AML Security architecture
Dec 14th, 2013 by Jesper Kråkhede
What on earth is AML Security architecture? I sometimes get the question how you create a security architecture for AML (Anti Money Laundering) and I´ll try to answer it here.
A loose definition is that AML is a set of regulation dictating that you have to make sure your financial institution does not take part in laundering money from criminal acts, transfer money to terrorist organisations or in general not get involved in transferring money for criminal use.
So how does an AML Security architecture look like? First of all, it is quite complex and is not easily described in a short text but to start with it involves HR, IT and the executive board together with sections of compliance, auditors and the reporting office.
It all starts with a thorough risk analysis where exposure and threats are identified together with the possible actors and the markets your institution operates in. A special care is taken to identify the specific risks in your services and products. In special where large sums of cash is deposited and where there is a lower need of identification. All places where a lesser degree of identification is needed needs to be investigated in specific.
From there you make a quantification of the risks, make customer risk ratings based on clients geography, business structure, sources of funds, business types, products utilised and other identified risk factors.
Having the risk analysis concluded you identify the current security mechanisms in both technology and processes. You break up the risks into micro risks that could be mitigated with conceptual security mechanism. Taking the business process into account you insert the mechanisms where needed to mitigate the identified risks. This leads to a security architecture implementation program or in this case an AML program.