ABA Bank Compliance - July/August, 2009

Gov NANCE

By Paul r. osBorne, cPa, cPo, aMlP, and JeFFrey a. Jones, caMs

Transaction Monitoring: Where to Start?

Cconsider THe Follo Wing: your bank examiner or bank management has strongly recommended that you purchase an automated system to monitor your customer transactions for suspicious money-laundering activity. you’re thinking now that all of your institution’s problems will be solved. However, these systems are complicated and are often designed to be tailored to the specific customer behavior of each bank. More than just a set of reports, they usually filter activity against a set of rules that the bank determines. authors Paul osborne and Jeffrey Jones discuss where to start when it comes to monitoring customer transactions for money-laundering activity.

Start With Risk Assessment

As with any other part of a Bank Secrecy Act (BSA) and anti–money laundering (AML) program, a risk assessment is the starting point. The Federal Financial Institutions Examinations Council (FFIEC) examination manual states, “The level of monitoring should be dictated by the bank’s assessment of risk, with particular emphasis on high-risk products, services, customers, entities, and geographic locations.” A transaction monitoring

and divides customers into business and personal accounts. Is this enough? The answer is probably no.

As the FFIEC guidelines indicate, “The type and frequency of reviews and resulting reports used should be commensurate with the bank’s BSA/ AML risk profile and appropriately cover its high-risk products, services, customers, entities, and geographic locations.” ² At a minimum, this means adding monitoring for frequent and high-dollar transactions, significant balance changes, spikes in activity, and transactions with common originators and beneficiaries. Anything that is out of the ordinary for a particular customer peer group should be looked at more closely. Unusual behavior generally leads to investigating further transactions that are not consistent with the stated business purpose or occupation or with the source of income or geographic location in which the customer operates.

and automated clearing house (ACH) transactions that were once used for smaller, low-risk, recurring amounts— have also been classified as high-risk because they move money quickly, in large amounts, and often with hidden identities and worldwide geographic locations.

In order to conduct a more comprehensive investigation, less-risky transactions like checks and customer-initiated transfers between accounts are also important and should be monitored to develop a foundation and general understanding of a customer’s typical transaction behavior.

Historical or typical behavior is important to determine because it acts as a benchmark for setting thresholds for flagging transactions and plays a key role in minimizing the number of false-positive alerts that are generated by broad-based rules not centered on actual risk characteristics.

system might already come with a set of default rules that are typical of money-laundering activities and generally common to all banks. These would include cash structuring, transaction layering, “smurfing,” and round dollar amounts. Typically, this basic monitoring focuses on cash and wire activity

Look at All Risks Depending on the results of the risk assessment, monitoring should include transaction activities other than cash, wires, and monetary instruments. Recently, electronically conducted transactions—including ATM

Timing Is a Factor

Suspicious activity can be the result of a one-time occurrence or a series of transactions occurring over a period of time that establish a pattern of unusual or unexplainable behavior. Rules that detect a variety of transaction types and multiple timing schemes need to be established. Some rules should look at customer behavior in time periods of less than one week; others should look at daily activity. And still other rules should yield no results until longer periods of time have elapsed and patterns have been established.