Anti-money laundering program: Why good software implementation is critical

To deliver an effective, compliant fraud and anti-money laundering (AML) program, many firms decide to partner with a regulatory technology (RegTech) vendor. The vendor evaluation process often focuses on factors like the scope and quality of their data, ease of use, and coverage of relevant industries. 

While all of these are important, one often overlooked factor is implementation. How vendors implement their clients’ AML programs is critical. A slow implementation process risks undermining the customer experience and delaying the roll-out of new products and services. Poor support over time can become a chronic issue weighing compliance teams down if, for example, the ability to add new rules and capabilities is impacted.

So how can firms assess what ‘good’ looks like when it comes to implementation? Here are five top considerations.

Implementation of anti-money laundering software: Five top considerations

1. Pre-built rules and collateral

While onboarding times will vary based on the complexity of the implementation and specific client requirements, there are steps vendors can take to make this smoother. For AML solutions like transaction monitoring and screening, one important feature compliance teams should look for is ‘plug and play’ capabilities that make the set-up process more efficient. Offering a pre-built library of rules and typologies is one good example of this. In addition to demonstrating what a best practice program looks like, these libraries can help teams get set up quickly, without the need to build everything from scratch. 

In addition to pre-built rules, firms should ask vendors about the collateral they provide to support implementation. This may include a rule library, API guide, dummy data for testing, and more. All of these help clients to get started more quickly and mean they can get up-to-speed in their own time.

Vendors should be realistic about the length of the implementation process, though. With cost-effective solutions and the right resources prepared on the client side, implementation times can be as short as two weeks.

2. A personalized approach

‘Out of the box’ features such as a REST API need to be supported by in-house technical and personnel skills to manage complex, customized implementation requests. Some clients will inevitably have bespoke rule sets they need to manage or particular challenges with the structure or quality of their data. This must be considered upfront to ensure the fraud and AML detection system works effectively post-implementation. To manage this complex array of requests, firms should ask vendors how they manage the implementation process. A best practice approach is for each client to have a dedicated implementation consultant who will support them through to go-live, ensuring continuity of service and a speedy response to inevitable questions and challenges. Ideally, this consultant will be flexible about working remotely or on-site with the customer, based on what will enable them to progress more effectively.

TransferMate, one of the world’s leading B2B payments infrastructure-as-a-service companies, enables individuals to make seamless, cost-effective cross-border payments. But operating across more than 201 countries and 141 currencies means the risks and typologies their team must monitor for are not always captured by pre-built rule sets. During its implementation process with ComplyAdvantage, the two teams communicated almost daily. Alex Clements, Global Head of Financial Investigations and Monitoring at ComplyAdvantage, described this as a “one team, two organizations” approach. The company worked with ComplyAdvantage implementation consultants to define its data model and scope out the bespoke rules it wanted to build for transaction risk management. ComplyAdvantage used its industry expertise to help TransferMate achieve its goals, sharing ideas and best practices.

3. Strong industry knowledge

Some regtech vendors will also specialize in supporting certain markets like digital banking or payments. Others have a broad suite of clients, with implementation and customer success teams dedicated to each. While both approaches can make for a successful business, firms should ensure their vendor has experience with relevant firms in their space. This will enable greater out-of-the-box thinking when solving inevitable challenges and roadblocks. This also empowers implementation teams to be proactive, offering creative solutions that can help firms get to their intended solution more quickly or efficiently than they had anticipated.

Hampshire Trust Bank (HTB), a specialist bank based in the UK that provides business finance, mortgage, and development finance solutions, has compliance challenges unique to its business model. By working with an experienced implementation team at ComplyAdvantage, the bank is able to, for example, look at how to optimize the application of its transaction monitoring rules for specific customer segments that may operate in particular ways.

4. Sandboxing and an iterative mindset

From day one of implementation, the best vendors will have a ‘test and iterate’ mindset. This should begin with a sandbox, enabling integration to start immediately. A sandbox approach also means implementation can be phased, with deliverables that are ready starting immediately while work on other areas of the solution is ongoing.

The intersection of implementation and customer success is also critical. Customer success managers will be their clients’ front-line representatives when explaining and working through the roll-out of new vendor features, or when managing client requests for new capabilities. A knowledgeable and engaged customer success manager can also proactively recommend optimizations based on their experience working with other similar clients. As Robin Jeffrey, Head of Transformation at HTB explained about working with ComplyAdvantage: “Other products we reviewed on the market were more rigid. ComplyAdvantage enables us to focus on continual improvement, adapting the platform as we learn and as the world evolves.”

5. Agile to changing risks

It’s also important for firms to remember that implementation is not a ‘one-and-done’ process. Compliance decision-makers should evaluate firms’ ability to support changes over time as new risks emerge. Look for a firm that offers features like the ability to build new rules quickly without the need to raise a time-consuming support ticket. Waiting for a vendor’s IT team to implement a change to risk thresholds based, for example, on new information from law enforcement could lead to criminal behavior going undetected for weeks, or even months.

Overseas payments and foreign exchange provider Lumon found itself needing to react quickly in the early stages of the pandemic when it saw a sudden increase in COVID-related investment fraud. “ Within 48 hours of identifying this, Lumon developed and deployed new rule sets to combat the threat and prevent more customers from falling victim to scams” explains Alessio Giorgi, the firm’s Head of Compliance and MLRO.