Interface to Receive Transaction Data Analysis Occurrence Rule Definition Method Ease of Changing Rules Best Practices for Monitoring Rules Method for Managing Suspicious Transactions Types of Built-in Surveillance Reports Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check? Interface with External Resource Ability to Send Data to Other Applications? Interface to Send Data Data Types Sent Types of Built-in User Reports
Technical Data
Thin client Web Browser based Windows 2000. Unix version (Avail Q3,2003) Pentium IV, IBM pSeries, Sun 1 GB 20GB minimum. Windows 98, 2000, XP Windows/Browser Javascript. Web Browser Java, XML, Stored Procedures MS SQL Server 2000, ORACLE 9 Yes Yes Yes Yes Training included Yes To be provided Tiered Pricing based on institutions size Annual Maintenance is a per centage Web browser based user iterface which is extremely easy to understand and use. Robust application successfully used by many institutions. Rules/Fuzzy logic/business profiles and patterns GIFTSWEB EDD Any transactions such as Payments, wires, Cash, ATM, Checks, deposits FX Trades,Securities Trades SWIFT,Fedwire,CHIPS, ACH, Any other MQ series, API, SOAP service, sockets, FTP, ODBC, etc. User defined. Real time or as scheduled activity A set of best practice rules delivered. Users/compliance staff can define their own rules. Flexible rules created by non-technical user / compliance staff Yes Electronic Folders for case processing, notes, Aging reports & Alerts. Generation of SARs, CTRs. Several internal reports are available in addition to SAR/PACS interface/CTR Electronic, E-mail, Printer-Mail User defined Yes Yes several. Some examples are Treasury list/ OFAC list, FINCEN list, Thomson lists, World check list. Yes MQ series, API, SOAP service, sockets, FTP, ODBC, etc. XML, Flat file delimited, SWIFT formats are some examples There is a suite of reports including List of Suspicious Transactions/CIF activity, OFAC hits, Pattern and profile exceptions, others
46
GIFTS SOFTWARE
Method for Enforcing Quality of Customer Information Received Data That Can Be Understood Interface to Receive Customer Information Analysis Occurrence Method for Managing Suspicious Customers Method for Managing Incomplete Customer Data Types of Built-in Surveillance Reports Monitoring of incomplete documentation, duplicate information, CIP , business profile, risk rating, etc. XML, Flat file delimited, SWIFT formats are some examples MQ series, API, SOAP service, sockets, FTP, ODBC, etc. User defined. Real time or as scheduled activity Electronic Folders for case processing, notes, Aging reports & Alerts. Generation of SARs. System provides alerts and reports on incomplete data. There is a suite of reports available including risk analysis, business pattern exception, incomplete documentation, multiple accounts with varying Ids & addresses ,etc. Electronic XML /E-mail/Printer-Mail Automatic/User Initiated Yes Yes several. Some examples are Treasury list/ OFAC list, FINCEN list, Thomson lists, World check list, PEPs. MQ series, API, SOAP service, sockets, FTP, INTERNET download, ODBC, etc. XML, Flat file delimited, SWIFT formats are some examples There is a suite of reports available including risk analysis, business pattern exception, incomplete documentation, multiple accounts with varying Ids & addresses ,etc. Any transactions such as Payments, wires, Cash, ATM, Checks, deposits FX Trades,Securities Trades All financial transactions, including wire transfers transactions such as Fedwire, CHIPS, ACH, SWIFT, etc. MQ series, API, SOAP service, sockets, FTP, ODBC, etc. Users / compliance staff can generate any type of queries using a browser SAR/CTR/Online XML Report There is a suite of reports including List of Suspicious Transactions activity, OFAC hits, Pattern and profile exceptions, others KYC/Compliance Yes Test/Training Yes Yes several. Some examples are Treasury list/ OFAC list, FINCEN list, Thomson lists, World check list, PEPs. MQ series, API, SOAP service, sockets, FTP, INTERNET download, ODBC, etc. Yes Automatic using Universal Interface
Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check Interface with External Resources (for example OFAC, other suspicious customer database(s) maintained by 3rd parties, including government lists) Interface to Send Data Data Types Sent Types of Built-in User Reports
Transaction Types Stored Message Types Stored Interface to Receive Transactions Lookup Method Types of Built-in Surveillance Reports Types of Built-in User Reports Subject Type Source of Suspicious Customer Information Interface to Receive and Send Information Ability to Update Central Database? Update Occurrence
47
IDOM, Inc.
Number of employees: 75 Year founded: 1988 Contact: Vincent Raniere, President & CFO Tel: 973-648-0900 Fax: 973-648-0033 E-mail: info@idomusa.com Website: www.idomusa.com
IDOM, Inc. is a leading provider of banking automation products and management consulting services. In business since 1988, the company, headquartered in Newark, N.J., and with subsidiary locations in Miami and London, is comprised of career bankers and systems specialists with expertise in compliance, financial operations, management, disaster preparedness, accounting and reporting. Software products include DOC-Tracker documentation and compliance management software, and REG-Reporter, an automated regulatory reporting solution.
DOC-Tracker
Describe your solution (database, transaction monitoring, case management, investigative) Application Name(s) Application Types Types of Customers Number of Customers Number of Fortune 500 Customers Who are some other clients that use your solution? DOC-Tracker: A modular, client-server application that manages supporting documentation, and denotes status of compliance with KYC/EDD policies and business controls. It can also effectively manage workflow, and tracks Trade, Credit and other types of documentation. DOC-Tracker KYC Document Management and Tracking Bank/Brokerage/Insurance/Money Remittance/Government/Gaming 80+ 2 IDOM has over 80 clients that utilize a range of our banking services. DOC-Tracker clients include organizations such as: Royal Bank of Canada, ABN Amro Bank, BNP Paribas and Nordea Bank. The system has been available for use for approximately five years (since 1998). All apply We strive to satisfy a wide range of global financial services businesses and institutions, small to large, including international and domestic banks, US-based securities firms, community banks, money services business and insurance companies. DOC-Tracker Manages supporting documentation and reports on their status by customers and related persons/entities (shareholders/beneficiaries/etc.); Records documentation discrepancies and automatically sets/controls required follow-up process; Facilitates access for legal/regulatory requests; Imaging integration. DOC-Tracker was designed to assist Compliance and Operations Officers with managing the abundance of documents required by regulators. The software was developed and is maintained by our professional Compliance and R&D Team in-house. Designed as a workflow solution to the management/control of compliance/ business related documents. Very flexible, allowing users to apply their particular documentation/information requirement policies to DOC-Tracker with minimal resources. Development centered on requirements of users/consultant feedback. Yes
How long has your solution been on the market? Are you a small, medium or a large market solution? Who is your ideal customer?
Is the solution installed on site?
48
IDOM
What type of quality assurance will your product provide my company? What steps are taken to test the final product before production? Is confidential information shared over a secured line? Does your software solution work with on-line data? Can your solution process information using the batch processing method? How does the software accommodate change and growth within the clients organization? IDOMs QA Team developed a test script that utilizes all of DOC-Trackers functionalities. These scripts are modified each time the application is enhanced. IDOM QA runs a quality assurance test prior to each client delivery. Yes Yes Yes DOC-Trackers flexibility allows users to manage and control documentation requirements for new products and services. It provides easy access to documentation records and associated statuses facilities for compliance and customer service departments. DOC-Trackers user definable tables easily adapts to compliment your workflow, policies & procedures; therefore the user has the flexibility to accommodate changes in regulations, internal policy and business requirements to meet their needs. It is a modular application: Client determines which documentation monitoring functions are required for their business needs. DOCTrackers flexibility lets users define information and documents that should be mandatory and optional, allowing client to increase process. DOC-Tracker is licensed per server and on a per concurrent user basis. Users have the flexibility in selecting the number of concurrent users and modules required. Annual Maintenance Fees apply. Yes No
How do they adapt to new threats and changes to regulatory requirements? How do they keep their clients informed of these changes? How scalable and flexible is your software?
What fees are involved with this product?
Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a free look period or trial period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information?
How are you updated on industry or environmental changes around the issue of money laundering?
What type of training is involved with the software? Are there charges for customer service or training-related interactions?
From an average of two months or more, depending on user requirements. The client assumes the sole responsibility for (a) the selection of the software to achieve clients intended results, and (b) the use of the software by client. IDOM holds exclusive licensing rights to DOCTracker. DOC-Tracker user access rights, established and maintained by the banks System Administrator, limits the functions the user can perform and the data it can access; therefore providing the bank the data privacy control features. IDOM is comprised of former banking professionals and government regulatory personnel who participate in trade organizations and keep abreast of industry changes. The company maintains a Compliance Support Services division offering anti-money laundering training/consulting services. Under the maintenance agreement, IDOM offers its clients version upgrades. It is at the clients discretion to accept upgrades. Version upgrades will not impede upon any client specific functions from prior releases. During implementation, IDOM provides on-the-job training. As part of Annual Maintenance Agreement, the IDOM Help Desk is available to provide support in software. Consultancy is available upon request based on a time and material basis.
49
IDOM
Architecture Server Operating System Recommended Server Hardware Minimum and Recommended RAM Minimum and Recommended Hard Drive Client Platform Client GUI Type Client GUI Programming Language Server Programming Language Database Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates Application License Cost Application Maintenance Fee Method for Enforcing Quality of Customer Information
Technical Data
Received Data That Can Be Understood Interface to Receive Customer Information Analysis Occurrence Method for Managing Suspicious Customers Method for Managing Incomplete Customer Data Types of Built-in Surveillance Reports Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check Interface with External Resources (for example OFAC, other suspicious customer database(s) maintained by 3rd parties, including government lists) Interface to Send Data Data Types Sent Types of Built-in User Reports Source of Suspicious Customer Information Interface to Receive and Send Information Ability to Update Central Database? Update Occurrence
Client-server Windows NT and Windows 2000 Pentium IV 1 GHZ 256MB 1GB Volume dependant Windows Windows PowerBuilder PowerBuilder SQL Server Yes Yes Yes Yes Time & Materials basis Yes Varies based on skill set Varies based on number of users / site locations 20% of the license fee Manages and records customer information/identification and all associated supporting KYC/EDD documentation and allows for direct access to images. Provides control over types of documents required and reports on the status of their condition. Any-Integrated Parsing Definition Flat File/API/SQL Real-time Schedules compliance reviews and allows for the recording of identification of all related parties to an account and verification against lists Reports on documentation quality and statuses of pending documentation Documentation Expirations/Discrepencies/Requirement Waivers/Followup Printer User Initiated Yes Yes, Interfaces with any 3rd party resource
Flat File/API/SQL Any-Integrated Rendering Definition Flexible and user defined reporting criteria for relaying status of supporting documentation and associated discrepencies. Member Banks/OFAC/News Reports API/SQL/Flat File/Manual lookup Yes Automatic & User Initiated (Both)
50
Kesdee
Number of employees: 75 Year founded: 1998 PO Box 910207 San Diego, CA 92191 USA Tel: 858-755-8527 Fax: 858-755-6973 E-mail: information@kesdee.com Website: www.kesdee.com
KESDEE is a leading financial e-learning provider to financial institutions worldwide. KESDEE offers a comprehensive suite of dynamic & interactive courseware for global finance professionals.
KESDEE Anti-Money Laundering Course

Describe your solution (database, transaction monitoring, case management, investigative) KESDEEs Anti-Money Laundering course enables compliance professionals to understand the various typologies in money laundering, laws applicable in different countries, FATF recommendations, International Conventions and UN Model Laws on the prevention of money laundering. Visit www.kesdee.com for a preview on the product catalogue and download a brochure on Anti Money Laundering. Product Features: Dynamic, innovative e-learning Interactive applets, graphics and practice exercises to enhance retention Glossary and real-life case studies Quizzes for self-appraisal Cost-effective Comprehensive & User-friendly Product Benefits: Enables financial institutions and businesses to realize all aspects of preventing money laundering. Reinforces the need for an employee-training program, which facilitates the detection and effective handling of money laundering attempts. Spells out employee's responsibilities for identifying and reporting suspicious transactions. Has a Global outlook with local relevance Helps senior managers and all the employees who conduct transactions on behalf of the customers. Finance Professionals from leading financial institutions, central banks, federal agencies, regulatory and supervisory agencies use KESDEEs web based training solution. Users include - UBS, OSFI, US Department of Treasury/Office of Thrift Supervision, US Federal Reserve System, Citigroup etc. Since July 2000. Medium Supervisory Agencies; Central Banks; Financial Institutions; Commercial and Investment Banks; Rating Agencies; Thrifts; Accountancy and Law Firms; Stock Exchanges; Mutual Funds; Brokerage Houses; Derivatives Exchanges, etc. A key competitive advantage is our exclusive focus on the financial services industry. KESDEE has superior quality content, reliable sources, updated, and proven content focused on the training needs of the financial industry. At KESDEE, we have a tailored risk based and adaptive project development methodology based on the Rational Unified Process. Our
Who are some other clients that use your solution?
51
KESDEE
project cycle is divided into multiple increments with one or more iterations within each increment. To address the niche training requirements, we work with our clients to tailor a range of customized financial training solutions. We provide customization of content, technology and user interface to suit the unique requirements of our clients. Yes KESDEE has a Quality Management System in place, which sets the standards to be followed in the development of the e-learning solutions. The quality assurance procedures followed are: Quality Reviews Testing Configuration Management Change Management QA Final inspection No No No The Internet version of the application is built to accommodate any foreseeable change and growth in the clients organization, however the scalability of the Intranet version depends upon the infrastructure availability at the client site. Our courses are upgraded regularly.
How do they adapt to new threats and changes to regulatory requirements? How do they keep their clients informed of these changes?
52
MANTAS
Mantas, Inc.
Number of employees: 120 Year founded: 2001 Private Company, Unit of SRA International Est. 1996 4300 Fair Lakes Court Fairfax, VA 22033 Tel: 1-866-4MANTAS; 703-322-4917 Fax: 703-502-7761 E-mail: info@mantas.com Website: www.mantas.com
Mantas' behavior detection technology provides financial services firms with the industry's most comprehensive solution for avoiding risk, meeting regulatory requirements, and enhancing customer relationships. Mantas meets this challenge by analyzing the behavior of customers, employees, and partners in every transaction, from every angle, across the entire enterprise. Mantas creates transparency by giving companies the ability to truly understand those transactions, increasing their ability to understand both their risks and their opportunities. Mantas customers include such global leaders as Citigroup, Merrill Lynch and the National Association of Securities Dealers. Mantas is headquartered in Fairfax, VA and is a majority-owned business of Safeguard Scientifics, Inc. Mantas' behavior detection technologies are designed specifically to help customers fight money laundering within banks and brokerages, protect against brokerage and bank fraud and assist in delivering compliant and effective execution for trading desks. The Mantas Behavior Detection Platform operates on an enterprise-wide basis, monitoring every transaction and account across a firm. Visit us at www.mantas.com.
Application Name(s)
Types of customers Number of Customers Number of Fortune 500 Customers Who are some other clients that use your solution? How long has your solution been on the market?
Are you a small. Medium or a large market solution? Who is your ideal customer? What separates you from your competitors?
Is your product customizable? How much input does the customer have in the development of the organizations software package? How much say does the customer have in the look, feel and behavior of the solution?
Is the solution installed on site?
Mantas Behavior Detection technology in the Money Laundering Monitor allows banks and brokerages to use sophisticated data mining and pattern detection techniques to monitor account transactions and customer activities across the enterprise and around the world for possible money laundering and suspicious behavior. Money Laundering Monitor; Broker Surveillance Monitor; Trading Compliance Monitor; Fraud Detection Monitor; Best Execution Agent; Customer Suitability Agent Bank/Brokerage/Insurance Fifteen All Customers ABN Amro; Citibank; Merrill Lynch; and many others. Mantas was incorporated in 2001, but its behavior detection technoloy has been in use since the early 1990s by the intelligence community and then applied to the financial services sector. Medium Large Market Solution. Mid-tier High end Banks; Brokerage Firms; Insurance; Exchanges Mantas Money Laundering is regarded as the leading global AML solution. Our domain knowledge of the financial services industry, technical expertise and regulatory experience appeal to the market leaders who wont settle for anything less than the best. Mantas Behavior Detection technology was originally develolped for the intelligence community and then successfully applied to the financial services environment. All Mantas products are coded, tested and proven successful in real-world environments by top firms around the globe. Built on a wealth of experience with top banks and brokerages, Mantas products are ready to implement from the start. The architecture is designed to be infinitely customizable, based on customer needs. Unlike others which have some limited flexibility at the start, Mantas can be customized in the configuration phase, implementation phase, and by the user on the fly. Yes
53
MANTAS
What type of quality assurance will your product provide my company? What steps are taken to test the final product before production? Mantas uses an iterative product development methodology based on the Rational Unified Process (RUP). Mantas approach stresses requirements definition and management, best practices for software development, configuration management, function and performance testing, and problem reporting and tracking. N/A Yes Yes Mantas Behavior Detection technology is open, customizable, infinitely expandable, and updateable. It can be configured for individual users, locations, regions and globally, at the start or over time. It is regularly updated to reflect user needs and marketplace changes. Mantas deep domain expertise and continuous interaction with regulators and users insures that the product exceeds regulatory expectations. Regular updates keep it current with the changing regulatory environment and evolving technology. And, the technology is designed to find new or previously undiscovered behaviors through complex transactional links over time. The Mantas platform can scale up or down, for a single user, one location, or around the world. For one client, it was designed to analyze more than 300 million records per day. For another, it will cover over 3,000 branches across 66 countries. Designed on an open platform, Mantas interacts with a wide variety of existing applications and is easy to integrate with future products. Variable
How scalable and flexible is your software? For example: Can the client change the workflow or monitoring process in order to improve efficiency or refine the behaviors it wants to observe? Can the client weight certain items higher then others in the analysis process? Can the client change the output report to focus on items it views as important? What fees are involved with this product? Explain whether there are annual licensing fees? Explain whether there are fees based on the number of transactions? Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a "free look" period or trail period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information? How are you updated on industry or environmental changes around the issue of money laundering?
Yes By negotiation
It varies by customer needs, infrastructure, data sources, etc. Typically 24 Months. Mantas holds full IP rights to all company products.
The client retains control of all their data. Mantasstrength is its subject matter experts who lead industry advisory groups, and interact with regulators and advocates on a day-to-day basis. Mantas also pioneered the product advisory concept incorporating real user feedback into the product development cycle. Yes Mantas' standard training curriculum consists of Business User training, Mantas Administration training, and Scenario Threshold Maintenance training. Customer Service and further training are available at an additional cost.
When new versions of software are developed, does the client have final authority on implementation of the new versions? What type of training is involved with the software? Are there charges for cutomer service or training-related interactions?
54
MANTAS
Architecture Server Operating System Recommended Server Hardware Minimum and Recommended RAM Minimum and Recommended Hard Drive Client Platform Client GUI Type Client GUI Programming Language
Technical Data
Server Programming Language
Database Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates Application License Cost Application Maintenance Fee Other Points to Emphasize That are not Covered by the Questionnaire Type of Transaction Monitor
Name of Monitor Used Transaction Types Monitored Message Types Monitored Interface to Receive Transaction Data Analysis Occurrence Rule Definition Method
Java J2EE Sun Solaris & Redhot Linux Sun 220 up to SunFire 15K; Lintel Varies based on operational constraints and parameters. Varies based on data volumes. Windows Browser Case Management Subsystem Java JSP EJB XML Data Ingestion Subsystem Java/C Informatica Shell scripts XML Behavior Detection Subsystem Algorithms: C++, XML Developers Toolkit: Java client-server Administrative Tools: Java, JSP, EJB, XML Database: Oracle, DB2 Job Control: Shell scripts Oracle, DB2 Yes Yes Yes Yes Training costs for Mantas standard training curriculum are priced as time and materials engagements. Yes Consulting is available on a time and materials basis. Variable Variable Mantas partners with the leading integrators and technology companies to provide the finest end-to-end solutions. Behavior Detection Technology includes, rule patterns, decision trees, neural networks, outlier detection, profiling, text mining and fuzzy name matching, link analysis, and sequence matching. Money Laundering Monitor All Banking/Brokerage/ Insurance/MSB/Payments/FX Trades/Securities Trades SWIFT/Fedwire/FIX/ACH/Any Flat File/Queue/API/SQL/Fedwire/FIX Real-time/Batch Mantas Developers Toolkit and Scenario and Threshold Editors enable Mantas clients to modify and finetune existing scenarios and patterns, as well as, develop their own custom scenarios in response to changing
55
MANTAS
business and regulatory requirements. Clients take advantage of Mantas algorithmic and data transformation techniques to achieve Level 4 behavior detection, the highest level of performance available. This is superior to the detection results offered by products that rely primarily on rules or neural networks. The Scenario Threshold Editor is the primary tool used to tune scenario thresholds. Customers can also use the Developers Toolkit to modify scenarios or create new ones as needed to meet evolving business requirements, without having to place a service call to Mantas. Mantas combines the input of experts in the field of money laundering, users who handle the problem on a day-to-day basis, and regulatory input to provide the experience and expertise necessary to define, build and refine Mantas products. Mantas also facilitates product advisory groups existing of current and potential clients, in which our clients discuss and share best practices and help Mantas prioritize product components. Mantas behavior detection algorithms and techniques are used to provide a superior level of detection capability. Detection algorithms include: rule patterns, sequence matcher, link analysis; outlier detection / profiling. Mantas clients further refine alert generation through the modification of tunable parameters and thresholds to customize the solution to their particular requirements. The product scores and prioritizes alerts based on client-defined risk principles, displays alerts with the most comprehensive background and context of any solution, and provides a complete Audit Trail to capture the history on customers, accounts, and prior alerts. Mantas alert management workflow enables the clients users to be as efficient and productive as possible in investigating and dispositioning alerts. Mantas presents alerts in a web-based user interface that is interactive and enables the user to drill down on an alert within a matter of seconds. In addition, Mantas provides a set of pre-defined reports to support review of scenarios, analyst performance, workload and analyst / organization productivity. Mantas workflow also supports the auto-population of client and regulatory reporting forms, such as SAR / STR, CTR, etc. Electronic browser based web interface; alert notification and forwarding via email. Automatic and User Initiated Yes (3rd party provider) Mantas provides an interface to watch lists that support the financial institutions internal watch lists and a variety of reference data providers including Thomsom Financial Services. Yes XML export to flat file; SQL access to RDBMS. XML/SWIFT/Any-Integrated Rendering Definition Scenarios are presented in risk based order. Mantas uses scenarios to specify the behaviors and situations of interest for which to monitor. Unlike many exception reporting approaches, Mantas does not limit its focus to individual events that might be considered "exceptions" to a given firm or regulatory policy. Rather, Mantas monitors for complex patterns of behavior and financial situations (i.e., scenarios) that are indicative of unusual or potentially fraudulent activities. When a scenario is identified in the data, Mantas generates an alert, which is used to inform a user of the behaviors
Ease of Changing Rules
Best Practices for Monitoring Rules
Method for Managing Suspicious Transactions
Types of Built-in Surveillance Reports
Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check? Interface with External Resource
Ability to Send Data to Other Applications? Interface to Send Data Data Types Sent Types of Built-in User Reports
56
MANTAS
occurrence. Alerts are presented to users in an interactive, web-based user interface. Unlike exception reports, alerts are always available to an authorized user once they have been created. Mantas also provides a reporting framework for creating, reviewing, and acting on management reports. All Mantas reports are presented interactively allowing a user to control the reports details through a series of filtering and sorting features. Mantas products provide its own set of specialized reports. The reports provide a view of the alert disposition and user workload/efficiency. Every alert generated by the Mantas system is tracked through these reports. These management reports are targeted for productivity and quality assurance purposes. XML/Any-Integrated Parsing Definition Flat File/Queue/API/SQL Real-time/Batch Mantas alert workflow provides support for the investigation of suspicious customer behavior. Mantas provides a web-based user interface for alert and research workflow, as well as, a set of reports to help manage system performance and user productivity. Mantas clients can also create ad-hoc reports to support additional requirements pertaining to KYC initiatives. Mantas presents alerts in a web-based user interface that is interactive and enables the user to drill down on an alert within a matter of seconds. In addition, Mantas provides a set of pre-defined reports to support review of scenarios, analyst performance, workload and analyst / organization productivity. Mantas workflow also supports the auto-population of client and regulatory reporting forms, such as SAR / STR, CTR, etc. Automatic/User Initiated Yes Yes any list source, whether externally or internally generated, can be ingested into Mantas for watch list flagging and detection. Flat File/Queue/API/SQL XML/SWIFT/Any-Integrated Rendering Definition Upon detection of a watch list match or other suspicious behavior or attribute, Mantas generates an alert, which is used to inform a user of the behaviors occurrence. Alerts are presented to users in an interactive, web-based user interface. Alerts are always available to an authorized user once they have been created. Mantas also provide a reporting framework for creating, reviewing, and acting on management reports. All Mantas reports are presented interactively allowing a user to control the reports details through a series of filtering and sorting features. Mantas product provide its own set of specialized reports. The reports provide a view of the alert disposition and user workload/efficiency. Every alert generated by the Mantas system is tracked through these reports. These management reports are targeted for productivity and quality assurance purposes. Payments/FX Trades/Securities Trades SWIFT MT100/Fedwire/FIX/Any Flat File, Queue, SQL
Received Data That Can Be Understood Interface to Receive Customer Information Analysis Occurrence Method for Managing Suspicious Customers Types of Built-in Surveillance Reports
Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check Interface with External Resources (for example OFAC, other suspicious customer database(s) maintained by 3rd parties, including government lists) Interface to Send Data Data Types Sent Types of Built-in User Reports
Transaction Types Stored Message Types Stored Interface to Receive Transactions
57
MANTAS
Lookup Method Types of Built-in Surveillance Reports SQL, GUI Selection, ad hoc query or report tools Mantas provides open architecture; Mantas customers can use any commercially available query or reporting tool to query the Mantas data mart for additional data or metrics on transactions that have been ingested.
58
NetEconomy
Number of employees: 75 Year founded: 1993 225 Franklin Street, 26th Floor Boston, MA 02110 USA Tel: 1-617-217-2816 Fax: 1-617-217-2001 E-mail: info@neteconomy.com Website: www.neteconomy.com
NetEconomy is the leader in real-time enterprise risk monitoring solutions automating anti-money laundering and fraud detection for financial services and telecom businesses worldwide. ERASE offers a comprehensive end-to-end AML solution, including advanced transaction monitoring, rich investigative tools, and next-generation case management and reporting. Customers, such as Dexia, ING, and Nationwide, are using ERASE for preventing money laundering activity and managing risk across the enterprise. Visit www.neteconomy.com.
ERASE
Describe your solution (database, transaction monitoring, case management, investigative) ERASE is a risk management portal capable of a complete end-to-end solution. Employing a best practice unified data model; financial product and customer information streams are monitored for unusual or suspicious behavior. Combining powerful methods, of rules based, statistical and behavioral analysis, provide a triple threat to unwanted situations. Alerts are proactively scrutinized before damage may occur. ERASE empowers risk and compliance teams with a complete set of userfriendly analytical tools and scenario driven case management workflow. Reporting to authorities and management is comprehensive. ERASE clients include ING, Dexia, Nationwide, CenE Bank, O2, Debitel, TELEM 7 years ERASE can service all markets. The organization that realizes that proactive risk management is at the core of both client and shareholder value. Those looking for a flexible solution to ensure compliance today and be able to sustain and scale towards a long term strategy. Our dedication to customer satisfaction. We take pride in having solutions that drive value and protect our client and their interests. We make sure that it works and works within a realistic budget. ERASE was developed in the arena of real-time risk monitoring for transactions bearing potential fraud, money laundering, credit risk and operational risk. Our international experience over 10 years has provided solution sets in jurisdictions of USA, UK, European Union, Canada, Swizterland and the Carribean. Specific solution sets include Banking (Retail, Private, Wholesale, Commercial, Network), Telecom, Insurance and Capital Markets. Designed as a portal with flexibility in mind using .NET, our case management can adopt new scenarios, workflows and interoperation of third-party systems. ERASE can interface with almost any data source and provide data results as custom reports or feed third-party systems and tools. Our unified data model (part of best practices) enhances its capabilities with new Risk Segments and client-specific tuning of sensitivities. This crafts a unique combination of rules management, statistical discovery and ad-hoc drill down to proactively thwart risk. Yes. ERASE is deployable in many configurations in accordance with client practices and policies (distributed, centralized, etc.). Internal QA procedures are in place to extensively test the software based on Rational and extensive test bed stressing. In addition, NetEconomy offers best-practice quality assurance for all ERASE implementations
Who are some other clients that use your solution? How long has your solution been on the market? Are you a small. medium or a large market solution? Who is your ideal customer?
59
NETECONOMY
taking advantage of previous successful installations. ERASE is implemented within the client infrastructure and can adopt intranet, VPN or secured (cryptographical or cipher) lines. Yes, ERASE can process on line data and multiple data streams. Yes, ERASE engages batch as well as near and / or real time data. ERASE is built with growth in mind. A true portal; the control and user management is simple from an administrative interface. New lines of business, products and even divisions can be added via our interfaces including web services. Custom look and feel, additional languages and deployment topologies are cost effective based on Microsoft . NET framework. An in-house staff of international experts reviews rules and regulations. They incorporate these changes into product updates for each jurisdiction. Additional measures come from the wealth of our collaboration in the industry and governmental bodies. ERASE scales to some of the largest transaction environments. Our references are available. The software is capable of incorporating custom features and interfaces with third-party systems; using standard Microsoft tools and skill sets. ERASE Finance is available as a standard compliance solution from 150K USD. The fee structure measures transaction volume, number of accounts and the type of institution. Specialized implementations spanning all aspects of risk management can employ ERASE Finance Enterprise which extends the scope to fraud, credit and other identifed threats. Demonstrations are available using defined scenarios of industry risk. Specific POC (proof of concept) engagements are available. No
What fees are involved with this product? Explain whether there are annual licensing fees? Explain whether there are fees based on the number of transactions?
Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a free look period or trail period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information? How are you updated on industry or environmental changes around the issue of money laundering?
3 months Normal commercial terms are available for review in our standard licensing agreement Yes, we hold exclusive rights to all our products. NetEconomy does not remove data from the client site. Our practices are governed by strict regulation and international bank secrecy legislation. Further information is provided under an NDA. NetEconomy constantly monitors international and national regulatory developments, the issuance of industry guidance and developing typologies, from: National supervisory authorities, regulators and central banks (for example: U.S. Treasury, OCC, OTS, SEC, CFTC, FSA, SFBC, BFC, HKMA, DNB, CSSF); Industry and banking associations (for example: JMLSG, NASD, Wolfsberg Group, FBE, ABA, BBA, SBA, NVB); Authorities and organizations issuing prohibition, warning and sanction lists (for example: OFAC, UN, EU, Bank of England, Kontrollstelle, Transparency); Basel Committee on Banking Supervision BIS; Inter-governmental body FATF (and its regional bodies like CFATF en
60
NETECONOMY
APG), EU; National FIU's (for example: FinCEN, NCIS, MROS, MOT, CFI, GIFI, FINTRAC); Commercial information sources (like: MLA, Complinet and ACAMS). Our clients drive new versions and updates via our User's Group. In tandem with our product development and support teams, the schedules and feature sets are agreed upon. Versions are a community decision. Individual implementations are the client's decision and NetEconomy supports two concurrent versions at any time.
61
Prime Associates, Inc.

Number of employees: Year founded: 1982 136 Central Ave, Clark, NJ 07066 Tel: 732-574-0074 X217 Fax: 732-574-0075 E-mail: ddemartino@primeassociates.com Website: www.primeassociates.com
Established in 1982, Prime Associates, Inc. is a leading provider of critical regulatory compliance solutions that help to detect laundering, and fraud activities as well as OFAC & global sanctions monitoring. Through the design, development, and marketing of compliance software and services, Prime delivers significant regulatory risk reduction, enhanced due diligence, and internal controls. Its Compliance Manager suite of software products is used by the global financial services industry to comply with critical regulatory requirements.
Compliance Manager
Describe your solution (database, transaction monitoring, case management, investigative) Application Name(s) Application Types Types of Customers Number of Customers Number of Fortune 500 Customers Who are some other clients that use your solution? How long has your solution been on the market? Are you a small, medium or a large market solution? Who is your ideal customer? What separates you from your competitors? Full AML compliance solutions based on transaction monitoring, profiling and rules. Full SAR/CTR creation and Case management. Full 314a and CIP capabilities as well as OFAC filtering Compliance Manager Transaction Monitor/Repository/KYC (ALL) Bank/Brokerage/Insurance/Money Remittance/ 140 25% Mellon Bank, Deutsche Bank, Met Life, Neuberger Berman Since 1994 All Apply Banks, Insurance Companies and Broker/Dealers We provide a full range of compliance solutions that solve all USA Patriot Act Issues such as OFAC, AML and CIP . We satisfy all financial institutions The system uses sophisticated Profiling and rules based applications. This enables the application to intelligently determine suspicious activity The product is customizable in respect to rules creation and activity that is used to determine the profiles. Yes A full user acceptance test is performed to ensure that the final production solution is acceptable to the financial institution. No Yes Yes The system has been designed to deal with very large financial institutions and is quite capable of handling large transaction data and client records The system allows for the creation of rules that can be adapted. Also profiles can be recalibrated. Yes, security rights allows a user to clearly define workflow process and contour it to the individual needs of the user. Licensing fees are based on asset size and transaction volume Yes
Explain the process you used in developing this solution? Is your product customizable? Is the solution installed on site? What type of quality assurance will your product provide my company? What steps are taken to test the final product before production? Is confidential information shared over a secured line? Does your software solution work with on-line data? Can your solution process information using the batch processing method? How does the software accommodate change and growth within the clients organization? How do they adapt to new threats and changes to regulatory requirements? How do they keep their clients informed of these changes? How scalable and flexible is your software? What fees are involved with this product? Would it be possible for the client to see a demonstration of the product, with actual test data?
62
PRIME ASSOCIATES, INC.

Does the client have a free look period or trial period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information? How are you updated on industry or environmental changes around the issue of money laundering? When new versions of software are developed, does the client have final authority on implementation of the new versions? What type of training is involved with the software? Are there charges for customer service or training-related interactions? TBD
3 Months Yes, we hold the licensing rights to the product sets
This is handled by language in the contract We work with various government agencies, we accept feedback from clients and we attend various industry groups. New versions are produced annually Training is provided at the user, technology and compliance level
Technical Data
Architecture Server Operating System Recommended Server Hardware Minimum and Recommended RAM Minimum and Recommended Hard Drive Client Platform Client GUI Type Client GUI Programming Language Server Programming Language Database Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates Application License Cost Application Maintenance Fee Type of Transaction Monitor Name of Monitor Used Transaction Types Monitored Message Types Monitored Interface to Receive Transaction Data Analysis Occurrence Rule Definition Method Ease of Changing Rules Best Practices for Monitoring Rules Method for Managing Suspicious Transactions Types of Built-in Surveillance Reports Client-server/ Windows Pentium 256MB/512MB 1GB/20GB Windows Windows Visual Basic C++ SQL Server Yes Yes Yes Yes TDB Yes Call for rates Call for pricing Call for rates Rules based/Statistical Profiling Proprietary Payments/FX Trades/Securities Trades Any Flat File Real-time/Batch Rules Definition Language Easy Yes Case Management Tools Included SAR//CTR/
63
PRIME ASSOCIATES, INC.

Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check? Interface with External Resource Ability to Send Data to Other Applications? Interface to Send Data Data Types Sent Method for Enforcing Quality of Customer Information Received Data That Can Be Understood Interface to Receive Customer Information Analysis Occurrence Etc. are not transparent to the user Method for Managing Suspicious Customers Method for Managing Incomplete Customer Data Types of Built-in Surveillance Reports Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check Interface with External Resources (for example OFAC, other suspicious customer database(s) maintained by 3rd parties, including government lists) Interface to Send Data Data Types Sent Types of Built-in User Reports Transaction Types Stored Message Types Stored Interface to Receive Transactions Lookup Method Types of Built-in Surveillance Reports Subject Type Source of Suspicious Customer Information Interface to Receive and Send Information Ability to Update Central Database? Update Occurrence Electronic Automatic Yes DB system Yes Flat File/API/ Any-Integrated Rendering Definition Module for Customer Acceptance & Validation Any-Integrated Parsing Definition Flat File/Queue/API/SQL Real-time/Batch Module for Customer Acceptance & Validation Case Management Tools Included Module for Customer Acceptance & Validation SAR, customs, internal/other E-mail/Printer-Mail/Electronic Automatic/User Initiated Yes Yes
Flat File/Queue/API/SQL Any-Integrated Rendering Definition List of Suspicious Customers/List of Missing Customer Information Payments/FX Trades/Securities Trades Any Flat File/Queue/ Other Query Type/GUI Selection SAR/CTR/custom designed for internal use Compliance Training Multiple Sources API/SQL/Flat File/Manual lookup Yes Automatic
64
Safe Banking Systems

150 Broad Hollow Road, Suite 102 Melville, NY 11747 USA Tel: +1-631-547-5400 Fax: +1-631-547-5415 E-mail: marketing@safe-banking.com Website: www.safe-banking.com
Safe Banking Systems (SBS), ACAMS first Charter Affiliate Member, provides AML and compliance solutions to financial institutions, professional services firms and government agencies. Product suite, on the market since 1994, includes both transaction monitoring and watch list filtering solutions that are used by many of the worlds largest financial institutions.
OFAC Agent Suite / SAFE Repors t

Describe your solution (database, transaction monitoring, case management, investigative) AML - SAFE Reports / Traffic Cop is a wire transfer monitoring solution for correspondent banking. Allows banks to monitor the originators and beneficiaries of correspondent banking transactions. OFAC Sophisticated names filtering solution for automated sanction/embargo Firco Filter, World-Check Total Solutions, SAFE Reports Watch List Filtering including PEPs (Batch, Real-Time, OnLine) International wire transaction monitor and investigation Bank/Brokerage/Insurance/Money Remittance/Government/Gaming >50 >10
Application Name(s) Application Types Types of Customers Number of Customers Number of Fortune 500 Customers
Technical Data
Architecture Server Operating System Recommended Server Hardware Minimum and Recommended RAM Minimum and Recommended Hard Drive Client Platform Client GUI Type Client GUI Programming Language Server Programming Language Database Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates Application License Cost Application Maintenance Fee Other Points to Emphasize That are not Covered by the Questionnaire Client-server Windows/Solaris/Linux/AIX/VMS/MVS SunFire 15K/RS6000/Pentium IV 1 GHz/Xeon 256MB/512MB 1GB/20GB Windows Windows Visual Basic C++/C Oracle/DB2/Sybase/SQL Server Yes Yes Yes Yes Varies, please call Yes Varies, please call Varies, please call % of the license fee SBS provides advanced, automated solutions to the banking, finance and insurance market sector, as well as for professionals (forensic investigators, auditors and examiners).
65
SBS
Type of Transaction Monitor Transaction Types Monitored Message Types Monitored Interface to Receive Transaction Data Analysis Occurrence Rule Definition Method Ease of Changing Rules Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check? Interface with External Resource Ability to Send Data to Other Applications? Interface to Send Data Data Types Sent Types of Built-in User Reports Monitor Respondent and nested customers customers Transaction Types Stored Message Types Stored Interface to Receive Transactions Lookup Method Types of Built-in User Reports Source of Suspicious Customer Information Interface to Receive and Send Information Ability to Update Central Database? Update Occurrence Rules based Payments/FX Trades/Securities Trades SWIFT /Fedwire/FIX/Any Flat File Real-time/Batch GUI Easy E-mail/Printer-Mail/Electronic Automatic and User Initiated Yes All OFAC/Other Suspicious Customer Database(s)/Third party name checking DB system Yes Flat File/Queue/API/SQL XML/SWIFT/Any-Integrated Rendering Definition Full statistics, ad -hoc activity reports Yes All - Payments/FX Trades/Securities Trades All - SWIFT/Fedwire/FIX/Any Flat File GUI Selection Numerous World-Check/OFAC Flat File Yes User Initiated
66
SAS Institute Inc.

Number of full time employees: more than 9,000 worldwide Year founded: 1976 World Headquarters SAS Campus Drive Cary, North Carolina 27513 Tel: 1-866-270-5731 Fax: 919-677-4444 Website: www.sas.com/financial
SAS offers the most robust software solution for tracking, identifying, and responding to the threat of money laundering. With SAS you can combine mountains of information from all areas of your business, manage and refine that information, and turn it into usable knowledge that will help you automatically pinpoint and classify suspicious behavior. Rely on the SAS Anti-Money Laundering Solution to mitigate risk of a damaged reputation, achieve faster and more accurate detection of criminal activities, and better allocate your investigative resources.
SAS Anti-Money Laundering Solution
Is confidential information shared over a secured line? Does your software solution work with on-line data? Can your solution process information using the batch processing method?
Built on top of the award-winning and proven SAS financial services platform, the SAS Anti-Money Laundering Solution delivers the most comprehensive, end-to-end package in the industry for unparalleled management, detection, tracking, cataloging and reporting of suspicious activity. The names and project details of our customers, current or past, remain confidential until we have received their permission to release specific information about their applications. Since 2002 Supports any size organization. Current focus is on larger organizations. Ideal customers are those who take seriously the issue of money laundering detection and prevention, and want a solution which will provide the broadest possible set of detection techniques. SAS is recognized as the de facto standard for management and analysis of large amounts of data. By applying our 27 years of experience working with large financial institutions, our solution provides a highly scalable, low-risk option for our customers. The solution is built upon the SAS financial services platform, which provides a complete and highly scalable architecture for management and analysis of financial transaction data. The solution includes scenarios that utilize a variety of detection techniques from heuristic rules to descriptive analytics, such as profiling and peer grouping, to advance analytics, such as predictive modeling and link analysis. The solution is easily customizable. Our customer-driven development methodology is facilitated by formal communication links from implementation teams back to R&D, as well as a Users Forum which meets on a quarterly basis to facilitate information sharing. Yes, but also can be delivered as an ASP or outsourced solution. At SAS, product and service quality is more than a goal. Quality assurance is an independent division which further demonstrates our commitment to this area. Functional, error, stress, validation, performance, compatibility, integration and user acceptance testing are performed by this group. Yes Yes Yes
67
SAS INSTITUTE INC.

How does the software accommodate change and growth within the clients organization? The solution is designed for enterprise-wide deployment. This requires that it be both scalable (to accommodate volume) and flexible (to accommodate multiple business areas, such as retail banking, brokerage, insurance, etc.). Detection scenarios are parameterized and stored in a repository. These scenarios can be easily modified, or new ones added, as behavior patterns change. New scenarios are placed on a secure website as soon as they are available. Flexibility and scalability are two cornerstones of the solution. The SAS platform is a proven, highly scalable architecture for financial institutions. Flexibility allows for aspects of the solution to change, such as detection scenarios or data attributes, as the business changes or customers change behavior. SAS utilizes an annual licensing model. This model provides our customers with maximum flexibility in return for minimum commitment. Included in the annual license are usage of the solution, all upgrades and unlimited access to technical support. Yes Yes
Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a free look period or trial period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information? How are you updated on industry or environmental changes around the issue of money laundering? When new versions of software are developed, does the client have final authority on implementation of the new versions? What type of training is involved with the software? Are there charges for customer service or training-related interactions?
4-6 months Like most software vendors, SAS indemnifies itself from all liability as it relates to the usage of its software. We hold exclusive rights to the licensing of our products. SAS maintains informal relationships with many regulatory agencies and industry associations. We also have legal counsel who review regulatory requirements and advise on product development. Information comes from a variety of sources, including customers, news releases, participation in industry conferences, relationship with regulatory groups and industry associations, and legislative research. Yes. New releases are delivered with full documentation of what has changed and the process for installing the upgrade. Customers have full discretion over if and when to install upgrades. As part of each implementation, a training program is developed for various roles involved in using or maintaining the solution. These programs will vary based on the complexity of the implementation and the current skill set of the users. Unlimited technical support is included in the annual maintenance.
SAS and all other SAS Institute Inc. product and service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. indicates USA registration.
68
Searchspace
Number of employees: 150 Year founded: 1993 60 Broad Street, New York, NY 10004, USA Tel: 212 422 5100 Fax: 212 422 3335 Email: info@searchspace.com Website: www.searchspace.com
Searchspace automates core business processes, such as Anti Money Laundering, Fraud detection and Compliance reporting. Through its leading Anti Money Laundering and Fraud Detection solutions, Searchspace offers: Comprehensive Anti Money Laundering and Fraud risk management by automatically monitoring and analyzing every transaction, enterprise-wide Improved money laundering and fraud detection rates Cost effective and proven solutions with fixed deployment time
TM IEF and AML Sentinel

Describe your solution (database, transaction monitoring, case management, investigative) Application Name(s) Types of Customers Number of Customers Who are some other clients that use your solution? The Searchspace AML solution automatically maintains a model of an organizations business entities. It measures all transactions against this model to identify potential risks. Integrated workflow enables each identified risk to be resolved or reported. Intelligent Enterprise Framework (IEF) , Searchspace Anti Money Laundering SentinelTM Bank, Brokerage, Insurance, Money Remittance, Credit Card 19 Bank of Scotland, Bank One, Barclays, Helaba, Lloyds TBS, The Bank of New York, The Royal Bank of Scotland, UBS, UBS Financial Services, Wells Fargo Since 1997 All Apply The Searchspace AML solution is a perfect fit for organizations of all sizes that want to monitor every transaction for potential risk whether that risk is known or unknown. Large scale references prove the effectiveness of Searchspaces unique adaptive profile approach Because the Searchspace solution is based on characterizing the normal behavior of customers and their peers, potentially risky behavior is automatically identified without the necessity to encode specific scenarios. This approach enables the detection of known and unknown risks Customers of Searchspace can use the product out of the box or customize to their specific project requirements. The product has been designed to enable a high degree of customization through configuration thereby avoiding the risk of bespoke software development. An active user group provides considerable input to Searchspace for future product developments. Yes An ISO 9000
What separates you from your competitors? Explain the process you used in developing this solution?
N/A Yes Yes Flexibility in terms of functionality and scalability ensure that even major changes to an organizations data model, data volumes and policies can
69
SEARCHSPACE
easily be accommodated. The Searchspace IEF solution automatically adapts and identifies risks to an organization. The organization specifies its approach to risk through simple parameters. In addition specific identified threats and regulatory requirements can be modeled and executed in the products integrated Business Logic Unit. Although provided with default settings and processes out of the box the Searchspace solution offers an organization almost complete flexibility to match their policies, procedures and approach to risk. The Searchspace AML solution is sold either as a perpetual software license or on a monthly all inclusive service basis. Additional implementation and maintenance services are available. Yes. By negotiation.
How scalable and flexible is your software?
Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a free look period or trial period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information? How are you updated on industry or environmental changes around the issue of money laundering?
Six months. See separate license agreement.
Not applicable. As a long term major player in the Financial Services industry Searchspace maintains close contact with legislators, customers (user group) and partners to ensure its awareness of issues, changes and strategic directions. Yes User and operational training are included in implementation services. Customer Service and further training are available at additional cost.
When new versions of software are developed, does the client have final authority on implementation of the new versions? What type of training is involved with the software? Are there charges for customer service or training-related interactions?
Technical Data
Architecture Server Operating System Recommended Server Hardware Minimum and Recommended RAM Minimum and Recommended Hard Drive Client Platform Client GUI Type Client GUI Programming Language Server Programming Language Database Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? J2EE Windows/Solaris/AIX IBM pSeries/Sun SPARC Variable Variable Windows Windows/Browser MFC Java DB2, Oracle, SQL Server Yes Yes Yes Yes Variable Yes
70
SEARCHSPACE
Consulting Rates Application License Cost Application Maintenance Fee Type of Transaction Monitor Name of Monitor Used Transaction Types Monitored Message Types Monitored Interface to Receive Transaction Data Analysis Occurrence Rule Definition Method Ease of Changing Rules Best Practices for Monitoring Rules Method for Managing Suspicious Transactions Types of Built-in Surveillance Reports Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check? Interface with External Resource Ability to Send Data to Other Applications? Interface to Send Data Data Types Sent Types of Built-in User Reports Method for Managing Suspicious Customers Types of Built-in Surveillance Reports Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check Interface with External Resources (for example OFAC, other suspicious customer database(s) maintained by 3rd parties, including government lists) Interface to Send Data Data Types Sent Types of Built-in User Reports Transaction Types Stored Message Types Stored Interface to Receive Transactions Lookup Method Types of Built-in Surveillance Reports Types of Built-in User Reports Subject Type Source of Suspicious Customer Information Interface to Receive and Send Information Ability to Update Central Database? Update Occurrence Variable Variable Variable Artificial Intelligence/Rules based/Statistical Profiling Intelligent Enterprise Framework (IEF) , Searchspace Anti Money Laundering SentinelTM All Banking/Brokerage/Insurance/Credit Card/MSB SWIFT/Fedwire/Fix/All Flat File/Queue/API/SQL Real-time/Batch User Interface Easy/Vendor Support can be supplied Customer, Account and Peer Adaptive Profiles Customer Account and Peer Adaptive Profiles SAR/PACS Interface/NCIS Electronic Automatic/User Initiated Yes All major lists supported Yes Flat file/Queue/API/SQL/MQ/MS Export XML/Any-Integrated Rendering Definition SAR/NCIS/Hot List Names/Countries/Correspondent Banking Adaptive Profiles, Business Logic, Hot Lists & High Risk Names and Countries SAR/Internal Electronic Automatic/User Intiated Yes World-Check, RDC, BBA
Flat File/Queue/API/SQL XML/SWIFT/Any-integrated Rendering Definition List of Suspicious Customers/List of Missing Customer Information/Countries All Banking, Brokerage, Insurance, Cards and MSBs SWIFT/Fedwire/FIX/Any Flat File/Queue/API/SQL/ALL GUI Selection SAR/customer designed for internal use Account views, customer and peer views KYC/Compliance/Rule Design/Adaptive Profiling Tuning Test/Training/IT Operations Defined by Banks Flat File/API Yes Automatic/User Initiated
71
SEMAGIX
Semagix
Number of employees: 40 Year founded: Merger of two companies in 2002 40 Holborn Viaduct London EC1N 2PB United Kingdom Tel: +44 207 832 3400 Fax: +44 207 832 3434 E-mail: infolon@semagix.com Website: www.semagix.com
Semagix has developed the Customer Identification and Risk Assessment Solution (CIRAS), using its patented semantic information integration technology. CIRAS provides a high-level of KYC assurance by enabling compliance teams to identify, verify and report on high-risk individuals through the automated aggregation and linking of information from a variety of public and private sources. Semagix is headquartered in London, England with U.S. offices in Athens, Georgia, New York and Washington, DC. For more information: www.semagix.com.
CIRAS
Describe your solution (database, transaction monitoring, case management, investigative) Application Name(s) Application Types Types of Customers Number of Customers Who are some other clients that use your solution? How long has your solution been on the market? Are you a small, medium or a large market solution? Who is your ideal customer? Semagixs CIRAS application enables compliance teams to identify, verify and report on high risk individuals or companies through the automated aggregation and linking of information from a wide variety of public and private sources. CIRAS - Customer Identification and Risk Assessment Solution Conflict resolution to KYC Bank/Brokerage/Insurance/ Government/Legal 8 Mayer Brown Rowe & Maw (KYC in the legal sector), Forensic Science Service UK, IBM, NASA, and a number of UK Law Enforcement agencies Since 2002 Medium - Large Companies wanting the ability to accurately understand whom they are dealing with and the risk associated with that. They would also understand the benefits of integrating this more holistic approach within other Anti Money Laundering and business processes. Semagix is not a business information provider, but a provider of technology that enables a high volume of internal and external information to be linked and related, generating a composite risk profile from these relationships. Underpinning CIRAS is the use of an ontology (a structured, multidimensional model) that maps the relationships between entities relevant to KYC. Semagix has deployed CIRAS to understand commercial relationships (trustees, counter parties etc) of corporate entities and for understanding the relationships important for an individual (has address, has SSN etc). These models are easily tailored for specific environments; e.g legal practices, banking and law enforcement. Yes, the software is customizable. This is a swift and easy process driven by the business and process requirements of the customer. Yes Typically organizations will leave themselves exposed to KYC risk due to the time and cost constraints involved with extensive information search activity, CIRAS removes these constraints thereby removing the organisations exposure to risk. CIRAS undergoes a full range of quality assurance and testing prior to any live deployment Yes Yes, CIRAS uses internal and external information that is online or located within other IT systems Yes
Is your product customizable? Is the solution installed on site? What type of quality assurance will your product provide my company? What steps are taken to test the final product before production?
Is confidential information shared over a secured line? Does your software solution work with on-line data? Can your solution process information using the batch processing method?
72
SEMAGIX
How does the software accommodate change and growth within the clients organization? How do they adapt to new threats and changes to regulatory requirements? How do they keep their clients informed of these changes? How scalable and flexible is your software? CIRAS is a highly configurable solution that scales according to the changes in the company CIRAS is continually updated to reflect relevant regulatory changes.
Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a free look period or trial period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information? How are you updated on industry or environmental changes around the issue of money laundering?
CIRAS is both vertically and horizontally scalable. All outputs from CIRAS can be modified, and these modifications range from risk weightings prescribed to certain relationships to the format of the report exported from CIRAS CIRAS is sold either through license (perpetual) or in some cases as an ASP. There are three types of licenses: Workgroup, Site or Enterprise license. The difference is based on the nature of the deployment as opposed to a transaction-based model. Yes No
2 months Semagix does hold the licensing rights for the product and the underlying technology Semagix is a software provider and as such does not hold or use customer information; the onus is therefore on the client company to ensure that it complies with regulatory requirements. Semagix has a high level of domain knowledge through the continuous dialogue with law enforcement, regulatory bodies, and customers. In addition Semagix regularly attends conferences and uses anti money laundering alert services Yes, the client does There are two types of training conducted: IT training and end-user training. The formal IT training is charged for, whilst the client drives the end-user training.
When new versions of software are developed, does the client have final authority on implementation of the new versions? What type of training is involved with the software? Are there charges for customer service or training-related interactions?
73
SEMAGIX
Architecture Server Operating System Recommended Server Hardware Minimum and Recommended RAM Minimum and Recommended Hard Drive Client Platform Client GUI Type Client GUI Programming Language Server Programming Language Database Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates Application License Cost Other Points to Emphasize That are not Covered by the Questionnaire
Technical Data
Method for Enforcing Quality of Customer Information Received Data That Can Be Understood Analysis Occurrence Types of Built-in Surveillance Reports Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check Interface with External Resources (for example OFAC, other suspicious customer database(s) maintained by 3rd parties, including government lists) Types of Built-in User Reports
Client-server/Web service Solaris/Linux Pentium IV 1GB 25GB Windows Windows/Browser Java Swing C++ Oracle/DB2/Sybase Yes Yes No Yes Call for rates Yes Call for rates See Applicaton Semagix is not an information provider, our technology aggregates pieces of customer information from internal (CRM, Systems) and external sources (OFAC), gives and scores the relationships held in the provision of a detailed and navigable KYC profile Can take customer information from a wide variety of trusted sources SML/Any Integrated Parsing Definition Real-time Internal/other E-mail/Electronic Automatic/User Initiated Yes Yes, it can be limited less
List of Suspicious Customer/List of Missing Customer information
74
Sybase
Number of employees: 4310 Year founded: 1984 One Sybase Drive, Dublin, CA 94568 USA Tel: 1-800-8-SYBASE / 925-236-5000 Fax: (925) 236-4321 E-mail: sales@sybase.com Website: www.sybase.com
Sybase Technology powers the worlds leading securities firms and banks, including a comprehensive range of compliance solutions for global financial institutions. The Sybase PATRIOTcompliance Solution addresses the challenges of regulatory compliance for institutions that need to comply with the USA PATRIOT Act. Please call 1-8008-SYBASE for more information or visit our website at www.sybase.com/patriotact.
PATRIOT compliance Solution

Describe your solution (database, transaction monitoring, case management, investigative) Application Name(s) Application Types Types of Customers Number of Customers The PATRIOTcompliance Solution is a rules-based system built on Sybases database, J2EE application server and EAI rules engine and process management/integration technologies. Sybase PATRIOTcompliance Solution Transaction Monitor/KYC/OFAC Screening Bank/Brokerage/Insurance/Gaming Sybase PATRIOTcompliance is currently running at two clients and deployment is starting at a third. Our clients are using a stepwise deployment, so not all functionality is in production at all clients. Ninety-five of the Fortune 100 companies use Sybase products. Sybase has financial services clients in all geographies. The distribution is roughly the same as our overall revenue distribution 60% North America, 25-30% Europe, 10-15% Asia Pacific. In Europe our major financial customers are in the UK, France, Germany, Italy, Spain, Switzerland, and the Nordics. Sybase technology can be found powering the worlds leading financial institutions. One of our customers using the PATRIOTcompliance Solution is Sumitomo Mitsui Bank, the case study can be found on the Sybase Website http://www.sybase.com/patriot The Sybase PATRIOTcompliance Solution has been in the market since early 2002. Small & medium Domestic and foreign financial institutions affected by the USA PATRIOT Act can implement the Sybase PATRIOTcompliance Solution. 1) An end-to-end compliance solution feature name filtering against any number of lists, rules-based anti-money laundering surveillance, and a comprehensive case management system for resolution of any unusual activity detected. 2) The solution is based on a comprehensive application integration framework, making it easy to install and integrate with any of the backend, front-end or core systems an institution has in place and to third party providers; plus any OFAC filtering, AML or CIP systems an FI may be using. 3) Because of the EAI foundation, the system is fast to deploy and requires less integration services than our competitors. Sybase has over 19 years of experience providing solutions for the financial industry. Standard scenarios have been built based on this expertise and customer input.
Number of Fortune 500 Customers
How long has your solution been on the market? Are you a small, medium or a large market solution? Who is your ideal customer? What separates you from your competitors?
75
SYBASE
Is your product customizable? Yes, the PATRIOTcompliance Solution is customized to leverage existing AML systems in place in the customers organization. Customer can restrict access to different types of information. Customized reports and cleared lists can also be implemented. The end-user has control of the look and feel of the solution with our portal capabilities. Yes The scope of the implementation effort is completed during Phase 0 Business Requirements Assessment of the Sybase SAFE implementation process. Yes Yes Yes All modules can scale both vertically and horizontally by adding additional instances of the engine or by off loading the engine to additional platforms. The solution sends alerts (through the console, e-mail, PDA, etc.) to users required to review them. The system identifies who has reviewed the alerts and who has not, then builds a log of this information. Users can define additional rules, manage cleared name and excluded word lists, and tune matching sensitivity using the secure, web-based management interfaces. All activities that change the operational behavior of the system are based on user role and authorizations and are audited.) See above responses The costs of the implementation will depend upon the installation. Licensing prices are per server. Implementation and maintenance fees may apply. Yes. Contact a Sybase sales rep at 1-800-8-SYBASE. Contact a Sybase sales rep at 1-800-8-SYBASE.
Is the solution installed on site? What type of quality assurance will your product provide my company? What steps are taken to test the final product before production? Is confidential information shared over a secured line? Does your software solution work with on-line data? Can your solution process information using the batch processing method? How does the software accommodate change and growth within the clients organization? How do they adapt to new threats and changes to regulatory requirements? How do they keep their clients informed of these changes?
How scalable and flexible is your software? What fees are involved with this product?
Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a free look period or trial period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take?
What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information? How are you updated on industry or environmental changes around the issue of money laundering? When new versions of software are developed, does the client have final authority on implementation of the new versions? What type of training is involved with the software? Are there charges for customer service or training-related interactions?
Implementation of the PATRIOTcompliance console is one week with full implementation ranging from one to three months depending upon the number of applications and data stores that must be integrated. Time will also vary based upon the clients acceptance of knowledge transfer for self-sufficiency. Contact a Sybase sales rep at 1-800-8-SYBASE.
Sybase has been offering solutions for the past 19 years to financial institutions and is known for best practices around data privacy and private customer information. Sybase has been offering solutions for the past 19 years to financial institutions and is a member of the industrys many money launderingrelated associations. Sybase standard upgrade policies apply. Contact a Sybase sales rep at 1-800-8-SYBASE. Training on the software solution and regulations is available by Sybase and Sybase partners.
76
SYBASE
Technical Data
Architecture Client-server The PATRIOTcompliance Solution is a rules-based system built on Sybases database, J2EE application server and EAI rules engine and process management/integration technologies. The solution can be considered as having three major components: (1) a detection engine for identity filtering (i.e. Know Your Customer lists such as the US Office of Foreign Assets and Control OFAC), (2) rulesbased monitoring for detecting unusual activity, and (3) a compliance team case management application for collaborative investigation and resolution of any potentially suspicious activity. The detection engine is server based and provides a secure, web-based interface to manage the detection engine; the compliance team also has a secure, web-based interface to the case management system. The system generates the requisite suspicious activity reports. Windows/Solaris/AIX The Sybase PATRIOTcompliance solution operates under Windows 2000, SUN OS, AIX and HP-UX. SunFire 15K/RS6000/Pentium IV 1 ghz/Xeon Sybase has a partner agreement with most hardware vendors. We do not recommend a specific hardware since Sybase products run on all of them. 1.5 GB of memory recommended 10 GB of Hard Drive space is recommended Windows Windows/Browser Java Java/C++ The PATRIOTcompliance Solution runs on Sybase databases for its internal data storage needs, but integrates with financial systems running on Sybase, MS-SQL Server, Oracle, DB2 and UDB, among others. Yes Yes Yes Yes Varies with the implementation Yes Architects and consultants with both USA PATRIOT Act and AML business expertise are available. Pricing is based on the length and complexity of the engagement. Starts at $135,000 Licensing fees are dependant upon the complexity of the solution. License list prices start from $135,000 for a centralized enterprise-wide license and two adapters. Cost changes based on the number of additional adapters required (integration to any Sybase solutions are considered as part of the base configuration regardless of number), fail-over requirements, and the number of separate and independent instances required.
Server Operating System Recommended Server Hardware
Minimum and Recommended RAM Minimum and Recommended Hard Drive Client Platform Client GUI Type Client GUI Programming Language Server Programming Language Database
Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates
Application License Cost
77
SYBASE
Application Maintenance Fee The maintenance rate for each licensed product is determined based upon the level of support desired. Typically, annual solution maintenance fees range between 20% and 25% of the list license fee, depending upon level. User upgrade costs are dependant upon the Customer Service & Support level of maintenance desired by the customer. Implementation fees vary depending upon the size and complexity of the solution as implemented. The scope of the implementation effort is completed during Phase 0 Business Requirements Assessment of the Sybase SAFE implementation process. Implementation is done on a fixed price basis, with simple implementations consisting of a single point of integration priced around $50,000. Multi-system, multi-data points implementations will be slightly higher. Rules based Proprietary Payments/FX Trades/Securities Trades All the above SWIFT /Fedwire/FIX/Any Flat File/Queue/API/SQL Real-time/Batch Neural Network Training/Rules Definition Language/Programming API Rules Definiation Language Easy Workflow Case Management SAR/PACS interface/CTR/Other (please list) SAR, SAR-SF, CTR Customized and other automated statutory reports are available as part of the implementation and configuration. E-mail/Printer-Mail/Electronic E-mail, Electronic, Wireless (PDA, phones, desktop alerts) Automatic/User Initiated Yes OFAC/Other Suspicious Customer Database(s)/Third party name checking DB system Yes Flat file and Queues only XML/SWIFT/Any-Integrated Rendering Definition List of Suspicious Customers. Custom reports based on customer requirements Generate cases for missing data XML/Any-Integrated Parsing Definition Flat file and Queues only Real-time/Batch Create cases for suspicious customers, then added to a cleared list if investiagteions prove not a problem Create case for missing data SAR, customs, internal E-mail/Printer-Mail/Electronic Automatic/User Initiated Yes
Other Points to Emphasize That are not Covered by the Questionnaire
Type of Transaction Monitor Name of Monitor Used Transaction Types Monitored Message Types Monitored Interface to Receive Transaction Data Analysis Occurrence Rule Definition Method Ease of Changing Rules Method for Managing Suspicious Transactions Types of Built-in Surveillance Reports
Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check? Interface with External Resource Ability to Send Data to Other Applications? Interface to Send Data Data Types Sent Types of Built-in User Reports Method for Enforcing Quality of Customer Information Received Data That Can Be Understood Interface to Receive Customer Information Analysis Occurrence Method for Managing Suspicious Customers Method for Managing Incomplete Customer Data Types of Built-in Surveillance Reports Surveillance Reporting Method Surveillance Reporting Occurrence Built-in OFAC Check
78
SYBASE
Interface with External Resources (for example OFAC, other suspicious customer database(s) maintained by 3rd parties, including government lists) Yes Watch list monitoring Supported 1. OFAC SDN Obtained from OFAC, US Treasury. Updated daily, as required. 2. FATF Non-conforming Obtained from Financial Action Task Force that is headquartered in Paris, France. This list is updated as needed. 3. FBI Lists are obtained from the FBI for those customers participating in information sharing between Financial Institutions, the FBI, and Law Enforcement. Access to the information is accomplished by the institution, with integration and security of the lists maintained within the solution. This list is updated daily, or as needed. 4. Company list List is obtained from the institution. This list consists of individuals with which the institution does not wish to do business. This list is updated daily or as needed. 5. Cleared List This list contains those customers or employees that have similar identification keys to those on suspect lists whose identity has been proven not to be the actual individual on the list. This list is then used to prevent false-positives by tying the identification key with account keys to identify related account activity for accounts previously cleared. The list is updated whenever an individual is cleared as part of the verification process. 6. Excluded Lists To support CTR and other processing. Additional lists may be added to the solution as appropriate. This includes, but is not limited to: OFSI; RCMP European Union MOFA (Japanese) Singapore OCC Anti Boycott Foreign Government Officials SEC Sanctions List Trading Symbols Flat file / Queue XML/SWIFT/Any-Integrated Rendering Definition Payments/FX Trades/Securities Trades Any Flat File and Queues SQL/Other Query Type/GUI Selection SAR/CTR/custom designed for internal use KYC/Compliance Helpful links to different usful websites and Knowledge Base information contain institution policies and procedures OFAC, Member banks Flat File Yes Automatic/User Initiated
Interface to Send Data Data Types Sent Transaction Types Stored Message Types Stored Interface to Receive Transactions Lookup Method Types of Built-in Surveillance Reports Subject Type Source of Suspicious Customer Information Interface to Receive and Send Information Ability to Update Central Database? Update Occurrence
79
WORLD-CHECK FILTER
World-Check
Number of employees: 40+ Year founded: 2000 Several international locations Headquartered in: Tennyson House 5th Floor 159 Great Portland St. London, England W1W5PA U.S. Tel: 214-395-4523 U.S. Fax: 214-853-5872 E-mail: contact@world-check.com Website: www.world-check.com
Application Name(s) Application Types Types of Customers Number of Customers Number of Fortune 500 Customers Who are some other clients that use your solution? Automatically screen every customer by downloading the largest commercially available database of known high-risk individuals and businesses. The database can be used with your existing OFAC or name filtering system, or a World-Check software partner can deliver a turn-key solution. The World-Check database covers over 230 countries and over 100,000 sources, with categories ranging from sanctioned entities to known money launderers, fraudsters, terrorists, politically-exposed persons, shell banks and other heightened-risk individuals and businesses. The database is updated twice-daily.
High-Risk Customer Filter Solutions

World-Check High-Risk Customer Filter Solution KYC high-risk customer screening tool Bank/Brokerage/Insurance/Money Remittance/Government/Gaming Over 300 20+ In addition to screening new customers, the World-Check database can be used to screen live transfers and regularly review existing customers. World-Check has over 300 clients in over 50 countries. Clients range from large retail banks to small private banks, investment services, insurance companies and government bodies. Since Jan 2001 Medium & Large (Please see our online solution for an AML-compliance tool for smaller institutions) In addition to serving a general AML purpose by identifying high-risk customers before any damage is done, World-Checks filtering solution also meets several specific compliance purposes, such as screening for sanctioned entities, terrorists, politically-exposed persons and shell banks. Only World-Check proactively builds and maintains a centralized database of profiles on individuals and businesses that are known compliance, money laundering and fraud risks. Each profile features aliases, alternative name spellings, a synopsis of risk, hyperlinks to original sources and links to known associates, amongst other fields. This database allows an institution to automatically screen its customers for known high-risk individuals and businesses. In comparison, research services only provide access to sources and documents, therefore requiring the user to gather and review data one customer at a time. Only World-Check allows financial institutions to regularly review ever y customer with the push of one button, generating instant alerts to any trouble. Using sophisticated research technology, World-Checks international research team updates the database daily as news and information from around the world is collected and analyzed. World-Checks 100,000+ sources include sanction lists, policing alerts, regulatory actions and media sources from around the world providing institutions with a "one-stop" source for screening customers for any compliance, money laundering or fraud risk. The database is used in a variety of both commercial and proprietary filtering systems.
How long has your solution been on the market? Are you a small. medium or a large market solution? Who is your ideal customer?
80
WORLD-CHECK FILTER
Is your product customizable? The World-Check database can be imported into virtually any filtering system. Clients may also choose a World-Check partner to implement and customize the filtering process to their specific needs. The database is highly structured with over 2-dozen fields for each profile in the database. World-Check will also add any publicly-available source to its coverage at no cost at the request of a client. Yes Updates are made to the World-Check database twice-daily, including any sanction list updates. Implementation partners will ensure that their installations meet the clients filtering requirements. World-Checks filtering solution exists entirely at the clients site. No data ever leaves the organization. Yes Yes The systems of World-Checks software partners can accommodate an expanding customer base. World-Checks database is provided on a flat annual subscription basis. There are therefore no additional costs to the client as their customer base grows. World-Check openly solicits the input of clients regarding source coverage. Additions are often made to the database to address new compliance requirements or particular coverage requests of its clients. World-Checks software partners can customize their filters to accommodate specific workflow requirements and fine-tune results. Database queries can be qualified by any World-Check field, such as source, subject, location or any other factor of particular interest. For example, a user could limit a search to only the USA, or only political figures or only the SECO list. World-Checks database is provided on a flat annual subscription basis with no charges or usage limits whatsoever. Software is provided by partners with a one-time license fee and a minimal annual software maintenance fee. Yes Yes As quickly as a couple of days To begin, World-Check intelligence is entirely sourced from the public domain with hyperlinks provided to the original sources. Furthermore, no information ever leaves the clients site, as the database is downloaded and resides locally. With a global presence and customer base in over 50 countries, WorldCheck stays abreast of all compliance and AML issues. New compliance lists, as well as individuals and businesses at the center of current money laundering cases, are added to the database on a daily basis. Clients are therefore always screening against the latest in money laundering news. Yes, according to software providers arrangement. Training is provided as part of the solution along with user manuals.
What fees are involved with this product? Explain whether there are annual licensing fees? Explain whether there are fees based on the number of transactions? Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a free look period or trail period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information?
When new versions of software are developed, does the client have final authority on implementation of the new versions? What type of training is involved with the software? Are their charges for customer service or training-related interactions?
81
WORLD-CHECK FILTER
Architecture Server Operating System Client Platform Client GUI Type Client GUI Programming Language Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Rates Application License Cost Application Maintenance Fee Interface to Receive Transaction Data Built-in OFAC Check? Interface to Receive Customer Information Analysis Occurrence Interface with External Resources Source of Suspicious Customer Information
Technical Data
Interface to Receive and Send Information Ability to Update Central Database?
Update Occurrence
Various platforms available All Any Any Any Yes Yes Yes Yes Project Specific Project Specific Project Specific Varies Any Yes Any Real-time or Batch 100,000+ Sources, plus ability to import own lists World-Check obtains its data from over 100,000 publicly available sources, including sanction lists and news reports. OFAC is just one of these sources. Any Users can anonymously submit names to World-Check for research and inclusion in the database at no cost. Users can also upload their own internal "bad customer" lists. Database updates are made everyday, twice-daily
82
WORLD-CHECK ONLINE
World-Check
Number of employees: 40+ Year founded: 2000 Several international locations Headquartered in: Tennyson House 5th Floor 159 Great Portland St. London, England W1W5PA U.S. Tel: 214-395-4523 U.S. Fax: 214-853-5872 E-mail: contact@world-check.com Website: www.world-check.com
World-Check Online is an entirely Web-based service that enables a financial institution to instantly determine if a customer is a sanctioned entity, money launderer, fraudster, terrorist, politicallyexposed person, shell bank or other known heightened-risk individual or business. Coverage includes over 230 countries and over 100,000 sources, with twice-daily updates. There is not a simpler way to meet enhanced due diligence requirements. No downloads, setup or significant broadband access is required.
World-Check Online
Describe your solution (database, transaction monitoring, case management, investigative) Use World-Checks online service to instantly determine if a customer is a sanctioned entity, money launderer, fraudster, terrorist, politicallyexposed person, shell bank or other known heightened-risk individual or business. Coverage includes over 230 countries and over 100,000 sources, with twice-daily updates. Users may also submit names of suspected high-risk customers to World-Checks research team. If information is found in the public domain confirming their suspicions, a new profile is created and added to the database at no cost. Clients therefore have access to World-Checks research team, as well as the World-Check database. World-Check Online KYC high-risk customer screening tool Bank, Brokerage, Insurance, Money Remittance, Government, Gaming Over 300 20+ World-Check has over 300 clients in over 50 countries. Clients range from large retail banks to small private banks, investment services, insurance companies and government bodies. The online service requires no software or setup and is therefore suited for institutions of all sizes. Since January 2001 Online service scalable to any size The online service is used by smaller institutions as a simple "one-stop" due diligence-compliance tool, and by larger institutions to quickly determine if a customer is a known high-risk entity. A filtering solution is available for larger institutions requiring in-house automation. Only World-Check proactively builds and maintains a centralized database of profiles on individuals and businesses that are known compliance, money laundering and fraud risks. This database allows an institution to instantly and even automatically screen its customers for known high-risk individuals and businesses. In comparison, research services only provide access to sources and therefore require the user to gather and review data one customer at a time. Using sophisticated research technology, World-Checks international research team updates the database daily as news and information from around the world is collected and analyzed. World-Checks 100,000+ sources include sanction lists, policing alerts, regulatory actions and media sources from around the world providing institutions with a "one-stop" source for screening customers for any compliance, money laundering or fraud risk.
Application Name(s) Application Types Types of customers Number of Customers Number of Fortune 500 Customers Who are some other clients that use your solution?
How long has your solution been on the market? Are you a small. medium or a large market solution? Who is your ideal customer?
83
WORLD-CHECK ONLINE
Is your product customizable? Is the solution installed on site? What type of quality assurance will your product provide my company? What steps are taken to test the final product before production? Is confidential information shared over a secured line? World-Check will add any publicly-available source to its coverage at no cost at the request of a client. Online Service no install needed Updates are made to the World-Check database twice-daily, including any sanction list updates. World-Checks online service is formally audited by an international accounting firm to ensure that there are no logs being kept on any user activity. Clients are therefore provided absolute anonymity. Please see "World-Check Filter" for filtering solution. World-Checks online service is provided on a flat annual subscription basis with no charges or usage limits whatsoever. Clients may add additional users at any time. The greater the number of users, the less the cost is per user. World-Check openly solicits the input of clients regarding source coverage. Additions are often made to the database to address new compliance requirements or particular coverage requests of its clients. The World-Check database is highly structured. Users can therefore query the database by source, subject, location or any other factor of particular interest. For example, a user could limit a search to only "financial criminals" from the country of Canada appearing on the "Bank of England" list. World-Checks online service is provided on a flat annual subscription basis with no charges or usage limits whatsoever. Clients may add additional users at any time. The greater the number of users, the lower the cost is per user. Yes Yes
Can your solution process information using the batch processing method? How does the software accommodate change and growth within the clients organization?
How do they adapt to new threats and changes to regulatory requirements? How do they keep their clients informed of these changes? How scalable and flexible is your software? For example: Can the client change the workflow or monitoring process in order to improve efficiency or refine the behaviors it wants to observe? Can the client weight certain items higher then others in the analysis process? Can the client change the output report to focus on items it views as important? What fees are involved with this product? Explain whether there are annual licensing fees? Explain whether there are fees based on the number of transactions? Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a free look period or trail period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information?
What type of training is involved with the software? Are their charges for customer service or training-related interactions?
No implementation required passwords are issued within 24 hours To begin, World-Check intelligence is entirely sourced from the public domain with hyperlinks to the original sources. Furthermore, no logs are generated on user activity. This in fact, is formally certified by a leading accounting firm. With a global presence and customer base in over 50 countries, WorldCheck stays abreast of all compliance and AML issues. New compliance lists, as well as individuals and businesses at the center of current money laundering cases, are added to the database on a daily basis. Clients are therefore always screening against the latest in money laundering news. The online service is extremely intuitive and easy to use. Nonetheless, user manuals and training are readily available.
84
WORLD-CHECK ONLINE
Architecture Server Operating System Recommended Server Hardware Client Platform Client GUI Type Security: Password Protection Method Security: Access Control Based on Different User Privileges Security: User Access Audit Trail Training Available? Training Cost Consulting Available? Consulting Rates Application License Cost Application Maintenance Fee Built-in OFAC Check? Interface with External Resource Types of Built-in User Reports Source of Suspicious Customer Information
Technical Data
Interface to Receive and Send Information Ability to Update Central Database? Update Occurrence
Web service All None Any Browser Yes No No Yes Project Specific Yes Project Specific None None Yes 100,000+ Sources User may generate date and user ID-stamped reports documenting each search for proof of due diligence. World-Check obtains its data from over 100,000 publicly available sources, including sanction lists and news reports. OFAC is just one of these sources. Manual lookup Users can anonymously submit names to World-Check for research and inclusion in the database at no cost. Database updates are made twice daily
85
WORLD COMPLIANCE
World Compliance
Employees: >10 Year founded: 2001 Headquartered in Miami: 123 SE 3rd Ave., Suite 173 Miami, FL 33131 USA Tel: 1-877-258-1877 Fax: 1-305-513-5676 E-mail: info@worldcompliance.com Website: www.worldcompliance.com
Demonstrate to the regulators that you are serious about KYC requirements. WorldCompliance allows you to screen every existing or potential client with a custom-built, due diligence database of more than 600,000 known or suspected terrorists, money launderers, narcotics traffickers, fraudsters and other white-collar criminals, as well as PEPs. Our database contains proprietary investigative research, government sanctions, regulatory warnings and criminal indictments, and is particularly strong in the area of offshore tax havens. WorldCompliance is capable of enhancing other KYC software, including OFAC or transaction-monitoring solutions.
Who are some other clients that use your solution? How long has your solution been on the market? Are you a small, medium or a large market solution? Who is your ideal customer?
Is your product customizable? Is the solution installed on site?
WorldCompliance offers a modular database to automatically or manually protect your compliance risk and your reputational risk. The modules detect known or suspected terrorists, narcotic traffickers, money launderers, fraudsters, and other most wanted criminals, as well as Senior Political Figures and their close associates that are hiding in your client database. The modular structure of the database allows you decide on the level of protection that you feel is necessary for your company. This enables you to build a cost efficient compliance tool to protect your company. WorldCompliance is used worldwide by regulators, banks, broker dealers, financial service providers, auditors, consulting firms and others Since 2001 Due to the modular structure of the database, the solution can be tailored to the budgets of all institutions, being small, medium and large. Regulators, banks, broker dealers, financial service providers of all sizes. Due to the size (info on more than 600,000 blacklisted individuals and companies as well as Senior Political Figures) and the scalability, (ability to select certain Black-lists) WorldCompliance has customers in all segments. WorldCompliances modular solution allows you to tailor a solution to the specific needs of your institution. We make it possible for you to take the risk based approach that is required by the regulators; whether you are a small, medium or large financial institution. Our modular database enables you to select a cost efficient approach. You can choose the level of protection you want to have. Our medium protection has information on app. 100,000 risky individuals and companies. This medium module already offers you a higher protection than most other vendors in this field. If you really want to comply with KYC requirements you can screen your clients against another 500,000 black-listed elements. The choice is yours. Our international research team monitors relevant data from media sources, regulatory bodies, and selected courts worldwide. Our research specialists filter information, select relevant details, build profiles on individuals and companies, and provide you with the underlying information of warnings or actions taken against risky entities. Our data is updated daily to allow you to make sound business decisions on whom to service and who to avoid. Upon licensing, the product is fully customizable, this includes the look, feel and behavior but also the size and content of the database. Yes
86
WORLD COMPLIANCE
What type of quality assurance will your product provide my company? What steps are taken to test the final product before production? Is confidential information shared over a secured line? Does your software solution work with on-line data? Can your solution process information using the batch processing method? How does the software accommodate change and growth within the clients organization? How do they adapt to new threats and changes to regulatory requirements? How do they keep their clients informed of these changes? How scalable and flexible is your software? What fees are involved with this product? Would it be possible for the client to see a demonstration of the product, with actual test data? Does the client have a free look period or trial period to experiment with the software and determine if this really adds value to our bottom line? How long does implementation typically take? What types of limits of liability exist with usage of your product? Does your company hold the exclusive licensing rights to your product/service? How can the client ensure that your company complies with regulatory requirements around data privacy and private customer information? How are you updated on industry or environmental changes around the issue of money laundering? When new versions of software are developed, does the client have final authority on implementation of the new versions? At WorldCompliance we have stringent quality controls on database research and software development, all new products are tested internally and are beta tested with existing customers afterwards. We also offer a money back guarantee for up to two months Yes Yes Yes Due to its scalability the software is well positioned to grow with the companys needs. Product development is largely customer driven. In the event of customers facing new requirements, WorldCompliance quickly incorporates the new necessities into the existing solutions WorldCompliances solutions are fully scalable. This refers to countries chosen, risk categories covered, lists selected. Online Access: Annual membership fee Software Licensing: One time licensing fee + annual fee for data updates. Yes, we actually recommend to clients to prepare a dataset of suspected terrorists, PEPs and money launderers to verify our solutions. Yes, and we often offer money back guarantees
Less than one week WorldCompliance holds the exclusive licensing rights.
This is handled by language in the licensing agreement. In addition, the technological set up of our database does not allow us to monitor or store any customer activities. Membership in associations like ACAMS, ABA and others, regular attendance of conferences as speaker and or delegate, contacts to regulators Yes, naturally all clients have the option to upgrade.
87
ATCHLEY
ATCHLEY
ASI designs, develops, installs and supports Bank Secrecy Act and USA Patriot Act AML related compliance software products to assist banks in establishing more efficient and accurate: currency transaction record keeping and reporting; EFT monitoring and BSA funds transfer record keeping; suspicious activity detection and reporting; OFAC monitoring; and classroom training for each flagship product.
BANKERS SYSTEMS, INC.

Number of employees: 850 Year founded: 1952 Contact name: Melissa Johnson 6815 Saukview Drive St. Cloud, Minnesota 56302 Tel.: 800-397-2341 Fax: 320-251-8110 E-mail: pr@bankerssystems.com Website: www.bankerssystems.com
Bankers Systems, Inc. is the nation's leading provider of compliance resource solutions to financial institutions and their legal counsel. The company's Anti-Money Laundering and PATRIOT Act solutions combine the most respected compliance intelligence and experience with new technology in order to increase productivity, help reduce fraud losses and manage compliance risk. In addition to anti-money laundering and PATRIOT Act solutions, Bankers Systems offers a full line of lending, deposit and IRA software as well as documents, training, and support services.
HOLLAND AND KNIGHT LLP

Holland and Knight LLP
195 Broadway, 24th Floor New York, NY 10007 Tel.: 212-513-3200 Fax: 212-385-9010 Website: www.hklaw.com
Could you be doing business with the wrong people? The government bans transactions with certain parties and the penalties for violations are stiff. KnightGuardian provides a fast, easy way to check if your customers or vendors are prohibited parties. The KnightGuardian system tracks your searches, records your compliance efforts and, as a tailored solution, is supplemented by a comprehensive package of compliance consulting, training and due diligence services that enhance your protection by the system.
88
KB Consulting LLC
Number of employees: 25 Year founded: 1998 New York, NY and Las Vegas, NV Tel: 917-509-7529 Fax: 347-710-9518 E-mail: info@impactaml.com Website: www.impactaml.com
KB Consulting LLC specializes in implementing systems that bring financial services firms into full compliance with anti-money laundering best practices. We perform detailed analysis for clients so that they can make compliance program decisions that effectively balance costs and needs. We provide AML policy and procedure documentation and business workflow integration. Project management and data conversion expertise are provided for transaction monitoring software implementations, as well as vendor service management, integration, testing, and independent audits.
SYFACT
Syfact International BV
Number of full time employees: 50 Year Founded: 1998 Contact name: Christopher J. Carney 1600 Boston-Providence Hwy Walpole, MA 02081 Tel: 508-660-7330 Fax: 508-660-6735 E-mail: chistopher.carney@syfact.com Website: www.syfact.com
The SYFACT application is designed to manage the entire investigative protocol as a critical component of the Anti-Money Laundering process. SYFACTs open architecture design facilitates searches in internal and external systems and registers the search results in SYFACT. The application also enables easy integration with detection tools, providers of negative data, publicly available lists and traditional case management products. Intelligence information is combined with valuable historical suspicious and negative data to create the optimum AML risk mitigation solution. The intelligence gathering, screening and data matching along with the graphical investigative capabilities help clients meet and exceed the requirements of several Regulatory Laws.
XANALYS
Number of full time employees: 47 Year founded: 2000 Contact name: Glenn Conradt 400-1 Totten Pond Road Waltham, MA 02451 Tel.: +1 781-547-5566 Fax: +1 781-547-5565 E-mail: us-sales@xanalys.com
Headquartered in Waltham, MA, Xanalys, LLC, USA is a leading supplier of investigative management software solutions. Xanalys provides a complete, consistent and intelligence-led approach to the investigative process, resulting in sound collaboration, effective resource deployment and credible results. The companys PowerCase is the worlds most comprehensive investigation management system for investigators. PowerCase and the companys complementary investigative analysis solutions are currently in-use by law enforcement, government offices and private-sector companies across the globe.
89
ANTI MONEY LAUNDERING RESOURCES

www.ACAMS.org (Website of Association of Certified Anti-Money Laundering Specialists with a calendar of events, news, bulletin board, list servers, how-to-and how-not-to corners etc., etc.) www.austrac.gov.au (Australian Transaction Reports and Analysis Center website, containing downloadable versions of Australian money laundering laws and regulations and official compliance guides for a wide range of financial institutions) www.bis.org (Bank for International Settlements home page, with links to more than 70 international bank websites) www.complinet.com/ml (Complinets subscriber home page on money laundering, with message boards, directories, news and events.) www.fdic.gov (U.S. Federal Deposit Insurance Corporations website. Includes statistical data on the U.S. banking sector, downloadable versions of laws and regulations applicable to financial institutions, a five-year archive of Financial Institution Letters and Fraud Alerts, and information on suspicious Internet banking) www.federalreserve.gov (Federal Reserve website featuring downloadable versions of the Feds reporting forms) www.fincen.gov (Financial Crimes Enforcement Network (FinCEN) home page, containing Bank Secrecy Act reporting forms) www.fintrac.gc.ca (Financial Transaction and Reports Analysis Centre of Canada. English and French site with links, Canadian guidelines and regulations) www.fsa.gov.uk (U.K. Financial Services Authority (FSA) home page) www.imolin.org (General information and a bibliography on money laundering. Also provides information on various multi-national organizations) www.lavadodinero.com (Money Laundering Alerts Spanish Website: see also www.moneylaundering.com) www.msb.gov (This site was created by the Financial Crimes Enforcement Network to address the needs of a special category of financial institutions under the Bank Secrecy Act (BSA) referred to as Money Services Businesses or MSBs) www.moneylaundering.com (Money Laundering Alerts home page filled news and guidance on the money laundering topic, including more than 300 links to AML private and public sector resources) www1.oecd.org/fatf (Financial Action Task Force website, with FATF Recommendations and money laundering typologies, and links to other international groups) References to Websites are provided for information support only and do not necessarily constitute endorsement.
Websites with Helpful Anti-Money Laundering Material
90
ABOUT ACAMS
About the Association of Certified Anti-Money Laundering Specialists
he Association of Certified Anti-Money Laundering Specialists (ACAMS) is an international membership organization whose mission it is to advance the detection and prevention of money laundering by supporting the professional development of persons in the private and public sectors who lead those efforts. ACAMS provides high quality, industry-relevant member education and benefits, including an international certification program on money laundering detection and prevention skills. Guided by an Advisory Board of distinguished experts, ACAMS is dedicated to providing its members top quality education and career development programs, information exchange and peer networking that advance their skills. Through professional certification, ACAMS members will stand out as leaders in the field. To achieve this goal, ACAMS: Provides a certification and re-certification program for anti-money laundering practitioners based on professional competence, knowledge, study and experience. Advances standards of ethics and professional practice. Enhances collegial and professional relationships among members and with members of other professional organizations. Enhances public awareness of the Association, and of the benefits that its members bring to their organizations. Any individual with an active interest in the prevention and detection of money laundering should join ACAMS. Financial institutions, including securities dealers and insurance companies, government agencies, non-financial trades and businesses and other organizations that employ persons with anti-money laundering responsibilities or who wish to follow developments in the field should join. Since its inauguration in February 2002, close to 1300 professionals have joined ACAMS from more than 55 countries around the globe. For more information about membership or the certification program please contact us at: Association of Certified Anti-Money Laundering Specialists 1101 Brickell Av. Suite 601-S Miami, FL 33131 United States Tel. +1-305-373-0020 Fax +1-305-373-7788 info@acams.org www.ACAMS.org
91
92
3ja101
93
Notes

Anti-Moneylaunderingtechnology: Aml Technology P Roducts & Services

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Anti-Moneylaunderingtechnology: Aml Technology P Roducts & Services

Uploaded by

Copyright:

Available Formats

Anti-Money Laundering Technology

AML Technology Products & Services:

Technology Task Force Members

Technology Task Force Members

Technology Task Force Members (cont.)

Articles & Editorials

available algorithms, each with its own strengths and weaknesses.

track the status of each case review from conception to resolution.

CONDOR BUSINESS SOLUTIONS

HIGH LEVEL ANTI-MONEY LAUNDERING MONITORING APPLICATION

So simple . . . yet so powerful.

AML TECHNOLOGY PRODUCTS AND SERVICES

ACI Proactive Risk Manager

ACL Services, Ltd.

Describe your solution (database, transaction monitoring, case management, investigative)

Who is your ideal customer?

What separates you from your competitors?

Type of Transaction Monitor Name of Monitor Used Transaction Types Monitored

Message Types Monitored

Method for Enforcing Quality of Customer Information

Transaction Types Stored

Message Types Stored

Comprehensive Software Systems, Inc.

Q Securities Processing Software

Explain the process you used in developing this solution?

Is your product customizable?

COMPREHENSIVE SOFTWARE SYSTEMS, INC.

COMPREHENSIVE SOFTWARE SYSTEMS, INC.

COMPREHENSIVE SOFTWARE SYSTEMS, INC.

Condor Business Solutions S.A. de C.V

CONDOR BUSINESS SOLUTIONS

CONDOR BUSINESS SOLUTIONS

CONDOR BUSINESS SOLUTIONS

Explain the process you used in developing this solution?

Is your product customizable?

What separates you from your competitors?

Explain the process you used in developing this solution?

Is your product customizable?

Is the solution installed on site?

What fees are involved with this product?

KESDEE Anti-Money Laundering Course

Who are some other clients that use your solution?

What separates you from your competitors?

Explain the process you used in developing this solution?

Is your product customizable?

Describe your solution (database, transaction monitoring, case management, investigative)

Is the solution installed on site?

Server Programming Language

Ease of Changing Rules

Best Practices for Monitoring Rules

Method for Managing Suspicious Transactions

Types of Built-in Surveillance Reports

Transaction Types Stored Message Types Stored Interface to Receive Transactions

What separates you from your competitors?

Is your product customizable?

Prime Associates, Inc.

PRIME ASSOCIATES, INC.

3 Months Yes, we hold the licensing rights to the product sets

PRIME ASSOCIATES, INC.

Safe Banking Systems

OFAC Agent Suite / SAFE Repors t

SAS Institute Inc.