If you’re a regulated financial services firm operating with a banking, money transmitter or e-money license, or a virtual asset service provider adhering to the latest Financial Action Task Force (FATF) guidelines, then you’ll need a robust transaction monitoring solution (TMS).
Once your company has defined its risk management policy, you’ll know what types of businesses, geographies, and behaviors you are comfortable with and where to set your red lines. Now you are looking for options on how to balance your regulatory obligations with budgetary and customer needs. Can you do this in-house or should you partner with external TMS providers? What criteria should you use to evaluate providers? What can you expect once you roll out a solution? ComplyAdvantage Product Director, Arshi Singh explores the issue.
Step 1: To buy or to build? Key considerations:
- You understand your business and its risks best, making the idea of building a custom transaction monitoring system in-house tempting. Don’t make this decision based on your current needs alone. Think about your company’s long-term strategy and the scale at which you expect to perform transaction monitoring 3-5 years from now.
- In this fast-paced world, the emergence of new criminal behaviors and changing regulations mean the rules and logic of your transaction monitoring solution is built on the need to adapt constantly. Think twice before you decide to take on the burden of staying up-to-date with the latest risk mitigation practices yourself.
- The primary focus of your business and customers may not be regulatory compliance. Think about the opportunity cost of taking resources away from your core product for something that can be bought from a partner whose sole mission is solving financial crime. In-house systems can be time-consuming to build, expensive to maintain, and often have constraints such as a limited user interface, workflows that aren’t customizable and less flexibility to make changes quickly.
Step 2: Evaluating external providers. Questions to ask:
- Knowledge of anti-money laundering – Is the provider simply a tech layer or do they know the world of transaction monitoring? You are ultimately responsible for your own TM policy and rules. However, a good partner can keep you updated on the latest financial crime trends and regulations. They can help you stay on top of your TM process by sending you reports and sharing industry best practices thereby making your job as compliance leaders easier. They provide dedicated implementation support and account managers that take the time to understand your business and make industry-specific recommendations in the form of rules and scenarios. A great provider will have an integrated solution across transaction screening and monitoring for overall transaction risk assessment. They adjust monitoring based on dynamic customer risk derived from new information and ongoing transactional activity.
- Flexibility and ease of use – Can you customize the solution to align with your risk levels? A good solution allows you to segment your customers or flow based on your compliance policy. It organizes alerts to make it easy for your analyst to navigate through all the information needed to investigate suspicious activity and make a well-informed decision. It allows you to group transactions and alerts into a case and send suspicious activity reports to regulators. The solution enables you to manage the workload of your analyst team by distributing the work equitably. It makes the configuration of new rules quick and easy when reacting to shifting risk appetite and should allow you to test the impact of those changes with live data while maintaining a full record for auditors. Despite offering self-service features, there will be times when you need hands-on support. A good provider will have a responsive support team to help you when necessary.
- Agility and pace of innovation – Is your provider a legacy organization that takes years to make incremental changes or are they disruptors who can change the landscape of the industry with the use of technology such as artificial intelligence to uncover undetected financial crimes? For example, an industry-wide problem is the high rate of false positives. An innovative provider will offer superior solutions based on machine learning algorithms to separate false positives from true illicit activity and reduce your team’s workload. If you are in the cryptocurrency/blockchain space or considering serving customers in that field, you will need a provider that can cover both fiat and crypto monitoring.
- Scalability – Is your provider robust enough to handle your future growth? Ask your provider for SLAs on maximum volume and validate that against your current and projected flows. A good provider should be able to give you information on expected throughput and latency based on the complexity of your business and risk rules.
- Ease of technical integration – Does your provider offer quality RESTful APIs that are well documented? A good provider will have a cloud-based solution with 2-way APIs that allow you to integrate the output back into your system. They will make it easy to get information from your systems by ingesting a wide range of source formats and data types without needing a lot of custom work.
- Insights and reporting – Does your provider understand your needs and solve them with holistic solutions? Can they provide you with the ability to monitor the efficacy of your TM rules, review the efficiency of your team, and prepare reports for auditors and regulators? Do their dashboards and visualizations provide you with meaningful insights that are easy to understand without you / your team having to spend hours pulling data and formatting it?
Above all, you should pick the provider that covers the most critical compliance needs of your business. Make sure to ask for their product roadmaps to see where they’re headed and if that aligns with your needs.
Next steps: Implementation and beyond
Once you’ve selected a TM solution, how do you go about implementing it? And finally, how do you ensure ongoing compliance with your risk policies? Our next blogs will explore these questions in more detail.