In this case, we illustrate common mistakes organisations make in their transaction monitoring and anti-money laundering (AML) risk policies, and how we can help prevent these pitfalls. We will outline a hypothetical situation and discuss how we assist organisations in enhancing their transaction monitoring systems.
Help, the criminals succeeded!
Despite having a well-structured transaction monitoring system, clearly defined processes, and even a new employee to review alerts, a bank found itself facing a surprise visit from the regulatory authority. Criminals had managed to launder money through accounts at the bank, even with all the measures in place.
The bank was bewildered, as they believed they were diligently checking suspicious transactions.
The bank was bewildered, as they believed they were diligently checking suspicious transactions. The regulatory authority had numerous questions, including inquiries about the adaptability of processes to criminal activities, scenario updates according to the latest risk assessment, employee training history, and why certain alerts were marked as “resolved” in the transaction monitoring system. A comprehensive analysis was required to address these questions.
What went wrong?
The bank’s systems failed to identify suspicious transactions. The primary reason appeared to be a lack of visibility. Knowledge about payments was scattered across multiple departments and employees, and little collaboration occurred.
Furthermore, there was a lack of realistic insight into clients’ expected transaction patterns. Although the bank’s employees assessed the risk profile of clients when opening accounts, they didn’t adequately investigate the reasons behind account openings. This oversight prevented the identification of deviations in transaction patterns. The monitoring process was disconnected from the client’s risk profile and expected transactions.
If the bank had a better understanding of the client’s expected transaction pattern, unusual transactions would likely have been detected in time.
Moreover, the monitoring process focused on evaluating individual transactions, while the case involved multiple transactions spread over an extended period. If the bank had a better understanding of the client’s expected transaction pattern, unusual transactions would likely have been detected in time.
Our approach
It was clear that the bank needed to take measures to timely detect money laundering signals in the future. Projective Group’s compliance specialists could assist with the following approach:
1. Organisational Overview
First, we created an organisational overview. This was done based on existing materials and interviews with employees. This organisational overview clarified the bank’s progress in terms of risk analysis, policy, and its implementation. We also examined how alerts were handled.
One of the interviews revealed that communication between account managers and clients yielded insufficient results. Account managers were regularly asked by the transaction monitoring department to contact clients based on alerts from suspicious transactions. However, they were not allowed to directly inquire about specific transactions. It was unclear to account managers what they could ask clients instead. These conversations were seen as formalities and resulted in insufficient information. As a result, the transaction monitoring department remained with unanswered questions.
2. Testing systems
After establishing an organisational overview, we subjected the bank’s systems to various scenarios. We paid attention to whether and how the systems detected suspicious transactions, especially those that were not recognised.
Due to how the bank interpreted privacy legislation, account managers did not have access to information about previously declined customers.
During the system testing, a significant issue came to light. Due to how the bank interpreted privacy legislation, account managers did not have access to information about previously declined customers. To address this, we collaboratively developed a protocol on how this information could still be made visible and the system was adjusted accordingly.
3. Recognising patterns
To teach employees how to recognise suspicious transactions within a pattern or context, we provided them with training. The training was based on the bank’s policy and risks. During the training, we explained relevant laws and regulations and actively engaged employees in specific case studies. Communication with clients was also covered. Since account managers found it difficult that they couldn’t inform clients when calling about an unusual transaction, we provided them with tips on what they could say and ask instead.
4. Practical advice
The final step was providing practical advice to guide the bank further. The bank used an application in combination with multiple Excel files. This setup was not only disorganised but also led to errors. With the assistance of our IT experts, we provided advice on how to better align the application with the process and how to best configure the rights and roles of individuals involved in the transaction monitoring process.
Lessons learned
The case highlights that an individual transaction on its own is often not suspicious or unusual, but the pattern or context within which the transaction is conducted can be. Therefore, it is crucial to establish an expected transaction pattern for each client. This can be achieved by conducting inquiries with the client and analysing the available client information and transaction history. The DNB guidance on post-event transaction monitoring processes for banks provides several good practices for this purpose. Subsequently, it is essential to continuously compare the actual transaction behaviour with the expected transaction pattern to timely identify deviations.
Additionally, it is important to keep monitoring relevant changes in client circumstances. This can also lead to the recognition of an unusual pattern. For example, in the case of a restaurant or hair salon that continues to make weekly deposits despite the COVID-19 lockdown.
Current status of the bank
Currently, the bank is better equipped to detect risks at an early stage – both when establishing new relationships and during periodic client reviews. Employees are better at probing for the intended purpose of the product (e.g., a bank account, a loan, or a deposit) and the expected transaction behaviour, continuously comparing it with the actual transaction behaviour.
Transaction monitoring and the resulting outcomes and alerts are now integrated into policy updates and employee training. As a result, the bank’s approach evolves in line with practical experiences. The number of reports of unusual transactions has increased, and the bank’s control is demonstrably improved.
Can we assist you too?
Do you need advice on more effectively monitoring transactions or assistance with client identification and verification? We can help you comply meticulously with the WWFT regulations. From creating a systematic integrity risk analysis (SIRA) to determining policies, our advice is always sustainable and forward-thinking. So feel free to contact us.
About Projective Group
Established in 2006, Projective Group is a leading Financial Services change specialist. With deep expertise across practices in Data, Payments, Transformation and Risk & Compliance.
We are recognised within the industry as a complete solutions provider, partnering with clients in Financial Services to provide resolutions that are both holistic and pragmatic. We have evolved to become a trusted partner for companies that want to thrive and prosper in an ever-changing Financial Services landscape.
