Regular monitoring of transactions and activities is essential for organizations to ensure compliance with regulations and internal policies, detect and prevent fraud, and mitigate risks. All transactions including those initiated by customers, third parties, correspondent banking, or wire transfers must be monitored based on an appropriate monitoring plan.

For planning purpose, the compliance team performs general and specific research about the customer’s risk profiles and consider the existing and potential ML/TF risks. Customer profiles are used to plan and monitor the transactions and activities undertaken by the customers; therefore, current and updated customer profiles must be maintained. The transaction monitoring process includes a process of comparing customer-specific data with risk-scoring models.

For high-risk category customers, detailed planning is required and it requires a rigorous monitoring process, to identify the patterns of unusual or inconsistent transactions. For transaction monitoring comparisons are to be made between the account activity volume and value and the historical transaction trend within the account of the customer, therefore prior planning helps in performing relevant transaction monitoring. Account volume and activity are also considered as part of planning the investigation considering the set of pre-defined transaction thresholds. Red Flags also need to be assessed as part of the transaction monitoring. 

Planning for Regular Monitoring of Transactions and Activities

All the activities and transactions that fall outside the expected customer activity or a certain predefined threshold should be considered to generate a “red flag” or alert, for transaction review by the AML team. AML team should ensure that the red flag mechanism incorporates the possible risk factors considering the risk profiles of the customers.

Red alert thresholds are set for transaction monitoring purposes and the thresholds are marked in the automated transaction monitoring system. Alerts are generated on the breach of the thresholds, or occurrence of unusual transaction/ activity, and the AML analyst investigates such transaction and activity, in which an alert is generated. Responses should also be planned to be gathered from the process owners during the performance of on-site transaction monitoring. 

Transaction monitoring planning is an ongoing process to be performed and supervised by the MLRO. Transaction monitoring planning is also made for investigating the red alerts generated by the AML system. 

Monitoring of a transaction or an activity, due to the generation of a red flag, is an event-based monitoring process. Such event-based monitoring is needed because of a breach of transaction threshold or irregular patterns of inflows or outflows, which may indicate the occurrence of money laundering, corruption, bribery, tax evasion, or terrorist financing risk incidents.

Trigger event monitoring of the customer relationship is likely to be based on a considered identification of transaction characteristics, such as:

• the unusual nature of a transaction, such as abnormal size or frequency of the customer transaction or peer group 
• the nature of a series of transactions
• the geographical destination or origin of payment, such as origination of payment or transaction from or to the high-risk country

Certain high-risk indicators must be highlighted, reviewed, and investigated when the related activities and transactions fall outside the expected customer activity or the breach predefined transactions threshold. Red flags should be generated irrespective of the amount, customer type, and nature of the transaction.

The number of alerts generated within each bank varies based on several factors, including the number of transactions running through the monitoring system, as well as the rules and thresholds the bank employs within the system to generate the alerts. Banks typically score alerts based on elements contained in the alert, which in turn determines the alert’s priority. 

Banks will typically review and re-optimize their alert programs every 12-18 months. Banks noted that a significant number of alerts are ultimately determined to be “noise” generated by the software. One bank noted that it is working continuously to reduce the “noise” generated by the software and to develop typologies to enrich the data and reveal the most critical information.

Banks focus extensively on the narrative part of the SAR, and in some cases, the managers and investigators usually are from the background of the regulatory job and have experience with ML and financial investigations, and possess knowledge about the relevant regulatory requirements. 

To tell a clear story of the suspicious activity and then construct the narratives is a good process in SAR. Different tools are used to track the relevant information for the preparation of SAR and its filing. The information may be the transaction data, customer profile data, and related account activity and information. The system allows the monitoring analyst to check other information databases to pull all available information together into a concise form for analysis, management review, and approval. Investigators focus on determining where the money came from, what happened to it while at the bank, and where it went when it left. 

After the filing of the SAR, the bank conducts a post-investigation to determine if suspicious activity continues and if a supplemental SAR is required. In case of a second SAR, the account closure process is required to be initiated. The bank uses the suggested SAR filing tool, to include investigative details before proceeding and/or submitting the SAR. 

Transaction investigators also participate in monthly group meetings that provide the ability to discuss issues across various channels. A business group discusses cases or new trends discovered. This allows for cross-training to understand the ML risks that exist within the different processes. Once a transaction alert is generated by the monitoring system, 6 months of account activity is reviewed. Once a decision is made to initiate an investigation, the alert is entered into the bank’s case management system. At this point, the timeline for filing a SAR starts.

If a SAR is not filed, then the investigator reflects this as an “unfiled case.” Supporting documentation as to why the SAR is not to be filed is included in the respective customer file. An indication as to whether or not the account will continue to be monitored is also mentioned, for reference purposes.

Final Thoughts

Regular monitoring of transactions and activities is an important part of maintaining the integrity of any organization’s financial system. By planning, organizations can establish an effective monitoring process that helps them detect and prevent irregularities, errors, or fraudulent activities in their financial and operational activities.