Transaction monitoring is the dark horse of compliance. The topic and the rules surrounding it often lead to confusion and result in businesses struggling to adopt transaction monitoring in time and in line with the actual requirements.
To prevent businesses from possible transaction compliance-related troubles, we are going to guide you through the essentials of transaction monitoring and its types, as well as provide tips for when you might need to implement a certain feature and why.
What is really meant by transaction monitoring
Transaction monitoring is a type of technology that detects and analyzes unusual transactions in real time or on a daily basis. Such an analysis allows businesses to verify the source and destination of funds and the possible connection of those funds to money laundering. Monitoring of transactions is a mandatory requirement under Customer Due Diligence and applies to all transactions in fiat (EUR, USD, GBP, etc.) and, in certain jurisdictions, to crypto (Bitcoin, Litecoin, Ethereum, etc.) transactions.
Some confuse transaction monitoring with AML analysis or monitoring. Because of this, it is important to note that these are not nearly the same as AML monitoring refers specifically to adverse media, blacklist and sanctions screening processes.
Discover more about sanctions lists in Sumsub’s Knowledgebase.
Mandatory or not: why companies adopt transaction monitoring
Companies embrace transaction monitoring for two good reasons: compliance and anti-fraud.
- Fraudsters can rob you and your customers
In both real and digital currency worlds, payment fraud has many faces. It could manifest as the use of stolen payment details, account hacking, phishing, get-rich-quick schemes, Nigerian prince scams and false chargebacks, otherwise known as reversed payment claims. Transaction monitoring helps detect these suspicious actors, protecting businesses and their users from maleficent tricks.
More on transactions monitoring for anti-fraud: How to Protect Your Business From Chargeback Claims.
- Regulators can fine you for non-compliance
Transaction monitoring is mandatory for all businesses who fall under the rules of the AML regulations. This includes not only fintech companies but other designated businesses such as gambling services, insurance companies, real estate, art trade, etc.
This means that each financial or designated business must introduce their own AML policy, with clearly defined risk triggers, and process all of their clients accordingly. In some cases, businesses need special software to help them monitor transactions, especially if a company processes a large amount of transactions. Yet, smaller businesses such as auction houses and art traders can do transaction monitoring themselves. They just need to carefully verify whose money they are accepting, considering their own risk triggers.
Common examples of AML transaction monitoring rules that businesses should consider include the following: how their company works with PEPs or residents of high-risk countries; whether they consider a general bar of a single €10,000 transaction high-risk; or how they will approach a series of 10 transactions amounting to €10,000. Companies must outline such details, define their due diligence processes, and establish a reporting system that will come in handy when the regulators turn up asking.
Businesses need transaction monitoring and other preventive measures as a matter of caution, to protect not only their finances but their reputation, that could be easily damaged by becoming the focal point of a fraud-related scandal. Another reason is that failure to identify and investigate suspicious transactions could lead to sizable lawsuits, as showcased by many of the recent headlines featuring Westpac bank’s $900m fine, Deutsche Bank’s $150m fine, Commerzbank’s $47m, etc.
Where to start: fiat transaction monitoring
Commonly, transaction monitoring includes the assessment of the transaction’s type, size, nature, consistency with the customer’s risk profile and previous transaction history.
- Basic KYC of the customer. PEPs, blacklist and watchlist screening.
- Identification of the client. The name of the sender is always written on the receipt, you can match it with the name stated in your agreement.
- Transaction analysis. Monitoring of previous and future transactions, identification of unusually large, frequent, or uncommon transactions.
- Risk assignment. Determining the risk level of a transaction based on your business policy.
- Deliver an end-report. Regulators require the holding of reports for a minimum of five years, and they must always be ready to hand.
Now, let’s scroll down to crypto.
Figuring out compliant crypto monitoring
In the world of crypto, transaction monitoring is a little different and more complex. Crypto transactions are always considered high-risk and are approached with due diligence measures. This is because of the anonymity of these transactions.
- Identification of the cluster owner. The bitcoin address is anonymous by itself, so it can only be analysed and risk rated based on the owner of the cluster that the address belongs to.
- Transaction analysis. Screen the connections that the address has with other addresses in the blockchain. Analyse transactions up until the last determined entity or cluster.
- Deliver an end-report. Given that crypto transactions are high-risk induced, filing and keeping reports is even more important.
Monitoring is important and quite easy to maintain without putting pressure on the wallet. When it comes to smaller transactions, businesses and their compliance teams are well equipped to handle the stress without any fancy software. Yet, when it comes to a growing amount of conventionally high-risk crypto transactions, companies will be expected to automate.
The good thing is, when you have the right tools that are suited for your business’ needs and goals, you won’t have to worry about compliance.