Advice from the regulators
The UK Financial Conduct Authority’s “Dear CEO Letter for Payment Firms”, issued in March 2023, notes that firms often ‘fail to maintain and evolve their controls framework, in line with or ahead of business growth’. Recent fines on Coinbase and Danske Bank have shown that transaction monitoring frequently lags behind current business operations and generates alerts based on outdated rule sets. This creates unpredictable spikes in alerts, and the consequent backlogs put operations at risk. These case studies highlight the importance of a transaction monitoring system that is robust, and regularly tuned and tested for effectiveness in identifying relevant risk typologies.
In its March 2023 Guidance Paper on ‘Transaction Monitoring, Screening and Suspicious Transaction Reporting’ the Hong Kong Monetary Authority recommended that firms ‘establish an effective assurance programme to regularly and independently review the quality and consistency of alert clearance’.
Observations should be used to enhance transaction monitoring systems and processes, and firms should periodically ‘review the adequacy and effectiveness of the transaction monitoring systems and processes’. As outlined in the paper this should include an assessment of:
Transaction characteristics
The risk factors, parameters and thresholds used (whether or not these generate alerts)
Any alert prioritisation or discounting mechanism applied to ensure they remain optimal and address ML/TF risks
Changes in business operations and new and emerging ML/TF typologies.
This is further supported by guidance from the Bank of Lithuania issued in February 2023, which highlights that firms must ‘periodically review and assess the effectiveness of their rules and criteria’. Whether you are rolling out a new transaction monitoring solution, reviewing your existing one, or adapting for growth, having specific transaction monitoring testing assurance is key.
