AML Transaction Monitoring Rules: Best Examples (2024)

When it comes to transaction monitoring, rule building is crucial. 

Among other things, rules separate customers into categories, allowing businesses to more effectively monitor customer behavior. To simplify the rule building process, we at Sumsub have prepared this guide covering the different scenarios companies need to be prepared for. 

What are AML transaction monitoring rules and scenarios?

AML (Anti-Money Laundering) transaction monitoring rules are designed to help financial institutions detect suspicious activities that may indicate money laundering or financial crime. These rules define scenarios that trigger alerts when certain transaction patterns are detected. These systems work to identify outliers in customer behavior and highlight potentially illegal activities.

Why are AML transaction monitoring rules important?

AML transaction monitoring rules are essential for detecting and preventing financial crimes like money laundering. According to the United Nations Office on Drugs and Crime (UNODC), the amount of money laundered globally is estimated to be around $2 trillion each year.

AML guidelines for effective transaction monitoring

Effective AML transaction monitoring follows key global standards such as those issued by FATF and the European Union’s AML Directives. 

A risk-based approach is widely regarded as best practice. This involves prioritizing higher-risk clients and transactions for closer monitoring. This approach ensures that institutions can focus their resources on areas that pose the highest risk. 

Integrating Customer Due Diligence (CDD) and Know Your Customer (KYC) processes is also crucial for building a solid foundation for transaction monitoring. This includes verifying customer identities and assessing risk continuously.

Use case: Transaction monitoring

Sumsub recommends looking at the following indicators when creating rules for transaction monitoring:

• Location. For example, multiple purchases made with the same credit card in different countries over a short period of time or activities conducted by multiple individuals using the same IP address.
• Sequence. For example, a series of transactions below a certain threshold, deposits succeeded by withdrawals within a short timeframe, or multiple purchases of high-value items followed by quick returns. Thresholds can be set on a daily, weekly, monthly, quarterly or even yearly basis.
• Destination. For example, a large sum of money transferred to a high-risk country or high-risk individual/legal entity included within sanction lists or adverse media.

Use case: Payment errors and refunds

Companies should also create rules to detect payment processing errors and initiate refunds if needed. This includes:

• Incorrect transaction details
• Duplicate charges
• Issues with provided personal information

Use case: Preventing hacks

Companies can also use rules to prevent unauthorized access to users accounts and other fraudulent activity, zeroing in on:

• Logins from unusual devices and high-risk locations 
• Frequent changes in payment information or shipping address
• Multiple failed login attempts within a short period of time
• Creation of multiple accounts using a single IP address

Use case: Compliance with regulations

Companies can also protect their users and revenue by taking additional measures to comply with regulations:

• Creating lists to block transactions from sanctioned entities
• Adding AML screening for large transactions
• Introducing additional checks, such as biometric authentication, if suspicious behavior is detected
• Leveraging crypto analytics crypto transactions
• Adding Travel Rule functionality where applicable 

For example, a financial institution has to report all transactions exceeding $10,000. It should therefore set an AML rule that is triggered if a customer deposits or withdrawals $10,000 or more in 24 hours. 

It should be noted that criminals can split their transactions into several layers to avoid being caught. To prevent this, you can use an AML rule that, for isntance, compares ingoing and outgoing transactions and checks if the withdrawal amount is 10% less than the original deposit amount. 

This rule can then trigger one or both of the following automated actions: 

• Customer is asked to provide source of funds
• Customer is assigned a tag that will show if further transactions are made

In the rule below, you can see how the conditions can be altered if customers attempt to initiate multiple outgoing transactions within a certain time period after registration:

If the above rule is triggered, a higher-risk score will be assigned to the customer and, based on the threshold settings, the transaction status will change to “put on hold”.

AML scenario examples

Firms subject to AML rules need to first understand what specific risk factors they should take into consideration when conducting ongoing monitoring of client activity. Some of these include: 

• The client’s behavior, such as refusal to provide requested information, unusual transactions, exceeded thresholds. 
• The client’s reputation
• The risk inherent to the asset or service being acquired
•  Unusual transactions or exceeded thresholds
• The consistency of client profile information
• Whether sources of funds appear legitimate
• Whether transactions involve sanctioned entities or Politically Exposed Persons (PEPs)

You can learn more about AML red flags here.

Best practices: CDD, KYC, and transaction monitoring

To ensure a robust AML framework, institutions must adopt several best practices:

• KYC/Customer Due Diligence (CDD): Institutions must gather and verify customer data, update profiles, and assess risks periodically. Ongoing due diligence is a must-have in a current state of the online banking
• Transaction Monitoring: Automated monitoring systems analyze transaction patterns in real-time, flagging suspicious activities. Machine learning algorithms can help reduce false positives and increase detection accuracy.

Combining these practices ensures comprehensive coverage and helps financial institutions maintain regulatory compliance.

AML Transaction Monitoring Systems

Modern AML transaction monitoring systems are powered by automation and AI. These tools analyze huge volumes of data to detect suspicious activities in real time. AI-driven systems can learn from historical data, continuously improving their accuracy and reducing false positives. They analyze various aspects of transactions, including transaction frequency, amounts, and customer behavior.

The larger a company gets, the more resources it needs to allocate to transaction monitoring. And sooner or later, it simply becomes inefficient to use manual work. That’s when automated solutions come into play.

Automated software can simplify the workflow by monitoring multiple transactions simultaneously. And if a complex case arises, it can be sent for manual review. Otherwise, most transactions are checked automatically. This approach maximizes the number of approved transactions while keeping the company compliant with the regulations.

Sumsub’s Transaction Monitoring algorithms use complex analytic models to differentiate between legitimate and fraudulent activities. The solution analyzes transactions based on predetermined rules, sending potentially risky transactions for manual review.

 As soon as such a transaction is put in the queue, a webhook action is sent to the company’s compliance team, which then decides whether to approve the transaction or investigate it further and file a Suspicious Activity Report (SAR) if necessary. This ensures compliance with AML regulations while keeping fraud at bay.

FAQ

• What are transaction monitoring rules?

  Transaction monitoring rules are a set of criteria that allows companies to spot suspicious transactions. Each company can create its own set of rules, as long as it allows them to comply with regulations.

• What are scenarios in AML transaction monitoring?

  Some of the most common scenarios considered in transaction monitoring include:

  • The client’s behavior, such as refusal to provide requested information, unusual transactions, exceeded thresholds.
  • The client’s reputation
  • The risk inherent to the asset or service being acquired
  • Unusual transactions or exceeded thresholds
  • The consistency of client profile information
  • Whether sources of funds appear legitimate
  • Whether transactions involve sanctioned entities or Politically Exposed Persons (PEPs)

• What are transaction monitoring alerts?

  Transaction monitoring alerts notify companies about suspicious activity. Whenever such an alert is triggered, transactions should be blocked followed by an investigation. The employee detecting the suspicious activity should escalate the incident to a compliance/AML officer or senior management to decide whether a Suspicious Activity Report (SAR) should be filed to the relevant Financial Intelligence Unit (FIU). If it is decided to not to file a SAR, the reasons for doing so must still be explained.

• What is a false positive AML alert?

  False positives occur when legitimate transactions are marked as suspicious. To avoid this, company’s should should diligently build out their AML scenarios and hire a reliable solution provider.