Transaction monitoring

A transaction monitoring program helps your business to: 

• Identify, mitigate and manage money laundering and terrorism financing (ML/TF) risk 
• Identify and report suspicious matters to AUSTRAC
• meet your ongoing customer due diligence (OCDD) and enhanced customer due diligence (ECDD) obligations.

You must document how you monitor customer transactions in Part A of your AML/CTF program. Your transaction monitoring program must be based on your risk assessment of your business or organisation and define the processes you follow to identify suspicious customer transactions, including:

• unusually large transactions
• complex transactions
• unexpected patterns of transactions that don’t seem to have a legitimate purpose.

How you monitor transactions and develop your program depends on the size of your business or organisation and your level of ML/TF risk. Depending on the type, size and complexity of your business or organisation, your transaction monitoring program can be manual or automated. You should allocate appropriate resources and priority to analysing and actioning alerts raised by transaction monitoring.

Your transaction monitoring program

You must have an appropriate risk-based monitoring program in place to help your employees identify suspicious transactions and take steps to protect your business or organisation.

Your transaction monitoring program should:

• define the processes you follow to identify suspicious customer transactions
• document appropriate risk-based systems and controls that capture all necessary sources of customer and transaction data or information
• set out systems and controls that trigger alerts for further review such as:
  • size, frequency or patterns of transactions that may indicate unusual or suspicious activity, including suspected fraud or identity theft
  • transactions that are sent to or received from a high-risk country or region
  • payments that are sent to or received from a person or organisation on a sanctions list
  • activities that may be inconsistent with a customer's risk profile or history
  • increased monitoring of higher risk customers previously suspected of or investigated for potentially suspicious activity
  • other unexpected account activity from a customer which may indicate money laundering or terrorism financing
     
• implement processes to consistently review and manage the internal escalation and investigation of alerts
• prioritise alerts according to the level of risk
• document processes to consistently manage the reporting of potentially suspicious matters
• detail sufficient assurance processes to review the management of alerts
• continually monitor transactions at all levels, not just, for example by branch or venue level
• document processes with sufficient specificity to enable them to be consistently applied
• document and audit any automated transaction monitoring processes.

How your processes work together

Your processes and information sources must work together to monitor the services you are providing to customers to identify, mitigate and manage ML/TF risks.

Transaction monitoring, reporting, ECDD, ACIP and other information all contribute to a better understanding of your customers. These processes and information sources must contribute to a single understanding of the customer and their risk profile, rather than operate or exist independently.

Transaction monitoring alerts must be considered against the customer’s history, including any information from law enforcement. You must ensure there is a central or fully accessible customer history for customer due diligence purposes.

For example, different teams in your business might hold information about a customer’s suspected connections to terrorism, transaction monitoring alerts, suspicious activity on the customer’s account and information from law enforcement about this customer.

Your systems and controls must be able to merge and combine this information in a timely manner, to provide a comprehensive view of the customer’s ML/TF risks.

Review and assurance of your transaction monitoring program

Your transaction monitoring must be applied to all designated services at all times. It must be supported by appropriate accountability and review mechanisms, to confirm that:

• processes are in place to make certain no disruptions to downstream AML/CTF processes occur when any changes are made to systems
• all systems changes that may potentially affect AML/CTF compliance require AML/CTF sign off
• all necessary assurance processes are in place and AML/CTF processes are fully documented and mapped.

Transaction monitoring must be periodically audited and reviewed to ensure it is operating as intended. Audits and reviews must confirm that transaction monitoring is based on complete data, and that transaction monitoring rules remain appropriate and current. Automated transaction monitoring systems and program alerts need to incorporate any new methodologies, typologies or crime types.

Resolving any system issues must also receive adequate resourcing and priority. This should also be addressed from the time the failure or breakdown was identified to cover all past transactions.

Any problems identified must be addressed promptly. Failure to monitor transactions can have serious flow-on effects to other AML/CTF processes such as SMR reporting, conducting ECDD and the ongoing identification of ML/TF risks.