5 Common Pitfalls in Effective Transaction Monitoring
Transaction monitoring is a fundamental part of the anti-money laundering program mandated by the Bank Secrecy Act for all financial institutions. The process of monitoring customer transactions such as transfers, deposits, and withdrawals is known as transaction monitoring. Furthermore, transaction monitoring aims to detect suspicious activity that may indicate the likelihood of other financial crimes, such as money laundering and terrorism financing.
Organizations that use inadequate or outdated transaction monitoring systems face extremely challenging compliance processes and, more significantly, they may face penalties for failing to comply with regulations.
It shouldn't be a surprise that financial institutions must use effective transaction monitoring programs to meet a wide range of regulatory requirements. After all, transaction monitoring can help find and stop possible fraud or illegal activity, among other things. Despite its obvious importance, it is often hampered by some common mistakes. In this article, we'll take a look at some of the most common pitfalls in effective transaction monitoring and suggest ways to overcome them.
Some transaction monitoring breaches and fines
- The Central Bank of Ireland recently fined Danske Bank €1,820,000 for three breaches of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended (the CJA). One of the breaches was failing to ensure that its automated transaction monitoring system monitored the transactions of specific categories of customers at its Irish branch for nearly nine years, between 2010 and 2019.
The primary reason for this failure was the use of historic data filters within Danske's automated transaction monitoring system, which was first implemented in 2005 and was rolled out to the Irish branch in 2006. Danske didn't look into how well these old data filters worked in the system, and it didn't make any changes to the system to meet the needs of the CJA when it became law in Ireland in 2010. This led to the mistaken omission from transaction monitoring of some groups of customers, including some customers who Danske thought were high or medium risk. This led to the three CJA violations in this case.
- The Financial Conduct Authority (FCA) fined HSBC £64 million because its automated systems for detecting suspicious transactions were ineffective.
The FCA says that HSBC's systems for transaction monitoring had "serious weaknesses" for eight years, starting in March 2010.
The bank failed in three key areas, according to the regulator: it failed to ensure that the scenarios used to identify indicators of money laundering or terrorist activity were appropriate; it failed to test and update systems; and it failed to ensure that the data entered into its system was accurate and complete.
The need for transaction monitoring
The volume of transactions that transaction monitoring systems should monitor has increased significantly as a result of the expansion of various electronic payment methods and the decline in cash payments. If financial institutions choose to manually scan this data for monitoring purposes, it will take a long time and be easy to make mistakes. This will also hurt the customer experience.
So that suspicious activity reports (SARs) can be sent out correctly, regulators need proof that the system regularly finds suspicious transactions. Transaction monitoring can help FIs demonstrate proof of the program's effectiveness to auditors, regulators, and other stakeholders. According to the FATF guidelines, transaction monitoring is also significant in an AML compliance program.
Common pitfalls to effective transaction monitoring
- There is no primary source of customer information: To clear alerts successfully and efficiently, you need to quickly identify the relevant information you have on the consumer whose transaction caused the alert. You should have the assurance that your customer information is up to date, correct, and does not contradict anything else in your organization.
To begin, it is a major red flag to any regulator if your organization has the necessary consumer data to make an informed decision but is using outdated or inaccurate information in your investigation; or, worse, is unable to locate this information.
Second, the investigation takes longer because people have to look through many files, sources, and teams to find information. This might cause uncertainty and dissatisfaction, leading to poor conclusions by your analysts. It's important to have a clear primary source that you can trust quickly and depend on. - Box-ticking culture: Compliance can sometimes feel more like a check-box activity than a proactive and empowered part of an organization. Transaction monitoring is fundamental to combating financial crime. It would not be exaggerating or incorrect to suggest that good financial crime prevention can save lives by directly preventing terrorism financing and money laundering. Preventing illegal activity should be a primary motivator for transaction monitoring teams, but it is easy to lose sight of this if the governance structure is not well-designed.
It's important for employees to understand how their work affects society and the economy, and compliance shouldn't just be a checkbox activity. - Off-the-shelf transaction monitoring systems: Off-the-shelf transaction monitoring systems are one of, if not the, largest problem. When transaction monitoring systems became a regulatory requirement, many organizations rushed to buy an off-the-shelf system to check the box.
Most likely, these companies didn't know at the time how bad it could be to have an unsuitable transaction monitoring system that isn't tuned to your risks. This is not surprising given that even regulators disagreed on the type of transaction monitoring system required.
While off-the-shelf technologies provided a quick solution at the time, they do not perform as advertised and are a huge waste of resources. In particular, they are costing a lot more in the long run than was first thought. - False positives: As financial institutions expand, more alerts will be generated, increasing the task for transaction monitoring teams. This has the potential to quickly escalate and become uncontrolled. Any sustainable operation should take steps to ensure that workloads remain sustainable and that resources can be targeted based on risk. The most unpleasant aspect for transaction monitoring teams is wasting time on unnecessary and needless false positives. It is a waste of resources, and improving your operation's efficiency should be a top focus.
- Conflicting regulatory approaches: The fact that different regulators have different perspectives on what is permissible in transaction monitoring adds to the compliance hurdles. Consider the case of system alerts. If these alerts are caused by a calibration error, this is acceptable for regulator A and there is no need to review the alert. An alert should be reviewed by regulator B regardless of how it originates. These diverse, inconsistent approaches further complicate an already complex regulatory system.
The bottom line is that it is important to understand your regulatory requirements.
The right balance of automatic and manual systems
The law is not prescriptive when it comes to transaction monitoring, so financial institutions are free to use different strategies. A human approach can use a lot of resources and is less likely to be flexible enough to deal with specific risks, but automated systems could be expensive.
The FCA calls attention to instances of best practices in its Financial Crime Guide, urging financial institutions to think about how they "feed findings from monitoring back into the customer's risk profile" and stressing how important it is to know "what automated transaction monitoring systems can do and what they can't do."
In 2018, the Monetary Authority of Singapore (MAS) released a report by the AML/CFT Industry Partnership (ACIP) that emphasized how important it is to follow legal and regulatory standards, especially when it comes to data privacy.
Legal and regulatory standards are always changing and getting stricter. Financial institutions should be fully aware of the regulatory concerns that apply before starting any analytics operations. If there were obvious differences between the regulatory requirements and the proposed models, FIs would have to figure out how to make or change the models to meet the requirements. Data privacy and protection laws are also important since they regulate the gathering, disclosing, and use of data, especially personal data, in the countries where the FIs operate or have clients. These laws are crucial in addition to AML/CFT requirements.
Even though an efficient transaction monitoring system may use automation, it will still need human help to:
- Scope transaction monitoring that should be documented, along with the evaluation of any extra data (such as IP addresses).
- Adjust the systems and rules, but some "off the shelf" solutions may not be flexible or may require a lot of time and resources to be modified to address new risks.
- Review the potential problems found; these may be related to a variety of financial crime problems, such as fraud, money laundering, or sanctions screening.
- Help financial institutions adhere to legal and regulatory standards, such as reporting suspicious activity and transactions, observing data privacy laws, preventing data breaches, and defending against cyberattacks.
- Based on the scope and complexity, offer reporting to senior management and regulators and carry out assurance efforts.
Each company will need to figure out and record the best way to monitor transactions for its business model and goals. The prevention of financial crime depends heavily on culture, education, and training.
How does Flagright assist financial institutions in carrying out effective transaction monitoring?
Fast becoming a one-stop solution to stop financial crime, and robust systems designed to help financial institutions manage risk, comply with regulations, and improve customer experience, Flagright provides the technology and expertise needed to carry out effective transaction monitoring.
- Case management: Offers a case management feature that enables the investigation of each case independently, assigns priority actions, assigns cases to colleagues, and receives real-time slack alerts.
- Rules management: With Flagright’s transaction monitoring rules that can be customized, you can monitor high transaction amounts, payment frequency, velocity, card counterparty count, and dormancy. You can monitor your customers, legal entities, the end customers of your customers, and so much more – with one powerful solution.
- Risk-based approach: Flagright's solution can assist in the easy configuration of various types of scenarios which automatically monitor different segments of customers against relevant scenarios, and more effectively monitor risks, enabling organizations to satisfy various compliance regulations.
Because of different AML regulations over the years, transaction monitoring has changed to the point where the focus is now on the need for financial institutions to do ongoing monitoring of their customer relationships. Financial institutions have made enormous investments in response, but authorities from a number of different jurisdictions still penalize organizations that don't effectively do transaction monitoring.
Flagright gives you everything you need to stop financial crime, such as real-time transaction monitoring, dynamic customer risk scoring, KYC/KYC and ID verification, sanctions and crypto sanctions screening, a bad actor database, and an automated fintech licensing application.
Contact us to schedule a free demo.