Blog Header

Making Sense of SR 11-7 Guidelines for BSA / AML

At MountainView Risk & Analytics we provide guidance to clients around Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) models. The scope of our work includes model documentation, model performance assessments, and model conceptual evaluations. Our quantitative expertise, risk management, and compliance background allow us to advise on how SR 11-7 impacts the practices surrounding BSA/AML and risk management. In this blog, Peter Caya breaks down the White Paper, which discusses how the principles of risk management guidance apply to BSA/AML models. Peter is Assistant Vice President at MountainView Risk & Analytics and an anti-money laundering and fraud validation specialist with extensive experience. He is a Certified Anti Money Laundering Specialist (CAMS).

The White Paper was published in response to a joint statement issued on April 9, 2021 by the Board of Governors of the Federal Reserve System, with FDIC, the Office of Comptroller of the Currency in consultation with the Financial Crimes Enforcement Network and the National Credit Union Administration. The statement, referred to as the SR 11-7 mandate, describes the principles of how risk management applies to the BSA and AML models. International organizations and the US government continue to push for governance principles to be applied to money laundering, as it has accelerated in part due to COVID-19. We explain why and how to investigate these AML models in the White Paper.

Typically, the institutions and employees that are working with these models know how they are applied and have direct practical experience related to AML. The missing component is that they often do not understand how model risk management principles apply to these models.  

This is as expected since the history of applying risk management principles to AML models is short. Additionally, the BSA/AML area poses its own unique problems. Criminals are always trying to launder cash from illegal activities and innovating their methods. They use banks, casinos, and art dealers as a few examples to clean money. They are constantly evolving and therefore these models need to be tested often for accountability and accuracy.

We offer guidelines for governing these models, establishing what counts as a model and why it is important. SR 11-7 describes a model as a system within the bank that contains three components. It must have an input component (takes data in), transformation (transforms data) and a reporting component for returning results to the business user. In the White Paper, we provide a succinct outline and flow chart to help determine and rule out anything that may not stand up to the requirements of being a model.

After determining what counts as a model, it’s important to ensure that the model is working correctly. Often this takes the form of three different kinds of analysis: Classification Accuracy, Historic Performance and Sensitivity Testing. These methods verify that banks are testing their models and taking responsibility for them. Our White Paper describes each of these methods in detail.

The White Paper also addresses Handling Third Party Models. It is not uncommon that an outside software vendor has sold a bank software that they can use internally. Software companies might give the institution some idea of what their software does, but often they don’t share the inner workings of the model. How can we help institutions choose a better model to work with? The governance aspect applies to how the bank is managing its relationship with the vendor. Is the vendor providing information on the model as it updates and changes? Is the vendor communicating with the bank? Sometimes vendors might update a model, but not inform the bank of what changes they made or why they made them. This exchange of information is very important to model validation. 

Banks and credit unions still retain responsibility for their BSA/AML models despite bringing in an outside company to provide the model software. The institution is still responsible for performing its own analysis, monitoring its third-party models and conducting its own independent performance testing. They are responsible for understanding the relationship with the model vendor and for making sure the model is working effectively and that its results can be justified. SR 11-7 describes accountability and governs everything in terms of risk management. It clearly puts the responsibility on the institutions.

The information presented in the White Paper is based on firsthand experience and the most up-to-date details and regulations of model risk management as it applies to money laundering. At MountainView Risk & Analytics, we advise based on a wide breadth of experience in model risk management. This experience extends to a specialty in advising compliance professionals and business line users on the management and improvement of software used for fraud and BSA/AML. This is combined with a deep understanding of the quantitative background that these models are built upon that allows greater scrutiny on their performance and mechanics. We invite you to gain more guidance on the SR 11-7 framework by reading our White Paper:How Do the Principles of Model Risk Management Guidance Apply to BSA/AML Models? or contacting our team today.

Written by Peter Caya, CAMS

About the Author
Peter advises financial institutions on the statistical and machine learning models they use to estimate loan losses, or systems used to identify fraud and money laundering. In this role, Peter utilizes his mathematical knowledge, model risk management experience to inform business line users of the risks and strengths of the processes they have in place.

Scroll to Top