A Closer Look at the Proposed FCA Guidance for Transaction Monitoring

The FCA have recently published a consultation paper with proposed changes to their Financial Crime Guide for firms.

The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

This includes proposed changes or additions to sections covering Sanctions, Proliferation Finance, Transaction Monitoring, Crypto, Consumer Duty and Consequential Changes.

In this blog, I’m going to focus on the Transaction Monitoring section (mainly because that’s my job).

It’s no surprise to see the Transaction Monitoring section of the guide being extended: many of the recent fines levied by the FCA have involved poor application of technology. Considering this alongside the volume and speed of change in financial crime (with both the good and bad guys innovating to keep pace with each other) it’s clear that further guidance is needed and should be welcomed by firms.

The proposed new guidance encourages firms to consider new technologies which enable the monitoring of customer activity and behaviour in order to enhance traditional transaction threshold monitoring. Further, it acknowledges that machine learning and AI can play a part in this process, especially in large institutions where transaction volumes (and therefore alert volumes) are high.

However, caution is needed: on one hand the self-assessment questions include considering of alternative types of transaction monitoring using “novel approaches” and on the other hand, require firms to justify the methods used to automate triaging of alerts.

It’s clear that the regulator expects firms to fully understand the system/s they are using, that it is configured appropriately to meet the business needs, both at the outset and as the business evolves over time. It’s also vital to ensure that all decisions are clearly evidenced and if required, the firm is able to clearly articulate what the monitoring is looking for and the rationale behind this.

One example cited of poor practice made me choke on my tea: “The control framework around automated monitoring is weak. For example, senior management have an unrealistic expectation of what automated transaction monitoring systems are feasibly able to achieve, while manual scrutiny of alerts lacks resources and is unable to cope.”

I imagine there are financial crime team managers up and down the country screaming at this! Investing in tech is brilliant, and of course it helps firms to manage their financial crime risks, but there is still a need for expert people to manage the alerts effectively. One of the best parts of my job is working with new clients; to understand their risks and to help their financial crime team see the benefits of implementing a new system. I get wrapped up in the energy in a team room when they realise how much of their working days can be freed up to focus on quality investigations instead of admin and trawling through endless lists. Not only does a good monitoring system result in an engaged team, but working alerts quickly and efficiently is more important than ever before when considering the need to balance the needs of financial crime prevention with the requirements of the Consumer Duty.

The examples of good practice in the draft text really are good – for example “where a firm learns that criminals have abused its facilities, a review is performed to learn how monitoring methods could be used to lessen the risk of recurrence”. YESSS! If you’ve seen a new fraud hit your business, a look back at what happened, with the benefit of 20/20 hindsight vision is vital. What are the data-points in the scenario that you could’ve identified sooner? Not only does this allow you to enhance your transaction monitoring rules, but this type of activity should also feed into your staff training. Everyone loves a real case study, and sharing examples like this means that your staff will know what to look out for.

The guide also offers helpful prompts for any firms looking to change their transaction monitoring systems. Under Good Practice, the guide states “Before a new system replaces an existing one, a robust judgement is formed about the relative usefulness of both systems. While each system may not flag all the same events, the firm is able to demonstrate that one approach produces better quality alerts overall.” This may sound obvious, but evidence of testing and understanding of any differences between systems is vital to gain assurance that the new system is performing as expected. Unexplained anomalies could indicate a broader lack of understanding of the system and could result in serious gaps in the monitoring controls.

Data quality and consistency also plays a vital part in deploying any automated transaction monitoring, whether it’s changing from one system to another or deploying automated transaction monitoring for the first time. Many firms have multiple systems in place, and if data from different systems is consolidated within your transaction monitoring system, then spurious data could wreak havoc. For example, the same transaction code might mean two totally different things in different core systems, so for your rules to function effectively the monitoring system needs accurate and consistent data.

Whilst this updated chapter isn’t very long, it packs in a lot of really useful information and firms should read and consider how their own processes stack up against this.

Claire Rees, Financial Crime Regulatory Specialist at Jade ThirdEye, Claire has over 21 year's experience working in Risk Management roles in financial services. Find our more at www.jadethirdeye.com