Model development for AML transaction monitoring

Three elements to model risk management that you need to tackle first

By Carl W. Suplee, Senior Solutions Specialist, SAS Security Intelligence Practice

The development and implementation of model risk management (MRM) for anti-money laundering (AML) transaction monitoring programs is a complex endeavor. There are multiple components to MRM programs, but let’s start with the basics about process, people and technology.


Before creating or enhancing the model development process, firms must understand what they are required to complete throughout the development life-cycle. Begin by reviewing the OCC 2011-12: Supervisory Guidance on Model Risk Management. Also look for existing model risk policies and processes within your firm that could be evaluated and used for AML risk. A good understanding of model risk principles will help you identify the specific steps in development, the data and tools that might be required, the methodologies to exhibit, the key deliverables (output) in each step, and internal roles and responsibilities. Based on experience, firms that have taken the time to test their end-to-end model development process have had the most success in identifying the challenges and bottlenecks, and really determining the right level of resource required (which assists in our second element).

The key is to leverage existing knowledge and experience and apply the lessons learned to continue to build, modify and enhance your AML monitoring program.

I believe there are two rather large potential pitfalls firms can face when creating a model development process: 1.) Over complicating the steps and 2.) Building too many hand-offs of deliverables and tasks throughout the life-cycle. It’s true that a variety of skills sets, including those from the business, technology and analytic teams, are needed, but it will be difficult to manage the life-cycle if hand-offs become cumbersome and complicated.

Another mistake many firms make is failure to involve the associates who do the daily work into the process creation. Sometimes there are complexities or functional requirements that are overlooked when developing a new process that these associates are intimately familiar with. Finally, it is important to get buy-in across the AML organization before implementing a model development process.


Firms should be using existing model risk policies, so the identification of talent should not be new to the firm. Even so, you’ll be more successful in getting the right resources if you first outline and test your model development process – understanding the roles and responsibilities, along with the requirements around separation of duties, is a critical first step in identifying the talent required by your AML program.

Based on experience, firms may under-estimate the full time employees needed for model development because they have not completely vetted the defined process. Model development takes time to plan, study, test, validate, challenge, document and implement. Each of these steps requires time and effort to accomplish according to MRM policy and guidance, and they are not necessarily linear. There may be some back and forth between the steps to ensure quality and effectiveness. Also, the model development life-cycle will require periodic checks and balances to ensure that the documentation and testing is adequate and consistent.

The last point on people is to be careful that you don’t under-estimate the time it takes to onboard new AML model developers. The data and infrastructure, AML compliance knowledge and requirements, and business understanding can all be difficult hurdles for even the most experienced developers that have not done it for an AML organization in the past.

Be creative when searching for talent to meet your various needs, including other compliance and risk functions, or even statistic programs at universities and colleges.


This is where SAS becomes important, but not strictly as a technology provider. Our first step is to work with you to understand your people, and processes. With that insight, we can offer the right technology to help you meet your data requirements for model development in AML.

Data across firms change for a variety of valid reasons, and those changes can impact the models that are used for AML monitoring. We can help ensure there are hooks and methods in both the people, process and technology to maintain lineage and assess the data quality often. Also, firms need to address data challenges, including taking action against the data owners at the firm to ensure their accountability for accurate data. If you cannot accurately monitor your customer’s activity because of poor data quality, then the firm’s regulators are going want expect to see plans to address these issues timely and effectively. We believe we can help with data management, data analytics and governance technologies.

These are just some of the elements and challenges to consider when developing and integrating model risk management to AML model development. The key is to leverage existing knowledge and experience and apply the lessons learned to continue to build, modify and enhance your AML monitoring program. SAS is currently working on upcoming white papers and on-going enhancements to our model development and visualization solutions to improve our capabilities to meet MRM requirements. There is much more to come in 2015, so please keep a look out for more articles introducing new ideas, best practices and tips.

virtual data

Read More AML Best Practices

Get More Insights


Want more Insights from SAS? Subscribe to our Insights newsletter. Or check back often to get more insights on the topics you care about, including analytics, big data, data management, marketing, and risk & fraud.

Back to Top