Understanding Transaction Monitoring

Document Title
Exit Back Next 1
Course Objectives

By the end of this module you will be able to:

• Understand Transaction Monitoring and its relevance in Fighting Financial Crime

• Understand key components of a Transaction Monitoring program

• Transaction Monitoring program in Standard Chartered

Document Title
Exit Back Next 2
 Course Agenda

Fundamentals of Transaction Monitoring

 What is Transaction Monitoring?
 Importance of the Transaction Monitoring Program 2
 Key components of a good Transaction Monitoring Program
 Case study
Transaction Monitoring in Standard Chartered
 Introduction
 Group Transaction Monitoring Procedures
 AAA process for Transaction Monitoring
3

Course Summary

Document Title
Exit Back Next 3
 Regulatory Actions & Expectations

Regulators across the US, Europe, APAC and the Middle East have levied nearly US$ 27 billion in financial penalties
globally against financial institutions for AML/KYC and sanctions-related violations the last decade (2008-2018).

US$11.52 Billion US$8.9 Billion US$90 Million US$18 Billion

The highest fine ever issued

Levied in 2015 alone, the The average global fine Fines for sanctions violations
(levied by the US Department of
most punitive year for fines. issued. account for 73% of all
Justice(DoJ) against a French
violations in the US (by US$)
Bank in 2015).

For more details on statistics please visit: https://go.fenergo.com/global-regulatory-fines-2018.html

Financial Institutions are expected to prevent themselves from being used, intentionally or unintentionally, by criminal
elements for money laundering or terrorist financing activities.
A sound AML Compliance program established by the Financial Institution will help it in meeting the regulatory expectations
and avoid financial fines and penalties.

Document Title
Exit Back Next 4
AML Compliance Program
An effective Anti Money Laundering Compliance Program has the following 5 elements as key pillars:
Commonly referred to as “the four pillars”. The fifth pillar was established under a 2016 rule by FinCEN

Click on each pillar to learn more.

1. A system of internal policies, 3. An ongoing employee training

procedure and controls programme

2. A designated compliance
4. An independent audit function to test
function with a compliance
1 2 3 4 5 the overall effectiveness of the AML
officer
program

5. Appropriate risk-based procedures for

conducting ongoing CDD

For the scope of this training module, we will focus on understanding Transaction Monitoring as an internal control for Fighting
Financial Crime.
Document Title
Exit Back Next 5
What is Transaction Monitoring?

Let’s start by understanding what is Transaction Monitoring?

Transaction Monitoring (“TM”) is a key control in Financial Institutions’ (“FIs”) Anti-Money Laundering and Countering the
Financing of Terrorism (“AML/CFT”) policies and procedures.
The ‘Monitoring’ process is established to detect transactions which may be part of a money laundering flow or may
represent the proceeds of crime; and thereby to mitigate the risk of the bank processing such transactions without reporting
that activity as suspicious to the appropriate authorities. 
Document Title
Exit Back Next 6
Why is Transaction Monitoring Program Important?

When on-boarding customers, FIs are required to perform risk

assessments and Due Diligence checks to identify and An effective TM program enables FIs to detect and
mitigate any prospective Money Laundering and Terrorism assess whether customers’ transactions pose suspicion
Financing (“ML/TF”) risks. However, risks can also manifest when considered against their respective backgrounds
later, over the course of customers’ business relations with and profiles.
the Financial Institution.

While these risk factors may be obscured at the on-boarding TM program also facilitate the holistic reviews of customer
stage and during FIs’ performance of regular screening or transactions over periods of time, in order to monitor for
periodic updates of customer information, they can often be any unusual or suspicious trends, patterns or activities that
detected through the robust conduct of TM. may take place.

Document Title
Exit Back Next 7
 Key Components of a Good Transaction Monitoring Program
An effective monitoring program comprises the following key components :

Click on each image to learn more.

1st Line of Defense

2nd Line of Defense

3rd Line of Defense

Document Title
Exit Back Next 8
 Key Components of a Good Transaction Monitoring Program

Monitoring performed by front line staff who deal directly with customers (e.g. relationship managers) or
process customer transactions (e.g. counter staff)

1st Line of Defense • Front-line staff are the persons who know most about the customers and their typical pattern of
transaction activities.

• They are in the best position to identify unusual activities.

2nd Line of Defense • An effective monitoring program therefore includes the provision of regular training to front-line staff to
foster a high level of AML/CFT awareness in them.

• The training provided should cover the AML/CFT risks associated with the operations for which the
front-line staff are responsible.
3rd Line of Defense
Document Title
Exit Back Next 9
 Key Components of a Good Transaction Monitoring Program

The following activities are key components of post event Transaction Monitoring process:

Click on each activity below to learn more.

1st Line of Defense

Monitoring of past Identification of Management of

transactions unusual transactions unusual transactions

2nd Line of Defense Automation of

Regular review of Management
transaction
system parameters commitment
monitoring process

3rd Line of Defense

Document Title
Exit Back Next 10
Monitoring of Past Transactions
Effective monitoring requires the following key elements:

The production of periodic MIS reports and/or alerts and the establishment of proper review procedures to
01 ensure that customer transactions are captured in the FI’s monitoring efforts on a risk-sensitive basis.

Periodic transaction monitoring reports and/or alerts should at the minimum cover the following transactions:
• cash transactions,
• wire transfers,

02
• cheque transactions,
• loan payments and prepayments and
• reactivation of dormant accounts followed by unusually large or frequent transactions.

Document Title
Exit Back Next 11
 Key Components of a Good Transaction Monitoring Program

The following activities are key components of post event Transaction Monitoring process:

Click on each activity below to learn more.

1st Line of Defense

Monitoring of past Identification of Management of

transactions unusual transactions unusual transactions

2nd Line of Defense Automation of

Regular review of Management
transaction
system parameters commitment
monitoring process

3rd Line of Defense

Document Title
Exit Back Next 12
Identification of Unusual Transactions

To determine whether a transaction or activity is unusual, an effective transaction monitoring program will include:
• procedures to evaluate not only the current transaction of the customer but also the pattern of transactions and the
transaction flow.
• The current transaction will be compared with the past transaction patterns and risk profile of the customer.
• In addition, known money laundering methods identified in typology studies undertaken by local or international
AML/CFT bodies should be considered.

Document Title
Exit Back Next 13
 Key Components of a Good Transaction Monitoring Program

The following activities are key components of post event Transaction Monitoring process:

Click on each activity below to learn more.

1st Line of Defense

Monitoring of past Identification of Management of

transactions unusual transactions unusual transactions

2nd Line of Defense Automation of

Regular review of Management
transaction
system parameters commitment
monitoring process

3rd Line of Defense

Document Title
Exit Back Next 14
 Management of Unusual Transactions

• A monitoring program is effective only if unusual

transactions identified by the system are carefully examined
and investigated, follow-up action taken is tracked and
proper audit trails are maintained for inspection by auditors
and the regulator.

• It is therefore important that proper policies and procedures

on transaction monitoring are developed and maintained.

• The process and procedures should clearly set out the

responsibilities of individual departments (e.g. Business and
Compliance departments) involved in transaction monitoring
process.

Document Title
Exit Back Next 15
 Key Components of a Good Transaction Monitoring Program

The following activities are key components of post event Transaction Monitoring process:

Click on each activity below to learn more.

1st Line of Defense

Monitoring of past Identification of Management of

transactions unusual transactions unusual transactions

2nd Line of Defense Automation of

Regular review of Management
transaction
system parameters commitment
monitoring process

3rd Line of Defense

Document Title
Exit Back Next 16
Automation of Transaction Monitoring Process

• For a large Financial Institution (FI) like Standard Chartered, effective monitoring necessitate the automation of certain parts
of the monitoring process.
• The appropriate degree of automation will vary from institution to institution and is dependent on the scale, nature and
complexity of the FI’s business.
• Rules-based automated monitoring systems are capable of identifying unusual activities based on a set of parameters
determined by the FI.
• These rules can be customised over time with regard to changes in the FI’s business and the latest money laundering
and terrorist financing methods.
• A FI should have regard to its risk exposure to money laundering and terrorist financing activities and should consider
the relevance and applicability to its business when selecting such systems.
• More sophisticated systems make use of neural networks and other intelligent technology to continually update
customer profiles based on past transactions.
• They can identify transaction patterns between accounts, compare transaction activity with established money
laundering and terrorist financing methods, and score transactions in terms of the degree of suspiciousness.
Document Title
Exit Back Next 17
Automation of Transaction Monitoring Process (Cont.)

• It is important to note that an automated transaction monitoring system can supplement but not replace human
awareness in detecting unusual or suspicious activities.

• Therefore, FIs should ensure that the implementation of such systems will not lead to a reduction in the ownership by
staff of the responsibility for identifying money laundering and terrorist financing activities.

Document Title
Exit Back Next 18
 Key Components of a Good Transaction Monitoring Program

The following activities are key components of post event Transaction Monitoring process:

Click on each activity below to learn more.

1st Line of Defense

Monitoring of past Identification of Management of

transactions unusual transactions unusual transactions

2nd Line of Defense Automation of

Regular review of Management
transaction
system parameters commitment
monitoring process

3rd Line of Defense

Document Title
Exit Back Next 19
Regular Review of System Parameters

Regardless of whether or not an Regular enhancements should Any enhancements to the

automated system is used, also be made to the FI’s system should be properly
effective monitoring requires transaction monitoring system to documented and approved by
regular review and updating of take into account changes in management.
the parameters or criteria used business operations and
to generate monitoring reports developments in money
and Risk Events. laundering and terrorist financing
methods.

Document Title
Exit Back Next 20
 Key Components of a Good Transaction Monitoring Program

The following activities are key components of post event Transaction Monitoring process:

Click on each activity below to learn more.

1st Line of Defense

Monitoring of past Identification of Management of

transactions unusual transactions unusual transactions

2nd Line of Defense Automation of

Regular review of Management
transaction
system parameters commitment
monitoring process

3rd Line of Defense

Document Title
Exit Back Next 21
Management Commitment

• A prerequisite for establishing and maintaining an effective transaction monitoring program is the support and
commitment of senior management.
• No Transaction Monitoring Program will be effective if sufficient resources are not provided for maintaining and operating
the system.

Document Title
Exit Back Next 22
 Key Components of a Good Transaction Monitoring Program
Click on each
Group Internal Audit acts as the Third Line of Defence (“3LoD”), independently image towhether
assessing learn more.
First and
Second Line controls and risk management processes are effective.
Internal audit plays an important role in independently evaluating the risk management and controls, and
discharges its responsibility to the audit committee of the board of directors or a similar oversight body
through periodic evaluations of the effectiveness of compliance with AML/CFT policies and procedures.
1st Line of Defense
A bank should establish policies for conducting audits of
i. the adequacy of the bank’s AML/CFT policies and procedures in addressing identified risks,
ii. the effectiveness of bank staff in implementing the bank’s policies and procedures;
iii. the effectiveness of compliance oversight and quality control including parameters of criteria for
automatic alerts; and
iv. the effectiveness of the bank’s training of relevant personnel.

2nd Line of Defense  

Management should also ensure that the audit scope and methodology are appropriate for the banks’ risk
profile and that the frequency of such audits is also based on risk.
 
Periodically, internal auditors should conduct AML/CFT audits on a bank-wide basis. As a general rule, the
processes used in auditing should be consistent with internal audit’s broader audit mandate, subject to any
prescribed auditing requirements applicable to AML/CFT measures.
3rd Line of Defense
Document Title
Exit Back Next 23
 Execution of Transaction Monitoring

Effective Transaction Monitoring requires robust execution across the TM process chain

Source: Monetary Authority of Singapore Guidance for Effective AML/CFT Transaction Monitoring Controls

Document Title
Exit Back Next 24
 Execution of Transaction Monitoring

Effective AML/CFT risk management should be supported by strong governance and robust risk awareness
Board and Senior Management set clear risk appetite & tone from the top for effective
risk management.

They allocate clear responsibilities and drive continual enhancements

Strong AML/CFT risk awareness and accountability fostered across all three
lines of defence

Good practices are embedded through training, performance frameworks and

compensation practices

Key risk understanding and red flags are continually updated

Source: Monetary Authority of Singapore Guidance for Effective AML/CFT Transaction Monitoring Controls
Document Title
Exit Back Next 25
Examples of Good Practice - FCA’s Financial Crime Guide

1 2 3 4
A large retail firm Where a firm uses Small firms are able to The ‘rules’ underpinning
complements its other automated transaction apply credible manual monitoring systems are
efforts to spot potential monitoring systems, it procedures to scrutinize understood by the relevant
money laundering by using understands their customer’s behavior. staff and updated to reflect
an automated system to capabilities and limitations new trends.
monitor transactions

5 6 7
The firm uses monitoring results The firm takes advantage of The firm updates CDD information
to review whether CDD remains customer contact as an opportunity and reassesses the risk associated
adequate. to update due diligence with the business relationship
information. where monitoring indicates material
changes to a customer’s profile

Document Title
Exit Back Next 26
 Document Title
Exit Back Next 27
Case Study - Large-scale International Money Laundering Syndicate

A Bank reported Threshold Transaction Report (TTR) to Austrac

(A ‘threshold transaction’ is the transfer of physical currency of A$10,000 or more (or the foreign currency equivalent) as
part of a designated service. A transfer can be either receiving or paying cash.)

The Crime
AUSTRAC identified a suspected Hong Kong–based money laundering syndicate operating in Australia. Over six months a
key Australia-based member of the syndicate travelled from Sydney to Perth numerous times to help launder the proceeds
of their organised crime. He received money on 13 occasions, collecting up to A$500,000 in cash at a time.
He then took other syndicate members to banks and ATMs across Perth to deposit cash into a variety of accounts belonging
to newly established Australian companies whose directors were Hong Kong nationals living overseas. The money was
ultimately transferred to China.
A total of 163 bank transactions estimated to be worth A$29.5 million were made, with the depositors visiting as many as 10
bank branches a day.

Document Title
Exit Back Next 28
Case Study- Large-scale International Money Laundering Syndicate

Action and Outcome:

A joint-agency task force was set up between AUSTRAC, Australian Federal Police, Australian Border Force and Western
Australia Police to identify the source of the deposited funds and to disrupt the money laundering.
Authorities arrested 10 offenders on money laundering and drug charges.
The syndicate’s key Australia-based member pleaded guilty to dealing in the proceeds of crime and was sentenced to 10
years in prison.

Key Red Flags Identified:

• Use of third-party company accounts to complicate transaction activity.
• Third parties making regular cash deposits into business accounts.
• Frequent cash deposits at different branches and ATMs on the same day.
• Regular or multiple cash deposits just below the A$10,000 cash transaction reporting threshold.
• High-value cash deposits and transfers out of new business accounts.
• High-volume account activity involving significant amounts of cash.

Document Title
Exit Back Next 29
Transaction Monitoring in Standard Chartered
Document Title
Exit Back Next 30
Group Transaction Monitoring Procedures

Group AML
and CTF
Group Transaction Monitoring Procedures set out the SCB Policy

Group's monitoring requirements, the process that must be

followed and the control framework that must be applied
during monitoring. Transaction
Monitoring
These procedures should be read in conjunction with Group
Departmental
in SCB Group
Anti-Money Laundering and Counter Terrorist Financing Policy Transaction
Operating Monitoring
and applicable Departmental Operating Instructions ("DOIs"). Instructions procedures
(DOI)

Document Title
Exit Back Next 31
Group Transaction Monitoring Procedures
Group Transaction Monitoring Procedures also defines the minimum standards for the Transaction Monitoring process. These
standards include TM requirements related to the following topics:

Document Title
Exit Back Next 32
Group Transaction Monitoring Procedures (Cont.)

As this module is focused on developing a basic understanding of Transaction Monitoring, the following two areas will be
covered as part of this training module:
Click on each topic to learn more.

Transaction Monitoring Coverage Risk Event and Case Management

Please refer Group Transaction Monitoring Procedures for information on the remaining areas listed in previous slide.

Document Title
Exit Back Next 33
Transaction Monitoring Coverage

As part of Transaction Monitoring coverage, minimum standards are set for following activities:

Click on each activity to learn more.

Typology
Reviews

Transaction
Monitoring
coverage
Tuning Approach Detection
& Threshold Scenario
Management Management

Document Title
Exit Back Next 34
 Typology Reviews

Let’s understand the minimum standards for the listed activities in detail:
Typology Reviews - On a periodic basis, but not less than every 18 months, Product Management Monitoring (PMM) will conduct
a review of red flags. This review will be based on regulations or guidance by selected regulators and industry bodies. This review
will inform the Group Library of scenarios.

In the AML/CFT context, the term “typologies” refers to the various techniques used to launder money or finance terrorism.
Criminals are very creative in developing methods to launder money and finance terrorism. Money laundering and terrorism
financing typologies in any given location are heavily influenced by the economy, financial markets, and anti-money
laundering/counter financing of terrorism regimes. Consequently, methods vary from place to place and over time.

Document Title
Exit Back Next 35
Transaction Monitoring Coverage

As part of Transaction Monitoring coverage, minimum standards are set for following activities:

Click on each activity to learn more.

Typology
Reviews

Transaction
Monitoring
Coverage
Tuning Approach Detection
& Threshold Scenario
Management Management

Document Title
Exit Back Next 36
Detection Scenario Management
Detection Scenarios ("DS") are rules developed to screen customers, accounts and transaction data that breach pre-defined
conditions (or thresholds). Various Standard Chartered systems send customer, account, transaction and supporting reference
data to the Transaction Monitoring system. Detection Scenarios are a series of conditions used in conjunction to help identify
unusual financial activity. 

A Group Library of scenarios selected and endorsed on basis of typology review will be maintained by PMM department.
Depending on the geography and business profile, a selection from this scenario set will be deployed. The Country Money
Laundering Compliance Officer ("CMLCO") of a country will review the selection of the scenarios for the relevant country.

Each detection scenario is unique and has different quantitative variables and attributes (thresholds, logic and parameters).
Alerts (or events) are generated at varying frequencies (daily, weekly or monthly). The effectiveness of a scenario is only as
reliable as the quality of the data inputs provided by the business. 

Document Title
Exit Back Next 37
Transaction Monitoring Coverage

As part of Transaction Monitoring coverage, minimum standards are set for following activities:

Click on each activity to learn more.

Typology
Reviews

Transaction
Monitoring
Coverage
Tuning Approach Detection
& Threshold Scenario
Management Management

Document Title
Exit Back Next 38
Tuning Approach and Threshold Management

Tuning Approach and Threshold Management - Transaction monitoring scenarios as previously defined will trigger when
certain conditions are met; these conditions are known as thresholds and are determined via statistical analysis of
transactional behaviour and risk profiles of customers, and performed via the Surveillance Parameter Optimisation ("SPOT")
team.
This process of determining thresholds for different customer segments and risk profiles is known as "tuning". Ultimately, the
overall coverage of the transaction surveillance program is refined and improved to support focused-monitoring by taking into
account differences in transactional behaviour and risk levels. Through tuning, SCB is able to maximize the effectiveness of
the scenarios; this is also facilitated by a robust understanding of the underlying transactional activity that feed into the
transaction monitoring system.
Threshold values are based on a statistical analysis supported by the SPOT team and are recommended to the Country head
of FCC or CMLCO. The country head of FCC should review the threshold recommendations and provide their approval to
load these thresholds into the system. Country specific thresholds must be approved by country FCC head and implemented
through a CR process.

Document Title
Exit Back Next 39
Tuning Approach and Threshold Management

The Country Head of FCC may apply additional qualitative factors to enhance the initial recommendations. Surveillance
Practice Group is the forum where country heads raise disagreements on threshold values for discussion and a final decision.
Taking into account factors related to system effectiveness, changes on account of socio economic factors, business
dynamics, an annual review of the appropriateness of the threshold values must be carried out by country FCC.
Based on this, scenarios may be identified for tuning. A cycle of statistical tuning of all scenarios for a country would be
completed at least once in 36 months.

Document Title
Exit Back Next 40
Group Transaction Monitoring Procedures (Cont.)

As this module is focused on developing a basic understanding of Transaction Monitoring, the following two areas will be
covered as part of this training module:
Click on each topic to learn more.

Transaction Monitoring Coverage Risk Event and Case Management

Please refer Group Transaction Monitoring Procedures for information om the remaining areas listed in previous slide.

Document Title
Exit Back Next 41
Risk Event and Case Management
Risk Event and Case Management
The various steps involved in the AAA process for Transaction Monitoring (including process guidance and country addenda)
are covered as part of the AAA Departmental Operating Instructions (DOI). (Refer FCC Process Portal for details)

Document Title
Exit Back Next 42
AAA Process for Transaction Monitoring

Document Title
Exit Back Next 43
AAA Process for Transaction Monitoring

AAA process for Transaction Monitoring

A standard ‘AAA’ process is defined for all Transaction Monitoring. The ‘Monitoring’ process is established to detect
transactions which may be part of a money laundering flow or may represent the proceeds of crime.
By reporting such transactions/activities as suspicious to the appropriate authorities, TM will help in mitigating the risk for the
bank. The AAA workflow is split into three phases given below.

Assess Analyse Act

Document Title
Exit Back Next 44
AAA Process for Transaction Monitoring

Analyse Act
Assess

Assess is the first phase of AAA process.

This phase is focused on establishing which events are clearly ‘risk irrelevant’ using immediately available information,
with a view to closing them within the phase. And also on identifying those which require ’fast track’ escalation. 

Document Title
Exit Back Next 45
AAA Process for Transaction Monitoring

Assess
Act
Analyse

Analyse is the second phase of AAA process.

This phase involves more exhaustive analysis being carried out using all readily available information, and maybe
using RFIs, to establish whether the case is likely to be considered ‘risk relevant’ or not. If it is then the case is
escalated for appropriate action. 

Document Title
Exit Back Next 46
AAA Process for Transaction Monitoring

Assess
Analyse
Act

Act is the third phase of AAA process.

During this phase the analysis evidence, which the FCSU set out as the rationale for its ‘risk relevant’
recommendation, is reviewed; and appropriate consideration is also given as to whether there is a need for associated
reporting action. This consideration/reporting action, with additional governance, is conducted by FCC staff (in
Region/Country). 

Document Title
Exit Back Next 47
AAA Process for Transaction Monitoring

Document Title
Exit Back Next 48
Transaction Monitoring - AAA Process Flow

Document Title
Exit Back Next 49
Course Summary

Transaction Monitoring focuses on the ongoing scrutiny of client transactions to ensure that these
transactions are consistent with the Group’s understanding of the client and their risk profile.

The Group (SC) monitors client transactions for AML purposes, using agreed scenarios on an
ongoing risk based frequency, and report any suspicious activity identified (via Suspicious Activity
Reports (SARs)) to the relevant authorities.

A standard AAA process is defined for all Transaction Monitoring.

Document Title
Exit Back Next 50
 Course Completion

Thank You!
You will now be directed to take an
assessment to mark completion of
this course.

Document Title
Exit Back Next 51