An LFI may seek to utilize a manual transaction monitoring system, which typically targets specific categories of transactions (e.g., those involving large amounts of cash, those to or from certain geographies) and includes a manual review of various reports generated by the LFI’s systems in order to identify unusual activity. The type and frequency of reviews and resulting reports used should be commensurate with the LFI’s AML/CFT risk profile—including the nature, size, and complexity of its operations—and properly cover customers, counterparties, businesses, products, services, delivery channels, and geographic markets. System-generated reports typically use a certain currency threshold to detect unusual activity. An LFI’s responsible senior employee should periodically evaluate the appropriateness of filtering criteria and thresholds used in the monitoring process and periodically appraise Senior Management and where required, notify the Board of Directors (as part of periodic updates), on the appropriateness of design of manual monitoring reports. LFIs should be alert to the fact that complex and evolving financial crime risks can undermine the effectiveness of manual monitoring systems, and therefore, manual monitoring systems should also be independently reviewed for reasonable filtering criteria.

Automated transaction monitoring systems can cover multiple types of transactions and use different rules to identify potentially suspicious activity. In addition, many systems can adapt over time based on historical activity, trends, or internal peer comparison. After parameters and filters have been developed, they should be reviewed before implementation to identify any gaps in coverage to address potential financial crime schemes that may not have been addressed. LFIs should also seek to have appropriate case management systems so that such funds or transactions are scrutinized in a timely manner and a determination is made as to whether the funds or transaction are suspicious.

Once established, the LFI should review and test system capabilities and thresholds on a periodic basis, commensurate to its risk profile. This review should focus on specific parameters or filters in order to ensure that intended information is accurately captured, and that the parameter or filter is appropriate for the LFI’s particular risk profile, including the applicability of the detection scenarios, underlying rules, threshold values, and assumptions used. An LFI should also aim to review its transaction monitoring program at least annually to account for changes in the LFI’s internal procedures; local laws and regulations; and best practices.

Relatedly, the authorization to establish or alter expected activity profiles should be clearly defined through policies and procedures. An LFI’s internal controls should ensure limited access to the monitoring systems, and changes should require the approval of the Compliance Officer, MLRO, or senior management. The LFI should implement a robust end-to-end, pre- and post-implementation testing procedure of its transaction monitoring program with documentation detailing current detection scenarios and the underlying assumptions, parameters, and thresholds applied.

Employees appointed by the LFI should also be responsible for the design, planning, implementation, operation, testing, validation, and on-going analysis of the transaction monitoring program, which may extend to assessing the timely review and decision-making of generated alerts and potential STR or SAR filings. Such employees should be responsible for independently validating an LFI’s transaction monitoring system's programming methodology and effectiveness to ensure that the LFI’s automated transaction monitoring system is effectively detecting potentially suspicious activity. These appointed employees should also ensure that customer segments, customer types, and transactions/transaction codes are mapped into the transaction monitoring system, and that the transaction monitoring system is integrated with the LFI’s core banking and other relevant system. Independent validation should also take place of an LFI’s policies with an aim to assess if employees are adhering to these policies. This is especially important to validate the proper use of automated tools and to ensure that the application of information technology instruments or algorithms—often leveraged by LFIs to reduce the number of false positives in their transaction monitoring programs—is not inadvertently suppressing instances of reportable suspicious activity. Where appropriate, the LFI, in lieu of maintaining full time employees to perform aforementioned functions, may hire qualified specialist consultants or external vendors to provide such review services.

LFIs have begun to invest in forming and developing their own intelligence units or capabilities. By establishing such units or capabilities, these units seek to maximize the use of data and information available both internally—within the LFI—and externally—across jurisdictions and businesses—in order to tackle money laundering, the financing of terrorism and illegal organisations, and fraud schemes, as well as to consolidate analytical capacity and remove any jurisdictional and business silos. This has led some LFIs to shift from a pure transaction-level monitoring approach towards adopting a “customer-level” or “network” monitoring approach. Under this approach, previous investigations can be applied to inform and refine risk models, which can then be used to customize monitoring for different business lines and customer types. These enhancements are focused on looking beyond single transactions or single customers to identify the wider network in which a customer operates—looking at the customer as an entity—enabling LFIs to manage networks of accounts and report on these networks, that in turn, increases opportunities to disrupt that network. This model moves reporting away from reports of single suspicious transactions towards suspicious entities and networks with a view on how the funds flow between them.