The payments industry has been transformed by innovative technologies facilitating faster, more flexible payment products and better experiences for customers. That innovation trend has, however, been accompanied by an increased level of risk for payment firms, as criminals seek to misuse payment service transactions to commit fraud, launder money and finance terrorist activities. Research suggests that losses from payment fraud amounted to $32.39 billion in 2020, with that figure projected to rise to $40.62 billion by 2027.
Given the threat that the payments industry faces, it is vital that service providers understand their AML/CFT compliance obligations and deploy the correct transaction monitoring measures to detect criminal activities.
What is AML Transaction Monitoring?
Under Financial Action Task Force (FATF) recommendations, payment services firms must monitor their customers’ transactions for suspicious activity as part of a risk-based AML compliance program. This means that the transaction monitoring measures they deploy should reflect the level of risk their customers present and involve risk assessments at onboarding (and throughout the business relationship) in order to develop an accurate risk profile.
Risk-based AML is a way for payment services firms to balance their monitoring responsibilities with their customers’ experiences. Monitoring measures that are too onerous may adversely affect the quality of service and lead to a loss in business, while measures that are not rigorous enough risk noncompliance and costly penalties. Risk-based AML transaction monitoring offers a balance between compliance and customer experience: higher risk customers may be subject to more rigorous measures and lower risk customers subject to simplified measures.
In a risk-based system, the AML transaction monitoring process requires payment firms to collect and analyze data about customer payments and, with the benefit of risk profiles, use that data to spot suspicious activity. Indicators of suspicious activity associated with payment service transactions include:
- Unusual transaction patterns, such as high frequencies or high volumes of transactions that do not match a customer’s risk profile.
- Transactions involving high risk countries, such as Iran and North Korea.
- Transactions involving politically exposed persons (PEP).
- Customers that are involved in adverse or negative news stories.
- Transactions with persons that are subject to international sanctions.
The payment industry has changed significantly since the beginning of the 21st century, creating a range of transaction monitoring challenges. Those challenges include:
Emergent criminal methodologies: As payment service providers integrate new technologies, criminals have developed new money laundering methodologies. In a digital payment landscape, firms must consider versatile approaches to the transaction monitoring process to account for these changes, including digital identification methods and the integration of smart technology AML tools.
False positives: The complexity and scope of information that must be managed during the transaction monitoring process often leads to the false positive identification of suspicious behavior. False positives slow down and add cost to the compliance process since they must be remediated carefully, while creating negative experiences for customers when payments are delayed or disrupted.
Regulatory disparities: Payment firms that facilitate transactions across international borders may have to manage regulatory disparities between jurisdictions. Money launderers may seek to evade monitoring controls by introducing illegal money into the financial system by exploiting a more permissive regulatory environment.
Legislative changes: Transaction monitoring requirements change regularly and are often affected by new legislation such as data privacy laws. Recent regulatory changes introduced by the European Union’s Anti-Money Laundering Directives, for example, have extended transaction monitoring rules to cryptocurrency payments while 2015’s Payment Services Directive 2 extended a range of new AML requirements to online payments service providers.
Transaction monitoring software: The complexity and range of data that must be analyzed during the transaction monitoring process, means that manual monitoring is unfeasible and payment services firms must implement suitable transaction monitoring software in order to meet their compliance obligations.
Transaction monitoring software allows firms to manage their data processing needs comprehensively and with an automated speed and accuracy that is impossible for human compliance employees. The advantages of transaction monitoring software include enhancing the customer experience by removing friction from the onboarding process, speeding up false positive alert remediation, and adapting to regulatory changes and jurisdictional disparities.
In selecting transaction monitoring software, payment firms should consider the practical benefits of the system they are integrating, including its speed and efficiency, its adaptability to factors such as regulatory change, its compatibility with existing technical knowledge and infrastructure, and the level of industry accreditation and confidence that it offers.
Customer due diligence: Payment firms must build their transaction monitoring process on a robust AML/CFT program that delivers the information they need to scrutinize their customers’ behavior effectively. In practice, this means establishing and verifying the identities of their customers with robust customer due diligence (CDD) in order to understand who they are doing business with and the risk that their transactions present.
Screening and monitoring: Payment firms should also gather a wider range of relevant risk information about their customers in order to inform the transaction monitoring process. Practically, this means screening customers against international sanctions lists, checking their PEP status, and monitoring for their involvement in adverse media stories.
The EU’s 6th Anti Money Laundering Directive, which must be implemented by financial institutions by 3 June 2021, presents specific challenges for payment service providers that will affect the transaction monitoring process:
- Predicate Offences: 6AMLD harmonizes the list of predicate offences for money laundering, adding cyber-crime to the list. This means that online payment firms, including cryptocurrency exchanges, must comply with AML transaction monitoring requirements.
- Aiding and abetting: 6AMLD will extend the regulatory scope of money laundering so that persons that enable the offence will also be considered legally culpable for it. This shift in legal scope should be reflected in the transaction monitoring process that payment firms deploy.
- Extension of liability: 6AMLD extends criminal liability for money laundering beyond individuals to legal persons (such as payment companies) that fail to prevent it. Accordingly, payment services firms should ensure that every employee, at every level of authority, is aware of their responsibilities towards the transaction monitoring process.