News & Press: ACFCS News

Special contributor report: Developing an AML transaction monitoring strategy

Thursday, June 29, 2017   (0 Comments)
Posted by: Brian Monroe
Share |

By John Wintrow
June 29, 2017

With more than three decades of law enforcement, military and intelligence gathering experience, John Wintrow, a manager at consultancy AML Rightsource, knows a thing or two about financial crime and compliance trends, both identifying the telltale red flags of criminal activity and aiding financial institutions in bolstering systems and programs to do the same. 

He was kind enough to share his recent story looking at some of the challenges tied to what many consider the most complex and arcane part of the anti-money laundering (AML) compliance program: the transaction monitoring system. 

That's because, over and over, federal regulators have formally chided and charged banks with broad failures in this area, in some cases leading to hefty monetary penalties and expensive remediation engagements.

The problems have ranged from not ever tuning the transaction monitoring system since it came out of the box to not properly weaving in details from customer risk rankings to ensure the system is more closely tracking higher risk entities. 

In some cases, even if a bank can somehow find the magical combination of variables to have a properly functioning AML monitoring system -- the technology is risk-attuned and scenario-driven, is validated so data is properly flowing through from beginning to end and it produces quality alerts -- the analysts themselves may be too few handle them, or can make poor decisions. 

That's why Wintrow and his team decided to tackle this topic and chat with ACFCS about why this area can be so fraught with challenges, pitfalls and regulatory repercussions. 

ACFCS: Why did you decide to write about this topic?

Wintrow: AML Transaction Monitoring is at the core of the AML mission and it is often one of the more problematic and challenging areas of an AML program. We are often called upon by our clients to assist in defining/developing a monitoring strategy that leads to more precise targeting of potential suspicious activities. This article is part of series of thought leadership pieces we are working on to share with the overall financial crimes risk and compliance community. Stay tuned for more from the financial crimes advisory practitioners here at AML RightSource. 

ACFCS: What mistakes do you see banks making tied to AML transaction monitoring systems? 

Wintrow: Some common mistakes we see are specific to monitoring systems not being directly linked to the risk assessment of products, services, transactions, customers, and geographies. Additionally, we see rule sets or detection scenarios that are out of the box, generic in nature, and/or lacking in a real level of sophistication from an advanced analytics stand point. We like to help our clients build precise targeting rules that not only link back to the risk assessment, but target/detect real indications of illicit financial threats (e.g.: WMD proliferation, terrorist financing, drug trafficking, human trafficking, transnational organized crime, criminal gangs and organizations, white collar crime activities, BSA violations, etc.).

ACFCS: What are regulators focusing on in terms of AML transaction monitoring systems and what do you think they really want to see from banks? 

Wintrow: The regulatory focus is on model validation (an assurance of conceptually sound model theories, data integrity and quality, and testing of model outputs). I would add that the focus on risk coverage (monitoring strategy linked back to the risk assessment) is continuing to be a more apparent requirement/expectation from the regulators. In short, they want to see a sound system that identifies suspicious activity – the centerpiece of an AML program. 

Here is the article. Originally printed here. Republished with permission and appreciation. 

Are all rules created equal? How do you design effective transaction monitoring rules that are capable of capturing the vast majority of money laundering and related illicit activities?

In this post, we take a closer look at a US financial institution’s (“FI”) AML transaction monitoring environment. Specifically, we examine how an FI can ensure comprehensive transaction risk coverage by utilizing a targeted top-down approach in the development of its monitoring rules.

Crafting precise and simultaneously effective monitoring rules or detection scenarios can be a tricky business. While some FIs account for multiple elements within their rules, some prefer to preserve simplicity.

Some FIs may house 20-40 monitoring rules, and others boast hundreds. You have to ask yourself as an FI at some point if there is indeed a method to the madness.

There actually does exist a very methodical approach in designing sound and effective transaction monitoring rules that will appropriately detect potentially suspicious activity.

Enterprise-Wide Risk Assessment

The foundation of all transaction monitoring is the FI’s Enterprise-Wide Risk Assessment (“ERA”).

The level of risk associated with each transaction type offered by an FI should always trace back to its ERA. This means that the ERA should delineate in a clear manner the following: 1) all transaction types the FI offers, and 2) the inherent money laundering risk associated with those transaction types.

Institutions are constantly modifying money laundering risk associated with transactions on a continuous basis. Is your institution’s ERA comprehensive and up to date in its identification of transaction risk?

Current Transaction Risk Coverage

Next, the FI should evaluate whether the money laundering risk evident in its ERA is being effectively covered by a corresponding transaction monitoring rule in place. Different transaction types pose different types of risks to an FI.

For example, the risk posed by international wire transfers is not necessarily going to mirror the risk posed by domestic cash transactions. Monitoring rules should be precisely designed to target the risk specific to the transaction type in question.

Let’s illustrate the aforementioned top-down approach by first exploring an institution’s money laundering threat/risk environment.   

AML Threat/Risk Environment

The following types of money laundering threats/risks are typical to the financial system or an FI:

·         illicit financial threats,

·         international money laundering operations,

·         domestic money laundering operations, and

·         Bank Secrecy Act (“BSA”) violations and tax evasion.

Illicit financial threats typically include terrorist financing and funding, weapons of mass destruction (“WMD”) proliferation activities, and often include foreign terrorist organizations (“FTOs”) and nation-state actors.

International money laundering operations typically include organized crime, human and drug trafficking and smuggling organizations and transnational criminal organizations (“TCOs”).

Domestic money laundering operations typically involve white collar and organized criminal gang activities. Violation of the BSA and tax evasion typically involve unreported cash and/or income.

AML Typologies

Once your institution is knowledgeable of its money laundering threat/risk environment, the next step is to extract corresponding money laundering typologies that will serve as the foundation for your transaction monitoring rules.

Illicit financial threats are evident through terrorist financing/funding activities. International money laundering operations are effectuated through cross-border activities.

Domestic money laundering operations are performed through obfuscation activities. BSA violations and tax evasion are typically seen through structuring, smurfing, mule, and bulk cash activities.

AML Transaction Risk

The third step is to identify which transactions identified in the ERA process correspond to the following aforementioned typologies:

·         cross-border activity;

·         obfuscation activity;

·         structuring, smurfing, mule, and bulk cash activities.

Following this step, you should ensure that a rule is in place for each transaction type to effectively detect the typology associated with that transaction type.

And finally, you should frequently tune your rules and run them out in a test environment to ensure they are operating efficiently. The aforementioned moving you into the qualitative and quantitative analytical review of the tuning and optimization exercise.

If your rules have not been functioning optimally, it might be time to tune your current existing rule set and/or start from scratch.

Our methodical approach is designed to ensure that your transaction monitoring rules are effective and provide targeted money laundering risk coverage, preventing your institution from exposure to facilitating illicit activities.  

~ Is your financial institution due for a tune-up? At AML RightSource, a Gabriel Partners Company, our Financial Crimes Advisory practice has helped multiple financial institutions develop effective and long-term transaction monitoring rules and strategies and can do the same for you.

For more information about our practice, please visit

About the author

Mr. Wintrow is a Manager within the firm's Financial Crimes Advisory practice, operating out of the Phoenix office. He is a Certified International Crime Prevention Specialist (ICPS) with over 30 years of collective law enforcement, military, and intelligence community experience; spanning both corporate and government arenas.

Mr. Wintrow formerly headed threat intelligence and investigations and designed an extensive data analysis platform aiding trend analysis and anomaly detection of targeted terror threats. Mr. Wintrow is also a global leader in the domain of foreign terror organizations' exploitation of social media and headed counterintelligence efforts for a federal government agency.

He has taught graduate courses in Criminal Investigations, Counterterrorism, and Management of Cyber Investigations. Mr. Wintrow obtained his Bachelor of Arts in Public Administration from Ottawa University and holds a Master of Arts in Strategic Security Studies in Counterterrorism from National Defense University, College of International Security Affairs.

*This article has been updated*

©2018 Association of Certified Financial Crime Specialists
All Rights Reserved