No financial institution can escape the supervision of the Money Laundering and Terrorist Financing (Prevention) Act (Wwft). After ING and ABN Amro were fined by the Dutch Central Bank (DNB) for a lack of compliance with the Wwft, Rabobank has received a draft instruction too. In order to meet the obligations arising from the Wwft, banks have invested large amounts of money and manpower in improving their transaction monitoring. Because of the large number of transactions, efficiency remains important. Therefore, traditional methods such as simple business rules are increasingly being exchanged for complex, advanced machine learning techniques.
The previous article about payment institutions and the Wwft touched on several challenges that these institutions may face when dealing with the Wwft and the Sanctions Act 1977 (SW). Among other things, the establishment of a transaction profile and its monitoring was discussed. In this second article, Mark Croes from RiskQuest and Remco Voogt from Charco & Dique elaborate on transaction monitoring. We will see that payment institutions still have big steps to take. At the same time, this is also an opportunity to make use of the lessons learned at banks, and to set up transaction monitoring properly and efficiently from the get-go.
Transaction monitoring at payment institutions
As the number of fintechs such as payment service providers increases, so will the amount of data available to these service providers. At the same time, the need for a good transaction monitoring framework at these service providers will also increase. After all, they now form an important link in the transaction landscape and must ensure that their services are not used by criminals. This provides both opportunity and urgency to make great strides in setting up this framework. In 2016, DNB already conducted a thematic study “post-event transaction monitoring at payment institutions” , and the attention paid to these payment institutions will not diminish any time soon.
Making use of lessons learned
Payment institutions still have major steps to take when it comes to transaction monitoring. This is precisely why it is important to make use of the lessons learned from banks. In this way, payment institutions do not have to fall into the same pitfalls. Below are a few examples of these lessons learned:
1. Combine business rules and machine learning
An important lesson is to make use of machine learning techniques, in order to limit the time-consuming work of creating and maintaining business rules. It is not recommended to replace business rules, but a combination of both techniques is ideal.
2. Combine transaction monitoring and customer research
It is also possible for payment institutions to use intelligent models to recognize certain suspicious patterns among customers. This could include merchants or web shops where the customers often use multiple payment service providers within a single transaction. This adds an extra layer so that the origin of the transaction is even harder to trace. If this happens remarkably often with a particular web shop, it may indicate that this shop is not acting bona fide. In this way, transaction monitoring can strengthen the customer research.
3. Share information with other financial institutions
As the data on criminal behavior and parties involved is expanded, it can be used for network analysis. This allows payment institutions to identify any clusters involved in criminal behavior. In an ideal situation, these insights are also shared among payment institutions themselves or with traditional banks. This makes it easier to detect rogue entities, and at potentially lower cost.
In addition to learning from the best practices of traditional banks, payment institutions can also take advantage of the benefits that PSD2 brings. The introduction of PSD2 allows payment institutions to do an analysis on historical banking transactions with the consent of this potential customer. This will allow them to already screen prospective customers during the onboarding process and create an expected transaction profile. This transaction profile will then serve to better recognize deviant behavior from the expected profile. An intelligent tool that can be used for this purpose is the RiskQuest Navigator, which provides insight into the customer’s profile during the screening process.
The right balance
Fintechs, including payment institutions, can learn a lot from the developments in transaction monitoring at banks. It is important to get transaction monitoring right the first time, so that an efficient and scalable system is created that helps fintechs maintain their competitive advantages.
At the same time, it is important to pay attention to the specific risks and characteristics that payment institutions have to deal with, such as the international nature of the transactions. In certain cases, payment institutions will have to make different choices from banks, for example because the payment institution has more or less information available in certain cases.
Want to know more?
You can read the full article on transaction monitoring at payment institutions here.