According to the Wolfsberg Group guidance, “financial institutions should design and implement appropriate measures and controls to mitigate potential money laundering risks of those customers that are determined to be higher risk, as a result of the institutions own risk assessment process. These measures and controls may include increased monitoring of transactions.”
The Financial Action Task Force (FATF) states that “countries, competent authorities and financial institutions are expected to identify, assess and understand the money laundering/terrorism financing risks to which they are exposed and take AML / CTF measures commensurate to those risks in order to mitigate them effectively.”
What we know is that the sophistication of monitoring systems should be dictated by a Bank’s risk profile, with particular emphasis on the composition of its higher-risk products, its higher-risk customers, its higher-risk entities, its higher-risk services and its higher-risk jurisdictions, but not ignoring the low or lower risk components.
Furthermore, the framework for a Bank’s monitoring systems will also need to be linked to the Bank Secrecy Act / AML risk assessment, which is a mandatory assessment as part of a Bank’s compliance programme. Transaction monitoring is a key control in the fight against money laundering and terrorist financing. Banks must ensure they have effective systems in place.
So what is all the fuss about, why isn’t this easy to manage, why are regulators focusing attention on this area, and why do so many Banks still fall short?
Banks are more often than not examined on the suspicious activity reporting portion of their compliance programme. Failures are identified because the AML system, in particular their transaction monitoring, is either not aligned to the Bank’s risk profile effectively, not aligned frequently enough, or not tuned properly to the actual risks being faced. Additionally, outdated rules may not keep pace with evolving threats, or the Banks may not effectively use their MI capabilities.
Failures can be due to a number of factors, which manifest through inefficiency and/or ineffectiveness. If it is due to inefficiency, that leads to a higher number of false positives, which in turn increases the pressure faced by Banks on getting them resolved to a high standard, applies undue pressures on Bank staff with higher than expected volumes to resolve, causes issues related to reporting and the timely and effective use of MI, and leads to downstream issues for all involved. False positives themselves are not an accurate alert and ideally should not really be flagged for investigation, as this increases costs, and results in an increased likelihood that true positives are not spotted, or spotted on a timely basis. But false positives are also a necessary evil to drive out the true positives.
How do you reduce false positives in a way that is effective for all parties? A key solution is to look at the tuning of the transaction monitoring process and tools, including the application of a risk-based approach, particularly qualitative and quantitative tuning, to achieve higher alert efficiency, reduce false positives, and therefore improve the overall suspicious activity reporting as a whole. Machine learning and AI can now automate the process of clearing false positives. Any tuning should be preceded by a gap analysis, which in reality should be a continuous exercise, given the prevalence of new and emerging risks needing new typologies and scenarios. This is in fact a complex area.
Most transaction monitoring rule scenarios focus on the activity of a client and are quite deterministic in nature, but do not necessarily incorporate risk elements of the KYC process, such as product risks, country / jurisdiction risks or emerging risks. Consequently, they can be blunt instruments becoming ineffective and or inefficient. We have seen some good examples, but we’ve also seen some appalling examples too. This is a continuously evolving area. Recently, we helped a Bank redesign its transaction monitoring framework, update its risk assessment, to include real-life risk scenarios, and link it all through the various rules being applied right through to its MI reporting outcomes. This was transformational for them. While they haven't yet adopted the benefits that could be achieved through deploying machine learning and AI, they have seen a significant reduction in false positives, positively impacting turnaround times and quality of outcomes.
In our next blog, we will look at some examples of emerging risks, and delve deeper into how you can approach an upgrading of your transaction monitoring systems and controls, saving time and money while improving regulatory certainty in this key area.
Brighter Consultancy, we have experts with the knowledge and experience to help you. We also have access to, cutting-edge modern AI-backed tools to support your needs. Please do reach out for a conversation, and do look at some of our case studies where we have recently helped banks with their transaction monitoring challenges.
COMMENTS