Financial regulators are focusing on robust compliance more than ever now. And one of the key challenges firms face due to immense focus is how well a firm tunes its financial crime solutions, especially transaction monitoring tools, based on relevant risk factors. 

For instance, the UK’s Financial Conduct Authority (FCA) is particularly interested in two major areas – 

• How good firms are at identifying different kinds of risks that their transaction monitoring systems screen for.

• How well they have designed their systems to mitigate these risks. 

Failing to adequately tune their systems for risks can lead to expensive fines. In 2023, the FCA hit one bank with a £7.6 million penalty for failing to assess risks adequately. 

Identify the Right Risks 

Firms should regularly review and update the risks that are impacting their transaction monitoring programme and ensure that their systems are trained to detect the risks. However, according to the FCA, this is not happening frequently enough in firms for several reasons. One of the prime reasons being that day-to-day tasks, such as managing false positives, can become overwhelming for financial crime compliance teams. 

Unfortunately, this work can mount up when a system is poorly tuned, in turn creating a vicious cycle where vital functions like identifying and tuning for risks are not effectively completed.  

To restore the right operating rhythm and risk sensitivity, firms should review risks associated with the following areas: 

1. Products and Services: Have new products or services been introduced? Have existing ones undergone significant changes? Are they being marketed to different target markets?

2. Delivery Channels: Are there changes in how products and services are being delivered via mobile apps, the internet, telephone, branches, etc.? Are there shifts in how customers access these products and services?

3. Customer Types: Among high-risk customers, are there changes in company structures, political connections, country risk, source of wealth, sources of funds, expected account activity, sector risk, or involvement in public contracts? 

4. Beneficial Owners: Are there new trends in the types of beneficial ownership structures observed among high-risk customers?

5. Geographic Locations: Has the firm opened an office in a new geographic location? Is there a sharp increase in business from a particular region? 

6. Organisational Changes: Has the firm acquired or merged with another company? Has it divested a part of the company? Are there plans for any of these activities?

7. Regulatory Changes: Have any regulators the firm is exposed to altered their financial crime rules, issued new guidance, or modified their examination methods regarding anti-money laundering, sanctions, or other areas? 

8. Geopolitical Risks: Is there potential for new risks to emerge from elections, armed conflicts, or other events that could impact the politically exposed persons the firm does business with?

9. Financial Crime Trends: Are there changes in the types of financial crimes being detected within the firm’s businesses? Are law enforcement bodies reporting new methods of committing crimes? 

10. Data Sources: Are there changes in how or where data are being sourced for transaction monitoring, either internally or externally? Could these changes impact data quality or timeliness?

Depending on a firm’s businesses and overall risk environment, there may be other areas that demand regular reviews too. For example, it could be a good idea to consult with the Risk Management team. The changes they are observing in the firm's overall risk profile could influence which risks should be incorporated into the regular review and update of the transaction monitoring tools.  

Retuning for Risks 

Stepping back to review risks and retuning the system can take some time, but the potential benefits like reduced compliance risks and business risks, as well as lower levels of false positives, can create real impacts on both the compliance team and the overall organisation.

It is very important to work with a transaction monitoring tool that can be tuned & tested quickly and can easily reflect changes in a firm’s financial crime risk profile. Ideally, firms should be reviewing potential changes to the risks they face on a regular basis, with areas where rapid changes may need more frequent reviews being flagged. The overall takeaway here is that retuning transaction monitoring software needs to be undertaken relatively frequently and, therefore, having software that is agile and auditable should be a high priority for financial institutions.