Ongoing due diligence and monitoring on a risk basis means scrutinizing transactions to determine whether those transactions are consistent with the entities’ information about the customer and the nature and purpose of the business relationship, wherever appropriate. Monitoring transactions also involve identifying changes to the customer profile, such as the customer’s behavior, use of products, and the amounts involved) and keeping it up-to-date, which may require the application of enhanced CDD measures.
Ongoing Due Diligence and Monitoring
Monitoring digital transactions are essential in identifying potentially suspicious transactions, including in the context of VA transactions. Transactions that do not fit the behavior expected from a customer profile or deviate from the usual pattern of transactions may be potentially suspicious.
Monitoring transactions related to digital assets and currencies should be carried out continuously and may also be triggered by specific transactions. Where large volumes of transactions occur regularly, automated systems may be the only realistic method of monitoring transactions, and flagged transactions should go through human/expert analysis to determine if such transactions are suspicious.
Entities and other obliged entities should understand their operating rules, verify their integrity regularly, and check that they account for the identified ML/TF risks associated with VAs, products or services, or VA financial activities.
Obligated entities should adjust the extent and depth of their monitoring in line with their institutional risk assessment and customer risk profiles, including the type of transactions they allow. Suppose entities assess the risks of transfers to or from unhosted wallets as unacceptably high. In that case, the entities may consider subjecting such wallets to enhanced monitoring or limiting or not accepting transactions with such wallets.
Enhanced monitoring should be required for higher-risk situations and extend beyond the immediate transaction between the entities, customer, or counterparty. The adequacy of monitoring systems and the factors that lead entities and other obliged entities to adjust the level of monitoring should be reviewed regularly for continued relevance to their AML/CFT risk program.
Monitoring under a risk-based approach (RBA) allows obliged entities to create monetary or other thresholds to determine which activities will be reviewed. Defined situations or thresholds used for this purpose should be reviewed regularly to assess their adequacy for established risk levels. Entities should document and state clearly the criteria and parameters used for customer segmentation and for allocating a risk level for each cluster of customers, where applicable.
The criteria to decide the frequency and intensity of different monitoring customer or VA product segments should also be transparent. The obliged entities should properly document, retain, and communicate to the relevant personnel and competent national authorities the results of their monitoring of digital assets, as well as any queries raised and resolved.
Ongoing Due Diligence entails routinely monitoring transactions in a customer’s account to ensure that they are consistent with the customer’s business, risk profile, and source of funds. Continuous monitoring is a critical component of effective KYC procedures. The bank can only effectively control and reduce its risk if it understands the customer’s normal and reasonable activity and has the means to identify transactions that deviate from the regular pattern of activity.