A Strategic Guide to AML KPIs and KRIs for Fintech Financial Crimes Officers

In the rapidly evolving world of financial technology, staying ahead of Anti-Money Laundering (AML) and Office of Foreign Assets Control (OFAC) compliance isn't just a regulatory requirement, it's a strategic imperative. Heading into 2025, Financial Crimes Officers are facing increasing pressure to demonstrate the effectiveness and risk management of their compliance programs.

As a Financial Crimes Officer with a Fintech, you likely have a functioning Financial Crimes Program, inclusive of AML and OFAC, that is rapidly maturing. Your goal for 2025 is to add Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to your existing monthly reporting deck. Reporting on KPIs and KRIs has been a top request by executive management and the Board of Directors, and you finally have the data to support the initiative for next year. Where do you start?

Understanding KPIs and KRIs: More Than Just Metrics

KPIs and KRIs cannot be implemented without the quality data that support them. Once those data have been collected, they become powerful storytelling tools that:

• Provide meaningful, measurable insights into your AML/OFAC program's health.
• Convey the effectiveness of your compliance efforts.
• Highlight potential risks before they become critical issues.

Typically visualized on a color-coded continuum—green (goal), yellow (transition), and red (unacceptable)—these indicators transform raw data into actionable intelligence.

KPIs: Measuring Performance with Precision

When we think of performance, we think of productivity and efficiency. Therefore, a KPI is a measure of how well the Financial Crimes Department is meeting its objective, which is usually a Service-Level Agreement (SLA) written into procedure. Two possible objectives could be: 1) staying current and meeting SLAs with respect to alert clearing, case working, and SAR filing functions; or 2) staying current and meeting SLAs with respect to OFAC clearing functions.

The data for OFAC KPIs should be readily available in the Fintech’s OFAC scanning systems. If the data haven’t been gathered and documented over the past twelve months, you might have to go back through the system to gather the prior month’s data for the KPI.

Let's review two possible KPIs for working OFAC alerts. The numbers and thresholds used here to describe the KPIs are for illustration only. Every Fintech will have its own requirements and thresholds for working OFAC alerts. 

KPI Scenario

Let's assume the Fintech SLAs require OFAC alerts on wires to be worked and dispositioned in 15 minutes, meaning the 16-minute mark could be the start of the yellow zone, and the 20-minute mark could be the start of the red zone. In this scenario, the Fintech worked 1,000 OFAC alerts during the month. 800 were worked in 10 minutes, 100 in 15 minutes, all meeting the SLA, but another 100 were worked in 22 minutes. By tracking two critical metrics, we can gain  some comprehensive insights:    

Average Alert Processing Time

This tells a story about how long it took to work OFAC alerts in the aggregate, but it wouldn’t convey any information about whether some were worked extremely quickly, and some worked well outside of the SLA, but they averaged out in the middle. For this scenario, the average time to work OFAC alerts was 11.7, well into the green zone. (But remember, 100 were worked outside of the SLA).

Alerts Processed Outside SLA

The 100 OFAC alerts (10% of 1,000) that were worked outside of the SLA time limit tell a very different story and require a different measure. The Fintech needs to decide how many, or what percentage, of OFAC alerts worked outside of the SLA is in the green zone, how many alerts worked outside of the SLA would be in the yellow zone, and how many would be in the red zone. Example, 1% to 3% of alerts worked outside of the SLA may fall within the yellow zone, and greater than 3% of alerts worked outside of the SLA may fall within the red zone. For the data above, working 100 alerts outside the SLA would fall into the red zone for this Fintech.

The Fintech could report both KPIs. The first one regarding averages is an excellent way to see trends over time. If that average of 11.7 minutes starts climbing closer and closer to 15, it would be easy to see. The second KPI regarding the number of alerts worked outside of the SLA is better at reporting anomalies that are often hidden by averages.

Implementing KPIs and KRIs: A Six-Step Strategic Approach

1. Identify Meaningful Metrics - The Fintech Financial Crimes Officer should determine what aspect of performance or risk is being reported on. Focus on data that tell a compelling compliance story.
2. Analyze Historical Data - The Financial Crimes Officer needs to ensure that there are enough data on which to base KPI and KRI thresholds, and that the data are reliable. The data need to be obtained the same way, using the same procedure, each month.
3. Define Thresholds Collaboratively - Determine, with input from others, what the thresholds will be for each KPI and KRI. At what point does the Fintech believe they go from the green zone to the yellow zone, and from the yellow zone to the red zone? Be sure you can support and justify the selection of the thresholds. Ask others to poke holes in the thresholds in what is called a "credible challenge," and document the process.
4. Create Test Reports - Using existing data, create KPI and KRI reports for a test month, and then create what the KPI and KRI reports would have looked like a year in arrears. This creates comparative data to determine reasonable outcomes. This "reasonableness review" might result in some of the thresholds being adjusted, which is fine as long as the adjustments can be justified.
5. Internal Quarterly Review - Run the KPI and KRI reports internally by the AML department for a calendar quarter to review how they will perform before reporting on them to a wider audience. Document this review as well.
6. Expand Reporting - Once the KPIs and KRIs are deemed to be accurate and meaningful, they can be included in reports to a wider audience. 

Be sure to document the procedure used to compile the KPIs and KRIs, including the data that support them.

The Path Forward

Preparing accurate and meaningful KPIs and KRIs for 2025 starts now. By investing time in strategic planning and testing, Fintech Financial Crimes Officers can transform AML compliance from a cost center to a value-driven function that provides critical business insights.