Many Financial Institutions have installed market-tested BSA/AML Transaction Monitoring Systems to fulfill the requirement to seek out and report on patterns of suspected money laundering and terrorist financing. At the heart of the monitoring activity lies the process of clearing alerts and cases that the monitoring software flags as suspicious, based on the parameters and thresholds the institution has set. In this article, I will focus on a set of standards that FIs use to as the basis for documenting the resolution of suspicious transactions.
The Basics
A sound case clearing process begins with clear written instructions that serve as a roadmap for all those involved in the clearing practice. This defines who has responsibility for what, when a task has reached completion, what will happen if an analyst evaluates a transaction as meriting further review, and who – or what group – will decide to file on the case as a suspicious transaction. Written instructions make clear to the analysts their target and how to reach it successfully, as well as the requirements of a complete and acceptable response to a case with examples and reference points. Written instructions also make clear to regulators that the institution has a clearly defined oversight process in place and a proactive governance stance. With respect to written instructions, it is a general practice to have those who have responsibility for adhering to a specific set of instructions sign-off that they have in fact read them.
The case clearing team also plays an important role in the process. The team consists of analysts, senior analysts, and quality assurance staff. Analysts serve as the first line of review. The transactions they deem as requiring further review become the subject of analysis by the senior case analysts. The senior case analysts will send the cases back to the analysts for further more detailed review or pass them on to the final decision makers in the SAR process.
The quality assurance (QA) staff review closed alerts and cases to evaluate if the disposition of the item meets the institution’s defined standards. The institution may require that the QA staff review all closed items, a random sample of items – using a defined sampling technique which ensures randomness, or a combination of both. When choosing the random methodology, banks should provide guidelines as to which random selection technique to use and how to use it. Reviewing all items processed by recent hires or newly assigned staff assists in grading their work and serving as the bases for directing improvement.
The QA process takes on greater importance in times of stress, e.g., sudden unexpected increases in volume, unexpected turnover, etc., times when work quality may suffer.
Documentation
The written instructions should provide the structure of the documentation required to waive/escalate an alert or case and contain the following elements:
Introduction
Transaction Review
Customer Background
Historic Review of the Transactions & Related Accounts
Conclusion
1. Introduction
The case clearing process begins with an understanding of what caused a rule or scenario to flag a transaction or set of transactions as potentially suspicious. Analysts should have a thorough and comprehensive working knowledge of the rules or scenarios or other triggering mechanisms, and the corresponding parameters and thresholds, that the AML system uses to monitor transactions. Understanding the “why” will assist in constructing the narrative. The introduction begins with an explanation of why the monitoring system flagged the transactions.
2. Transaction Review
The next step consists of a description of the alerting transaction(s), to include the amount, when they occurred, which office they occurred in, etc. This should also include a description the accounts and product types affected. Refer to any third parties involved, especially if it will add to the context of the alert.
3. Customer Background
The customer’s background information in the narrative should include the occupation (for a person) or purpose (for a business), relationship to the bank, the names on all accounts the customer may have, any prior alerts or cases – and certainly any prior SARs. Look for the authorized signers and determine if the same persons have authority over other accounts; identifying the beneficial owner has importance. Are the addresses of the accounts and customers within the normal business area of the bank, or located outside that area? Are the accounts or customers located outside the state? Outside the United States? In an area identified as HIDTA or HIFCA? Has the customer appeared on any of the 314(a) lists? Never overlook the relationship manager for the customer; that person may have important knowledge of the customer not shown on any computer record.
4. Historic Review of Related Accounts and Transactions
Include in the narrative the period of the transactions and the source and use of funds. List any other notable – but not alerted – transactions. List any other alerts to which the transactions may appear, and describe any related accounts to the transaction, as applicable.
5. Conclusion
The narrative, based on the information provided in the prior four sections, sets forth clearly why the analyst waives/clears the alert with no further action, or defers the alert for further review and decision.
Decision Time
When the analysts have completed their research and the senior analysts escalate to the SAR Committee, whatever form that may take, the clock starts ticking. Keep that clock in mind: 30 days to file the SAR, if the suspect is known to the institution; 60 days, if not known. Define clearly who makes the decision and who may have override authority. Persons who have a direct interest in the customer have no say in the decision; they may provide valuable input in the discovery process, but no decision capacity. If a Committee decides, delineate who serves on the Committee and who may vote. If your Head Office has its headquarters in a foreign jurisdiction and your internal rules require you to report suspicious transaction details to Head Office, make sure you have a signed confidentiality agreement and that the jurisdiction in which the Head Office is based, has strict rules regarding suspicious transactions that meet BSA standards.
Another note about time: If your institution has international dealings and part of your investigation process requires sending requests for information (“RFI”) to other jurisdictions, build that time into the investigation period. Declaring a case as suspicious while awaiting information from an office in a non-US jurisdiction, may negatively impact the timeline and result in problems with the 30/60-day calendar. If this is an action the institution determines as necessary, it should document the RFI process in the policies & procedures.
Finally, involve the Audit Team. Your “Third Line of Defense” may have valuable observations that help make the entire process better.
A Word about Narratives
For some time, the trend in narrative writing put emphasis on “canned” narratives, standard descriptions that applied a “fill in the blanks” method. That has given way to a more “free form” method in which the analyst writes the narrative to fit the circumstances. Both approaches have advantages and disadvantages. The canned method makes the writing less time consuming, but may lead to less thought put into the study of the facts of the situation. Free form takes more time, but provides the analyst with the freedom to tailor the narrative to fit the body of facts. Whatever form the institution decides to take, it must offer a clear, defensible reasoning in the policies and procedures.
Case Management System
A robust Case Management System enhances the efficiency of the clearing process. The manager may assign alerts and cases based on difficulty, or distribute them so that each analyst examines a set of the different types of alerts and cases. It aids the manager in determining the appropriate staff size, the per diem effort, the time required for clearing and when the time exceeds defined boundaries. It also aids in making the case for staff increases when necessary.
Requests for Information
Sometimes the information the institution has at its disposal is simply not enough and requires asking other branches or institutions for background. The institution should have a Request for Information Policy and Procedure to guide the process. The policy and procedure will set deadlines for follow-up to requests and how to make those requests.
The Miscellaneous
Section 314(b) Information Sharing. If the FI has knowledge of the customer’s other banking relationships, it can utilize the 314(b) facility of the USA Patriot Act to obtain more – and perhaps decisive – information about the customer’s banking habits.
Data Mining. If the FI has the system capacity and technical skills available to extract data from the monitoring system and any related systems, it may be able to conduct data mining on the respective data sets and piece together information that might have been otherwise obscured.
Case Scoring. Some Transaction Monitoring Systems include an alert/case scoring module whereby the FI can determine thresholds and settings that will assign higher scores to riskier alerts/cases. This risk-based method of alert and case review may assist in deciding which alerts to pursue with greater urgency.
Team Length of Service. One indication of an alert/case clearing team is the overall length of service of the team members. Yes, it is hard for financial institutions to hold on to good people. This is especially so in these times. One thing we consistently see, however, is that the best teams are the ones with a history of institutional knowledge.
Overview
4. Historic Review of Related Accounts and Transactions
