Speaker 1: In this video, we'll speak about transaction monitoring. We will cover what exactly is transaction monitoring, what are the different questions around transaction monitoring, what are the key red flags which we may consider, and a few transaction monitoring rules which are configured in transaction monitoring system, and then understanding the whole process of transaction monitoring. So let's begin. What is transaction monitoring? A process of reviewing customer transactions and matching them against customer risk profile and unusual transaction pattern. Subsequently, performing a focus examination of transaction and identification of suspicious transactions. Transaction may include transfers, deposits, and withdrawals. And let's also understand what is the objective of performing a transaction monitoring. This will protect bank from any transaction that may lead to money laundering and terrorist financing. It also protects bank from regulatory fines and penalty for not identifying such transactions. So we have seen in the past, in case of BNP Paribas, it got penalized for close to $9 billion for not identifying the sanction or suspicious activities. So now, let's also understand when we talk about transaction monitoring. There are few questions which comes to our mind. The first one may be use of technology in monitoring of transaction. Sometimes we feel, should we use a technology or should we use a manual process of identifying transactions, unusual transactions? Should all transactions be monitored or it's only few transactions? Should all transactions be monitored with same approach? What level should transaction be monitored? Most transaction monitoring scenarios focus solely on the activity of client, not incorporating any risk element of bank's KYC program and other client-specific elements such as product risk, geographical risk, etc. And that's the reason the system for monitoring and reporting suspicious activity should be risk-based and should be determined by factors such as bank size, the nature of its business, its location, frequency and size of transaction and the type and geographical location of its customer. So the whole transaction monitoring or the approach can't fit for every other bank. So that's why it will vary from bank to bank, the nature of business, the risk they possess, the kind of customers, even geographical locations. When establishing a compliance program, one of the most important step is establishing the initial set of rules. Over time, this rule set will grow as new schemes are detected and corresponding rules are created. Money laundering schemes are difficult to detect. The goal of compliance team at fintechs, banks, platforms and payment processor is to find these abnormal patterns from the transaction data generated every day. This creates a critical balancing act when rule must catch all of the bad activity without being so broad and generate overwhelming false positive. Creating rules can be a real challenge as every business situation has different risk factor and appropriate thresholds. However, there are some basic rule structure that every compliance team should consider deploying to cover the most common schemes. So let's understand some rules. So these are indicative which I have picked, but there can be others depending on bank risk appetite and the geography and threshold. Let's understand these rules in detail. The first one is consolidation of transaction close to threshold. By using this rule, we can detect an excessive proportion of transaction to avoid reporting or submitting or depositing money just below the threshold. So for example, there may be a threshold of $10,000 and here we are looking for a pattern where transactions for the party largely fall between $9,000 to $10,000. And it includes detecting multiple cash withdrawals by customer or account across branches. Then the next rule would be high volumes of transaction. In this rule, this rule identified parties with abnormally high payout transaction volume inconsistent with normal and expected activity of the customer. Change in customer profile before a large transaction. This rule identifies a situation where customer makes a profile change to personally identifiable information shortly before making a large transaction. So for example, the directors or key controller have changed and post that profile change, you may be looking at a different or maybe altogether large transactions happening in the account. So this may indicate account takeover or money laundering activities using the company as a front. Overall increase in transaction volume. This rule identified a significant increase in the value of parties' outgoing transactions when compared to their recent average. It looked for parties with recent activity where party transaction value is substantially higher than the 7-day moving average. Payment made with same IP address. This rule identified transfers between parties with same address. When transfers are happening using the same IP address, that would raise a suspicion. Frequency of withdrawal and deposit. This rule identified parties where total value of credit is similar to the total value of debit over short time frame. Detects activity when there is a movement of fund. Suspicious spend behavior. This rule identified transactions that highly deviate from parties' standard spend behavior. Sometimes this may indicate an account takeover or externally influenced transaction. So it can be fraud, it can be any other illegal activity. Low buyer diversity. This rule is best suited for a platform where you generally see many buyers interacting with single seller. If payments are being received from geography which is not usual, that would raise an alarm because that is going against my normal business transactions. Suddenly I am receiving payments from third parties or unknown third parties from other countries. It may be high risk countries or it can be medium or low risk countries. High transactions count from new user. It identifies merchants with high percentage of their activity coming from newcomers. A potential red flag for money laundering and conventional fraud. These are few of the sample rules which may be configured in the transaction monitoring system and help us identify money laundering and terrorist financing activities. So let's understand some of the key red flags. A customer who is public official opens account in the name of a family member who begins making large deposit not consistent with the known source of legitimate family income. So this can be one of the red flags. Transactions that involve depositing large amount of cash inconsistent with the normal and expected activity of the customer. Customer who is a student uncharacteristically transfers or exchanges large sums of money. Accounts show high velocity in the movement of funds but maintain low beginning and ending daily balances. Transactions involve offshore institutions whose names resemble those of well-known legitimate financial institutions. Transactions involve offshore countries or tax haven countries like British Virgin Islands, Bahama Islands and Cook Islands etc. So these are few indicative key red flags and I know there are lot of key red flags. And I may be covering another video just on key red flags. So let's move on to the next slide. Now moving on to transaction monitoring process. So mainly you would see four major sections of transaction monitoring process. Where alert is identified, suspicious transactions are identified and that is converted into transaction monitoring alert. And it's shared with transaction monitoring team or financial compliance team who would further perform investigation where they would collate information. They would research on customer, transaction and related parties preparing the written report supporting conclusion. And they also need to obtain full understanding of factors such as the source of the alert, the customer transaction reports, CDD information such as how long the account has been opened, who opened it and who is authorized to conduct activity. Customer business practices, customer counterparties and source of wealth for beneficial owner structure for legal entities. And as a transaction monitoring investigator, I need to ask lot of questions while performing these investigations. So let's say, have I seen something like this before? If so, what was the outcome and why? Are the transactions high risk in terms of person, amount, frequency, geography, product etc. Are there pattern of activity that are troublesome? What are the deviation from expected behavior? Do they make sense for this customer? How does the customer activity compare to similar groups of customer? Have any of the account and customer involved been alerted before? Are currently being investigated or have been reported to external authority? And also as an investigator, I also need to have access to bank systems, documents and other information including transactional information, public data like subscription based databases or trusted website. The case management system to see if this specific customer has had previous alert, the outcome of those alerts and whether the current alert is related in any way. Relevant relationship managers, unstructured data such as financial statement, pictures, audio and video recording. So let's move on to step by step process. The first step in the transaction monitoring system is when suspicious transaction alert is generated. The trigger event is what brings the investigation before the eyes of the investigator. And it will contain information as to why the matter is considered unusual. So for example, more than 2 wire transfer in a 30 day period totaling over $9000 or multiple cash deposit below the reporting threshold of $10,000 in multiple branches within a short time frame. Then what we do is we consolidate the customer profile information just to understand who they are, their risk status, what they do, the nature of risk associated with their occupation, profession and business. How they derive their income and wealth, what product they hold and why, geographic footprint and operating environment, relevant adverse information associated with customer or their business, close associates or family, non adverse information that supports our understanding of the customer. Then we search previous transaction alert or SAR against the customer to understand the basic activity of that customer if any. And this will also clear our understanding to understand the previous alert whether it's related to current alert or not. Then we perform a transaction review and analyze usual transaction pattern. Under this step, a holistic and high level view of the activity for the relevant review period is undertaken to determine whether the activity in the account appears to be in line with your understanding of the customer, their business or occupation. And then once transaction review is done, then it's time to perform a detailed investigation on alerted transaction and identified source. And in this, the activity in all the account under review that clearly is commensurate with what would be expected by customer is neither considered unusual or suspicious. So for example, the normal activity might include grocery purchase, rent or mortgage payment, utility and personal spending in line with customer income, payroll and wealth. So here during the investigation, what we do is we try to identify normal activity and then we focus primarily on unusual transactions which can help in identifying the suspicious activity and come to a conclusion. So any activity remaining which we are saying which is not a usual business transaction now becomes the focus of your EML account or tariff financing investigation. And also include being alert to potential transaction monitoring report or suspicious activity report submission. The end assessment of suspicion should be based on reasonable evaluation of relevant factors including the knowledge of customer, business, financial history, background and behavior. Remember that behavior is suspicious, not the people. And once we are done, once we understand the transactions, once we understand the customer background, financial history and then behavior, this is where we take a decision whether the transaction is usual transaction or it's unusual transaction which lead to suspicious activity. And there may be a chance where as an investigator, I may not be able to conclude. This is where I need to reach out to my compliance officer to get his guidance. And also if there are few exceptions where it may be considered as a suspicious transaction or it may not be considered as a suspicious transaction. So that's how you conclude the transaction monitoring process. And that's end my presentation on transaction monitoring. I hope you like and understand the concept. Thank you for your time. You all have a very nice day.