If there was ever a good time to take a step back and look at the effectiveness of transaction monitoring, then that time is now. As the world finds its way through the Covid-19 pandemic, banks and other financial institutions are firefighting financial crime.
For organisations with old or ineffective transaction monitoring solutions, the challenges are not only immense but come with frightening implications.
Below I address the biggest transaction monitoring challenges battering compliance teams right now. If any (or even all) of these challenges sound uncomfortably familiar, it’s time to start taking steps – however small – towards change.
7 transaction monitoring challenges we cannot ignore
1. Off-the-shelf transaction monitoring systems
Off-the-shelf-transaction monitoring systems are one of the biggest problems, if not the problem. When transaction monitoring systems became a regulatory requirement, many businesses ran out and ticked the box by purchasing an off-the-shelf system.
At the time, these businesses are likely to have been unaware of how damaging an inappropriate transaction monitoring system, which is not calibrated to your risks, can be. This is not surprising as even the regulators had different opinions on exactly what type of transaction monitoring system was needed.
While off-the-shelf systems offered a quick fix at the time, they are not doing what they say on the tin and are a massive drain on resources. In particular, they are costing far more long-term than ever anticipated.
2. False positive burden
Traditional transaction monitoring systems are getting it wrong 90% of the time – for every 1,000 alerts, 900 are false positives. This a huge number and it translates into haemorrhaging costs; not only in terms of erroneous alert processing but in trying to fix broken systems and hiring resources to support the backlog. It also raises a raft of regulatory issues.
False positives come at a huge cost for manpower and some banks have backlogs of alerts they simply can’t cope with. In reflection of the scale of the challenges organisations are facing, we’ve also seen some astonishing spending. For example, Deutsche Bank has spent €1 billion on enhancing AML while Wells Fargo has spent $20 billion – $11 billion of which was on consultancy.
3. Insufficient or out of data training and experience
It’s increasingly common to see fresh graduates slapped with the responsibility of reviewing a mountain of system alerts. But as talented as many new graduates are, these reviews should really be undertaken by compliance specialists or people from outside banking with experience in investigating financial crime.
As well as lacking the fundamental understanding for effectively detecting money laundering, many graduates receive insufficient or out of data training. Without the right skills and experience, too many alerts are being wrongly dismissed.
Another issue I’ve seen is some start-ups are bringing in vastly experienced people. While on the face of it this sounds like a good idea for cost purposes, care needs to be taken. Ultimately, new organisations in some instances are unwittingly setting themselves up with old technology. This is regurgitating issues that could have been easily avoided had they innovated with their risk controls.
4. KPIs encouraging the wrong culture and behaviours
If old broken systems teamed with inexperienced, unskilled analysts were not troubling enough, then the ugly issue of key performance indicators (KPIs) add to the compliance woes.
KPIs in transaction monitoring are designed to motivate analysts to clear backlogs in a statistical manner, but they’re actually creating a dangerous culture with the wrong kind of behaviours.
In order to meet KPIs (and avoid being fired), analysts essentially need to quickly close an alert. But this is creating a scenario where too many case investigations aren’t being opened – both because of lack of skill sets and lack of time. For the analyst, a quick cost-benefit analysis is likely to lead them to irrespectively closing the alert to meet their KPIs and keep their job. It is very unfortunate that people do lose their jobs for not meeting these targets.
5. Easy to beat and cheat system thresholds
Everyone knows how easy it is to cheat static, rule-based transaction monitoring systems by operating within specific thresholds. This is one of the areas where traditional, outdated and reactive rule-based AML systems are particularly problematic. Highly suspicious activity is going unnoticed because sophisticated criminals are running their operations in a way that remains under the rule radar.
6. Data is holding back AI deployment
A truly effective transaction monitoring system that leverages the power of artificial intelligence (AI) will rely on one source of the truth for all data. This, however, is a really difficult thing to achieve.
Ignoring weaknesses in your data isn’t an option since AI should be integral to your AML strategy – but you won’t be able to use AI until your data is organised and complete.
Getting data ready for AI deployment isn’t a process that can be rushed. Data needs to be carefully collected and great attention needs to be paid to any signs of corruption.
7. Confusion from differing regulatory approaches
Compliance challenges are being compounded by the fact that different regulators have different views on what is acceptable in transaction monitoring. Take for example, system alerts. If these alerts arise from a calibration issue then for regulator A, this would be acceptable and there is no need to review the alert. For regulator B, an alert should be reviewed regardless of how it arises. These different, inconsistent approaches add confusion in an already complex regulatory environment.
The bottom line is it is especially important to know exactly what your regulatory obligations are. Often, when reviewing a file we see issues being identified that are unrelated to the original alert. Sometimes, there is no right or wrong.
How to move forward
Firstly, we need to accept the vast majority of AML systems are broken. Secondly, we need to acknowledge AI is the future for AML but there’s a step in between. Organisations need to prepare for AI before they can implement it. To move forward banks and other financial institutions need to:
1. Use bolt-on enhancements to improve the performance of existing transaction monitoring systems
The move away from old transaction monitoring systems should be one step at a time and start with simple bolt-on enhancements.
2. Organise data
AI holds immense power and potential for detecting money laundering but to be able to use it, there needs to be one data source. This can be an overwhelming task so seek expert help if necessary.
3. Base transaction monitoring on customer behaviour and profile, not just thresholds or scenarios
Monitoring transactions exclusively based on thresholds or scenarios is a dated, ineffective practice. Rule-based transaction monitoring should be enhanced by monitoring actual changes in customer behaviour and profile. This is the best way to really start to know your customer and understand if what they are doing is genuinely suspicious.
About the author
Oonagh has built and led various compliance risk frameworks and teams across the industry, and developed and maintained regulatory and industry body relationships.
She is an advocate for ethical compliance leadership and framework development, with increased automation, including AI and machine learning integration. She is also passionate about empowering people with the capabilities to address risk challenges through understanding behaviours to break down barriers and create cultures of morally imperative business-sensitive decision making.
Oonagh is the Founder of RAW Compliance, a global compliance community which has at its core the mission to share knowledge to drive innovation. She is also Managing Director of Virtual Risk Solutions VRS, a global consultancy firm specialising in rebuilding holistically inefficient and ineffective risk control frameworks, with integrated data at the core.