Michael Calleja | Senior Compliance Services Executive at Aspida Group Malta
The term is often used ubiquitously amongst practitioners although a careful analysis is necessary particularly when applying the concept in bespoke fashion. This is imperative since SPs differ in terms of size, provision of services, nature, volume of clients, area of operations & regulatory obligations.
Contextually, the manner in which transaction monitoring is implemented and conducted by a large financial institution simply cannot be analogously adopted by a small or medium-sized CSP. Both SPs are intrinsically different which is why this Guidance Note shouldn’t be interpreted as a “one-size-fits-all” approach. In fact, the FIAU is specifically targeting institutions involved in processing payments and similar transactions, such as banks, e-money institutions, payment service providers, and merchant acquiring companies.
The Guidance Note provides a comprehensive overview of the statutory requirements for these institutions and outlines transaction monitoring measures and systems to enhance their AML/CFT compliance efforts. The Guidance Note also outlines several common pitfalls observed by the FIAU compliance analysts during the enforcement and follow-up processes. Therefore, by suggesting best practices and providing more insight on the Regulatory expectations, will assist SPs in improving their ability to prevent financial crime and detect and report suspicious activity.
This article provides the reader with a summary of the main obligations of SPs surrounding transaction monitoring and how Aspida can assist SPs in fulfilling those obligations..
Prima facie, SPs are required to adhere to the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR), which mandate on-going monitoring of their customers’ activities. This is particularly important when a SP is entering into “business relationships”.
A crucial aspect of this monitoring process is the scrutiny of unusual, anomalous, and suspicious transactions. Effective transaction monitoring enables SPs to identify transactions that need to be reported to the FIAU and to better understand their customers’ activities and behaviour. (This will assist practitioners and SPs into constructing a comprehensive Risk Profile, per customer).
The main rationale of transaction monitoring is to identify unusual or suspicious transactions by comparing them to the customer’s business or risk profile. Scrutinizing transactions serves as a crucial link between the information collected during the establishment of a business relationship and reporting obligations. Transactions that deviate from the SP’s expectations serve as red flags and should merit further investigation. In such cases, SPs may collect additional information or documentation regarding the customer’s source of wealth, source of funds, new operational activities, significant changes etc. (Furthermore, Regulation 11(9) of the PMLFTR obliges SPs to examine complex, unusually large transactions, or those with no apparent economic or lawful purpose).
Effective transaction monitoring necessitates a comprehensive understanding of customers’ risk profiles and business activities. Therefore, within the context of a CSP and/or Fiduciary offering Directorship Services, the importance of properly understanding the customer’s risks (including inflows and outflows, jurisdictional links, remittance of payments etc. cannot be discounted). Furthermore, SPs must perform the necessary Customer Due Diligence (CDD) checks and conduct a Customer Risk Assessment (CRA) before entering into a business relationship or carrying out occasional transactions.
Obtaining a comprehensive understanding of the purpose, source, and rationale behind certain transactions, especially when they are repetitive, unusually large, or appear to be atypical or outliers is also imperative. This could inter alia involve collecting appropriate supporting information or documentation and scrutinizing transactions based on the customer’s profile and the level of ML/FT risk.
Transaction monitoring systems are also essential for detecting unusual or suspicious transactions and understanding their rationale. The type of system a SP should implement depends on various factors, such as the size of the SP’s set-up, the complexity of the SP’s business model, the risk appetite of the SP, and the number of transactions executed daily (especially within the context of credit and financial institutions including payment service providers).
The FIAU has also reiterated that whilst automated transaction monitoring is not a legal requirement, it can be beneficial for SPs with large customer bases and high transaction volumes. Smaller SPs may opt for a manual-based transaction monitoring system – commensurate to the size & nature of the operations. (In fact, the Regulator also mentions “detection rules” which should be established based on the SP’s business model, customer base, transaction channels, and (any) historical transaction activity).
It is essential for SPs to have well-documented and comprehensive policies and procedures in place to ensure effective transaction monitoring. These policies should define (any) detection rules, provide guidance on identifying unusual or suspicious transactions, and offer clear instructions on how to handle alerts – particularly by members of staff.
By establishing clear, logical and detailed transaction monitoring policies and procedures, SPs can create a robust AML/CFT compliance programme, which in turn, can help safeguard their business, ensure conformity with the Regulator’s expectations and help protect the integrity of the local financial services regime.
Where applicable, SPs should also incorporate both pre-transaction and post-transaction monitoring into their procedures. Insights gained from post-transaction monitoring can be employed to continually enhance and refine pre-transaction monitoring detection rules, allowing SPs to concentrate their efforts on the areas that present the greatest risk to their business.
Common Pitfalls identified by the FIAU during inspections:
- Failure to adopt and implement pre-transaction monitoring for transactions being carried out throughout business relationships with jurisdictions where the risk of corruption or fraud is especially high.
- Pre-transaction monitoring limited only to screening against sanction lists and reviewing for details included in the payment message (e.g., reference to particular invoices indicating the purpose of the transaction) without requesting any form of documentary evidence.
- Transaction monitoring systems with limited pre-set parameters used for pre-transaction monitoring – not sufficiently exhaustive to detect anomalous and suspicious transactions.
- Transaction monitoring policies and procedures that do not factor in any post-transaction assessment/s.
- The ML typology of transaction structuring not considered for on-going monitoring purposes.
- No review/s carried out to understand patterns of transactions and determine any incongruencies that would raise doubt to any MLRO or Compliance Officer.
- Transaction monitoring systems (or procedures) which do not consider previous patterns of customer behaviour.
- Instances when Transaction Monitoring is unable to be carried out to due to lack of information (such as CDD, Nature & Purpose etc…) available on the customer.
Aspida representatives can support you, as SPs by performing internal audits, evaluating client files through sample testing to ensure compliance with all statutory obligations, and conducting thorough reviews of your Policies & Procedures to confirm adherence to all AML/CFT regulations related to transaction monitoring.
For a discussion on options available to facilitate your requirements, please contact maltainfo@aspidagroup.com in the first instance.
