“The game has changed” was a recent webinar series that examined the potential governance, operational, and regulatory impact that COVID-19 is causing within the entertainment industry around the world. With input from industry experts at various stages of pandemic-enforced lockdowns, speakers shared a range of insights regarding guest restrictions, stringent health and safety measures, and compliance pressures.
In the current situation of COVID-19, customer behaviours have changed – from buying volumes to retail channels – and they’ll change again as the impact of COVID-19 subsides. Each reporting entity has been affected differently too, with some even noticing differences between different locations. These changes have a direct impact on risk assessments, which likely means transaction monitoring programmes need to be amended accordingly to make sure they are fit for purpose.
The following points are generally relevant no matter how you are carrying out your transaction monitoring programme – automation, manual, or a mixture of both.
Know your starting point
Rules are the backbone of a transaction monitoring programme - they are the parameters through which suspicious activity is identified. Due to staff turnover and a lack of documentation, many reporting entities don’t know what their rules do or are intended to do – they’ve always been that way, so why change them?! Document rules and rule changes ensure business continuity and helps you understand their purpose, which makes optimising them significantly easier.
Sometimes, your starting point needs to be reset due to a significant change in your business or operating environment. When this happens, review your risk assessment and make the necessary changes to your AML programme. Should this change be temporary, that starting point may once again change, and further tweaks will need to be made. Just don’t assume that your risk analysis will be the same as it was, some changes may not be permanent.
Map your rules to your risk analysis
If you don’t have a risk, you don’t need a rule. Conversely, if you have a rule, it needs to map back to your risk analysis. Therefore, it is vital to monitor your risk profile and should that change, expediently adapt your rules or add new ones to make sure your AML/CFT programme remains compliant. COVID-19 caused changes to customer behaviour across the board, and as a result, we witnessed that approximately two-thirds of reporting entities adapted their AML programme to stay compliant and a proportion of the final third were satisfied their AML programme was sufficient.
Understand your data
Data is just as important as rules because it is what drives the quality and output of your compliance team’s efforts. Since most established businesses were set up to enable their primary tasks of servicing the needs of their customers, the collection of data for use in AML compliance reporting was not front of mind.
But even with the best of systems, it’s easy to fall into the trap of ‘rubbish in, rubbish out’. Without investing in best-practice data governance, employee training, etc., it is likely you’ll have an abundance of false positives – or worse false negatives. It sounds more complicated than it is, but doesn’t need to be, and support teams like we have at Jade ThirdEye are helping customers to transition their rules to more accurately reflect their current situation.
Change one rule at a time
When it comes to modifying rules to match your latest risk profile, take it one rule at a time. Change a rule and test it. Once you’re comfortable that it’s driving the right outcome, move on to the next rule. Trying to modify multiple rules at once will end in a mess. It only takes one of those rules to spoil the lot, and it can take some time to identify the offending rule.
Be specific with your rules
Specificity with rules is essential for generating the right outcomes in your AML programmes. In our experience, many reporting entities believe their rules to be more precise than they actually are. For instance, if one of your known risks is: ‘a customer making several deposits in a short time frame’, rather than saying several deposits, be specific and say more than three. If you mention a ‘short time frame’ do you mean one day, seven days, two weeks? These small details will help with the effectiveness of your programme. Being too vague will lead to false positives, which unnecessarily consume their valuable time.
Additionally, it’s also wise to periodically review your rules, as there are always internal and external changes that impact your risk profile and therefore the accuracy of your AML programme.
Don’t expect everything to work on day one
Your AML programme should be viewed with a long-term perspective. Clearly, you want your programme to succeed, but it might not happen on day one. There are many factors that can define the success of your efforts - the volume of transactions, the quality of your rules, the quality of data, the size of your compliance team, and so forth. Ultimately, it won’t be perfect in the beginning, but over time and with the right level of investment, it will improve.
If you want to discuss your transaction monitoring programme or want to see how our automated transaction monitoring system works, let us know below.