Transaction monitoring for AML
Shane Bruce
Transaction monitoring is an essential tool in the fight against fraud, detecting suspicious activity and criminal deception in financial transactions. Transactions are also one of the most important sources of information when it comes to anti-money laundering (AML) and transaction monitoring is fundamental to a successful AML compliance programme.
Transaction monitoring, or ‘screening’, is the most effective way to identify money laundering, combat the financing of terrorism and prevent fraud and other financial crimes. When carried out correctly, transaction monitoring takes place silently in the background with little impact to customer journeys.
Anti-money laundering
Anti-money laundering (AML) refers to the mandatory steps that banks and other regulated industries must take to prevent criminals from laundering money. These regulations are designed to ‘counter the financing of terrorism’ (CFT) and other crimes. Regulated business must not knowingly or unknowingly aid these activities.
Real-time transaction monitoring for fraud and money laundering
Regulated businesses are legally required to comply with AML regulations and face large regulatory fines for failure to do so. These typically include, banking and financial services, such as, credit, investment, payment and money transfer services, and also increasingly crypto exchanges.
Any business is well advised to follow best practice for AML transaction monitoring, however, as the impact to brand reputation and disruption to business activities of unknowingly facilitating crime can be significant.
AML alerts for suspicious transactions
The role of transaction monitoring systems in AML is to screen transactions as they occur, apply rules for risk assessment and generate alerts for any transactions that appear to be suspicious.
There are a variety of indicators that might breach an AML risk threshold, trigger an AML rule and red-flag an individual transaction for further investigation by compliance officers. Banking and financial services typically monitor for unusual activities and patterns of transactions.
“The role of transaction monitoring systems in AML is to screen transactions as they occur, apply rules for risk assessment and generate alerts for any transactions that appear to be suspicious.”
Unusual activities
AML alerts will be triggered by transactions that deviate from a customer’s historical behaviour; transactions that are out of the ordinary or which do not fit with a customer’s normal pattern of transaction activity.
Suspicious transactions might include excessively large cash transfers, deposits or withdrawals. For example, if a customer deposits a cheque for over $10K and immediately withdraws cash from an ATM machine, if a large deposit is made into an account held by a non-resident customer, or if either party to a transaction is located in a high-risk country.
AML evasion techniques
Smurfing is a money-laundering trick that channels large amounts of cash through multiple small transactions or many different accounts to duck record-keeping thresholds, evade reporting requirements and avoid detection.
Layering is a money-laundering process designed to distance illegal funds from their original source. Multiple accounts, currency transfers or crypto transfers are typically deployed to create a complex audit trail that hides criminal activity.
Unusual patterns
Transactions that involve a complex or unusual pattern of transactions, or a suspicious routing of payments may also trigger AML alerts.
Suspicious patterns could include: a large number of small credit card payments by the same customer on different dates, or a wire transfer from another country into an account followed by multiple withdrawals within 24 hours, or multiple transactions with different merchants at the same time. Any one of these sequences might indicate money laundering activity.
Indicators of financial crimes
The Financial Action Task Force (FATF) is an intergovernmental body that develops global standards for combating money laundering and terrorist financing. They have produced a list of indicators of financial crimes (IFCs) to help countries identify suspicious transactions.
These indicators and scenarios often inform a rules-based approach to AML transaction monitoring systems:
| Cross border transactions
| Use of foreign currency
| Use of virtual currencies
| Suspicious cash activity
| Unusual means of payment
| Early redemption
| Inconsistent payments
| Suspicious transaction details
| Unusual use of products
| Rapid movement of funds
| Change in customer habit
| High-risk counterparties
| Inconsistent counterparties
| Transactions for unusual amounts
| Suspicious assets
| Multiple products operations
AML transaction monitoring systems
AML transaction monitoring systems detect unusual activity or patterns of activity on an account. In its simplest form, this can include flagging a suspiciously large transaction or a large number of deposits or withdrawals in a short space of time.
Monitoring systems need to adapt to increasingly complex money laundering tactics, however; criminals take advantage of the growth in legitimate businesses offering financial services and an increasing diversity of ways to transfer funds.
AML transaction monitoring tech typically includes:
Data mining
Data mining is the process of screening and analysing large data sets in search of connections and relationships within the data. Data mining algorithms can search through large volumes of data quickly and efficiently, finding the suspicious activities and unusual patterns that indicate possible money laundering activities.
AML rules
Rules-based AML transaction monitoring systems use rules to set thresholds to determine if an activity or pattern of activity presents a risk of money laundering. AML alerts can be triggered by a burst in activity, an excessively large transfer or deviation from customer behaviour.
AML rules for transaction monitoring
Here are a few examples of rules for AML transaction monitoring:
Burst in activity
More than one transfer and $10K in value in 30 days.
Excessive transfer
Incoming value exceeds $100K and outgoing exceeds 90% of incoming in 30 days.
Behaviour deviation
More than one transfer and any value in one day deviating from standard volume/value compared to the previous 90 days.
Virtual currency
Currency [X] value over $1 and customer risk score greater than 5.
Anomaly detection
Anomaly detection algorithms detect and flag any deviation from standard transaction activity when compared to a profile of normal customer behaviour. This can include cumulative calculations to understand and detect anomalies in patterns of behaviour over time and IQR thresholds to highlight outliers appearing in the data.
Machine learning
Machine learning is regularly deployed in transaction monitoring, often in combination with other technologies.
Unsupervised machine learning models that focus on clustering, association and anomaly detection are popular and can be trained to screen large amounts of data for a wide range of money laundering typologies. Supervised machine learning tends to be less reliable due to a lack of training data, as confirmed money laundering cases are a small percentage of all transactions.
Consortium data intelligence
Consumer data consortiums pool anonymised customer data from multiple businesses and organisations to create a broad profile of a prospective customer's historical behaviour, reputation and relationships – these can be very useful for detecting unusual transaction activity.
By including anonymised location, email, mobile, social media and other data, consumer data consortiums indicate what does and doesn’t look right without infringing customer privacy.
Putting transaction monitoring to the test
End-to-end payment pros, Tipalti turned to our transaction monitoring solution for a consistent ratio of alerts to transactions as its business grew and grew. Tipalti’s risk-based approach to AML transaction monitoring now continues to screen for more AML typologies and successfully manage and prioritise alerts.
Tipalti’s transaction monitoring passes the growth test
AML case management and transaction reporting
A risk-based AML transaction monitoring strategy, appropriate to your business and channels, rates AML risk alerts according to severity. This approach helps to prioritise case management, focus on critical alerts and improve productivity.
When an AML alert is triggered, financial analysts review the transaction(s) to determine whether there is evidence of criminal activity. AML case management typically audits the transaction, accounts and parties to the transaction before filing a suspicious activity report.
“A risk-based AML transaction monitoring strategy, appropriate to your business and channels, rates AML risk alerts according to severity.”
Suspicious Activity Report
In the United Kingdom, banks and other regulated businesses are required to file a Suspicious Activity Report (SAR) with the UK’s National Crime Agency, if they suspect that a customer is engaging in money laundering. These confidential reports provide law enforcement with a detailed overview of the case.
There was a twenty-one per cent year-on-year increase in SAR reporting between FY21 and FY22; one contributing factor to this increase has been the growth in the fintech and cryptocurrency sectors which are now reporting.
GBG Compliance
GBG Compliance provides a single solution to protect your customer and your business. Monitor transactions for fraud and money laundering risk in one easy-to-use platform. Simply configure your business risk thresholds, rules and workflows to combat crime and comply with AML regulations.
Protect your business from fraud and money laundering
Best practice for AML transaction monitoring
Automated AML transaction monitoring
An automated AML transaction monitoring system screens, alerts and protects business from money laundering threats faster and more accurately. Rapid, automated assessment of transaction risk results in more efficient case management, reduced manual effort and costs, and strengthens AML compliance.
AML transaction monitoring systems must be able to scale efficiently with your business. An increase in transactions should not lead to an increase in false positive alerts or low quality cases for financial analysts to investigate; low false positive frequency is a key system success metric. Systems should be configurable to reflect a business’ risk-based AML strategy, maintain accuracy in flagging cases and help to prioritise case management and focus on critical alerts.
Multi-jurisdiction AML compliance
The ability to adapt AML transaction monitoring to a global and evolving regulatory landscape is essential for international businesses.
There are regulatory bodies with national and international jurisdictions applicable in different geographies around the world; AML regulations and compliance requirements vary by country and region as well as by product and service. An international, risk-based approach to AML and transaction monitoring systems should be adaptable to the regulatory demands of different jurisdictions.
Configurable AML transaction rules
AML transaction monitoring systems should be easily configurable, offering simple customisation of AML rules to match a business’ risk-based AML strategy and manage ongoing changes in AML compliance obligations.
Compliance teams that can manage AML rules and maintain transaction monitoring systems without relying on developers or updates can respond to business or regulatory changes swiftly when they happen. Pre-configured AML rules, proven in the field will ensure new compliance teams and programmes get off to the best start.
Multi-layered transaction data to focus AML decisions
AML transaction monitoring systems that layer in device or identity data gathered with the transaction can provide increased breadth and depth of intelligence, helping to rate AML risk alerts, prioritise case management and focus on critical cases.
For example, the geolocation or transactional and behavioural history associated with an IP address, email address, mobile number or the reputation insights provided by a consumer data consortiums can all enable more accurate transaction sifting and AML risk alert ratings, providing financial analysts with greater detail on which to prioritise case management.
eDNA consortium intelligence
Global consortium intelligence provides your business with insights beyond your own customer interactions. Our eDNA technology combines anonymised digital identity and past behaviour insights from all businesses using the GBG Compliance network, producing a reputational score for digital identities and their transactions.
Onboarding results across our network indicate an accuracy of 99.97%. Trusted digital identities are considered very safe; identities with a suspicious of bad reputation are rejected in almost every case, with a rejection reversal rate of 0.001%.
Trust insights into transactions from beyond your business
AML case management and reporting
Compliance teams benefit from AML transaction monitoring systems that deliver good case management and regulatory reporting features. Business customisable UX provides analysts with fast access to information, speeding up assessment.
Other useful features to look for in transaction monitoring systems include:
| Transaction triage and alert queues that can be prioritised and worked as a team
| Transaction combination to build and show more complex cases
| Visualisation of transaction events, showing flows of value, entity reputation and relationships between entities
| Search fields to pinpoint important transaction details for investigations
| Documentation area for adding investigation notes and attachments, creating a clear audit trail for reporting
Frequently Asked Questions
What is anti-money laundering?
Anti-money laundering (AML) refers to a wide set of laws and regulations mandating steps that financial institutions and other regulated industries must take to prevent criminals from laundering money or any property derived from or obtained, directly or indirectly, through the commission of an offence. Regulated businesses must not knowingly or unknowingly aid these activities.
Is transaction monitoring a complete AML solution?
AML transaction monitoring is part of an ongoing process of customer due diligence and AML compliance which is a regulatory requirement across the customer life cycle. Starting with know your customer (KYC) checks at customer onboarding, often with a combination of identity data verification and document verification and PEPs and sanctions screening, and then ongoing customer KYC and transaction monitoring.
What is a financial crime?
A financial crime refers to any illegal activity that involves the manipulation, theft, or misuse of financial resources. It typically involves actions taken with the intention of obtaining personal or economic gains through fraudulent or deceptive means. Money laundering - the process of making illegally obtained funds appear legitimate by disguising their true origin - is a financial crime.
How does AML transaction monitoring work?
AML transaction monitoring systems detect unusual activity or patterns of activity on an account. In its simplest form, this can include flagging a suspiciously large transaction or a large number of deposits or withdrawals in a short space of time. Automated AML transaction monitoring system screen, alert and protects business from money laundering threats faster and more accurately.
Why do businesses need AML transaction monitoring?
Regulated businesses need AML transaction monitoring to ensure compliance with laws and regulations related to money laundering and terrorist financing. AML transaction monitoring detects suspicious activities such as unusual transactions or patterns of transactions, high-risk customers, or large cash deposits which can be indicative of money laundering or other financial crimes.
Is transaction monitoring a legal requirement?
Yes, in many jurisdictions transaction monitoring is a legal requirement. In the UK, the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) supervise transaction monitoring. In the US, the Financial Crimes Enforcement Network (FinCEN) under the Department of the Treasury oversees transaction monitoring and anti-money laundering (AML) regulations.
Sign up for more expert insight
Hear from us when we launch new research, guides and reports.
