Transaction monitoring is not always top of mind for non-financial reporting entities, as handling transactions is generally more common for financial institutions who deal with large sums of money all the time. And it’s true, banks and other financial services deal with higher monetary risks due to the nature of their business, but we shouldn’t forget that transaction monitoring needs to be incorporated into all our AML compliance programmes, whatever the nature of business.
What is transaction monitoring?
Put simply, AML transaction monitoring is the ongoing process of reviewing customer activity to identify suspicious behaviour that could be indicative of money laundering or other criminal activity. Activity reviewed should include customer transactions, transfers, deposits and withdrawals.
Transaction monitoring is a critical element of an effective AML compliance programme even if it sometimes feels like a complex and time-consuming process. It’s a necessary step in preventing money laundering, and by taking the time to monitor transactions closely, you can help keep you customers and businesses safe from criminal activity and potential hefty regulator fines.
Detecting suspicious activity
There are a number of ways criminal activity can be disguised. It could be as simple as a customer ‘accidentally’ depositing two payments into a legal firms trust account to finance a mortgage instead of one payment, or a ‘benevolent relative’ from overseas depositing money into a bank account.
Putting money through a trusted bank account is just one method criminals may use to launder money, and red flags should be raised in these scenarios. This is when having a robust KYC and customer due diligence process in place is essential. If the ‘transaction’ doesn’t fit in with what you know about your customer, you will need to conduct enhanced customer due diligence. And, if you do find a reason to suspect money laundering activity you must submit a suspicious activity report (SAR) to the FIU using GoAML
In addition, if you think somebody is structuring transactions to avoid prescribed transaction reports being sent to the FIU, concerns should be raised. Dig into where the money came from, how much money was involved, who the sender is, and who the money is going to.
The current threshold values before a prescribed transaction report (PTR) needs to be completed is:
- $1,000 or more for an international wire transfer; and
- $10,000 or more for a domestic physical cash transaction.
Transaction monitoring methods
There are a couple of ways to deal with transaction monitoring:
- Manual AML transaction monitoring. This is where a team of analysts, or a compliance officer reviews transactions and decides whether they are suspicious or not. This approach can be time-consuming and costly for larger firms dealing with hundreds of transactions but can work well for smaller companies. This may also be carried out by a trust account manager, or a member of the accounts team that ensures trust accounts are kept up to date.
- Automated AML transaction monitoring. This uses software to review transactions and identify any that may be suspicious. This approach is faster and more efficient than manual management, and when enhanced with artificial intelligence, automation can provide a comprehensive view of customer behaviour, with detailed logs of transactions, which automation alone cannot. However, it does not replace the human eyes and thought processes which are required to fully understand potential ML/TF risk.
Banks and large financial institutions will usually have a sophisticated automatic process in place which raises alerts when certain rules or thresholds are broken. For example, an alert may be triggered if more than $10,000 is being deposited into an account from overseas – or when multiple deposits are made from overseas that just miss prescribed transaction reporting thresholds However, you can’t rely on automation alone as any alert generated needs to be reviewed and assessed by a skilled compliance professional, and risk assessments still need to be carried out.
It's a global problem
Recent fines from AML regulators around the world show how even with an automated transaction monitoring system, correctly managing processes, and avoiding breaches of these processes can be a very real issue for companies.
In the UK, HSBC bank was fined over 63 million GBP for failing to properly monitor transactions. Although HSBC used automation to monitor hundreds of millions of transactions a month, they still failed to meet obligations on a number of counts.
Mark Steward, Executive Director of Enforcement and Market Oversight at the UK’s Financial Conduct Authority (FCA), said:
“HSBC’s transaction monitoring systems were not effective for a prolonged period despite the issue being highlighted on numerous occasions.”
In Australia, we saw Westpac face a massive 1.3 billion AUD fine for failure to properly report international funds transfer instructions. And in 2021 in New Zealand the Reserve Bank of New Zealand issued a formal warning to Westpac for failing to report prescribed transactions.
The list goes on.
Whilst it’s the large banks and financial institutions which make the headlines, we mustn’t forget that all reporting entities, big and small could be potential vehicles for money laundering and our monitoring of transactions and other AML activity should reflect this.
Most of us know what it takes to stay compliant when it comes to transaction monitoring, we just need to ensure we stay on track with a risk-based approach and don’t get complacent.
Monitor your customers transactions, make sure transactions are anticipated, and that processes are set up to manage unexpected transfers. Document activity and processes in your compliance programme and make sure you adhere to it.
If you are using automated processes, check the accuracy and completeness of the data, make checks and don’t ignore any warnings. Remember, automation brings efficiency and cost savings but it still needs expert monitoring and control.