AML/CTF Model validation – What separates good from bad?
“If models are built on flawed assumptions or poor data, every decision that follows - every alert, every risk score, every report - carries the risk of being incorrect. Validation ensures that what you see and act on reflects the reality of the risks you face. Model validation is the foundation of the entire financial crime compliance framework - from risk assessment to KYC, transaction monitoring, sanctions, and internal controls,” says Chris Kronow-Rasmussen, Director Financial Crime Prevention at Advisense in Denmark and is one of the team of experts working with model validation.
The term “model” in the context of AML/CTF is broad, encompassing the frameworks and systems that guide financial institutions in monitoring and decision-making. These models, especially those used for customer risk classification, transaction monitoring, and sanctions screening, are under intense scrutiny. With regulators tightening the screws, institutions must ensure their models are not only accurate but also continuously improved through validation.
Financial crime continues to increase at a breakneck speed. At the same time, the AML Regulations is is due for implementation in 2027 with more detailed requirements on the AML/CTF performance of financial institutions.
It is only logical that model risk management is gaining prominence with AML/CTF. While model validation has long been a staple for credit and market risk models, its inclusion in AML frameworks is more of a recent development and financial institutions are still catching up to embed and improve validation as a standard process.
The Right Model for the Right Purpose
Every model simplifies reality, introducing a degree of uncertainty known as model risk. Model validation is the tool that helps identify, understand, and reduce this risk. In Sweden and most other jurisdictions, model validation is not just best practice but also a regulatory requirement.
An effective model validation process is the key to accuracy and efficiency in the entire AML/CTF program, from initial risk assessment to suspicious activity reporting and feedback. When initial models are flawed, the entire process suffers, undermining the ability of an institution to detect and prevent financial crime.
What separates good from bad?
The difference between good and sub-optimal model validation is that good validation is in-depth and thorough. It takes operational risks into account and focuses on the overall requirements for sound model development and model management.
This is one of the key observations that Sara Abbaoui, Senior Manager Financial Crime Prevention at Advisense Sweden, comes back to again and again in her experience from both large and small financial institutes.
Deficient documentation as well as an absense of a proper test environment is commonplace. This in combination with a lack of solid management around the models, little or no follow-up on the performance and effectiveness of a model is a recipe for inefficiency.
Sara Abboudi, Senior Manager
Operational risks are important to mitigate, and this can only be done by understanding the model at its core and building effective solutions that quickly indicate when a model is not functioning as intended.
An AML/CTF model validation should hence answer whether models are properly designed for their intended purpose, use sound methodologies, and provide adequate risk coverage. It should also ensure that output such as customer risk classes, transaction alerts, or behavioral indicator are accurate and actionable.
What specific actions should financial institutions look to prioritize to move from bad to good model performance? Summarily, according to Sara Abbaoui, AML/CTF manager may be advised to focus on monitoring model performance through relevant KRIs and KPIs, conducting thorough testing which is fundamental, and documenting the testing in a structured way.
But there is another side to how AML/CTF models often are managed. Models are the responsibility of AML operations the first line, however ideally the responsibility should lie with a person who has expertise in IT and models rather than with a lawyer, who may often lack the skillset to really understand what prerequisites are required for the implementation and management of models. At large financial institutions, responsibility usually lies with a product owner, and it is a team of various developers and personnel who manage and develop the model.
The rise of artificial intelligence and machine learning adds another layer of complexity, demanding even higher standards for validation. As institutions invest heavily in AML/CTF programs, ensuring a return on investment is critical.
Our strength at Advisense when we help our clients is that we have people with extensive experience in the technical development of AML models, who know where to focus time and resources to work risk-based with model risk management. The bottom line is that validation is the ultimate AML/CTF safeguard
Sara Abboudi, Senior Manager
Financial supervisory authorities are expected to continue shining their spotlight on model validation as well. Experience so far pinpoint a range of commonplace issue areas that financial institutions may seek to adress.
Learn more about AML/CTF Model Validation.
Would you like to know more about how structured model validation can strengthen your AML/CTF work? Get in touch
