Developing an Anti-Money Laundering Transaction Monitoring Strategy

Are all rules created equal? How do you design effective transaction monitoring rules that are capable of capturing the vast majority of money laundering and related illicit activities? In this post, we take a closer look at a US financial institution’s (“FI”) AML transaction monitoring environment. Specifically, we examine how an FI can ensure comprehensive transaction risk coverage by utilizing a targeted top-down approach in the development of its monitoring rules.

Crafting precise and simultaneously effective monitoring rules or detection scenarios can be a tricky business. While some FIs account for multiple elements within their rules, some prefer to preserve simplicity. Some FIs may house 20-40 monitoring rules, and others boast hundreds. You have to ask yourself as an FI at some point if there is indeed a method to the madness. There actually does exist a very methodical approach in designing sound and effective transaction monitoring rules that will appropriately detect potentially suspicious activity.

Enterprise-Wide Risk Assessment

The foundation of all transaction monitoring is the FI’s Enterprise-Wide Risk Assessment (“ERA”). The level of risk associated with each transaction type offered by an FI should always trace back to its ERA. This means that the ERA should delineate in a clear manner the following: 1) all transaction types the FI offers, and 2) the inherent money laundering risk associated with those transaction types. Institutions are constantly modifying money laundering risk associated with transactions on a continuous basis. Is your institution’s ERA comprehensive and up to date in its identification of transaction risk?

Current Transaction Risk Coverage

Next, the FI should evaluate whether the money laundering risk evident in its ERA is being effectively covered by a corresponding transaction monitoring rule in place. Different transaction types pose different types of risks to an FI. For example, the risk posed by international wire transfers is not necessarily going to mirror the risk posed by domestic cash transactions. Monitoring rules should be precisely designed to target the risk specific to the transaction type in question. Let’s illustrate the aforementioned top-down approach by first exploring an institution’s money laundering threat/risk environment.   

AML Threat/Risk Environment

The following types of money laundering threats/risks are typical to the financial system or an FI — 1) illicit financial threats, 2) international money laundering operations, 3) domestic money laundering operations, and 4) Bank Secrecy Act (“BSA”) violations and tax evasion. Illicit financial threats typically include terrorist financing and funding, weapons of mass destruction (“WMD”) proliferation activities, and often include foreign terrorist organizations (“FTOs”) and nation-state actors. International money laundering operations typically include organized crime, human and drug trafficking and smuggling organizations and transnational criminal organizations (“TCOs”). Domestic money laundering operations typically involve white collar and organized criminal gang activities. Violation of the BSA and tax evasion typically involve unreported cash and/or income.

AML Typologies

Once your institution is knowledgeable of its money laundering threat/risk environment, the next step is to extract corresponding money laundering typologies that will serve as the foundation for your transaction monitoring rules. Illicit financial threats are evident through terrorist financing/funding activities. International money laundering operations are effectuated through cross-border activities. Domestic money laundering operations are performed through obfuscation activities. BSA violations and tax evasion are typically seen through structuring, smurfing, mule, and bulk cash activities.

AML Transaction Risk

The third step is to identify which transactions identified in the ERA process correspond to the following aforementioned typologies — 1) cross-border activity; 2) obfuscation activity; and 3) structuring, smurfing, mule, and bulk cash activities. Following this step, you should ensure that a rule is in place for each transaction type to effectively detect the typology associated with that transaction type. And finally, you should frequently tune your rules and run them out in a test environment to ensure they are operating efficiently. The aforementioned moving you into the qualitative and quantitative analytical review of the tuning and optimization exercise.

If your rules have not been functioning optimally, it might be time to tune your current existing rule set and/or start from scratch. Our methodical approach is designed to ensure that your transaction monitoring rules are effective and provide targeted money laundering risk coverage, preventing your institution from exposure to facilitating illicit activities.  


John Wintrow

John Wintrow

Mr. Wintrow is a Manager within the firm's Financial Crimes Advisory practice, operating out of the Phoenix office. He is a Certified International Crime Prevention Specialist (ICPS) with over 30 years of collective law enforcement, military, and intelligence community experience; spanning both corporate and government arenas. Mr. Wintrow formerly headed threat intelligence and investigations and designed an extensive data analysis platform aiding trend analysis and anomaly detection of targeted terror threats. Mr. Wintrow is also a global leader in the domain of foreign terror organizations' exploitation of social media and headed counterintelligence efforts for a federal government agency. He has taught graduate courses in Criminal Investigations, Counterterrorism, and Management of Cyber Investigations. Mr. Wintrow obtained his Bachelor of Arts in Public Administration from Ottawa University and holds a Master of Arts in Strategic Security Studies in Counterterrorism from National Defense University, College of International Security Affairs.