Sumsub
The Sumsuber

Best practices for KYC/AML

2022-09-29
4 min read

The Complete Guide to Transaction Monitoring

Financial institutions, iGaming and crypto businesses have to implement transaction monitoring to stay compliant. Today, we’ll talk about the importance of such solutions, their risks, and best practices.

In 2021, the UK Financial Conduct Authority (FCA) fined HSBC Bank £63.9 mln ($73.8 mln) for deficient transaction monitoring controls. The FCA reported that HSBC failed to:

  • Check the accuracy of the data that went into monitoring systems;
  • Test and update parameters used to determine whether a transaction raised suspicion;
  • Consider whether the scenarios meant to detect signs of money laundering and terrorist financing really covered relevant risks.

In this article, we’ll talk about what transaction monitoring is and how efficient monitoring systems help avoid huge fines.

What is transaction monitoring?

Transaction monitoring is an ongoing security process that helps companies detect suspicious transactions. Transaction monitoring software spots unusual patterns and reviews dubious transfers and transactions made in digital or fiat currencies. The purpose is to answer the following questions:

  • Where did the money come from? 
  • Where is the money going? 

According to the Guidance for the UK financial sector, there are two approaches to transaction monitoring:

  • In real time, which means that monitoring occurs as the transaction takes place, which reduces the risk of breaching sanctions.
  • After the transaction takes place, which can be useful for identifying patterns and trends of criminal activities.

In both cases, the goal of monitoring is to identify unusual activities for further investigation.

Why is transaction monitoring important for AML?

Anti-Money Laundering (AML) regulations require businesses to monitor transactions and report suspicious ones to authorities.

FATF Recommendation 10, transposed into many local AML laws, requires financial institutions to analyze transactions undertaken throughout the course of a business relationship. The goal is to ensure that transactions are consistent with the institution’s knowledge of the customer, including the source of their funds. Transaction monitoring systems—which we explain in more detail below—can help. 

What does transaction monitoring detect? 

Transaction monitoring can be used to detect signs of illegal activities, such as:

  • Money laundering;
  • Terrorist financing;
  • Fraud (e.g., false insurance claims, chargebacks);
  • Identity theft;
  • Drug trafficking;
  • Corruption;
  • Bribery.

To confront the spread of such activities, companies should focus on the following factors when conducting ongoing monitoring:

  • Unusual transaction amounts;
  • Unusual series of transactions (e.g., a number of cash credits);
  • Unusual geographic destination or origin of a payment; 
  • Known threats or typologies.

As the number of digital transactions grows every day, so too does the necessity of transaction monitoring. However, without an automated transaction monitoring solution, checking transactions and finding suspicious patterns would be virtually impossible. 

Implementing an automated transaction monitoring solution, or Know Your Transaction (KYT), will allow companies to efficiently monitor unusual financial operations.

If you want to detect suspicious activity efficiently with a customized KYT solution, contact Sumsub today.

Who needs transaction monitoring?

The simple answer is: any financial institution. This includes, but is not limited to:

  • Banks;
  • Money services;
  • Investment firms;
  • Transfer companies;
  • FinTech companies;
  • Cryptocurrencies;
  • Brokerages;
  • Insurance companies;
  • Real estate agents.

In general, any business that falls under AML regulations and deals with client transactions should introduce transaction monitoring.

AML transaction monitoring process & the risk-based approach

Whether businesses choose to build their own transaction monitoring system, or instead consider a KYT solution, they should take the following steps before implementing either option: 

Apply a risk-based approach. Businesses should carry out formal risk assessment of money laundering, terrorist financiang, and other financial crimes. The risks vary based on the business’s products, customers profiles, and the nature and frequency of transactions. Once assessed, these risks should form the foundation of a transaction monitoring system. For example, once a business identifies which types of customers present a higher risk of money laundering, they can set a more frequent and intensive ongoing monitoring of their transactions.

Establish internal policies. The second step is to create an appropriate mechanism for the oversight, review, and approval of monitoring processes and parameters. Some of these policies may include:

  • Defining responsibilities for the company’s staff members;
  • Measuring the effectiveness and relevance of monitoring arrangements;
  • Supporting system changes to address evolving money laundering risks.

Determine elements of suspicious behavior. Each company establishes red flags that  signify suspicious behavior. These red flags depend on the size and nature of each company. Transaction monitoring solutions, therefore, should have the technical ability to such flags and timely notify staff members.

After establishing internal policies, companies will be able to define which transaction monitoring solution is more suitable.

Companies change over time and so should their transaction monitoring tools. So, if a company feels comfortable using a manual approach at first, they may switch to an automated solution after experiencing growth.

How to choose a KYT provider

There are certain risks associated with the implementation of transaction monitoring solutions. This includes choosing an insufficient KYT provider or using a manual transaction monitoring system that clearly can’t handle the customer flow.

Based on the Guidance for the UK financial sector, monitoring systems must:
1. Flag unusual transactions and/or activities for further examination;
2. Promptly submit such cases for review by the right person(s);
3. Take appropriate action on the findings of any further examination.

If failing to perform transaction monitoring, companies risk being penalized by authorities, in addition to proliferating illegal activity. Therefore, when choosing a KYT provider, companies should have a set of requirements that would fit them.

To choose a suitable KYT solution, businesses may ask KYT providers the following questions:

  • How does the solution enable companies to implement a risk-based approach to customers and transactions? 
  • What are the money laundering/terrorist financing typologies that the system addresses?
  • How quickly can new typologies be implemented in the system?
  • How can the KYT solution be tested prior to activation in the system?

This isn’t the complete list of questions, as each list will be unique for a company. However, it provides an understanding of what a company should look for when choosing a KYT provider.

Efficient transaction monitoring solution

KYT solutions allow users to see detailed information for each transaction, the rules or risk factors are used to calculate the risk score, and report the transaction if necessary. To maximize the benefits and minimize the cost of transaction monitoring tools, companies can look for the following features in the KYT solutions.

Suitability for your business. Choose a solution that suits your risk-based approach and fits different types of customers and transactions. For instance, at Sumsub, we offer the opportunity to leverage one of 300+ ready-to-use risk scenarios or create custom rules from scratch using our visual interface.

Ease of integration. Look for solutions that are easy to set up. These can be solutions with no-code rules settings or those that provide technical support for integration, etc.

Reporting features. To ease up reporting duties for businesses, some solutions provide reports with full analytics. This makes it easier to inform regulators about risky activities indicative of money laundering, tax evasion, fraud, and other financial crimes.

Businesses can also consider using one provider for the entire customer lifecycle, from the onboarding stage to transaction monitoring. This improves customer management, allowing to detect bad actors while improving the user experience for good ones.

Share