Importance of transaction monitoring cannot be overstated, as it plays a pivotal role in ensuring financial institutions’ compliance with AML/CFT regulations, protecting their reputation, and preventing potential money laundering and terrorist financing activities. Transaction monitoring is a process of understanding the nature and purpose of a transaction initiated or incurred either by the customer or the institution.
Transaction monitoring is one of the requirements of AML/CFT regulations or guidelines, to ensure that money laundering risks are identified and if any related transaction is found, a proper investigation is performed as per applicable regulatory requirements.
The purpose of performing the monitoring of transactions is to understand the nature and purpose of a particular transaction, and to avoid the risks of occurrence of money laundering and terrorist financing.
Without a regular and periodic risk-based transaction monitoring process, institutions cannot identify, or manage the risks of money laundering or terrorist financing activities, leading to potential financial and reputational losses.
Transaction monitoring process should be risk-based, where customers are categorized according to their risk profiles and KYC information. Riskier customers are focused more and strict transaction monitoring rules are defined and applied for high-risk customers.
High-risk customers include politically exposed persons (PEPs), close family members of PEPs, foreign PEPs, customers belonging to high-risk countries or jurisdictions, Casinos, real estate agents or property dealers, transactions related to Non-Profit Organizations, etc.
There are some transactions that are also categorized as high-risk, such as the correspondent banking transactions or other cross border transactions. All transactions including those initiated by customers, third parties, correspondent banking, or wire transfers must be monitored appropriately.
Importance of Transaction Monitoring
Transaction monitoring is based on different parameters, including the KYC information of the customers, established at the time of opening an account or updated later. KYC information provides the business and risk profile of each customer therefore, KYC is considered as a benchmark for the performance of transactions of customers.
Compliance team, while monitoring accounts of customers, cross refer the details with the KYC, to corroborate if the transaction occurred or recorded in their accounts. Customer profiles are used to monitor the transactions and activities undertaken by the customers; therefore, current and updated customer profiles must be maintained. The transaction monitoring process includes a process of comparing customer-specific data with risk scoring models. For high-risk category customers, transaction monitoring is a rigorous and detailed process, to identify the patterns of unusual or inconsistent transactions.
For transaction monitoring the comparisons are made between the account activity volume and value and the historical transaction trend within the account of the customer. Account volume and activity are compared to a set of pre-defined thresholds and rules.
The variance of a transaction or activity from normal threshold or activity levels causes the generation of “alerts” which are scored and totalled at the account or customer levels.
When a score crosses a defined score threshold, then the alert is generated for the review and investigation of the AML team. The AML team focuses solely on studying and understanding transaction data and trends, to effectively perform the monitoring.
Transaction monitoring is based on transaction thresholds, which are set for each customer by the financial institutions. Transaction thresholds are used as a cut-off, the breach of which initiates the red alert of trigger in the AML system, which is then monitored and investigated by the relevant compliance team member.
Transaction thresholds are subject to change, and are linked with the business and risk profile of the relevant customer. Transaction thresholds may be set per day or per period.
To set the transaction thresholds institutions are required to comply with applicable AML/CFT laws and regulations. While setting the transaction threshold the account opening team identifies and understands the customers’ business needs and transactions requirements. This process of understanding customers makes it easier to assess the risk of money laundering or terrorist financing, the identification of which leads to further investigations and application of appropriate enhanced due diligence measures.
There may be a possibility that regulators prescribed the transaction thresholds for different types or categories of customers, therefore identification and application of such regulatory thresholds are necessary for relevant institutions, for compliance purposes.
Transaction monitoring is an ongoing process performed by the MLRO through the defined monitoring processes and review mechanisms. Transactions or activities of the customers are also monitored through the trigger of the red flag or red alert.
Monitoring of a transaction or an activity, due to the generation of the red flag, is an event-based monitoring process. Such event-based monitoring is needed because of a breach of transaction threshold or irregular patterns of inflows or outflows, which may indicate the occurrence of money laundering, corruption, bribery, tax evasion, or terrorist financing risk incidents.
Trigger event monitoring of the customer relationship is likely to be based on a considered identification of transaction characteristics, such as:
The unusual nature of a transaction, such as abnormal size or frequency of the customer transaction or peer group
The nature of a series of transactions
The geographical destination or origin of payment, such as origination of payment or transaction from or to the high-risk country
Certain high-risk indicators must be highlighted, reviewed, and investigated when the related activities and transactions fall outside the expected customer activity or on the breach of predefined transactions threshold. Red flags should be generated irrespective of the amount, customer type, and nature of the transaction.
The number of alerts generated within each bank varies based on several factors, including the number of transactions running through the monitoring system, as well as the rules and thresholds the bank employs within the system to generate the alerts.
Banks typically score alerts based on elements contained in the alert, which in turn determines the alert’s priority.
Banks will typically review and re-optimize their alert programs every 12-18 months. Banks noted that a significant number of alerts are ultimately determined to be “noise” generated by the software. One bank noted that it is working continuously to reduce the “noise” generated by the software and to develop typologies to enrich the data and reveal the most critical information.
Banks focus extensively on the narrative part of the SAR, and in some cases, the managers and investigators usually are from the background of the regulatory job who have experience with ML and financial investigations and possess knowledge about the relevant regulatory requirements.
To tell a clear story of the suspicious activity and then construct the narratives is a good process in SAR. Different tools are used to track the relevant information for the preparation of SAR and its filing.
The information may be the transaction data, customer profile data, and related account activity and information. The system allows the monitoring analyst to check other information databases to pull all available information together into a concise form for analysis, management review, and approval. Investigators focus on determining where the money came from, what happened to it while at the bank and where it went when it left.
After filing of SAR, the bank conducts a post-investigation to determine if suspicious activity continues and if a supplemental SAR is required. In case of a second SAR, the account closure process is required to be initiated. The bank uses the suggested SAR filing tool, to include investigative details before proceeding and/or submitting the SAR.
Transaction investigators also participate in monthly group meetings that provide the ability to discuss issues across various channels. A business group discusses cases or new trends discovered. This allows for cross-training to understand the ML risks that exist within the different processes.
Once a transaction alert is generated by the monitoring system, 6 months of account activity is reviewed. Once a decision is made to initiate an investigation, the alert is entered into the bank’s case management system. At this point, the timeline for filing a SAR starts.
If a SAR is not filed, then the investigator reflects this as an “unfiled case.” Supporting documentation as to why the SAR is not to be filed is included in the respective customer file. An indication as to whether or not the account will continue to be monitored is also mentioned, for reference purposes.
Final Thoughts
Transaction monitoring is an indispensable tool for financial institutions in ensuring compliance with AML/CFT regulations. By understanding the nature and intent of transactions, institutions can effectively identify and mitigate money laundering and terrorist financing risks. Key to this process is a risk-based approach where certain customers and transactions, deemed high-risk, undergo more stringent scrutiny. Factors such as customer KYC information, transaction patterns, and geography play a significant role in this determination.
However, it’s crucial for banks to strike a balance, optimizing their systems to minimize false alerts, while ensuring genuine threats are detected and appropriately reported. Regular reviews, informed by experienced investigators, coupled with evolving methodologies, ensure that the system remains agile and effective in safeguarding both the institution’s reputation and financial integrity.