Compliance programs depend on accurate and timely information. AML compliance centers on sifting through thousands of transactions and matching them against risk profiles. The result of that process is a focused examination of transactions and identification of suspicious transactions.
Financial institutions have to create a customer risk profile against which they can measure specific transactions as they occur. This customer profile is used as a measuring stick against which transactions can be tested in order to identify specific transactions for in depth examination.
The basic purpose of having a strong AML transaction monitoring system is to identify and protect the institution from any transactions that may lead to money laundering and terrorist financing and result in the institution filing relevant Suspicious Activity Reports (SARs).
Most financial institutions rely on AML technology software to cull the transactions and pick out the potentially suspect transactions. Some smaller institutions use manually designed systems. Automated AML solutions include sanctions/black list screenings, customer profiling, and comprehensive transaction monitoring with reports/alerts.
Transactions should be monitored based on a customer profile and specific details relating to that customer. The monitoring rules can reflect a number of factors relating to that customer (e.g. aggregate transactions, type, amount, frequency, business).
When a transaction is flagged, a notice has to be generated and a procedure for resolving the red flag has to be defined and enforced. If the transaction warrants additional investigation, it should be escalated to appropriate officials in the company.
For flagged transactions, AML staff have to investigate the specific circumstances surrounding the transaction. High-risk products, areas of operation, business lines and basic customer information can influence the amount of transaction testing. An initial risk profile can only be based on customer self-reported information (e.g. expected volume, type of account, amount of business) but can be updated with information as the customer conducts banking transactions.
Financial institutions need to create a centralized investigative unit to follow-up on flagged transactions. A centralized unit can develop standard protocols for investigations and develop data bases which consolidate information learned during each investigation.
An investigation can lead to the filing of a SAR, an important source of information for law enforcement agencies to initiate enforcement actions. Investigators should collect all relevant information, prepare a report and submit the report to a manager for review on the conclusion whether or not to file a SAR.
Data should be collected on the transaction testing process and the follow up investigations. The data should measure the number of flagged transactions, the number of SAR filings, the number of SAR filings which originated from non-transaction testing for a specific customer, alerts and SAR filings based on specific customer factors, such as products, geographic locations, types of business and other customer factors. Also, it is important to measure how investigators resolve their cases to ensure that investigators are following proper follow-up and procedures.