Banks’ transaction monitoring in the area of ​​money laundering needs to be improved

The Danish Financial Supervisory Authority, together with international consulting firms, has investigated the transaction monitoring in the country’s seven largest banks. The study showed that banks spend a lot of resources on transaction monitoring, but that changes and improvements are needed in a number of areas. This applies to both the monitoring systems and the procedures in the field.

In 2019, the Danish Financial Supervisory Authority received a special grant to strengthen the fight against money laundering in the financial sector. A large part of these funds was set aside by the Danish Financial Supervisory Authority for a cross-cutting examination of transaction supervision in the largest banks in Denmark. The study was conducted with the assistance of external consulting firms in 2019 and 2020.

Background

Companies covered by the Money Laundering Act – and thus all banks – must continuously monitor their customer relationships. Among other things, they must do this to ensure that customers ‘transactions are in accordance with their knowledge of customers and customers’ risk and business profile. The monitoring must ensure that the companies become aware of the customers’ unusual transactions. It can e.g. be complex and unusually large transactions or unusual transaction patterns and activities.

In addition, banks are required to examine the background of such unusual transactions and activities as well as any unusual transaction patterns. They must do so in order to determine whether there is a suspicion or reasonable cause to believe that the transactions have or have been linked to money laundering or terrorist financing. The companies must then notify the Money Laundering Secretariat in the National Unit for Special Crime (NSK) of the transactions where the suspicion after a further investigation can not be dispelled.

The banks’ monitoring of their customer relationships is thus one of the key elements in the fight against money laundering and terrorist financing. 

However, the task is complex. In practice, the monitoring in the vast majority of banks can only take place with advanced IT systems, as very many and very different transactions are made daily through the banks. This is especially true of the large banks, which can have hundreds of thousands of transactions daily.

In addition, the area is in strong development. Of course, this applies to the technological possibilities in the banks’ monitoring systems, but new forms of criminal behavior and thus new risks and threats are also constantly emerging.

The inspections

Against this background, in 2019 the Danish Financial Supervisory Authority entered into agreements with the consulting firms Deloitte and McKinsey & Company to carry out inspections of transaction supervision in five of the largest banks in Denmark: Jyske Bank, Nykredit, Spar Nord Bank, Handelsbanken and Sydbank. The inspections in the five banks were carried out in the last quarter of 2019. The statements regarding these five inspections can be read here: Jyske Bank , Nykredit , Spar Nord , Handelsbanken , Sydbank .

In 2020, the Danish Financial Supervisory Authority entered into an agreement with the consulting firm Duff & Phelps to carry out inspections in the two largest banks in Denmark: Danske Bank and Nordea Danmark. The inspections in these two banks were carried out in the last half of 2020. The statements regarding these two inspections can be read here: Danske Bank  and Nordea Danmark .

The purpose of the study was part of the “spring cleaning” decided in the political agreement of 27 March 2019 on strengthening efforts against financial crime. This included a desire to investigate the specific banks’ compliance with the rules in the area of ​​money laundering. In addition, the purpose was to get a picture of the quality of transaction monitoring in the largest Danish banks and the challenges that exist in this area.

The Danish FSA’s conclusions

As appears from the statements, all the inspections gave rise to orders from the Danish Financial Supervisory Authority. It should be emphasized that the results of the inspections are not directly comparable across the institutes. This is due to several factors, including that the inspections have been carried out by different consultants, each with their own methodological approach, and that the individual banks have chosen different solutions in the area, both in terms of how they technologically support the monitoring and how they organize it. In addition, there are large differences in size and complexity between the banks surveyed.

In the opinion of the Danish Financial Supervisory Authority, however, the results of the study nevertheless give rise to a number of conclusions across the major banks.

Monitoring scenarios need to be further developed

As mentioned, the transaction monitoring in most banks can in practice only take place with dedicated IT systems. The IT-based monitoring should identify the transactions that need to be taken out for a closer manual examination. It is important that this identification is as accurate as possible. If a system catches too few unusual transactions, crime risks remaining undetected. Conversely, if the system is too fine-grained and responds to too many transactions, banks’ money laundering investigators risk drowning in a plethora of alarms that do not cover real suspicious activity (so-called false positives).

Thus, automated monitoring based on simple thresholds (eg all transactions above a certain size or in certain currencies) will result in far too many false positives. Therefore, the monitoring systems operate with so-called scenarios, which are predefined combinations of parameters and values, so that transactions are not only selected according to a single threshold value or a few parameters, but a combination of these. The scenarios must also include the companies’ knowledge of the customers, so that transactions that are unusual for the customers are identified. The scenarios must also take into account the type of customer and whether the customers are considered to have a high or low risk of money laundering or terrorist financing.

The design and use of scenarios has therefore also been a focus point for the study. Across the banks examined, they have given rise to injunctions which, among other things, relates to the systems’ ability to include the knowledge of the individual customers and deviations from the behavior expected of the customers in the monitoring. In general, the systems of the banks examined have not been good enough in this area, which entails a risk that the suspicious transactions will not be captured to a sufficient extent.

Developments in crime and methods of money laundering are rapid, and it is therefore important that the scenarios are flexible and constantly evolving so that banks can take into account developments in the bank’s risks, including new forms of crime and new methods of money laundering and terrorist financing. . 

At the same time, it is important that there is good management around the development and the ongoing adaptation of the scenarios. Among other things, the banks must be able to ensure and document that their scenarios are adapted to their risk picture, and that the settings in the systems (which form the basis for the scenarios) are chosen on this basis. For example, the settings in the systems must not be set too low just to limit the number of alarms so that they do not exceed the resources the bank has set aside to examine them. Some of the institutes have not been good enough to document the background for these settings and thus for the design of the scenarios. This also does not provide the necessary assurance that the scenarios are good enough.

Data centers may involve too little flexibility

Only two of the banks surveyed have their own IT-based monitoring system, while the systems for the other banks are provided by the data centers that operate IT systems for larger groups of banks and that provide the majority of the banks’ IT infrastructure. 

The Danish Financial Supervisory Authority notes from its inspection activities that the monitoring systems provided by the data centers, all other things being equal, involve opportunities for solutions for the smaller banks that would probably not otherwise be available to them. At the same time, the Danish Financial Supervisory Authority notes that the data centers’ monitoring systems in practice entail significant challenges for the individual bank in relation to flexibility and the possibility of adapting the monitoring systems to the individual bank’s needs and risks. In general, the Danish Financial Supervisory Authority assesses that the data centers have lagged behind in the development of the monitoring systems in relation to what has been necessary, although there have been positive developments in this area in recent years.

Trade finance is not monitored well enough

Transactions related to the financing of trade in and transport of goods, primarily foreign trade (trade finance), have increasingly developed into a method of committing money laundering and terrorist financing. Trade finance transactions often contain many parties and complicated documentation that can be misused to obscure transfers of criminal proceeds, e.g. with payment for fictitious goods and over- or under-invoicing of goods that are actually shipped (so-called trade-based money laundering). International organizations such as the FATF and Wolfsberg Group have published reports on trade-based money laundering, and both the EU’s supranational risk assessment and the Danish national risk assessment in the area of ​​money laundering state that the area involves a high risk of money laundering.

It is therefore an area that, in the opinion of the Danish FSA, must receive increasing attention in the banks. 

The monitoring of trade finance transactions in Danish banks has largely been based on the fact that the transactions are predominantly handled manually by specialists in the field. However, this is not sufficient in all cases, especially if the bank has a large number of trade finance transactions. Going forward, the Danish FSA will in its supervision focus on whether the banks have sufficient supervision in the area, including increased use of IT-based supervision, where this is necessary.

Capital market transactions are often not adequately monitored

Transactions related to trading in shares, options and other capital market products in the banks are typically subject to in-depth monitoring aimed at detecting and preventing market abuse. However, this monitoring is not aimed at detecting transactions that may be linked to money laundering and terrorist financing, for example by blurring transfers of criminal proceeds through leveraged investments, and there is often no systematic monitoring of this. For example, it is usually not aimed at monitoring whether it is transactions that are customary for the customer.  

In the same way as in connection with the trade finance area in the future, the Danish FSA will focus on whether the banks have adequate supervision in the area, including the adequate use of IT-based supervision where this is necessary.

The procedures for examining alarms are not always sufficient

Of course, it is not enough that the IT-based monitoring provides alarms to the right extent. It is also crucial that the investigation that then takes place in the banks’ money laundering departments has the necessary quality. Good procedures and internal controls regarding the processing of the alarms from the monitoring are central, just as training of the employees is important.

This means, among other things, that the results of the surveys must be noted and the documentation obtained in connection with the surveys must be attached. The quotations must be of such a quality that they can subsequently be used by the bank itself for monitoring and by the relevant authorities to check compliance with the rules.

There must also be adequate procedures and internal controls, which partly ensure a uniform assessment, partly e.g. prevents employees from abusing their position in connection with the processing of the alarms. An example of this is the principle that more than one employee should be involved in significant decisions (the so-called four-eye principle). This principle must be followed where relevant. This can be especially so when a complicated alarm is closed without notification.

Several of the banks had shortcomings in this area, and the Danish Financial Supervisory Authority assesses that the banks must continue to develop procedures and controls in this area. The Danish FSA will continue to focus on this.

Focus forward

The Danish Financial Supervisory Authority considers that the transaction monitoring in the Danish banks must be constantly adapted and improved in order to meet the new methods of money laundering and terrorist financing. There will continue to be a need for banks to spend significant resources on updating and improving their transaction monitoring and alarm processing.

In the same area, the area will continue to be a central part of the Danish FSA’s supervisory activity in the area of money laundering.