Transactions Monitoring And Periodic Compliance Review: KYC Guidance

Posted in Know Your Customer (KYC) on January 22, 2024
Transactions Monitoring

Transactions monitoring and periodic compliance review. The inherent hazards of the products, services, and volume of transactions must all be considered in a risk-based framework. Whether started by clients, third parties, correspondent banking, or wire transfers, all transactions must be carefully monitored. Customer profiles are used to keep track of the transactions and activities that customers engage in; therefore, they must be kept current and up to date. Comparing customer-specific data with risk scoring algorithms is part of the transaction monitoring process. 

Transactions Monitoring

Transactions Monitoring And Periodic Compliance Review

Transaction monitoring is a thorough and exhaustive procedure for high-risk category consumers to discover trends of unusual or inconsistent transactions.

When it comes to transaction monitoring, it’s critical to employ a “layered” approach to the AML compliance program, which necessitates the selection of tools, data, and intelligence sources and the level to which AML operations rely on them for transaction monitoring. 

Several financial institutions stated that no single instrument can catch everything. The AML transaction monitoring is carried out using a variety of software solutions. Account activity value and volume levels are compared to those of other accounts in a “peer group,” or accounts that are projected to trade in comparable ways over time. 

For transaction monitoring, comparisons are made between the account activity volume and value and the historical transaction trend within the customer’s account. Account volume and activity are compared to a set of pre-defined thresholds and rules. 

The variance of a transaction or activity from normal threshold or activity levels causes the generation of “alerts,” which are scored and totaled at the account or customer levels. When a score crosses a defined score threshold, then the alert is generated for the review and investigation of the AML team. AML team focuses solely on studying and understanding transaction data and trends to effectively perform the monitoring. 

Red Flags – Transaction Monitoring

All activities and transactions that are outside of typical client activity or a specified threshold should raise a “red flag” or alert, which the MLRO or AML team should assess and investigate in collaboration with other appropriate employees. MLRO must guarantee that the red flag process considers all conceivable risk variables, taking into account the consumers’ risk profiles.

Red alert levels are defined for transaction monitoring, and the thresholds are indicated in the automated transaction monitoring system. When thresholds are breached, or unexpected transaction/activity occurs, an alert is triggered, and the AML analyst examines the transaction/activity.

Customer’s Responses

The customer’s responses are requested after the alerts are generated, and once the customer provides appropriate information, the alert is designated as closed by the AML analyst or reviewer. 

Transaction monitoring is an ongoing process performed by the MLRO through the defined monitoring processes and review mechanisms. Transactions or activities of the customers are also monitored through the trigger of the red flag or red alert. 

Monitoring of a transaction or an activity, due to the generation of the red flag, is an event-based monitoring process. Such event-based monitoring is needed because of a breach of transaction threshold or irregular patterns of inflows or outflows, which may indicate the occurrence of money laundering, corruption, bribery, tax evasion, or terrorist financing risk incidents.

Event Monitoring

Trigger event monitoring of the customer relationship is likely to be based on a considered identification of transaction characteristics, such as:

  • the unusual nature of a transaction, such as abnormal size or frequency of the customer transaction or peer group; 
  • the nature of a series of transactions;
  • the geographical destination or origin of payment, such as origination of payment or transaction from or to the high-risk country.

Certain high-risk indicators must be highlighted, reviewed, and investigated when the related activities and transactions fall outside the expected customer activity or on the breach of predefined transactions threshold. Red flags should be generated irrespective of the amount, customer type, and nature of the transaction.

Transactions Monitoring


The amount of warnings created by each bank varies depending on numerous factors, including the number of transactions processed by the monitoring system and the criteria and thresholds used by the bank to generate the alerts. 

Banks usually assign a score to alerts depending on the contents of the alert, which affects the warning’s importance. 

Every 12 to 18 months, banks will evaluate and re-optimize their alert programs. A considerable amount of alarms are ultimately discovered to be “noise” created by the algorithms, according to banks. One bank stated that it is always attempting to decrease the software’s “noise” and establish typologies to enhance the data and expose the most important information.

What Are The Red Flags Which Might Indicate Money Laundering Activity And Terrorist Financing In This Case? 

  • Quite a wide range of activities carried out by the Company. 
  • Lack of substance and employees. 
  • Impairment of assets. Is there a possibility that the investments were acquired at a premium value? If yes why? 
  • Is there a possibility for the loans to have been granted without proper due diligence being carried out/without appropriate collaterals/without appropriate guarantees/without appropriate securities/without a commercial rate of interest/ a repayment period? If yes why? Who granted the loans? Why? What is the commercial rationale? 
  • The issue of the POA to various individuals especially the ones which are quite wide and general. Who has control over the actions of the attorneys? It seems that there are no safeguards to ensure that the attorneys are acting in good faith and the best interests of the company.


Banks place a lot of emphasis on the narrative portion of the SAR, and in certain cases, the managers and investigators come from a regulatory background, with experience with machine learning and financial investigations, as well as awareness of the applicable regulatory standards. 

In SAR, it is useful to provide a clear account of suspicious activities and then develop narratives. Various tools are utilized to track the required information for the production of the SAR and its submission. Transaction data, customer profile data, and associated account activity and information are all examples of information.

The system enables the monitoring analyst to access other databases to compile all accessible data into a comprehensible manner for analysis, management review, and approval. Investigators are trying to figure out where the money came from, what happened to it in the bank, and where it went after it was taken. 

SAR Filing

After filing a SAR, the bank undertakes a post-investigation to see whether suspicious behavior persists and if a supplemental SAR is warranted. In the event of a second SAR, the account closure process must be started. Before proceeding and/or submitting the SAR, the bank uses the suggested SAR filing method to incorporate investigative facts. Transaction investigators also participate in monthly group meetings that provide the ability to discuss issues across various channels. A business group discusses cases or new trends discovered.

This allows for cross-training to understand the ML risks that exist within the different processes. Once the monitoring system generates a transaction alert, 6 months of account activity is reviewed. Once a decision is made to initiate an investigation, the alert is entered into the bank’s case management system. At this point, the timeline for filing a SAR starts.

If a SAR is not filed, then the investigator reflects this as an “unfiled case.” Supporting documentation as to why the SAR is not to be filed is included in the respective customer file. An indication as to whether or not the account will continue to be monitored is also mentioned for reference purposes. 

Final Thoughts

Transaction monitoring is the practice of identifying outlier events such as payments or business arrangements proactively and reactively using rules and data to flag these suspicious transactions for manual review. At its core, transaction monitoring is a necessary practice for organizations that move money on behalf of customers or businesses. It contributes to the prevention of terrorist financing, money laundering, and other malicious financial crimes that pose threats to global security and safety.

Governments have cracked down on organizations that aren’t effectively preventing this type of behavior due to rising rates of money laundering and the implications of related financial crime by passing legislation to hold businesses and people in power at these businesses accountable.