Setting up an AML Compliance Program Part III: Transaction Monitoring
May 18, 2021
The first two parts of this series outline a framework for assessing the risks of money laundering that your financial institution faces, and provide an overview of the Know Your Customer (KYC) practice area. We recommend reading through those two parts if you haven’t already.
- Assess Risk
- Know Your Customer (KYC)
This post covers the third AML compliance area - transaction monitoring. A transaction monitoring system will, unsurprisingly, monitor your customer’s transactions in order to flag ones that are suspicious.
So, how would a company go about setting up a transaction monitoring system?
Setting Up Transaction Monitoring
How to think about your transaction monitoring system over time
When Acme Corp. opened an account, the customer onboarding process captured all the right know-your-customer data. The company says it sells a variety of items to coyotes in the southwestern United States. You have that first set of KYC information, great.
In the next step of anti-money laundering compliance, a fintech startup or financial service provider needs to ask: are the customer’s transactions consistent with the given identity? Do they fit with expectations? Or does something about the account activity seem odd?
An anti-money laundering (AML) compliance program needs a transaction monitoring system to watch customer behavior. Monitoring systems will apply rules to flag transactions that could be suspicious, either because they match financial crime typologies or stand out as anomalies in behavior.
Monitoring systems also track high-risk customers, identified during onboarding or after a case investigation, for enhanced due diligence or ongoing customer monitoring. (Perhaps in the case of Acme, because of the TNT business line?)
Companies facing AML compliance requirements have two main choices for establishing their AML transaction monitoring systems: hire a vendor or build it in-house. Here’s some general, broad-brush guidance and questions to consider:
Vendor transaction monitoring systems may be sufficient if your needs aren’t complicated or you’re just getting started.
Buying a transaction monitoring system from a vendor often provides an out-of-the-box set of protections. The main benefit of working with a monitoring vendor is the ability to get a system in place quickly. However, an out-of-the-box solution isn’t going to be great at providing protection against the unique risks you face. With a bit of scale or added complexity in your business, the monitoring coverage from a vendor can start to feel inadequate. Companies that outsource their monitoring may start to feel that they need more customization and better analytics to address their unique risks.
Mind the differences between anti-fraud and AML when it comes to transaction monitoring.
Anti-fraud monitoring systems can ideally make fast risk calculations and make decisions on transactions in real time – this is how you prevent loss to fraudulent activities.
In contrast, money launderers will rarely commit fraud (they don’t want to be detected!), and monitoring rulesets need to identify unusual patterns of behavior over time. Further, certain AML rules are required by regulation.
When thinking through your monitoring strategy, make sure you consider both anti-fraud and AML algorithms. You will need both, but they don’t necessarily have to come from the same solution.
Building in-house takes investment, but will likely provide better coverage for unique risks and ability to scale over time.
Building transaction monitoring in-house means you retain control over the decisions you make for transactions: whether to allow, review, or prevent the transaction. If you are a financial institution that handles transactions, this decision is core to your business.
Transaction monitoring is an investment like any other area of your business operations. You’ll need the technical resources to build, maintain, and improve the system. It may make sense to outsource monitoring to a vendor as you are getting things started, but we recommend making continuous refinements to the algorithms and investing in the practice area over time.
When considering build vs. buy, weigh your transaction monitoring needs along the following lines:
- Time to implementation: how quickly do you need monitoring up and running?
- Regulatory complexity: does the monitoring solution meet your regulatory requirements?
- Unique risks of your business model: do you have unique risks that may not be well-covered by a vendor?
- Technical resource availability: do you have technical resources available to implement and maintain your monitoring system?
- Ability to scale cost effectively: will the monitoring system scale as you grow? Will unit costs make sense as you do scale?
- Retention of decision making control: would you be outsourcing a critical decision flow of your business if you work with a vendor?
- Ease of integration with other systems: can you selected system play nicely with other solutions?
- Upgradability in the future: will you be able to refine, adapt, and upgrade your monitoring system as you grow and learn?
These and other factors will help you form a roadmap for the monitoring practice area at your financial institution.
Does a vendor have accessible APIs that easily integrate with your company’s other systems?
The better monitoring systems have accessible APIs that can function smoothly and effectively with the other parts of your overall AML compliance program (such as Hummingbird’s investigation and reporting platform, which is designed to complement monitoring systems and has modern APIs).
The bottom line: Consider what approach will fit best with your company’s current growth stage, business model, and other systems in your AML compliance program.
This is Part 3 of Hummingbird’s series on how to set up a compliance program. Part 4 will be focused on investigations: AML Case Investigations Take Understanding.