Applying Lean Six Sigma in the Financial Services Risk Management Environment
Efficient management of the SAR 90-day follow up process streamlined using Lean Six Sigma to meet regulatory requirements
Efficient Management of the SAR 90-Day Follow Up Process
Banks must file complete, accurate, and timely SARs in order for FinCEN, bank supervisory agencies, and law enforcement to gain maximum benefit from the information that is critical to the United States’ ability to utilize financial information to combat terrorism, terrorist financing, money laundering, and other financial crimes. Preparation errors and filing weaknesses, including late submissions, can reduce SAR effectiveness. Good bank risk managers recognize that the quality of SAR content is critical to the adequacy and effectiveness of the suspicious activity reporting system. Generally, effective suspicious activity monitoring and reporting systems include four key interdependent components:
- Identification or alert of unusual activity (which may include: employee identification, law enforcement inquiries, other referrals, and transaction and surveillance monitoring system output)
- Managing alerts
- SAR decision making
- SAR completion and filing
Since one purpose of filing SARs is to identify violations or potential ongoing violations of law to the appropriate law enforcement authorities for criminal investigation, an objective that is accomplished by the filing of a SAR that identifies the activity of concern, FinCEN’s guidelines suggest that banks should review continuing suspicious activity at least every 90 days and, if necessary, file a SAR.
However, this requirement for 90-day post filing review has resource and process implications for financial institutions that have to be managed efficiently.
In this paper, we:
- Briefly indicate the challenges faced by a major global financial services company with the SAR 90 Day Follow Up process.
- Highlight the approaches adopted for helping the company manage through the challenges.
- Review results from the skillful application of lean six sigma methodologies to the challenges.
This global financial institution had US operations that were subject to the 90-Day continuing activity monitoring guidelines from FinCEN. The processes for 90-Day continuing review were similar to the regular review of triggered alerts for suspicious activities. The institution followed a two-step process: An initial review of the SAR, termed the “scrub” process followed by further investigation. This process was duplicative and inefficient. The rolled throughput yield was about 14%. The “scrub” process yielded 30% and the further investigation yielded about 48%. In addition to the duplicative and inefficient review processes, the institution faced the following challenges:
- Anticipated volume surge coming into the 90-day continuing review queues from increasing number of SARs filed by the institution as it dealt with backlogs in its further investigation queues.
- Increasing risk of missing the timeliness requirements in FinCEN’s regulatory guidelines.
- Decreasing productivity per investigator.
- Sourcing adequately trained resources to handle duplicative review processes, and
- Lack of transparency and performance management tools for effective management of the function.
The management challenge was clear:
- Identify specific actions to help optimize both the “scrub” and investigative processes,
- Determine if a “one-touch” process should replace the current two-step review process using productivity differentials as dispositive,
- Create performance management transparency to ensure regulatory guidelines are not missed, and
- Train compliance personnel in the right application of lean six sigma tools to drive the culture for continuous improvement.
We had applied Lean Six Sigma tools in a different process area within the risk management and compliance functions at this institution and knew that they can work if skillfully used. Here again, the initial focus was to establish a fact and data-derived baseline that could provide an accurate view of current performance across the following dimensions: incoming SAR volumes, aging of the SARs, processing costs, productivity, mean and dispersion of review cycle times, and levels of adherence to performance management practices. Having mapped the processes, we then:
- “Walked the process” modifying and validating the as-is 90-Day follow up process map as necessary,
- Worked on a fishbone analysis that identified some 32 root causes limiting desired productivity levels,
- Identified 38 potential solutions to the root causes,
- Prioritized the solutions, weighing potential impact against ease of implementation, winnowing down to 22 potential fixes with 3 high impact solutions,
- Identified some quick hit, near term and longer term opportunities, and
- Developed action plans and recommendations.
The results have truly been remarkable across several dimensions of value to the institution:
- 80% of the review team is now using the ‘one-touch’ process, cutting out the duplicative efforts from the prior two-step process. This has resulted in a 65% improvement in process yield.
- A daily aging ‘vintage’ report is now generated, used for transparency into productivity levels as well as for its predictive value in forecasting risks of non-compliance with regulatory timelines.
- Productivity improved by 66% and cycle time, with the adoption of the ‘onetouch’ process has also decreased by about 50%.
- 100% of SARs have been reviewed within the required regulatory timeline. No SAR has fallen outside that 90-day review period.
- Lean training sessions that were held with line managers and investigators were well received and increasing adoption levels is shown in the team’s application of lean tools and methodologies in the management of their review process, especially with waste identification.
Risk management and compliance functions are no different from other business processes. The 90-day follow up process is a high-risk area for financial institutions. The prior filing of a SAR, while not dispositive, at least suggests that the institution’s review of on-going activity with that account or customer as required by law is an important risk management activity to execute effectively and efficiently. Missing the timeline for conducting the review is unacceptable. The challenge of designing a review process that ensures full adherence to these guidelines, while reflecting an efficient management of compliance resources is attainable. That was accomplished in this case with the noted results as the compelling evidence.