Ahead of the launch of a new virtual classroom workshop, the International Compliance Association provides an overview of transaction monitoring, including what it is, what risks to watch out for, and what can be learned from poor examples of transaction monitoring, to ensure that employees have the necessary skills and knowledge to carry out this essential business function.
Financial institutions utilise transaction monitoring to identify unusual transactions and limit the risk of financial crime. While the obligation to conduct transaction monitoring arose as a result of anti-money-laundering (AML) law, its significance has been amplified and bolstered by heightened regulatory scrutiny and substantial fines.
Firms utilise a combination of human and automated methods based on the number and complexity of the transactions they perform, their risk appetite, and their maturity level. The value of the financial expenditures made in transaction monitoring's technological and human resources is a crucial determinant of the quality of the systems and controls, as well as their relative sophistication.
Identification of transaction monitoring flaws
The U.K. Financial Conduct Authority's (FCA) "Financial Crime Guide" lists the following instances of unethical behaviour:
The company fails to take sufficient steps to comprehend the risk associated with the commercial connection and, as a result, cannot perform effective monitoring.
The MLRO (money laundering reporting officer) can present scant proof that they are made aware of anomalous transactions.
The staff always accepts a customer's explanation for unexpected transactions without additional investigation.
The above examples demonstrate the significance of personnel possessing the expertise and confidence to question transactions while retaining a level of professional scepticism.
Following a recent FCA assessment of challenger banks, several issues were identified:
Inconsistent and insufficient justifications for ignoring alarms by alert handlers;
Lack of fundamental information in the inquiry notes; and
Lack of comprehensive evaluations of notifications.
Failure to conduct timely transaction monitoring has a negative impact on the capacity to submit suspicious activity notifications, according to the regulator.
Emerging threats and "conventional" issues
As a result of Russia's invasion of Ukraine, unprecedented bundles of economic penalties have been implemented. While the "conventional" financial services industry remains a high-risk area for sanctions evasion, the abuse of cryptocurrencies and decentralised exchanges is becoming a significant worry.
Consider the behaviour of the crypto ATM service provider Gidiplus. In February, Gidiplus was ordered to cease operations after the Upper Tribunal ruled, "Gidiplus is unable to undertake meaningful transaction monitoring in relation to a proportion of its transactions because Gidiplus does not attempt to assess the purpose and intended nature of the business relationship at the point of onboarding."
The judge also stated that the company's owner, Olumide Osunkoya, deceived banks by "creating the impression that Gidiplus was an events company." He so jeopardised the banks' compliance with anti-money-laundering legislation by preventing them from satisfying their know-your-customer duties on the basis of accurate data. He made matters worse by attempting to conceal the true nature of the transactions that passed through Gidiplus's accounts."
In addition, the court added that the Financial Conduct Authority determined Osunkoya “lacked sufficient experience and training to undertake the roles of nominated officer and senior manager responsible for compliance.”
What can we learn from the aforementioned issues?
Using the following checklist, one may perform an early "diagnosis" of the transaction monitoring framework's health and detect current and emerging risk exposure.
Exists a recorded risk assessment that takes into account transaction risk?
Has the MLRO done training to urge employees to report any suspicious or irregular transactions?
Are policies and procedures applicable?
Is a complete education provided to alert handlers?
Exists an assurance programme proportional to the size and complexity of the organisation?
Does this take into account factors such as system calibration and record-keeping?
Gidiplus may appear to be an extreme example of weak and insufficient training, but the significance of a planned training and education programme should not be overlooked. Online training alone may give all workers with a minimum degree of knowledge, but it is unlikely to be sufficient for those responsible for transaction monitoring.
The board of directors must be aware of the dangers connected with a lack of transaction monitoring and the limits of the used methods. Their assistance in managing these risks is crucial for the growth of a robust AML culture.
Regardless of other changes in the compliance landscape, a company's culture, education, and training continue to play a crucial role in avoiding financial crime.
By fLEXI tEAM