Enhancing AML Transaction Monitoring: Data-Driven Insights

Anti-Money Laundering procedures are often inaccurate, inefficient and can come with excessive costs. It is analogous to fishing by bottom trawling, where nets are dragged along the seabed: some of the sought-after fish will be caught, but so will all other aquatic life, and the entire ecosystem will be damaged.

There are ways to be smarter when performing AML – often for very little extra cost. The small improvements needed to make AML better can also benefit the bank’s wider compliance system, helping in areas such as periodical client review. In the first part of our blog series on AML Transaction Monitoring (TM) we described common challenges, and in the second part we discussed a systematic approach to improving rule-based AML TM systems. Here in the third part, we discuss how to improve money laundering detection by identifying transactions that are not of interest, which can significantly aid the structure of rules, tuning and monitoring design. Mature compliance functions should be able to identify not only potential risks, but also what is not risky.

The most effective way to do things better is for systems to use more information. This takes a burden off the review staff and enables compliance officers to quickly get to the root of an issue.

A good example is the treatment of movements between accounts and products. Typically, only current accounts are externally facing, and to transfer funds into structured products or specific accounts, funds must first pass through the current account. The transfer from current account to product account is often then treated as a “transfer within same beneficial ownership group”, and ignored for AML purposes.

External facing accounts can accept funds directly from other financial institutions, whereas internal facing accounts can only accept funds via an externally facing account.

Figure 1 - Internal facing vs external facing

In standard TM systems the use of funds is rarely analysed. Clients with specific banking products and who use funds for specific things are monitored the same way as clients who have only an active current account that they use in erratic ways. All context of the underlying banking activity is removed, and everything is treated as erratic behaviour – it’s like going to a restaurant and receiving boiled potatoes irrespective of what you order.

Consequentially AML monitoring often overlaid on data that has been “normalised” to treat all banking activity as contextless movements in/out of the bank. All activity is reduced to gross aggregate figures representing turnover and little else.

Obvious red flags are often ignored because the risk identifiers “don’t fit a standard out of the box scenario”. This includes risk identifiers such as:

• Bernie Madoff having no trade activity in accounts which were responsible for clearing his trade activity1
• A retail customer having two sources of income, both significantly greater than the GDP per capita of their country of domicile, with one source exclusively funding trade activity
• Mortgages being materially overpaid consistently by third parties.

To improve efficiency, the purpose of the incoming funds can be analytically determined. Classifying transactions and identifying specific internal activity is the first step to reducing the pool of “unknown” economic activity into obvious activity.
Starting with income classification and an example client who received 20,000 CHF a month and spends 15,000 CHF, a standard TM system will simply read this as 20,000 in, 15,000 out, and 35,000 in turnover.

Figure 2 – The Starting Point

Simple data mining confirms the receipt is salary from a repeatable source, paid regularly. Combining this with internal account movements can shed light on how the funds are used.

Figure 3 - Internal Only Classification

The income can be analysed against known KYC (including who is the income provider), and the gross 15,000 CHF analysed to “unknown” outflow to standard scenarios. The 5,000 payment into a mortgage account could be subject to surveillance based on:

• the schedule of repayments
• the frequency
• the value
• the origin (first, related, or third party)
• known KYC.

The ‘’unknown’’ outflow can be expanded and classified further with data mining across common counterparties of many clients, combining commercial register information, or separating payments into low / high value counterparties, as shown in Figure 4.

Figure 4 – Expanded classification

The starting example point of this example was that the client receives 20,000 CHF monthly, but with no analysis of where 15,000 CHF of transactions went. After analysis and classification this can be broken down to:

• A repeatable salary and source of wealth (useful for automated Periodical Client Review)
• Unknown counterparties
• Regular repeatable activity (e.g., car payments, or insurance and medical activity, useful for automated Periodical Client Review)
• Low value counterparties common among huge numbers of other clients (major supermarkets, gyms, coffee shops etc.): these might be classified as ‘de minimis’ activity
• Unknown activity to high value counterparties – which may have a completely plausible explanation or may warrant further investigation.

For all customers this approach gives an informed pathway for monitoring:

Figure 5 - Transaction Classification

Once this framework for analysis exists, it can be leveraged to:

• Enable tailored AML scenarios to be deployed to cover specific and identifiable risks
• Answer questions such as “is it plausible, based on the KYC we know, that this level of activity (e.g. high value car company payment) is occurring?”
• Identify outliers by specific transactions to counterparties. Extremely high activity, compared with other similar bank clients, to a specific counterparty suggests over-payment/over-invoicing.
• Identify accounts that are being used for alternative purposes or misused, such as trade activity being funded by a third party, or where the stated use in KYC does not match the real-world use.
• Assist periodical client review, to de-prioritise, prioritise or identify anomalous activity
• AML alerts can be triaged by machine based on transaction classification, and automatically reviewed and closed
• A summary of activity can be immediately presented immediately to reviewers, reducing the manual work required to review alerts, increasing alert throughput and lessening staff fatigue.

For such a system to be employed, there are certain requirements. These include:

• Complete “transaction reconciliation”. It should be provable on a transaction level, which scenarios actively monitor each individual transaction. This needed to demonstrate that an unintentional monitoring gap isn’t created.
• AML scenarios should be specific. The bank should adopt a mindset of monitoring banking based upon the risk assessment. The risk identification should properly reflect the financial crime risk assessment.
• Risk appetite must be defined. It is important for applied analytics to define what is risky and what is not risky
  
  • For example, third parties funding accounts such as mortgage or investment accounts may not be expected or within risk appetite, but ultimately if this is immaterial funding then it may not be a matter of concern (e.g., 100 CHF in one transaction in a year is not material)
  • AMLO “Article 11 – Waiver of compliance duties with due diligence” which can help with ‘de minimis’ classification. In the UK, the FCA also has guidelines on how to handle de minimis payments
  • Alternatively, after machine-driven analysis, it may be established that some behaviour is in line with thousands of other similar customers for specific transactions, and consequently there is no abnormality.

In conclusion, there is a wealth of information which banks already have and can be used to enhance the efficiency and effectiveness of transaction monitoring. This information usage can easily be integrated into existing operating procedures and incumbent technology. Deloitte has a team with a wealth of relevant knowledge and expertise in this area. Deloitte can help you on the journey to more effective, efficient, and robust surveillance.

1United States Securities and Exchange Commission - Investigation of Failure of the SEC To Uncover Bernard Madoff's Ponzi Scheme Case No. OIG-509 last accessed 2024/12/02 https://www.sec.gov/files/oig-509-exec-summary.pdf

Authors

• Madan Sathe, Partner, Forensic & Financial Crime
• Karl Ruloff, Director, Forensic & Financial Crime
• Oliver Story, Senior Manager, Forensic & Financial Crime
• Konrad Schwenke, Senior Manager, Forensic & Financial Crime