Recent fines for HSBC and Danske Bank by the UK and Irish regulators are a warning to financial services companies to carry out effective alert and transaction monitoring.
But with the extraordinarily high volume of transactions going through these companies every day, how can they sift through the noise to detect transactions worthy of further investigation?
In a recent webinar, Fred McDowell (Associate Director at fscom) explained why firms need to think about transaction monitoring, and how they can learn from these high-profile fines to improve their approach. This blog summarises his top tips.
What is transaction monitoring?
Transaction monitoring is where a financial services company actively monitors customers’ transaction activity – including their withdrawals, deposits and transfers. By assessing historical and current behaviour, the company can use monitoring to get a fuller view of customers’ actual activity compared to what would be expected.
The overall aim of monitoring is to identify unusual activity which might be an indication of money laundering and/or terrorist financing.
Why is it necessary?
Transaction monitoring is a regulatory requirement by both the UK’s Financial Conduct Authority and Ireland’s Central Bank. The aforementioned hefty fines show that both are prepared to enforce their regulations:
- The Financial Conduct Authority fined HSBC nearly £65 million in December 2021 for “deficient transaction monitoring controls”.
- The Central Bank of Ireland fined Danske Bank over €1.8 million in September 2022 for “failure … to ensure that its automated transaction monitoring system monitored the transactions of certain categories of customers” at its Irish branch.
Our guide to effective transaction monitoring
Financial institutions across the UK and Ireland see millions of customer transactions every day so stopping and scrutinising every single one would be impossible. Instead, following our 11 tips can help firms to improve their ability to efficiently detect unusual transactions:
- Automate your system: Traditionally, most firms took a rule-based approach to transaction monitoring in which they batch screened historic transactions. But developments in AI have made transaction monitoring systems more intuitive, allowing firms to detect risk and act more quickly – hopefully before the money has left the account.
- Take a risk-based approach: Firms should increase the intensity of transaction monitoring for higher risk clients and take mitigations such as reducing the threshold of transaction for them which leads to an alert.
- Don’t buy an off-the-shelf monitoring system: Rule sets are available that firms can buy and implement to flag transactions – but these will not be tailored to the specific risks facing your company.
- Align transaction monitoring to wider risk management: Your transaction monitoring approach should not exist in a vacuum, but reflect your business-wide risk assessment and any customer-specific risk assessments already carried out.
- Use rule sets: Rule sets are instructions that can be fed into your transaction monitoring system which result in flagged transactions. These rule sets narrow down transactions that need to be flagged to avoid too much wasted time. For example, an effective rule set we looked at in our webinar flagged around 540 alerts per quarter:
- Of these, over 95% were closed on first review.
- 20 were progressed to a further review.
- Four led to internal suspicious reports.
- Two were then disclosed to the regulator as suspicious transaction reports.
- Test these rule sets: Regular testing is essential, particularly as your company, its products and services and its client base evolves. Various scenarios of money laundering and terrorist financing can be played through, and it can be assessed whether the system’s thresholds were adequate to detect these transactions without catching too many transactions.
- Update your monitoring: Regulators expect to see ongoing monitoring of the risks facing a company. For transaction monitoring, this means ensuring your rule sets are still effective and reflect current risks. Some failures happen because a rule set is being used which was devised when the firm was smaller and had fewer products and services. Likewise, firms should ensure their Know-Your-Customer assessments are up to date to capture any changes in customers’ risks.
- Acquire the right experience: We have seen firms putting inexperienced personnel in charge of reviewing alerts. But this should be considered a key task which requires people who understand transaction behaviour and can compare what they are seeing to their past experiences.
- Maximise your use of alerts: Assessments of clients’ activities usually turns up four categories of alerts: for PEPs, sanctions, adverse media, and transaction monitoring. Transaction monitoring alerts are usually the most complex to deal with, whereas it can quickly be established whether an entity is a PEP or has been sanctioned. Again, effective rule sets should ensure that only the most relevant transactions are flagged in an alert.
- Compare flagged transactions: Transactions that have been flagged should be compared to historic activity patterns – for example, sudden large deposits in February could be explained by this being when bonuses are typically Compliance officers should also be empowered to trust their gut when looking at transactions.
- Document your decision-making: Regulators will expect to be able to see why and how you made decisions over what to do about a given alert, so this should be clearly recorded.
Contact us to discuss how fscom can help your firm to develop a more accurate and efficient transaction monitoring and alert system.
This post contains a general summary of advice and is not a complete or definitive statement of the law. Specific advice should be obtained where appropriate.