Transaction Monitoring Effectiveness Review

Key Challenges

Our client, a payments company, had concerns that their transaction monitoring was not effective & could be opening them up to the risk of failing to identify suspicious activity. They were also concerned about their regulatory risk should a regulator investigate & find them to be sub-standard.

We worked with our client to scope a review of the transaction monitoring & controls as follows:

  • An assessment of the policy & procedures covering transaction monitoring
  • An assessment of the quality & coverage of TM rules
  • A gap analysis to assess alignment between the TM rules & the firm’s business-wide risk assessment

SQA PROposed solution

SQA Consulting put together a small team of experienced consultants to deliver this review.

Our consultants applied their vast experience gained through many years working with & as part of Transaction Monitoring (TM)  teams. We applied the SQA TM Toolkit which includes:

  • A TM maturity model
  • A library of TM rules used in many other organisations
  • A range of regulatory guidance material & other best practice documentation

Our approach included a review of the client’s documentation, interviews across the TM & Compliance teams, sample testing & comparison to the SQA TM maturity model.

solution benefits

A report was prepared for the client including observations & recommendations from our work:

  • We identified several risks in the business wide risk assessment that were not reflected in the TM rules. For example:
    • specific geographic risks relating to the nature of the client’s business that were not currently reflected in the rules
    • risks relating to PEPs & high-risk customers. We recommended feeding data attributes from other customer systems into the TM system enabling more targeted rules to be developed

We recommended:

  • a control to review activity from new customers for an initial period (e.g. 6 months) after onboarding. This would validate the information obtained in the customer due diligence process
  • that the client implement controls to ensure that their list of high-risk countries was up to date & consistently applied
  • that the documentation around TM rule design & selection be augmented to provide an audit trail demonstrating the rationale for the selection of their rules & why that particular set of rules helped mitigate their financial crime risk. This would be expected by any regulator

The client agreed with all of our recommendations. Through this review, the client gained an understanding of the effectiveness & adequacy of their TM controls & were able to take steps to improve the overall effectiveness.

The output of this review gave them comfort that they would be well prepared in the event of a regulator visit.

Technology Consulting Partners