Ahead of the launch of a new virtual classroom workshop, the International Compliance Association offers a look at transaction monitoring: what it is, what risks to look out for, and what can be learned from poor examples of transaction monitoring to ensure staff have the relevant skills and knowledge to carry out this integral business function.

ICA

The International Compliance Association (ICA) is a professional membership and awarding body. ICA is the leading global provider of professional, certificated qualifications in anti-money laundering; governance, risk, and compliance; and financial crime prevention. ICA members are recognized globally for their commitment to best compliance practice and an enhanced professional reputation. To find out more, visit the ICA website.

Transaction monitoring is a key control used by financial institutions to identify suspicious transactions and mitigate the risk of financial crime. While the requirement to undertake transaction monitoring evolved because of anti-money laundering (AML) legislation, its importance has been magnified and reinforced by increased regulatory attention and significant fines.

Firms use a blend of manual and automated systems, depending on the volume and complexity of the transactions they process, their risk appetite, and their level of maturity. The value of the financial investments allocated to transaction monitoring’s technical and human resources is a key factor informing the quality of the systems and controls and the relative level of sophistication.

Identifying deficiencies in transaction monitoring

The U.K. Financial Conduct Authority’s (FCA) “Financial Crime Guide” provides the following examples of bad practice:

  • The firm fails to take adequate measures to understand the risk associated with the business relationship and is therefore unable to conduct meaningful monitoring.
  • The MLRO (money laundering reporting officer) can provide little evidence unusual transactions are brought to their attention.
  • Staff always accept a customer’s explanation for unusual transactions and do not probe further.

The above examples highlight the importance of staff having the knowledge and confidence to challenge transactions while maintaining a degree of professional skepticism.

Other deficiencies were identified following a recent FCA review of challenger banks:

  • Inconsistent and inadequate rationale for discounting alerts by alert handlers;
  • A lack of basic information recorded in the investigation notes; and
  • A lack of holistic reviews of the alerts.

The regulator also commented failing to complete timely transaction monitoring had a detrimental impact on the ability to submit suspicious activity reports.

Emerging risks, ‘traditional’ problems

Unprecedented packages of economic sanctions have been imposed in response to Russia’s invasion of Ukraine. While misuse of the “traditional” financial services sector remains an area of heightened risk regarding sanctions evasion, there is growing concern regarding misuse of cryptocurrencies and decentralized exchanges.

Consider the actions of Gidiplus, a firm offering crypto ATM services. Gidiplus was ordered to cease activities in February after an Upper Tribunal ruled, “Gidiplus is unable to undertake meaningful transaction monitoring in relation to a proportion of its transactions because Gidiplus does not attempt to assess the purpose and intended nature of the business relationship at the point of onboarding.”

The judge also commented the owner of the business, Olumide Osunkoya, misled banks by “giving the banks the impression that Gidiplus carried on an events business. By so doing, he prevented the banks from meeting their know your customer obligations on the basis of the correct information and thereby put at risk their own compliance with the money laundering regulations. He compounded the situation by seeking to disguise the nature of the transactions that went through Gidiplus’s accounts.”

The judge further stated the Financial Conduct Authority found Osunkoya “lacked sufficient experience and training to undertake the roles of nominated officer and senior manager responsible for compliance.”

What can we learn from the issues above?

One can use the checklist below for an early “diagnosis” of the health of the transaction monitoring framework and to identify existing and emerging risk exposure.

  • Is there a documented risk assessment which considers transactions risk?
  • Has the MLRO conducted targeted training to encourage staff to report any unusual or suspicious transactions?
  • Are policies and procedures fit for purpose?
  • Is there comprehensive training delivered to alert handlers?
  • Is there an adequate assurance program in place, proportionate to the scale and complexity of the firm?
  • Does this consider elements like appropriateness of system calibration and record-keeping?

While Gidiplus might seem an extreme example illustrating inadequate and insufficient training, the importance of a structured program of training and education should not be underestimated. Online training on its own may provide a basic level of awareness for all staff, but it is unlikely to be sufficient for staff responsible for transaction monitoring.

The board of directors must be aware of the risks associated with failure to monitor transactions and the limitations of the systems used. Their support in mitigating these risks is critical in the development of a strong AML culture.

Whatever else might change in the compliance landscape, a firm’s culture, education, and training remain key in preventing financial crime.

The International Compliance Association is a sister company to Compliance Week. Both organizations are under the umbrella of Wilmington plc.