The process of AML/CFT investigation is an institution usually adopts to identify the possible root cause of identified suspicious transactions and activities. Banks focus extensively on the narrative part of the SAR, and in some cases, the managers and investigators usually are from the background of the regulatory job who have experience with ML and financial investigations and possess knowledge about the relevant regulatory requirements.
The Process of AML/CFT Investigation
The ML/TF case investigation is a process that involves the review of historical financial transactions and other related information, to identify the root causes of the ML/TF event occurred in the entity. It involves the analysis of various conditions that highlight the breaches of internal controls, and any possible management bias for the actual financial crime incident.
The identification process is also a forward-looking activity to assess the possibilities of reoccurrence of financial crime incidents. To assess the reoccurrence of ML/TF activities in the future in any particular department or function of the company, the investigators analyze the historical as well as current financial crime trends and incidents, to establish the inter-connections between them. This connection assessment helps in the prediction of possible future fraud incidents.
Investigation of transaction alerts generated during the period is performed by the Compliance AML team, which checks the risk profile of the customer against the transaction generated as alert. In case the detail of the risk profile is not matched with the transaction, the information is obtained from the customer about the nature and purpose of transaction. If the customer provides appropriate feedback that matches with the transaction, then AML team mark the alert as close. In case the customer doesn’t provide satisfactory response or hides the information then the transaction is considered as suspicious.
Transaction investigators also participate in monthly group meetings that provide the ability to discuss issues across various channels. A business group discusses cases or new trends discovered. This allows for cross-training to understand the ML risks that exist within the different processes. Once a transaction alert is generated by the monitoring system, 6 months of account activity is reviewed. Once a decision is made to initiate an investigation, the alert is entered into the bank’s case management system. At this point, the timeline for filing a suspicious activity report (SAR) starts.
Different tools are used to track the relevant information for the preparation of SAR and its filing. The information may be the transaction data, customer profile data, and related account activity and information. The system allows the monitoring analyst to check other information databases to pull all available information together into a concise form for analysis, management review, and approval. Investigators focus on determining where the money came from, what happened to it while at the bank and where it went when it left.
After filing of SAR, the bank conducts a post-investigation to determine if suspicious activity continues and if a supplemental SAR is required. In case of a second SAR, the account closure process is required to be initiated. The bank uses the suggested SAR filing tool, to include investigative details before proceeding and/or submitting the SAR.
If a SAR is not filed, then the investigator reflects this as an “unfiled case.” Supporting documentation as to why the SAR is not to be filed is included in the respective customer file. An indication as to whether or not the account will continue to be monitored is also mentioned, for reference purposes.
To detect the incidents of crimes such as fraud, all the processes and activities are studied to find the controls weaknesses and possible avenues, which are exploited by the employees or other stakeholders. Financial crime detection is an ongoing process that is performed to assess the possibilities of occurrence of fraud in any particular area of the department.
For investigation purposes, the investigation team may use a database built to record the details of ML/TF risks and incidents, including the details of the progress of their previous investigations. Such databases must be analyzed and monitored on an ongoing basis. This helps management in understanding the reasons and causes of ML/TF incidents, therefore, management establishes and implements relevant processes and procedures to prevent the occurrence of similar ML/TF activities.
The compliance team may be held responsible to periodically review and update the database to ensure that it remains current and relevant for future ML/TF risks identification and management. The database may be based on different parameters to highlight the criticality of the ML/TF risks and incidents.
Final Thoughts
An AML/CTF investigation is the formal examination of suspicious or red-flag activities to determine whether customers or other individuals or entities are using the financial institution in question to launder money. Not all suspicious activities turn out to be money laundering activities, but many organizations believe it is better to err on the side of caution rather than be found in noncompliance, so the AML system is set up to trigger alerts based on a broad set of transaction monitoring rules.