With less than 1% of alerts detecting genuine threats, transaction monitoring is in need of an overhaul. The FCA’s recent ‘Dear CEO’ letter for retail banks underlines the need to take action. How can your business turn this currently blunt tool into a targeted and efficient, risk-first weapon in the fight against financial crime?
Transaction monitoring (TM) should be a vital part of the financial crime control framework, helping to unearth suspicions of money-laundering and terrorist financing.
All too often, however, the generic way the automated systems are set up means that they generate a vast number of false positive alerts, while failing to detect a significant amount of genuinely suspicious activity. Typically, less than one in a hundred alerts highlight authentic risks. Nonetheless, regulation requires that all these alerts are investigated, which ties up operational resource that could be far better used in tackling real threats.
Why are systems missing the mark? Most ‘off the shelf’ applications are focused on the need to demonstrate compliance rather than the financial crime risks within a particular organisation. They comprise rules which may not even be applicable to the specific transactions, products and client services offered by the organisation.
Many of the monitoring systems utilise broad brush triggers, such as high or unusual deposit levels, rather than honing-in on the ways in which financial crime is actually carried out. Much greater customisation is required.
FCA’s continued spotlight on TM
The urgent need to address these shortcomings has been heightened by May’s Dear CEO letter from the FCA. The FCA’s concerns range from “arbitrary thresholds” to solutions that “have not been calibrated appropriately for the business activities and underlying customer base”.
Our ‘Check list of common weaknesses in TM’ at the end of this article outlines the common failings, their causes and the outcomes. This can help inform the gap analysis retail banks must undertake to meet FCA obligations. The big question is, of course, how to address these shortcomings.
Confidence in your TM
Automated TM is here to stay. But there are serious gaps and regulators want them addressed. Trying to find genuine suspicious activity in a sea of alerts also uses up needless time, money and resources. Bringing your system up to scratch demands both sharper risk identification and refinement of system outputs to enable these risks to be investigated efficiently. Our risk-first approach to TM will help to give both your regulator and your board confidence that your systems are identifying all relevant types of suspicious behaviour. It does this by focusing on the ways in which criminals may actually attempt to exploit your organisation and tackles them head-on.
If you would like to find out more about how we can help you, please email Simon McMahon.