Being active, and active monitoring are such different things.

Monitoring transactions for anti-money laundering purposes has been a mainstay of financial services organisations for a long time. Typically implemented through a TMS, identification of cases is automated for further investigation. The investigation process has significant operational implications – from a risk and cost perspective. Use of active monitoring metrics can better target efforts to improve detection processes – mitigating some risks. If the TMS is actively monitored, the impact can be to improve the breadth of monitoring without impacting operational processes.

Straight forward reasons for active monitoring

The overall TMS system effectiveness rate is typically gauged through a single measure of false positives. It is a measure of how many cases are investigated overall, against the number submitted as a suspicious activity report (SAR). Depending on the approach to TMS, false positive rates can be between 93 – 99.5%. In terms of operational costs, this is where the rubber hits the road.

As an example, consider the following. Between October 2015 to March 2017 over 634,000 Suspicious Activity Reports (SARs) were submitted to the UK Financial Intelligence Unit (FIU). Over 80% of those were submitted by credit institutions – banks. Using the false positive rates outlined above, this means firms as a whole could be investigating between 8 – 124 million false positives.

Each identified case requires manual investigation from a team of alert handlers. The volume of alerts typically drives the size of the investigations team; which in turn drives the cost.

Understanding how to improve the quality and coverage of the TMS output can improve cost management and compliance. Considering more than just a false positive ratio is a better way to define and target efforts.

Factors that impair active monitoring

There are a number if factors which can impede active monitoring. Three such areas are outlined below:

Data quality and mapping

Typically, the most challenging aspect of an AML deployment is consolidating transactions across platforms to give a single and coherent view for monitoring purposes. The quality of the source data needs to be considered regarding its meaning. For example the term “cleared balance” can mean several things depending on the product. The quality and provenance of the data needs to be understood, as does the data mapping, where sometimes similar transaction types are pulled together and can present problems for monitoring: for example, grouping cash and cheques together.

Lack of robust feedback relating to submitted SARs

Feedback from regulatory authorities may not provide sufficient detail to allow system improvement. Feedback from the financial intelligence unit relating to submitted SARs is limited or, in some cases, non-existent. Adopting a data driven approach to system improvement requires input relating to the effectiveness of existing processes. Without feedback, the direction of efforts is subjective.

Scenario alerting techniques applied

The application of rules can be affected by altering thresholds. The use of analytical tools to derive measures of difference, for example standard deviation to allow risk scoring, can also be a factor. The use of non-transparent analytical methods, such as neural networks, add a level of complexity relating to how to unpick and demonstrate reasons for decisions, and why they have been applied.

Active monitoring requires these 5 indicators

These are the measures to implement and track regularly:

1) SAR disclosure rates

The final output from an investigation; and broadly indicates the meeting of overall TMS objectives relating to detection of suspicious activity. Understanding the details associated with the volumes of cases being submitted, categorisations of the cases, and details relating to the areas of business represented provide quantitative measures for investigation.

2)  False positive ratio

Monitoring the overall changes in this measure provides a general indication of the system performance. At a high-level, it provides the clearest indication of a mis-match between detection processes and risk within the overall TMS. An impact can be to increase pressure on operational processes if volumes of cases are high.

3)  Alert volumes

Understanding changes will drive investigative activities. Typically, these will be to review possible underlying issues within the overall TMS. Example sources of investigation would be recent scenario / rule changes; implementation of new scenarios; inclusion of new business lines or new transaction types introduced.

4) Operational costs

There are two prime aspects that need to be considered in this instance. The overall scale of the operations teams used to complete investigations and systems tasks. The second is to review the effectiveness of the supporting infrastructure – taking account of growth since initial system deployment.

5) Number of monitoring scenarios / rules

Possible causes can relate to a mixture of internal and external factors. Alterations in regulation can require short / long term monitoring adjustments to be made, increasing the number of scenarios. From an organisational perspective, a lack of granularity relating to account segmentation, introduction of new products or new business lines can cause more scenarios to be created . More scenarios can increase the efforts associated with system management, and also drive increased volume of cases.

Actively monitoring a TMS can deliver significant benefits to the organisation. Use and application of analytics will deliver better alignment to objectives. If you would like to understand more regarding how this can be achieved, please contact me.