An AML model validation determines whether the model is performing as expected and the model is in line with the bank’s objectives and business uses. An effective model validation helps a bank ensure its model is sound; it also identifies any potential limitations and assumptions while assessing the potential impact of those limitations. If the model validation results show any gaps, identifying them is important so that they can be properly and timely remediated.
AML models collect data from different sources to monitor potential AML/Counter Terrorist Financing (CFT)/Sanctions issues using thresholds and/or parameters within rules. Rules were established when the AML model was implemented. If AML models are not regularly reviewed, errors can and do occur adversely impacting a model’s effectiveness in identifying potential suspicious activity. A model may also have a fundamental error that may produce inaccurate outputs when viewed against the design, objective and intended business uses, e.g., incorrect mapping from the core to the AML model could misrepresent transactions, treating debits as credits.
The four components of a model include:
- Governance –who is controlling the system. Policies and procedures should include the regulatory AML framework and define roles and responsibilities of BSA staff
- Input – what gets put into the system
- Processes – baseline rules/profiles, and
- Output – what is of use
Model validations include transaction monitoring/BSA, sanctions screening/OFAC, Know You Customer (KYC)/Customer Due Diligence (CDD)/Enhanced Due Diligence (EDD), and 314(a), etc. or the areas of the BSA compliance program the bank is actually using the model to monitor.
Regulatory Guidance states banks should conduct a periodic review—at least annually but more frequently if warranted. It is important that AML model validations be performed by individuals with sufficient expertise and an appropriate level of independence from the model’s development and implementation.