Performing transaction investigations typically involves reviewing and analyzing financial transactions to identify potential fraud, money laundering, or other financial crimes. Banks focus extensively on the narrative part of the SAR. In some cases, the managers and investigators usually are from the background of the regulatory job and have experience with ML and financial investigations, and possess knowledge about the relevant regulatory requirements.
The ML/TF case investigation is a process that involves the review of historical financial transactions and other related information to identify the root causes of the ML/TF event that occurred in the entity. It involves the analysis of various conditions that highlight the breaches of internal controls and any possible management bias for the actual financial crime incident. The identification process is also a forward-looking activity to assess the possibility of reoccurring financial crime incidents.
To assess the reoccurrence of ML/TF activities in the future in any particular department or function of the company, the investigators analyze the historical and current financial crime trends and incidents to establish the interconnections between them. This connection assessment helps in the prediction of possible future fraud incidents.
Performing Transaction Investigations
Investigation of transaction alerts generated during the period is performed by the compliance AML team, which checks the risk profile of the customer against the transaction generated as an alert. If the risk profile’s detail is not matched with the transaction, the customer obtains information about the nature and purpose of the transaction. If the customer provides appropriate feedback that matches the transaction, the AML team marks the alert as close. The transaction is considered suspicious if the customer does not respond satisfactorily or hides the information.
Transaction investigators also participate in monthly group meetings that provide the ability to discuss issues across various channels. A business group discusses cases or new trends discovered, allowing cross-training to understand the ML risks within the different processes. Once the monitoring system generates a transaction alert, six months of account activity is reviewed. Once a decision is made to initiate an investigation, the alert is entered into the bank’s case management system. The timeline for filing a suspicious activity report or SAR starts at this point.
Different tools track the relevant information for preparing SAR and its filing. The information may be the transaction data, customer profile data, and related account activity and information. The system allows the monitoring analyst to check other information databases to pull all available information into a concise form for analysis, management review, and approval. Investigators focus on determining where the money came from, what happened while at the bank, and where it went when it left.
After the filing of the SAR, the bank conducts a post-investigation to determine if suspicious activity continues and if a supplemental SAR is required. The account closure process must be initiated in case of a second SAR. The bank uses the suggested SAR filing tool to include investigative details before proceeding and/or submitting the SAR.
If a SAR is not filed, the investigator reflects this as an “unfiled case.” The respective customer file includes supporting documentation as to why the SAR is not to be filed. An indication of whether the account will continue to be monitored should also be mentioned for reference purposes.
All the processes and activities are studied to find the controls, weaknesses, and possible avenues the employees or other stakeholders exploit to detect crimes such as fraud. Financial crime detection is an ongoing process that is performed to assess the possibility of the occurrence of fraud in any particular area of the department.
The investigation team may use a database built to record the details of ML/TF risks and incidents, including the progress of their previous investigations. Such databases must be analyzed and monitored continuously to help the management understand the reasons and causes of ML/TF incidents. Therefore, management establishes and implements relevant processes and procedures to prevent similar ML/TF activities. The compliance team may be responsible for periodically reviewing and updating the database to ensure that it remains current and relevant for future ML/TF risk identification and management. The database may be based on different parameters to highlight the criticality of the ML/TF risks and incidents.
It’s important to note that performing transaction investigations can be complex and may require specialized skills and knowledge. If you’re unsure about how to proceed or need assistance, it’s recommended that you consult with a qualified financial professional or legal expert.