The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular organization.

Alexander Fisher, Director, Group Financial Crime Intelligence and Investigations, Standard Chartered Bank

What should we keep in mind about transaction monitoring and why?

I think the first important thing I learned about transaction monitoring is that it is a retrospective tool to detect ‘unusual’ activity. ‘Unusual’ is not the same as ‘suspicious’ activity but the two are often conflated. Obviously, upon further review, an ‘unusual’ transaction could ultimately be assessed as ‘suspicious’, but that assessment process involves taking into account the wider context for the transaction. That assessment process involves evaluating all sorts of variables and assumptions about the client and counterparties involved in the transactions, and drawing comparisons with known patterns of legitimate and potentially illegitimate activity. From detection through to evaluation, however, the activity in question has already happened, so the primary outcomes will be reactive risk management; whether this should be considered ‘crime prevention’ is an interesting debate. I think the second most important thing is understanding that transaction monitoring for the purpose of financial crime compliance is a regulatory obligation for banks; it is at the core of what we do to keep the bank and our customers safe, so it has to work well. On the other hand, regulators such as the UK Financial Conduct Authority, have issued very clear guidance – and in some cases remonstrations – on their expectations for automated transaction monitoring systems and how their use must be one of multiple components of a strong compliance framework. It is not enough to rely only on transaction monitoring for compliance, if you want to be rated a ‘best-in-class’ organisation.

What is the importance of information exchanges and feedback loops?

A common operational discussion is about the need to reduce ‘false positives’ in our surveillance alerting processes. In other words, can we adapt or refine our manual alert processes and automated transaction monitoring systems so that they get better attuned to alerting us to ‘unusual’ financial activity that does later turn out to be assessed as ‘suspicious’ in some way. This requires a consistent feedback cycle where each time an alert is reviewed and a decision taken, the lessons learned from that decision are used to ‘tweak’ the alert process. In times past, when there were fewer transactions to monitor or evaluate, this might have been within the capacity of compliance colleagues to do ourselves. Obviously this has become impossible for humans to do manually for every transaction in the modern world, but much has been done to supplement this in recent years, using data analytics and machine learning techniques. Gathering and implementing lessons learned from financial crime investigations, and exchanging this information with law enforcement and peer bank partners wherever we can, is essential to make sure we are keeping our alert processes timely, effective and efficient. As an industry, we’ve made a lot of progress in this area, but there is collective recognition that much more could done.

What is the role of data and intelligence in supporting transaction monitoring and ‘perpetual KYC’?

Transaction monitoring systems have sufficed for many years in their current form, and continue to generate valuable referrals to law enforcement. On the other hand, we know that many criminals have become familiar with the activity our monitoring systems are designed to spot, and that the clients we are referring to law enforcement are not always the clients who pose the most harm to society or who have the highest likelihood of being arrested. Some modern criminals, such as fraudsters or drug dealers, don’t appear to mind if some of their activity is detected, instead factoring the likelihood of disruption into their risk assessment and engaging in a ‘high-volume, low value’ criminal business model. Other criminals, often the most insidious and who pose the highest set of risks, are typically experienced, well connected and well versed about how to adapt to our evolving monitoring systems; in some cases, they identify or invent ways to avoid them entirely. As a single purpose tool, therefore, the cost-benefit value of Transaction Monitoring is arguably in danger of diminishing unless we can use it as part of a more complicated web of defences against criminals. Using more data and intelligence analytics techniques in addition to transaction monitoring, may help us invent a more layered ‘multi-lasered’ approach to achieving this.

The idea of upgrading from ‘periodic’ to ‘perpetual’ KYC, whereby you routinely monitor the collective activity of a client proactively, rather than just monitoring for specific activity reactively, offers a great opportunity for transaction monitoring to contribute to a more proactive form of compliance, and for enabling compliance to become a more commercially supportive activity. In the past, ‘compliance’ was commonly perceived by commercial organisations as something that slowed or stopped a bank from doing business. Increasingly, in a post 2007 financial crisis world where trust in banks remains low, effective compliance can be viewed as a ‘competitive advantage’. Use of open source data, combined with the rich insights that can be gained from analysing client activity can be used to better support our clients as they grow or struggle. The same combined data sets and analytical techniques that can more reliably alert if a customer suddenly transacts with an unusual client type in a new market, can also be used to alert if a customer is experiencing sudden growth, or expanding their business, for example. As simple examples, where it transpires that an unusually large cash deposit was from a legitimate source, or that rapid rises in income are due to success not corruption, that intelligence can be used to provide better and more timely services to that client. There are of course lots of privacy and cultural implication to manage with such an approach. For example, not everyone enjoys automated alerts from their bank that they are ‘spending too much’ this month. However, knitting data, intelligence and KYC together offer new opportunities to cultivate trust and build a personalised (if automated) relationship with a customer or client that can become an insightful pipeline for human Relationship Managers, potentially enhancing the profitability of retail banking. It might also help the humans spot more – and more sophisticated – criminals, sooner.

Alexander Fisher will be speaking at our upcoming Fraud and Financial Crime Summit, taking place on September 20-21 at One America Square