The red flag mechanisms in banking serve as crucial early warning systems, identifying suspicious activities that might indicate potential money laundering, fraud, or other illicit financial behaviors. All the activities and transactions that fall outside the expected customer activity or certain predefined threshold, should generate a “red flag” or alert, for review and investigation by the money laundering reporting officer (MLRO) or anti-money laundering (AML) team, in coordination with other relevant staff.
MLRO must ensure that the red flag mechanism incorporates the possible risk factors considering the risk profiles of the customers. Red alert thresholds are set for transaction monitoring purposes and the thresholds are marked in the automated transaction monitoring system.
Transaction alerts are generated on the breach of the thresholds, or occurrence of unusual transaction/ activity, and the AML analyst investigates such transaction and activity, in which an alert is generated.
Responses are sought from the customer on the generation of alerts and the satisfactory provision of information from the respective customer, the alert is marked as closed by the AML analyst or reviewer.
The number of alerts generated within each bank varies based on several factors, including the number of transactions running through the monitoring system, as well as the rules and thresholds the bank employs within the system to generate the alerts.
Banks typically score alerts based on elements contained in the alert, which in turn determines the alert’s priority.
Banks will typically review and re-optimize their alert programs every 12-18 months. Banks noted that a significant number of alerts are ultimately determined to be “noise” generated by the software. One bank noted that it is working continuously to reduce the “noise” generated by the software and to develop typologies to enrich the data and reveal the most critical information.
The Red Flag Mechanisms in Banking
What are the red flags which might indicate money laundering activity and/or terrorist financing in this case?
- Quite a wide range of activities carried out by the Company.
- Lack of substance and employees.
- Impairment of assets. Is there a possibility that the investments were acquired at a premium value? If yes, why?
- Is there a possibility for the loans to have been granted without proper due diligence being carried out/without appropriate collaterals/without appropriate guarantees/without appropriate securities/without a commercial rate of interest/ a repayment period? If yes, why? Who granted the loans? Why? What is the commercial rationale?
Below are some examples of event-based trigger points that are considered as red alerts for money laundering and require reviews and investigation of relevant transaction data points:
- Frequent cross border flow of transactions especially with high-risk countries
- A large amount of cash deposit in smaller portions
- A large amount of cash deposited in an account, at once
- Unidentified beneficiary of transaction
- Payment received in account, not matched with goods shipped (trade-based money laundering)
- Unexpected repayment of overdue credit amount
- Transaction inconsistent with customer’s business profile
- Deposit or transfer of funds, without any specific justification
- Transactions made for significant investment
- A sudden increase in the number/ value of deposits or credits
- The sudden increase in the large deposit in the dormant accounts.
In efforts to mitigate money laundering and terrorist financing, banks utilize automated transaction monitoring systems to flag irregular activities that breach predefined thresholds. These “red flags” prompt investigation by the MLRO or the AML team. Notably, the efficacy of this system relies heavily on its configuration, influenced by the risk profile of the customer. Consequently, banks face the challenge of “noise” or false alerts, requiring periodic refinement of their alert programs.
Potential red flags in money laundering include, but aren’t limited to, unusual cross-border transactions, cash deposits in varying sums or lump sums, transactions that don’t match customer profiles, and activities in dormant accounts. A company’s broad activities, coupled with anomalies like asset impairments, non-transparent lending practices, or unexplained premium-value investments, further underscore the need for vigilance and comprehensive reviews.