What is the point of ongoing monitoring in AML?

Ongoing monitoring is critical for financial institutions (FIs) to protect their businesses from criminals attempting to launder money or finance terrorist activity.

It’s certainly an essential component in know your customer (KYC) and anti-money laundering (AML) regulations.

But without an efficient, scalable, and reliable way to continuously detect hidden risks in customer activity, it would be almost impossible to prevent financial crime from taking advantage of legitimate financial services.

This article will look at:

• Why ongoing monitoring is so important.
• What it takes to successfully monitor customers.
•  How automation and software can help.

What is ongoing monitoring in AML?

Ongoing monitoring is the process of routinely assessing customers and their transactions for risks for criminal activity such as money laundering or terrorist financing.

Unlike the screening processes at the start of a new customer relationship, an ongoing monitoring program is a continuous effort to verify that customers are who they say they are and that their transactions are legal and compliant.

Why is ongoing monitoring important in AML

Ongoing monitoring is a critical layer in a company’s overall AML efforts because it tracks and verifies both customers and their activities over a long period of time. This is crucial for three reasons:

1. Customers may not be participating in criminal activity when they first start transacting with a financial business. But they might start doing so later on. Without an ongoing approach to detecting risk, the business would be none the wiser and yet completely exposed.
2. Financial criminals go through great efforts to present as legitimate actors, often posing as legal businesses or even manipulating legal businesses to transact on their behalf. But while these efforts might be enough to bypass initial screening procedures, the more they transact the harder it becomes for them to continue fooling a robust AML operation.
3. Even if a customer isn’t participating in illicit activities, their risk levels may change over time. For instance, the outcomes of elections in foreign countries may mean certain customers are now considered politically exposed persons (PEPs), new stories may emerge about their involvement in other criminal activities, and the ultimate beneficial ownership of their businesses may change hands. All these changes merit further investigation as they emerge.

This is why the ongoing monitoring program is so important to ensuring FIs can protect themselves from the regulatory penalties and reputational damage that can result from failing to detect criminal activity.

The AML regulations and requirements for ongoing monitoring

Given its critical role in detecting criminal activity, ongoing monitoring is now a central requirement of every major KYC and AML regulation around the world.

• The UK’s Money Laundering Regulations of 2017 require firms to “conduct ongoing monitoring of a business relationship, including—(a)scrutiny of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile; (b)undertaking reviews of existing records and keeping the documents or information obtained for the purpose of applying customer due diligence measures up-to-date.”
• Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) require all reporting entities to comply with ongoing monitoring requirements as of 2021.
• The Australian Transaction Reports and Analytic Center (AUSTRAC) mandates ongoing customer due diligence with a view to identify, mitigate, and manage the risk of reporting entities being involved in or facilitating money laundering or terrorist financing.
• The Reserve Bank of India (RBI) recently updated its AML and CTF requirements to mandate closer ongoing monitoring of transactions in customer accounts.
• The US’ Financial Crimes Enforcement Network (FinCEN) enforces ongoing monitoring to identify and report suspicious transactions as part of its customer due diligence (CDD) rule.
• The Financial Action Task Force includes ongoing due diligence as part of its International standards for combating money laundering and terrorist financing.

Penalties for non-compliance

Financial institutions have been fined severely and repeatedly for AML-related infractions, amounting to more than $50 billion since the global financial crisis of 2008.

Violations that receive the biggest penalties typically involve a failure to effectively calibrate AML measures with a firm’s risk profile, including deficient customer due diligence processes and a failure to monitor PEPs and high-risk entities.

For instance, in 2022, a European bank received one of the largest fines of the year for insufficient transaction monitoring of high-risk customers and inadequate measures for enhanced due diligence, even though it had claimed its AML systems were effective.

The main components of the ongoing monitoring process

Ongoing monitoring is an essential aspect of a company’s overall efforts to conduct due diligence on its clients and identify any risks of money laundering or terrorist financing activity.

Based on the business’ risk-based assessment, ongoing monitoring will be conducted as part of both standard customer due diligence (CDD) and enhanced due diligence (EDD).

It’s made up of several component processes that typically include:

• Transaction monitoring: To routinely observe and report on the nature of client transactions and whether they’re in line with the client’s stated objectives, historical patterns and within the scope of legitimate transactions of that nature.
• Ultimate Beneficial Ownership (UBO): To maintain an ongoing understanding of the client’s source of funds as well as keeping tabs on the individuals or entities who ultimately gain from the client’s activities.
• Sanctions checks: To regularly consult sanctions lists from all around the globe in the event that anyone representing the client or their business should be subject to additional layers of scrutiny as identified by governments and authorities.
• Adverse media: To continuously monitor media and publications around the world for any indication that anyone representing the client or their business is implicated in nefarious activity that might warrant additional due diligence and controls.
• PEP checks: To regularly determine whether or not the status of anyone representing the client or their business should be updated to highlight their political exposure and therefore require an increase in scrutiny or change in policy.

Ongoing monitoring best practices

Globally, AML regulations expect reporting businesses to continuously monitor their clients’ activity with general requirements around reporting suspicious behavior and maintaining documentation on policies and controls.

But the onus is still on businesses to implement a system of ongoing monitoring that is both effective at detecting risks and efficient enough to run sustainably. Some best practices that can help businesses on this path include:

• Prioritize an ongoing approach to risk scoring: Some businesses only implement risk scoring for their clients as part of a single spreadsheet-based exercise. While it might seem to reduce the effort required from compliance teams, this leaves businesses exposed to inevitable changes in the client’s circumstances and patterns. For ongoing monitoring to effectively detect risk, businesses need risk scoring to be constantly updated.
• Leverage automation to scale efficiently: Machine learning can have a sizable impact on a business’ ability to monitor all of its clients on an ongoing basis successfully. With the right integrations and interfaces, it can dynamically update risk scoring and proactively collect new information on clients from sanctions lists and adverse media to ensure compliance teams can reliably detect risk at scale.
• Documentation cannot be an afterthought: A constant audit trail of every decision, policy and control is absolutely essential to ensuring that regulators have the information they need while also ensuring internal audit teams have everything they need to assess processes. This documentation needs to be an innate, ideally automatic part of the AML process rather than an additional step to be manually implemented after decisions are made.

Automated ongoing monitoring solutions

Financial institutions around the world rely on ComplyAdvantage’s ongoing monitoring solution to run more efficient, effective AML processes. They’re able to combine:

• An easy-to-use, highly configurable platform that intuitively presents data from multiple sources so analysts can get the full picture faster.
• Market-leading proprietary data that leverages machine learning to dynamically update profiles based on adverse media, PEP lists, and sanction lists globally.
• A process that includes fewer false positives, a faster way to manage alerts, and a constant auditable trail of every decision and action taken.

Investment company Freetrade experienced this firsthand when the company determined it needed to implement more rigorous ongoing monitoring. Freetrade selected ComplyAdvantage as a partner that could deliver ongoing screening and monitoring alongside the flexibility to configure the lists it screened against. 

“The quality of data we get through ComplyAdvantage is really important to us. Through ComplyAdvantage, we have comfort that we’re screening and identifying high-level PEPs and all the way down to local councilors.” 

Rob O’Sullivan, Director, Financial Crime Compliance and MLRO, Freetrade