Mind the Gaps
AML / Fraud Global Benchmark Survey
06/2009

■ AML / Fraud Global Benchmark Survey 2009
Table of Content
© TONBELLER®
AG
All rights reserved. The content of the document is protected under copyright.
Text and graphics may not be used, reproduced or excerpted in whole or in part
in any manner whatsoever without the prior written permission of TONBELLER®
AG. Siron® is a registered trademark of the TONBELLER AG.
1. Methodology.................................................................. ....... 4
2. Mind the Gaps...................................................................... 8
3. Key Compliance Findings................................................... 12
4. Key Fraud Findings.............................................................. 20
5. Enterprise-Wide Initiatives.................................................... 23
6. Appendix
Compliance Spending and ASP ....................................... 28
7. Closing Remarks ................................................................. 32

Foreword
Financial services companies spend 10.5 percent of their revenue on technology,
more, by far, than any other industry sector. 1
I would argue that no industry is more
dependent on IT to deliver innovation, drive down costs and protect the assets of
customers and other stakeholders against operational risks. With the latter objectives
in mind, an increasingly significant slice of the industry’s IT spend is being directed
towards risk, compliance and other initiatives for fighting financial crime.
In March 2009 Tonbeller published the results of its Money
Laundering & Fraud International Benchmark Survey, Mind
the Gaps, which captured the viewpoints of 152 leading
compliance professionals from around the world.
Traditional approaches to managing money laundering,
which have been defined by the regulatory framework, did
not adequately address the true risk exposure of the finan-
cial institutions. Technology has enabled sophisticated fraud
schemes to work independent of geography, channel or pro-
duct, requiring financial institutions to rethink their ap-
proach to fighting financial crime.
However, compliance is now creating a more risk-aware
culture through the adoption of a risk-based approach that
allows for the assessment and categorization of potential
risks-based on their probability of occurrence and their
impact on the organization.
As insurance companies now come under the same kind of
regulatory scrutiny as the retail banks after 9/11, and are
consequently feeling the need to take action, insurers need
to look at their banking counterparts to comprehend the
challenges and success factors in order to ”mind the gaps”
while building an effective program to fight financial crime
and money laundering at the enterprise level.
Organizations are spending millions of dollars each year on
their compliance programs. However, many senior executi-
ves have become frustrated. Despite the high costs involved
in implementing compliance programs, they are seeing little
business value other than being able to pass an annual
audit. Is an investment in compliance truly a sunken cost or
are there ways to leverage this spending to capture the full
value of your compliance technology investments?
Torsten Mayer
President
1
Source: 2008„State of the CIO survey
of 558 heads of IT. Note: Survey respondents
in financial services, government, health and
wholesale/retail industries said they expect to
be hiring IT staff in the next 12 months.

■ AML / Fraud Global Benchmark Survey 2009
4 5
Methodology

Tonbeller’s Money Laundering & Fraud Global Benchmark Survey draws
on the expertise of 152 compliance professionals working across the
entire financial services sector, bringing viewpoints from 41 countries
around the world.
The 152 participants completed the entire web-based questionnaire of
26 multiple choice questions. The survey was conducted in March 2009
and those who participated were rewarded with a complimentary copy.
The Money Laundering & Fraud Global Benchmark Survey examines the
inputs from the perspectives of geography, line of businesses, function
of organizational roles and organizational size. The majority of ques-
tions have been answered on a scale of 1 (not important) to 4 (very
important) and the answers are an average of the total sum divided
through the 152 participants. Tonbeller will continue to monitor the
financial services sector to detect trends and best practices in efforts to
fighting financial crime.
Figure 1: Which sub-sector within the financial
services industry does your organization belong to?
AB
C
D
E
F
G
H
I
J
K
L
M
# Sub-Sector %
A Leasing 2%
B Other 5%
C Money Services Business 2%
D Investment Management 12%
E Investment Bank 6%
F Payment Cards 2%
G Universal Bank 10%
H Credit Union 3%
I Retail Bank 14%
J Consultant 21%
K Brokerage 10%
L Regulator 3%
M Insurance 10%

■ AML / Fraud Global Benchmark Survey 2009
Figure 2: What is your role within your organization specifically
regarding financial crime or AML compliance?
A
B
C
D
E
F
G
H
I
J
K
L
M
# Role %
A
Money Laundering
Reporting Officer
11%
B
Member of Senior
Management
10%
C
Operational Risk
Management
2%
D Technology & Systems 4%
E Group Head of AML 3%
F External Consultant 10%
G Compliance Officer 22%
H Chief Risk Officer 2%
I Law Enforcement 1%
J Internal Auditor 1%
K External Auditor 1%
L Head of AML 9%
M Regulator 2%
N Analyst 6%
O Other 16%
N
O
Figure 3: How many employees does your organization have?
38%
15%
5%
4%
11%
6%
21%
101-500
501-1000
1001-5000
5001-10000
10001-20000
20001+
10-100
6 7

Figure 4: Participating Regions *
Asia-Pac
8%
5%
Eastern Europe
2%
Middle East & North Africa
7%
Nordics & Baltics
22%
North America
2%
South
America
54%
Western Europe
* = 152 Participants

■ AML / Fraud Global Benchmark Survey 2009
8 9
Mind the Gaps

Examining past, present and potentially future developments in AML
will help to better identify and understand the gaps and leverage
technology spend to gain business value for a compliance program.
Regulation-driven
Many financial institutions have acquired risk and compliance systems
in response to regulations such as Basel II, Sarbanes-Oxley, and Anti-
Money Laundering legislation. Consequently, many financial institu-
tions have multiple piecemeal systems in place for fighting financial
crime. Compliance professionals believe that there is a software
package that can handle every national and international regulatory
compliance issue: the best-of-breed approach, where everyone pursues
what they regard as the perfect solution to their particular challenge
and from their limited perspective, adding up the ticks on the regulato-
ry checklist. But from the point of view of the enterprise as a whole, the
inevitable result is a hemorrhaging of time and money on a succession
of projects, with no end in sight.
Regulation
Driven
Risk
Awareness
Enterprise
Risk &
Compliance
Enterprise-Wide
+ + =
– Banks rushed to
comply after 9/11
– First generation AML
systems were focused
on detecting and
flagging – not on alert
accuracy
– Rule based only
– Silo approach LOBs.
within the same bank
using AML from
competing vendors
– AML approach
driven by risks and
not ticking of the
regulators boxes
– Risk-based
approach
– Risks are also
integrated into KYC
process – including
account opening
– Enhance alert
accuracy
– Creating a holistic
view of AML across
all services, products
and geographies ...
– AML cockpits
– Integration of
AML/Fraud
– Integration with
competing vendors
– Overview of all
financial crimes
Risk Compliance
Cockpits
– Linking compliance
with other risk data
(AML, Credit risk
OpRisk, Market
Abuse, Fraud, ...)
– Integration with CRM
– Risk based pricing
Compliance Business ValueAML Solution Revolution

■ AML / Fraud Global Benchmark Survey 2009
Risk Awareness
Compliance is starting to create a risk-aware culture through the
adoption of a risk-based approach that allows for the assessment and
categorization of potential risks based on their probability of oc-
currence and their impact on the organization. Tonbeller’s experience
has taught us that a risk assessment profile at the regional or branch
level will always be inadequate when compared to a risk assessment
profile at the enterprise level.
Building a risk assessment profile is the perfect opportunity to create
an enterprise risk environment. This will help to eliminate gaps which
divide stakeholders, by finding out what information they have in
common. The most obvious benefit of establishing profiles based on
the true risks associated with crime is prevention. The risk assessment
exercise should be executed in conjunction with the operational risk
manager, as this individual should be the gatekeeper of risk at the
enterprise level, and because money laundering and fraud are defined
as operational risks under the Basel II accord.
Enterprise-wide initiatives
The frequency and variety of fraud and money-laundering schemes are
growing exponentially. An enterprise-wide approach will become a key
defense in the fight against financial crime and will enable financial
institutions to move beyond mere compliance and derive real business
value from their compliance investments.
Financial institutions have millions of customers; therefore they
generate hundreds of millions of customer records, often with many
different products and services distributed across many countries.
Criminals who identify a point of weakness can easily penetrate the
institution’s defenses for the purpose of fraudulent activity, for examp-
le by misrepresenting themselves on an online credit or loan applica-
tion by simply changing the way they spell their name, or by using a
false or stolen identity.
10 11

Therefore, a lot of the money-laundering and fraud schemes are all but
undetectable using data from one account. They only become obvious
when information is examined across multiple accounts. A cash
withdrawal or a new extension of credit on a single account by itself
may appear innocuous, but when seen next to unusual cash activity,
other extensions of new credit, and changes in account contact
information within other accounts held by the same individual, it can
become obvious evidence of fraud. (A good example is the London
bombings where investigators found two bank cards, at two different
bombing sites, belonging to one suspect; by the way, the suspect blew
himself up at the site of the first bombing. The bank cards had different
names of the suspect, but the same address. When investigators went
through his mail they found letters from the bank wanting to know
what steps he was going to take to repay his credit, after missing
several payments.)
Another benefit of rolling out an enterprise-wide program is of course
that it gives you the ability to monitor the effectiveness of your
institution’s financial crime fighting programs centrally. This integration
provides greater insight into the “genetics” of the financial crimes
associated with products, services, channels and regions, as well as
operations at the branch level. Enterprise-wide initiatives not only
mean systems work together, but also people. Consolidating informati-
on across multiple product lines, geographies, operational systems and
transaction types provides a substantial lift in early money laundering
and fraud detection.

■ AML / Fraud Global Benchmark Survey 2009
Key Compliance
Findings

Money laundering is priority number one in the fight against financial
crime. This ranking was independent of the company size, the role of
the participants or their geographies, with the exception of South
American respondents who ranked money laundering (2.0, Figure 5)
and terrorist financing (1.0, Figure 5) with a low priority.
The importance of these two issues in the eyes of compliance
professionals could be explained by the developments in national and
international regulatory driven initiatives such as the third EU
money-laundering directive, which is being implemented across most
of Europe. The Financial Action Task Force (FATF) country evaluations
have also exposed many countries and have provided impetus for
increased scrutiny and enquiry levels by national regulators in order to
refocus their regulatory commitment.
Figure 5: Which financial crimes are your organization‘s
highest priorities for 2009?
0
0,5
1
1,5
2
2,5
3
3,5
4
PolicyholderFraudInternalFraudPOS/ATM
FraudClaim
sFraud
Interm
ediaryFraud
CreditCard
Fraud
M
oneyLaundering
TerroristFinancing
InsiderTrading
FraudIdentityTheft
Importance given on a scale of
1 (not important) to
4 (very important)
2,26 2,97 2,09 2,29 2,49 2,22 3,32 3,03 2,57 2,95

■ AML / Fraud Global Benchmark Survey 2009
The limitation of a one-rule-fits-all (rule-based) approach is demonstra-
ted by the enormous growth in suspicious activity reports (SARs) and
currency transaction reports (CTRs) being filed with regulators. The fact
that the majority of these reports will later be classified as false posi-
tives has resulted in financial organizations adopting a more risk-aware
culture and integrating a risk-based approach into their current AML
program. The big advantage is that financial institutions can allocate
resources according to their risk profile. The big disadvantage is that
financial institutions no longer have a regulatory checklist, in which
they can simply tick the boxes and say we completed every task
required by the regulators.
Regulation demands that institutions validate the identity of their
customers and understand the purpose and nature of their relation-
ship. It enables financial institutions to consistently monitor each
customer and their transactions based on the potential threat that a
client poses to the organization. Therefore, financial institutions are
required to integrate a risk-based approach in their customer due
diligence procedures and especially in their account opening process,
since prevention (stopping criminals from getting access to accounts
and resources in the first place) is the best cure.
14 15

It is not surprising that compliance activities, such as adopting a risk-
based approach (3,52, Figure 6) and enhanced customer due diligence
(3.18, Figure 6) have the highest priority among most survey partici-
pants. However, the first observation that leaps out at us when we start
slicing and dicing the data is Asia-Pacific (3,58, Figure 6) and South
America (3,00, Figure 6) as well as Money Service Businesses (3,00,
Figure 6), which all ranked “Automating the transaction monitoring
process” with a higher priority than adopting a risk-based approach.
This could signal that these regions and lines of business are lagging in
the adoption of basic AML technology. On the other hand, respondents
from Asia-Pacific (3,67, Figure 6) ranked “Establishing an enterprise-
wide AML compliance program” as their highest priority, imply that
even though they might be lagging with the implementation of basic
AML technology, they do have a long-term strategic vision regarding
their compliance programs.
Figure 6: Which compliance activities have the highest
priority in your organization?
0
0,5
1
1,5
2
2,5
3
3,5
4Importance given on a scale of
1 (not important) to
4 (very important)
# Compliance Activity
A Adopting a risk-based approach
B Enhanced customer due diligence
C Automating the case management process
D Automating the transaction monitoring process
E Establishing an enterprise wide AML compliance program
F Integrating AML and fraud data
G Enhancing Know-your-customer processes (customer acceptance)
H Consolidated risk view across all branches and areas
A B C D E F G H
3,52 3,18 2,62 2,89 3,18 2,81 3,17 3,04

■ AML / Fraud Global Benchmark Survey 2009
Organizations’ enthusiasm for a risk-based approach is not only driven
by regulation, but also by an understanding of the operational enhan-
cements and cost efficiencies that it can deliver. By focusing resources
on those areas of greatest risk it allows the financial institutions to fight
financial crime with a customer-centric perspective; customers with
legitimate transactions and business intentions should not have to
experience any interruption.
This demonstrates that regulatory compliance and business drivers can
be aligned to add value, while lowering the overall cost of fighting
financial crime.
Figure 7: Irrespective of your country‘s regulation do you see value
in adopting the risk-based approach?
Not sure we are still
analyzing how to apply
the risk based-approach
7%
No
Yes
2%
91%
16 17

The main obstacles to the successful adoption of a risk-based approach
are poor data quality and access to data that resides in multiple
sources. There is a strong feeling that organizations, regardless of their
size, lack the quality of data which would allow them to identify and
prioritize risk. Moreover, most appear to believe that technology will
not help them to do so, which may explain the higher importance they
place on staff training & education.
If we break down the results shown in Figure 8 by line of business,
regulators (3.67) and leasing companies (4.00) are more critical of data
quality than any other line of businesses. If we examine the figures by
geography, western Europe sees all of the above as more or less equally
important obstacles to successful adoption of the risk-based approach
(lowest ranking 2,51 and highest ranking 2,96, Figure 8). The other
regions - Eastern Europe (3.71, Figure 8), Asia-Pacific (3.50, Figure 8),
Nordic & Baltic (3.27, Figure 8), North America (3.21, Figure 8) and South
America (4.00, Figure 8) - are more focused on the data quality hurdle.
When it came to staff training & education we were surprised to find a
large discrepancy between the two categories Group head of AML
(2.00, Figure 8) and members of senior management (3.01, Figure 8).
Figure 8: What do you believe are the main obstacles to
successfully adopting a risk-based approach?
0
0,5
1
1,5
2
2,5
3
3,5
4
Dataquality
Accessing
m
ultiple
datasources
Importance given on a scale of
1 (not important) to
4 (very important)
3,15 3,01 2,75 2,62 3,02 2,58
Internalcost/resourcesExternalcost/resources
Staff
training
&
educationLackofIT
availability

■ AML / Fraud Global Benchmark Survey 2009
When we asked, “Which compliance activities do you believe will
deliver the greatest business benefit?” the respondents placed the
highest importance on “Adopting the risk-based approach” (3.58,
Figure 9) followed by “Enhancing know-your-customer process
(customer acceptance) (3.24, Figure 9). When we sliced and diced the
responses we found some outsiders: Payment cards (4.0, Figure 9),
money services (4.0, Figure 9) and internal & external auditors (4.0,
Figure 9) still see “Automating the transaction monitoring process” as
delivering the greatest business benefit to their organizations.
With U.S. and international policy-makers – such as the Financial Action
Task Force (FATF) and the European Union – imposing tougher know-
your-customer (KYC) standards for banks they have become increa-
singly important to the prevention of identity-theft fraud, money
laundering and terrorist financing. One aspect of KYC is verifying that
Figure 9: Which compliance activities do you believe will deliver
the greatest business benefit if implemented successfully?
0
0,5
1
1,5
2
2,5
3
3,5
4
Importance given on a scale of
1 (not important) to
4 (very important)
# Compliance Activity
A Risk-based approach
B Enhanced customer due diligence
C Automating the case management process
D Automating the transaction monitoring process
E Establishing an enterprise wide AML compliance program
F Enhancing Know-your-customer process (customer acceptance)
G Consolidated AML reporting view across all branches and areas
H Integrating AML & fraud
A B C D E F G H
3,53 3,11 2,79 3,04 3,22 3,24 2,85 2,88
18 19

the customers are not on any list of known fraudsters, terrorists or
money launderers, such as the Office of Foreign Assets Controls, United
Nations or European Union lists.
Beyond name matching, a key aspect of KYC is to profile the risk of
(potential) new clients before giving them access to the financial
organization’s resources. By focusing account monitoring activities on
clients with a high risk profile, organizations can reduce the overall
burden and expensive investigatory resources can be allocated more
effectively, limiting false positives and increasing the rate of investiga-
tive success. Furthermore, KYC enables financial institutions to fight
financial crime while having minimum impact on customers whose
business transactions and intentions are 100% legitimate.
Geography Risk
Assessment
Channels
ProductsCustomers
Transactions
High Medium
LowUnacceptable
Risk Assessment Model
The Risk Assessment is the foundation for building
a risk based approach. Thereafter financial institutions
should continually monitor and evaluate their risk
profile.
Risk profile is determined by
– Customer features
– Product features
– Channel features
– Transaction features
– Geographic features
– …
Risk levels can be described by four categories
– Low
– Medium
– High
– Unacceptable
The risks will then need to be benchmarked
according to probability of occurrence and their
impact to the organization

■ AML / Fraud Global Benchmark Survey 2009
Key Fraud
Findings

The emergence of internal fraud (2.97, Figure 5) as the top priority
among fraud disciplines represents a significant change in the mindset
of financial organizations. In the past, financial institutions focused
technology spend on fighting external fraud and neglected the threat
of internal fraud. However, intense financial pressures during the
economic crisis have led to an increase in the number of internal fraud-
related crimes. With any economic turnaround still a couple of years
away, more layoffs are still to come and this will continue to jeopardize
internal control systems, making employee, intermediary, third party
contractor and service provider-related fraud the greatest threat in the
current economic environment. Asia-Pacific (3.58, Figure 5) and internal
auditors (4.00, Figure 5) ranked internal fraud as the highest priority
within their respective groups; they seem to understand the correlation
between economic downswings and internal fraudulent activity. We
should mention that identity theft (2.95, Figure 5) was a close second
among all participants.
Figure 10: Among fraud crimes which one do you believe will be
the toughest for your institution to detect?
POS/ATM Fraud
6%
31%
1% Claims Fraud
5%
14%
16%
27%
1%
Identity Theft
Insider Trading Fraud
Intermediary Fraud
Credit Card Fraud
Internal Fraud
Policyholder Fraud

■ AML / Fraud Global Benchmark Survey 2009
“Desperate people do desperate things, commented ACFE President
James D. Ratley, CFE. “Loyal employees have bills to pay and families to
feed. In a good economy, they would never think of committing fraud
against their employers. But organizations must be vigilant during
these turbulent times by ensuring that proper fraud prevention
procedures are in place.“
Figure 11: What are your organization‘s biggest motivations
for managing fraud?
While the direct cost arising from fraud is a significant element to many
financial institutions, organizations recognize that a negative impact on
their reputation can cost them a lot more in the long term than the
immediate financial losses resulting from the fraud. This is because the
failure of a bank to detect fraud will inevitably expose the bank to
much critical media attention, which typically causes widespread
distrust and anger.
0
0,5
1
1,5
2
2,5
3
3,5
4Importance given on a scale of
1 (not important) to
4 (very important)
3,00
Directcostoffraud
Reputationalrisk
Regulatory
Ethical
3,283,603,12
22 23

Enterprise-
wide Initiatives

■ AML / Fraud Global Benchmark Survey 2009
Figure 12: Has your organization started integrating
AML and Fraud?
53% (Figure 12) of respondents are already managing AML either fully
or partially in tandem with fraud. Another 27% (Figure 12) will do so
within the next 24 months. This is a fundamental step towards creating
an enterprise-wide risk compliance program. These two disciplines are
typically handled by separate departments within larger financial
organizations. It is also very common for every individual line of
business to have their own AML and fraud units.
Since the first wave of (regulatory-driven) AML compliance, financial
organizations have started to exploit the synergies between their anti-
money laundering and anti-fraud programs. The key drivers are the
costs of maintaining financial crime programs – which have by far
exceeded everyone’s expectations – and the complexity of organized
crime schemes. These latter are leaving all financial institutions vulner-
able to attack, but especially those financial organizations that have a
silo approach to fighting financial crime.
The response has been an emerging trend of standardizing business
processes and synergies in AML and fraud technologies, which is a first
step in a more strategic restructuring of financial crime programs in
order to create an enterprise-wide compliance and risk program.
See no additional business
value in doing so
Will do so in the
next 12-24 months
Yes, only across selected
geographies and business
units
Yes, across all geographies
and business units
21%
27%
17%
36%
24 25

Asia-Pacific (42%, Figure 12), Eastern Europe (43%, Figure 12) and South
America (50%, Figure 12) are the regions that seem to have the most
catching-up to do; however, nobody in Asia-Pac (0%, Figure 12) or the
Middle East (0%, Figure 12) denied that there is additional business
value to be gained from integrating AML and fraud programs. 64%
(Figure 12) of the insurance companies that responded had already
integrated their AML and fraud programs across all geographies and
business units.
There can be no question that this move towards an enterprise-wide
financial crime program is technologically enabled. In recent years
technology proliferation has left most financial institutions with a silo
of detection and investigation systems operating in isolation across
business lines. In the current economic climate, in which financial
organizations lack both the appetite and the budget for large scale
technology replacement, the emergence of agnostic technology
platforms, able to consolidate information drawn from the numerous
detection systems already in place, provides a means to leverage,
rather than abandon, existing technology investment.
Example – Siron®RCC Risk & Compliance Cockpit

■ AML / Fraud Global Benchmark Survey 2009
Respondents ranked establishing an enterprise-wide AML compliance
program (3.22, Figure 9) just second to adopting a risk-based approach
(3.53, Figure 9) as delivering the greatest business benefit. Moreover,
the larger the financial organization, the higher it ranked the im-
portance of an enterprise-wide AML compliance program.
However, not everyone is convinced that the synergies between their
AML and fraud programs will bring additional business value; 50% of
the organizations with 10001 to 20000 employees as well as 75% of
respondents with the title Group Head of AML.
Figure 13: Which obstacles do you believe are your main
challenges for creating an enterprise wide compliance program?
0
0,5
1
1,5
2
2,5
3
3,5
4
Gaining
executive
levelsupport
Accessing
datafrom
m
ultiple
sources
Importance given on a scale of
1 (not important) to
4 (very important)
2,55 2,81 2,93 2,79 2,70 2,79
Dataquality
Integrating
m
ultiple
AM
L
&
com
pliance
system
s
Group
leveldata
aggregration
&
reporting
Core
IT
infrastructure
26 27
Many of our respondents are banks that are now in the critical imple-
mentation stages of their AML projects and are feeling the pain of the
challenge. According to our survey, the most acute pain is caused by
data quality (2.93, Figure 13). This confirms our experience, based on 38
years as a business intelligence vendor: Ensuring that the data pool is
clean, consistent and credible is a really key issue. The respondents
ranked the next most important challenges as accessing data from
multiply sources, integrating multiple AML & compliance systems, core
IT infrastructure and group level data aggregation & reporting.

Considering the economic rewards, financial organizations must
address these issues, ensuring that the data pool is clean, consistent
and credible. Financial institutions embarking on an AML implementa-
tion to meet regulatory timetables, should also consider how they can
leverage individual compliance programs as a part of a wider effort to
embed enterprise wide compliance and risk within their financial
organizations.

■ AML / Fraud Global Benchmark Survey 2009
Appendix
Compliance spending
and ASP

Figure 14: Do you see investments in compliance being affected
because of the financial crisis?
5%
30%
No, investments have
stayed the same
20%
13%
37%
Yes, investments have
been reduced
Yes, investments have
been increased
Not sure
Without a doubt, compliance spending has become a significant
portion of the IT budget and, while 37% (Figure 14) of the participants
have already witnessed budget reductions and cost-cutting measures.
% 1
Region
67 Middle East & North Africa
57 Eastern Europe
50 South America
48 North America
42 Asia-Pacific
31 Western Europe
27 Nordic & Baltics
1
Participants response per region

■ AML / Fraud Global Benchmark Survey 2009
One can ask when budget cuts will change the way financial organiza-
tions address the deployment of their AML and compliance systems.
Will reducing investments alone be a driver for financial organizations
not only to consider an ASP model, but to realize it in practice.
Figure 15: Has your organization ever considered acquiring
compliance solutions through an ASP model?
No 69%
Yes 31%
Even though only 31% (Figure 15) of the respondents have ever
considered the possible move to an ASP model, they recognized and
acknowledged the key benefits as well as their main concerns.
Figure 16: What are the main benefits that your organization
would expect from an ASP model?
0
0,5
1
1,5
2
2,5
3
3,5
4
Reduced
IT
costconvenience
ofsom
eone
else
m
anaging
the
service
Importance given on a scale of
1 (not important) to
4 (very important)
2,63 2,26 2,55 2,41 2,74
M
inim
izing
up-front
investm
ents
Pay-as-you-go
pricingGain
accessto
industry,
businessand
technology
experts
30 31

Figure 17: What are your organization‘s main concerns when
considering acquiring compliance software through an ASP model?
0
0,5
1
1,5
2
2,5
3
3,5
4Reliabilityofservice
provider
Datasecurityrisks
Importance given on a scale of
1 (not important) to
4 (very important)
3,36 3,39 3,17 2,86 3,01
Dataprotection
law
s
LossoflocalcontrolInabilityto
im
plem
ent
decisionsim
m
ediately
Banks have long been applying Activity Based Costing and Six Sigma
techniques across a range of functions to identify the drivers of costs
and embed operational effectiveness. With compliance and AML in
particular this does not appear to have happened; clients often feel
that AML is simply a “must-do“ and offers no value beyond being able
to pass annual Audits. In practice, banks have discretion over how they
allocate their resources, and there are steps they can take to improve
efficiency and effectiveness.
Without this focus on costs, banks risk losing many of the opportunities
offered by process improvements made elsewhere in the bank; for
example, the benefits of increased automation of payments processing
are undermined if AML controls within the process continue to be
manual and cause downstream disruption.
However, as other functions have been outsourced, some banks have
had success in moving components of the AML process as well, for
example alerts management or customer due diligence data gathering.
In general, banks have had more success where they have outsourced
AML functions along with accompanying operational processes, rather
than in isolation.

■ AML / Fraud Global Benchmark Survey 2009
Closing Remarks

We would like to thank all 152 participants for taking the time to submit
their data for this AML & Fraud Global Benchmark Survey.
We hope that the global insights and benchmarks provided by our
survey will support you in selecting your path toward a better enter-
prise wide compliance and risk program. If you have questions
concerning the survey please contact Paul Hamilton.
Paul Hamilton
Global Alliance Director
Project Manager & Author
pha@tonbeller.com
Office: +49 6251 7000 - 372
Mobile: + 49 172 722 3940
Bengt Hellbach
Manager Marketing & Communications
Layout & Graphic Design
bh@tonbeller.com
Office: +49 6251 7000 - 350

■ AML / Fraud Global Benchmark Survey 2009
TONBELLER AG
Werner-von-Siemens-Straße 2
D-64625 Bensheim
Fon: + 49 (0) 62 51 / 7000 - 0
Fax: + 49 (0) 62 51 / 7000 - 140
info@tonbeller.com
www.tonbeller.com