Transaction monitoring is critical in any business.. All transactions including those initiated by customers, third parties, correspondent banking, or wire transfers must be monitored appropriately. Customer profiles are used to monitor the transactions and activities undertaken by the customers; therefore, current and updated customer profiles must be maintained. The transaction monitoring process includes a process of comparing customer-specific data with risk scoring models.
For high-risk category customers, transaction monitoring is a rigorous and detailed process, to identify the patterns of unusual or inconsistent transactions.
For transaction monitoring the comparisons are made between the account activity volume and value and the historical transaction trend within the account of the customer. Account volume and activity are compared to a set of pre-defined thresholds and rules.
The variance of a transaction or activity from normal threshold or activity levels causes the generation of “alerts” which are scored and totaled at the account or customer levels. When a score crosses a defined score threshold, then the alert is generated for the review and investigation of the AML team. AML team focuses solely on studying and understanding transaction data and trends, to effectively perform the monitoring.
Red Flags – Transaction Monitoring
All the activities and transactions that fall outside the expected customer activity or certain predefined threshold, should generate a “red flag” or alert, for review and investigation by the MLRO or AML team, in coordination with other relevant staff. MLRO must ensure that the red flag mechanism incorporates the possible risk factors considering the risk profiles of the customers. Red alert thresholds are set for transaction monitoring purposes and the thresholds are marked in the automated transaction monitoring system. Alerts are generated on the breach of the thresholds, or occurrence of unusual transaction/ activity, and the AML analyst investigates such transaction and activity, in which an alert is generated.
Responses are sought from the customer on the generation of alerts and the satisfactory provision of information from the respective customer, the alert is marked as closed by the AML analyst or reviewer.
Transaction monitoring is an ongoing process performed by the MLRO through the defined monitoring processes and review mechanisms. Transactions or activities of the customers are also monitored through the trigger of the red flag or red alert.
Monitoring of a transaction or an activity, due to the generation of the red flag, is an event-based monitoring process. Such event-based monitoring is needed because of a breach of transaction threshold or irregular patterns of inflows or outflows, which may indicate the occurrence of money laundering, corruption, bribery, tax evasion, or terrorist financing risk incidents.
Trigger event monitoring of the customer relationship is likely to be based on a considered identification of transaction characteristics, such as:
- The unusual nature of a transaction, such as abnormal size or frequency of the customer transaction or peer group
- The nature of a series of transactions
- The geographical destination or origin of payment, such as origination of payment or transaction from or to the high-risk country
High-Risk Indicators
Certain high-risk indicators must be highlighted, reviewed, and investigated when the related activities and transactions fall outside the expected customer activity or on the breach of predefined transactions threshold. Red flags should be generated irrespective of the amount, customer type, and nature of the transaction.
The number of alerts generated within each bank varies based on several factors, including the number of transactions running through the monitoring system, as well as the rules and thresholds the bank employs within the system to generate the alerts. Banks typically score alerts based on elements contained in the alert, which in turn determines the alert’s priority.
Banks will typically review and re-optimize their alert programs every 12-18 months. Banks noted that a significant number of alerts are ultimately determined to be “noise” generated by the software. One bank noted that it is working continuously to reduce the “noise” generated by the software and to develop typologies to enrich the data and reveal the most critical information.
Banks focus extensively on the narrative part of the SAR, and in some cases, the managers and investigators usually are from the background of the regulatory job who have experience with ML and financial investigations and possess knowledge about the relevant regulatory requirements.
To tell a clear story of the suspicious activity and then construct the narratives is a good process in SAR. Different tools are used to track the relevant information for the preparation of SAR and its filing. The information may be the transaction data, customer profile data, and related account activity and information. The system allows the monitoring analyst to check other information databases to pull all available information together into a concise form for analysis, management review, and approval. Investigators focus on determining where the money came from, what happened to it while at the bank and where it went when it left.
After filing of SAR, the bank conducts a post-investigation to determine if suspicious activity continues and if a supplemental SAR is required. In case of a second SAR, the account closure process is required to be initiated. The bank uses the suggested SAR filing tool, to include investigative details before proceeding and/or submitting the SAR.
Transaction investigators also participate in monthly group meetings that provide the ability to discuss issues across various channels. A business group discusses cases or new trends discovered. This allows for cross-training to understand the ML risks that exist within the different processes. Once a transaction alert is generated by the monitoring system, 6 months of account activity is reviewed. Once a decision is made to initiate an investigation, the alert is entered into the bank’s case management system. At this point, the timeline for filing a SAR starts.
If a SAR is not filed, then the investigator reflects this as an “unfiled case.” Supporting documentation as to why the SAR is not to be filed is included in the respective customer file. An indication as to whether or not the account will continue to be monitored is also mentioned, for reference purposes.
Final Thoughts
Transaction monitoring is the process of monitoring customer transactions, which includes analyzing historical/current customer information and interactions to provide a complete picture of customer activity. Transfers, deposits, and withdrawals are all examples of this. Most financial institutions will use software to analyze this data automatically.