Recently I was fortunate to be invited by the ACAMS Australasian Chapter to join their panel discussion on The Future of Transaction Monitoring: What Does It look Like. The panel included two other people who will be familiar to those in the AML/CFT community:
I joined the panel in my role as Senior Product Manager for Jade ThirdEye, where I’ve had the privilege of working with a range of reporting entities around the world for several years. I love helping businesses implement and upgrade their transaction monitoring programmes. I'm a certified Anti-Money Laundering Specialist (CAMS), which should tell you how much I love AML!
The ACAMS panel discussion focused on different areas of transaction monitoring, including risk identification, key components of a monitoring programme, and (the fun part) imagining what the future might hold.
Here's a summary of what we discussed, along with some of my thoughts and recommendations ...
Most organisations that are defined as reporting entities have a regulatory requirement to complete Customer Due Diligence (CDD) and monitor accounts for suspicious activity. Martin led the discussion on this, sharing his legal expertise on section 31 of the New Zealand AML/CFT Act.
He highlighted the following requirements as some of its key aspects:
Because customer risk profiles can change over time, it's important to conduct ongoing, periodic account reviews that might be triggered by alerts. But it's also vital to make sure you regularly review your CDD information.
I recommend focusing on the overall account, not just on day-to-day transaction monitoring. Understand your monitoring risks and develop a comprehensive programme for reviewing risk and monitoring transactions.
Matthew reminded us that your risk assessment should also include a national risk assessment, red flags from SAR guidelines, sector guidelines—like those for lawyers and real estate agents—and international guidance.
He shared some examples of risk monitoring he'd seen in the UK. These included not understanding the huge range of products and services through which a customer has contact points. He's seen situations of "the tail wagging the dog”, where companies are presupposing things about the transaction monitoring system they choose before they have their strategy in place.
To avoid this, I recommend you develop your compliance response in the following order:
I sometimes encounter prospective Jade ThirdEye customers asking what rules we have so they can hit the ground running with an out-of-the-box solution. This isn't the best approach to take. Our AML/CFT solution includes an extensive rules library for customers to draw from. But I agree with Matthew that your rules should be defined by your risk assessment and strategy, not the other way around. Whether your process is manual or automated, you need to make sure your rules address the particular needs of your business.
Having said that, we do see similar needs, especially in the finance industry. So once we understand your requirements, we'll help you set up Jade ThirdEye so it fits your business like a glove.
The panel also discussed the challenges companies face as they grow and scale up their monitoring programmes. Most businesses start with a manual approach to monitoring, and to some degree you'll always have some of this. This is true whether you're analysing and mapping specific human behaviour for red flags, or reviewing accounts for identifying changes in new patterns of behaviour that you might not have realised was possible.
Matthew described a tipping point for when it's time to move to a technology solution that has automated monitoring.
This is usually when:
But he cautioned that scaling up isn't just about technology. It's about increasing your understanding of risk and how to mitigate this by methodically developing rules and regularly reviewing these.
Martin mentioned that lots of companies are still using spreadsheets, which is obviously a very manual and time-consuming approach. Spreadsheets are also difficult for auditors to work with. Lots of companies interested in Jade ThirdEye come to us with a very complex set of spreadsheets they've developed. They realise they need more efficiency and transparency, not just for their compliance programmes, but for the sake of their own companies.
I agree with Matthew that scaling up has more to do with the size of transactions and risk assessment than it has to do with the size of a company. Many of our small-to-medium Jade ThirdEye customers have very complex monitoring needs and large volumes of transactions to analyse.
We also chatted about one of my favourite topics – the future of transaction monitoring. Most of our discussion focused on automation and machine learning and Matthew highlighted areas where machine learning could be really beneficial.
These included:
I see a place for machine learning in small companies as well and I believe one day this will be as common as internet banking, that it will be accessible to everyone. We all agree there'll always be a need for skilled humans in this landscape, to guide and monitor whatever future technology might evolve. When computers were first invented there was a real fear of significant job losses and a ‘de-skilling’ of humans. Instead what we've seen, particularly in our industry, is a move to more specialist roles.
ACAMS runs regular virtual events like this panel discussion. It records many of them so you can listen at your leisure after the event. If you're interested in attending, head to ACAMS Australasia to learn more.
And if you'd like to know how to automate your AML compliance programme with the global financial crimebuster that is Jade ThirdEye, check out our recorded webinars and register for upcoming webinars!