Checklist
Transaction Monitoring
Assessment
1
�Introduction
Regulators continue to shine a spotlight on ineffective and inefficient transaction monitoring (TM) controls.
The European Banking Authority’s (EBA) ‘Report on ML/TF risks associated with Payment Institutions’ found
that transaction monitoring controls were lacking, or in some cases not in place at all, for many institutions
within the EU. This resulted in failures to identify and report suspicious transactions. At a remarkable 62%,
the report highlighted that transaction monitoring was the most common breach reported to EuReCA by
competent authorities for payment institutions in 2022.
Recent fines on Santander, Coinbase and Danske Bank have shown that transaction monitoring frequently lags
behind current business operations and generates alerts based on outdated rule sets. This creates unpredictable
spikes in alerts, and the consequent backlogs put operations at risk. These fines highlight the importance of a
TM system that is robust, regularly tuned, and tested for effectiveness in identifying relevant risk typologies.
FINTRAIL believes in the power of conducting thematic assurance reviews of core anti-financial crime (AFC)
controls to ensure they are fit for purpose and effective at managing risks. With TM being an integral part of
identifying and mitigating money laundering and terrorist financing (ML/TF) risks, firms need to be sure these
controls are not only meeting minimum regulatory requirements but are robust enough to manage the risks
specific to the firm.
Assurance testing can focus on thematic areas where TM performance is assessed as weaker, or where
enhancements were recently implemented. Using guidance from global regulators, FINTRAIL has created this
principle-based TM guide to outline the various factors you should consider when assessing your TM controls.
We have broken this down into five key areas:
1 Risk assessment
2 TM calibration and parameter setting
3 Data
4 Alert management
5 Testing and oversight
We can provide a holistic review and assessment of your transaction
monitoring-related systems and controls to identify areas of non-compliance, Find out more
inefficiencies and opportunities to enhance effectiveness.
2
� 1 Risk identification
As a financial institution, managing your ML/TF risks requires systematically analysing the different risk profiles
of your clients, products, distribution channels, and transactions. Effective TM needs a deep understanding of
your customers, making your risk assessment a crucial component in maintaining your programme.
Yes No
Are TM rules and scenarios based on ML/TF National Risk Assessment and
other relevant typologies?
Can you clearly correlate the outputs of your enterprise-wide risk assessment
to your TM rules and scenarios?
Are TM rules and scenarios tailored to the business model and aligned to the
risks presented in the customer portfolio?
Are there specific TM rules and scenarios in place to identify terrorist financing,
beyond those designed to monitor the implementation of international
sanctions?
Are there fraud prevention rules and scenarios in place?
Is the system regularly assessed to determine the effectiveness of its
monitoring mechanisms in detecting potential fraud?
Are current transaction risk profiles up to date?
Is the grouping of TM parameters and thresholds in risk scenarios applied to
target transaction patterns and behaviours consistent with known ML/ TF
typologies?
2 Transaction monitoring calibration and parameters
There is no one-size-fits-all approach to configuring TM rules, and it is critical these are developed and calibrated
in view of the risks that are specific to your business. It is important for firms to ensure that TM scenarios are
fit for purpose and aligned to the business risk profiles.
Yes No
Are monitoring measures in place for all of your firm’s products (e.g. trade
finance, credit, investment products, etc.)?
Are all payment instruments (e.g. payment cards) subject to monitoring
scenarios?
Are both incoming and outgoing payment transactions monitored?
3
� Do you use risk-based customer segmentation to calibrate suitable parameters
and thresholds for each segment?
Are transaction profiles created to align to clients’ expected use of accounts
and behaviour based on their KYC profiles?
Does monitoring identify when a customer deviates from their normal business
activity, or the typical business activity of customers engaged in similar
economic activities?
Does monitoring cover all of a customer’s activity (e.g. all of a customer’s
accounts across business units and related accounts)?
Does monitoring cover internal transactions, i.e. in cases when both the payer
and the payee are the customers of the firm?
Is there any overlap across rules and scenarios?
Do your TM measures detect transit or dormant accounts?
Is the transaction monitoring system able to consolidate multiple alerts that are
related to the same customer to avoid duplication?
Are the transaction monitoring scenarios and threshold rules generating
desired alerts?
Is the transaction monitoring system producing too many false positives or
negatives?
Are the rules designed to understand the potential business relationships
between the payer and the payee to detect potential fraudulent transactions?
3 Data
A fundamental challenge in operationalising any TM system is ensuring the quality, accuracy and consistency
of alerts generated. This means having the right data inputs as well as ensuring that these feed completely and
accurately from source systems to the TM system.
Yes No
Are data integrity checks conducted to ensure that data is accurately captured
in the source systems and transmitted to TM systems?
Is a reconciliation of transaction codes undertaken across TM systems and core
banking systems?
Are there end-to-end controls between source systems and the TM system?
4
� Do detection controls exist to detect irregular alerts e.g. exception reports, and
do they consider data integrity issues?
Are all transaction profiles up to date?
Are the data points needed for TM built into the CDD process both for
onboarding and KYC refreshes?
Are other factors such as the efficiency of existing rules, the alert-to-case
ratios, and the extent of true hits vs false positives/negatives included in any
calibration?
Does the transaction monitoring system use historical data to configure
specific customer segments with higher fraud rates to detect fraudulent
activities.
4 Alert management
Regardless of how well TM systems are calibrated or aligned to outputs from risk assessments, having well-
documented processes and staff who are adequately trained is fundamental for success. Without a team who
can scale to increases in demand or are equipped to identify and report suspicious transactions, firms will
continue to see failings in their transaction monitoring.
Yes No
Are the alerts generated by monitoring scenarios reviewed in a timely manner,
and is the process of alert backlog properly controlled?
Is the quality of your staff’s alerts clearance documentation assessed?
Are the staff appropriately trained in handling and investigating TM alerts?
Are the quality of the alerts handled sampled in order to detect and rectify
deficient cases, as well as any weaknesses in your TM systems or processes?
Are defined metrics or checklists adopted in documenting the results of review/
investigation?
Are decisions regarding alerts documented and executed accordingly?
Are there clear guidelines in place on the escalation process for alerts?
Is there regular and ongoing reporting for key metrics of TM processes e.g.
alert handling times, effectiveness of TM rules, suspicious transaction reporting
ratios?
5
� Is there sufficient guidance in place for employees on identifying unusual
transactions and red flags, and is this incorporated into a regular training
programme?
Do timelines and procedures for monitoring and escalating overdue alerts
exist?
5 Testing and oversight
Given the dynamic nature of risk, regulators expect firms to regularly review and enhance their TM framework.
Firms should periodically evaluate their system and associated processes and procedures to ensure they
remain effective in an evolving risk environment. Processes should be in place for reviewing and assessing the
performance of monitoring solutions and scenarios. This includes reviewing associated processes such as alert
handling as well as periodically testing and refining TM rules to ensure they remain current and effective in
targeting unusual behaviour and identifying suspicious transactions.
Yes No
Do you conduct periodic testing of TM rules, which is used to inform
adjustments to rules and scenarios to ensure the solution is still fit for purpose?
Do you conduct above-the-line (ATL) and below-the-line (BTL) testing to
fine-tune calibration and identify the best configuration?
Are pre-transactions and post-transactions both assessed to ensure they are
working properly?
Are significant variances in TM results e.g. zero alerts vs large number of alerts,
assessed and mapped against other indicators e.g. number of SARs raised, to
conduct targeted assessment of rules and scenarios?
Before any recalibration work is undertaken, is back testing conducted on
sample data to ensure the changes will work as intended?
Is post implementation testing conducted to verify that any updates are
working as intended?
Are testing outcomes and any further adjustments documented and
communicated to senior management?
If testing is unsatisfactory, is remedial action taken and are the outputs
subsequently tested to ensure proper functioning?
If there have been significant changes or system replacements, is User
Acceptance Testing (UAT) undertaken?
Are there guidelines on testing criteria, including e.g. the size and quality of
datasets to be used and the acceptance criteria for new rules?
Is there a formal acceptance process in place to ensure systems are operating
with expected outputs before being put into production?
6
� Is a regular assessment undertaken to determine if the current TM solution is
still fit for purpose?
Are the fraud scenarios used by the firm reviewed on a regular basis?
Conclusion
When properly executed, an effective TM system can support firms in having a deeper understanding of
customer risk profiles and behaviours, and support the implementation of a risk-based approach. Systems
that are not well calibrated or tailored to a firm’s risk may result in the firm’s inability to effectively monitor and
identify suspicious activity.
Case study
Thematic assurance in practice: Transaction monitoring implementation
Approach:
FINTRAIL was engaged by an electronic money institution to help implement a new third party
transaction monitoring tool. The project included conducting an assurance review of the proposed new
transaction monitoring rules to ensure they mitigated inherent financial crime risks, met regulatory
expectations in two different jurisdictions, and were operationally efficient. We then suggested
additional rules to address the gaps identified.
Solution:
FINTRAIL held a workshop to examine the client’s transaction monitoring proposition, including
analysing their current alerts and their conversion rate, and reviewing the proposed rules. FINTRAIL
then reviewed internal documentation such as the company’s risk assessment and related policies, and
conducted a regulatory review of the two jurisdictions in scope - the UK and Malta. We confirmed
that Malta has specific requirements for pre-transaction monitoring which had to be reflected in
the client’s proposition. A report was delivered advising on the adequacy of the proposed rules and
settings, and recommending enhancement to ensure they aligned with the relevant regulations and
the company’s risk exposure and met industry best practice.
Outcomes:
The client received reassurance that its final proposed rule set aligned with the AML regulations and
additional guidance available within the applicable jurisdictions, and that it would meaningfully mitigate
the specific financial crime rules the company is exposed to. The client also received guidance on
configuration to ensure the rules are operationally efficient and do not create significant false positives,
ensuring the efficient and effective operation of the new tool.
7
� Greg Wlodarczyk
Head of Specialist Financial Crime
Advisory and Virtual Assets
Why FINTRAIL?
[email protected]
• FINTRAIL’s experts have a wealth of experience
and knowledge in transaction monitoring Greg represents a new breed of compliance and
processes. Our team is well-versed in regulatory anti-financial crime professional, combining an
requirements, industry best practices, and IT background with a deep understanding of
staying up-to-date with the latest technological international anti-financial crime regulation.
advancements. Throughout his career he has managed teams
as well as designed and overseen processes in
• FINTRAIL takes a holistic approach to transaction
first and second lines of defence working in
monitoring, integrating agile methodologies
a variety of sectors including money service
to design tailored solutions that align with our
businesses, international money transfers and
clients’ specific needs and risk appetites.
electronic money institutions. Since joining
• We collaborate closely with compliance officers FINTRAIL he has overseen a number of projects
and other stakeholders to develop robust implementing or further enhancing transaction
monitoring frameworks that detect and mitigate monitoring systems and controls.
potential risks effectively.
https://fintrail.com
We are a consultancy with expertise in using financial and regulatory
technology to combat financial crime.
