What is Transaction Monitoring in AML & Why Does it Matter?
Transaction monitoring is pivotal part of financial risk management. This guide explains what transaction monitoring is, how it works, and how organizations can get started on their journey to implementing an effective transaction monitoring solution.
What is transaction monitoring in Anti-money laundering (AML) ?
The process of monitoring transactions that occur through institutions for suspicious patterns of activity that are indicative of money laundering or other financial crimes. Typically, these institutions include banks, casinos, insurers, and other money service organizations.
Analysts will use a set of transaction monitoring rules to determine if a transaction is deemed suspicious. These activities will usually include:
Money transfers
Deposits made to personal and non-personal bank accounts
Customer withdrawals
As organizations have revolutionized, transaction monitoring has become more automated.
What is the AML transaction monitoring process?
- 1. Transaction monitoring system logs every transaction activity
- 2. It feeds the data through the risk rules
- 3. If the data triggers a flag, the software alerts the organization
- 4. The analyst would investigate the flagged transaction for suspicious activity
A transaction monitoring process will depend on a number of key factors. While regulators do not provide specific guidance on the process, there are a number of key elements we have listed below that should be included.
Risk assessment
A risk assessment sits upstream of any transaction monitoring program at the bank. What the risk assessment will do is take a look at the bank’s book of business to determine who their customers are and what types of products are offered to their customers. Doing so will give guidance on the type of expected activity the bank should anticipate.
As part of this, the risk assessment will look at the entire AML program – KYC, transaction monitoring, Sanctions, etc - to look at any gaps or deficiencies. This can also include model validation and data governance.
Determine what is considered suspicious behavior
Suspicious behavior is by and large determined by regional regulators, from which many can in turn be found to be based on the FATF 40 recommendations. Regulators will task institutions with having policies in place to look for activity that is consistent with various criminal acts via ‘red flags’. These red flags are specific transaction types or movement of funds that could be indicative of certain predicate criminal activity.
Create transaction monitoring rules and alerts
Taking the red flags mentioned above, traditional transaction monitoring solutions have rules that will look for a specific, or series of, transactions that fit within a certain time period and meet a monetary threshold. These rules can be simple or complex with many ‘and/or’ factors added to them. Often these rules are a one size fits all to an institution's larger book of business and may result in a high rate of false positives. However, by looking at the overall context of activity and allowing for granular scoring with entity and transactional types can a higher rate of productive alerts be generated.
Solutions are used to automate the task of reviewing transactional activity that takes place within certain thresholds over a period of time. These thresholds are the basis for rules or scenarios deployed by institutions that are indicative of suspicious behavior associated with concealing the source of illicit funds. The identified activity is then flagged via an alert which in turn is reviewed during an investigation to confirm whether the activity is suspicious or not.
Why is transaction monitoring necessary?
Transaction monitoring is pivotal part of financial risk management that requires keeping a check on the transactions that occur within a financial system. The goal of this process is to recognize suspicious patterns, comply with regulatory requirements and mitigate potential risks. As the primary line of defense against financial crimes such as money laundering, fraud, and terrorist financing, transaction monitoring plays a critical role in protecting the integrity of financial institutions.
Why is transaction monitoring essential for AML regulatory compliance?
Financial institutions are required by regulators across the globe to have systems in place to monitor and detect activity that is consistent with money laundering. Their purpose is to identify and prevent money laundering from entering legitimate financial systems. This keeps these systems stable in a world where it’s easier than ever to move money between accounts and countries. In doing so, institutions help safeguard the exploitation of the financial system by criminals, making it harder for them to profit from their illegal schemes.
Intelligence-led Investigations
What are examples of AML transaction monitoring systems?
Transaction monitoring solutions span across multiple different lines of business and industries. Insurance, casinos, banking and across specialized occupations such as lawyers, accountants and jewelers. All must adhere to regulations related to monitoring for suspicious transactional patterns. These solutions will look for unexpected activities such as a large volume of cash deposits into an account, or the movement of money in and out of the country for no legitimate business purposes.
What are the challenges of transaction monitoring?
Rules engines
The regulatory landscape for KYC has evolved, with updates to existing regulations and the introduction of new standards. Organizations like the Financial Action Task Force (FATF) have influenced global KYC standards, encouraging a risk-based approach and emphasizing the importance of beneficial ownership disclosure.
Behavior profiling
Sudden changes in behavior or lifestyle changes can impact what is anticipated and result in a spike in false positive alerts.
Machine learning
Degradation of models over time can go unnoticed and cause gaps in monitoring.
RPA vendors
Difficulties integrating with legacy solutions and supporting the maintenance of various vendors and solutions in place simultaneously.
How to improve transaction monitoring
Relatively little has changed in the way transaction monitoring has worked over the past 20 years. Rules that were created and built into the first few releases of the industry AML solutions are largely still in place and widely used by many institutions today. While some rules, like those designed to identify structuring are effective, others were much less so, creating high rates of false positives.
Advancements in transaction monitoring have made it possible to detect patterns of behavior more closely with activity related to specific predicate criminal offenses. This approach removes the need to translate individual transactions into suspicious behaviour by the investigator. Instead, by leveraging both Entity Resolution and Graph Analytics in the monitoring process, a consolidated view of entities and their relationships provides a foundation for a more complete understanding of behaviour. By connecting parties through relationships, the associated transactional data brings clarity in identifying where transactions originated and where the funds were sent to easily follow the flow of money. Once the network view is generated, layering over typology driven detections generate optimized alerts giving insights into the conductors, volume of activity and direct link to the suspected crime that no other detection method does today. If done correctly, the results could mean a vast reduction in time and effort spent triaging alerts and shifting the focus to the investigation process.
What makes a good transaction monitoring system?
Those who effectively monitor internal and external data beyond a single transaction to understand the wider network of potential relationships.
Effective transaction monitoring solutions consider the historical patterns of activity for an entity – either a customer or non-customer – to determine if the activity they conduct can be tied to an illicit event. Solutions need to look at not only the transactions that are conducted but the changes in volume and value over time, where the activity took place and to whom the entities are connected. For instance, is the subject of an investigation conducting activity at the behest of someone else who does not have access to the financial system? Are they trying to hide the source of funds? Where is the money coming from and where is it going?
As part of identifying risky behavior, a good transaction monitoring solution should also be flexible in how monitoring and detection take place. Every changing regulatory expectation and shift in global political climates can necessitate the need to update or change their coverage. Additionally, there is an expectation to review and update existing scenarios periodically as well to ensure their efficacy and make sure the false positive rate is not increasing over time.
Quantexa's (New) Contextual Monitoring approach
The diagram on the left represents the traditional approach that most incumbent solutions take to monitoring and detection. These solutions will focus on transactional data, looking for outliers in activity that are consistent with the parameter and thresholds of the existing rules library – therefore identifying activities that only appear to be risky but do not point to any specific criminal activities. Most of these solutions will use the Customer and Account profiles to consolidate alert info at the entity level (based on the pre-established bank profiles). Because these solutions were not designed to consume third party data – negative news, corp. registers, etc. – the enrichment of third party data takes place after the alert has been generated. Doing so at the end puts the emphasis on the analyst to review and make the appropriate decision.
With the Contextual Monitoring approach employed by Quantexa (right diagram), the third party data is used as an initial stage of the monitoring process to better identify and consolidate entities. These consolidated profiles are then used to create networks seeking out the internal and external risks that are associated with the bank’s customer. Having that foundation allows our scoring models to more accurately assess a customer’s behavior and produce better quality alerts.
Quantexa's Contextual Monitoring Solution
Transaction monitoring FAQs
Who is responsible for transaction monitoring? 
It might be surprising to a lot of people, but the transaction monitoring obligations fall under the responsibility of multiple teams within an institution. There is the risk assessment committee that looks at the exposure to the bank, that impacts the risk governance for the transaction monitoring approach. There are modeling and rule development teams that are responsible for addressing these risk concerns by ensuring that the rules cover these risk areas and are generating quality alerts. There are also the investigations teams responsible for reviewing and adjudicating alerts and cases and filing regulatory reports. Supporting these teams are various levels of management and supervisory committees to ensure no decisions are made without the proper oversight as it pertains to regulations and laws. Quality control also helps ensure that the right service-level agreements and operational processes are followed.
Most importantly, every employee of the bank is responsible for ensuring the bank is diligent in complying with transaction monitoring regulations. Every employee should have the training and awareness to report (through the right channels) any suspicious behavior that fits into the bank's guidelines.
Traditional and non-traditional financial institutions
FinTechs
Virtual Asset Service Providers
Insurance companies
Casinos / On-line gaming
Money Service Business (check cashing)
What are transaction monitoring rules?
In the most basic of terms transaction monitoring rules are a component of the bank’s overall a risk model designed to identify suspicious transactions. These are meant to look at what is considered to be indicators of different criminal activity of which the proceeds are then attempted to be laundered through a financial institution. The basic premise for these rules is to load a set of transactions, typically building the data set month over month, into a database and then run a series of rules over a given time-period looking for activity that exceeded predetermined thresholds. Those transactions that fit that criteria were used to generate an alert. Over time these rules can be combined with others and an optimization layer added on top of them to focus on those alerts deemed higher priority.
Examples of these rules might include:
Large cash deposits
Transactions inconsistent with the business type
Unknown source of funds
Attempts to transact with sanctioned entities
Rules can be a strong foundation for a transaction monitoring program. But the one size fits all approach to these rules was fraught with challenges. Rules need to be monitored for effectiveness and put into the context of an overall relationship with the bank’s customers. This includes looking at what is expected of your customer segments as each may behave differently. In other words, the small coffee shop on the corner is going to conduct their day to day business differently than a state wide operation.
A more holistic approach banks should consider is in the ability to combine a single view of entity profiles, their relationships to other parties and the patterns of activity that take place between those parties. Doing so results in a more contextual view of the activity taking place. By taking this transformative approach, banks gain a more complete understanding of the movement of money and uncover relationships that then create the context for predicate criminal offense. This process will allow the banks to connect the suspicious transactions to more specific offenses such as trafficking of humans or drugs, mule activity, hawalas, and many more. There is also the added benefit in automating the collection of data and generating insights with context creates time savings for investigators who can then make more informed, intelligent decisions.
Useful links
We’ve discussed a lot in this guide, but there might still be more you want to discover about transaction monitoring and AML. Browse these handy sources to learn more.