What does the Philippines’ new guidance on effective AML/CTF transaction monitoring systems mean for regulated firms?

The recent Guidance Paper on Transaction Monitoring from the Philippines Office of the Deputy Governor of Financial Supervision describes the comprehensive capabilities required to fight financial crime. As the financial services world gets smaller with the introduction of more real-time cross-border payments, such as the push towards payments within the member states of the Association of South East Asian Nations, we need, as an industry, to make sure we manage financial crime risk in line with the guidance.

The guidance references the need to ensure a proactive tone from the top by specifically assigning responsibility for the transaction monitoring system to the board level (See Guidance Table 1. TM Reporting System: Over Responsibility BOD-level and/or SM AML oversight committee established). Managing financial crime risk and protecting the financial system and its participants is the responsibility of everyone within a financial institution. From the most senior staff to the most junior, we all have a role to play.

Detection

Managing financial crime risk by monitoring transactions starts with detection and, in the case of many predicate crimes for money laundering, such as fraud, corruption, tax evasion, and drug trafficking, prevention. The frequency of monitoring transactions depends on the institution’s risk assessment, which is informed by, amongst other things, the nature of the products provided and the target market segments. The guidance recommends “regular intervals and as needed basis,” which is commensurate with a risk-based approach and requires a flexible and configurable transaction monitoring solution. 

The transaction monitoring capabilities described in the guidance need to work at the speed of payments in the 21st century. So, we start with detecting risk. To do this, we need to understand good customer behavior as well as the anomalous behavior of the bad actors. This could be something as simple as a criminal accessing a customer’s account from an unusual location or device. Or, it could be  something as complex as a criminal taking over a business customer’s account and their behavior deviating from a similar group of customers’ behavior, essentially analyzing a cluster of customers with similar attributes and detecting deviations from the average behavior of the cluster of customers.

Once initial rules are implemented, we need to review their effectiveness continuously. The guidance identifies critical metrics that the transaction monitoring solution must provide to facilitate this continuous improvement. Key metrics from the guidance, which are industry best practices, include: 

1. The ratio of system-generated and manual alerts/cases to STRs created.
2. The ratio of false positive alerts/cases.
3. Results of a periodic review to assess the effectiveness of manual and automated systems, tools, and processes used in identifying/detecting red flags/suspicious indicators.

These metrics empower organizations to understand and refine the effectiveness of the transaction monitoring solution progressively and continuously. Underpinning this is the importance of having a flexible, configurable rules engine and builder. Page six of the guidance includes extensive detail on global benchmarks for designing TM rules and the variety of factors firms need to consider. It highlights the benefits of, for example, “multi-factor detection scenarios” to flag suspicious behavior related to known alerts. In turn, these dynamic, flexible rules can lead to more effective financial crime risk management. Once alerts are generated, the transaction monitoring solution must support effective remediation of the alerts and cases.

Remediation

The remediation or investigation of transaction monitoring alerts and cases follows the identification of suspicious activity. The alerts and cases, per the guidance, must enable “conducting adequate investigation with audit trail.” Hence the right data must be presented in a consumable form to the analysts, and auditing the process and recording all investigation activities is identified in the guidance to ensure the integrity and veracity of the investigation.

In addition to the suspicious transactions and supplementary non-transactional data points, the guidance identifies the need to inform the transaction monitoring solution with KYC data which – combined with risk profiling data – enables analysts to review and ensure that the customer is behaving in a way that is “commensurate to their risk profile.” KYC data can be used to inform the investigation as well as the analyst. For example, a customer risk score helps ensure that analysts are reviewing the highest risk alerts; effective alert and case management ensures that analysts are able to make the right decisions on the outcome of an investigation. Detection and remediation combine to ensure the effectiveness of the transaction monitoring solution.

Reporting

The guidance identifies reporting as a critical capability of the transaction monitoring solution. Reporting is split into two primary areas, management information reporting, and regulatory reporting, i.e., the filing of suspicious transaction reports.

Once investigations are completed, a decision is made on whether to file an STR. The guidance highlights the importance of “timely filing of STRs with the AMLC.” In order to effectively follow money flows, especially in a world of real-time payments, we must inform regulators about anomalies as soon as possible. Also, we must record all STR activity to “ensure complete, accurate and timely filing of STRs.” Adequate recording keeping for STRs is important to demonstrate the efficacy of the transaction monitoring solution.

In addition to STR reporting, we also need to get management reports from the transaction monitoring system, reports that support ongoing refinement to the detection rules, and provide insights into operational efficiency, such as reports for “statistics on delayed and timely STRs.” Understanding the effectiveness of the entire implementation is supported by the specified report in the guidance on “number, trend analysis for STRs per predicate crime/suspicious indicator.” This report enables institutions to see ongoing financial crime trends in support of their compliance obligations. 

Conclusion

The guidance is a comprehensive look at the capabilities required in a transaction monitoring solution and how to effectively implement the solution. Start with detection, configure for effective remediation, and ultimately extract the reports necessary for regulatory reporting and management insights to ensure institutions effectively manage compliance and reputational risk.

In order to meet the guidance for transaction monitoring, the key takeaways are:

1. Adopt a risk-based approach in the selection of the rules that are used to uncover anomalies and leverage the data you have available and use techniques beyond thresholds, such as machine learning.
2. Inform the transaction monitoring with key KYC data.
3. Empower your investigators with the alert and case data to make the right decisions.
4. Leverage timely reporting to report to regulators and monitor the effectiveness of the solution and how efficient the remediation process is.
5. Review your transaction monitoring solution regularly – and updated thresholds/rules accordingly.

Or, if you’d like to speak with our regulatory affairs team, please contact Andrew at [email protected]