All AML/CFT reporting entities are challenged by a combination of ever-increasing and evolving regulations and legislation, and the complexity of the regulatory environment in which they operate. In a world where getting compliance wrong is not an option, the COVID-19 pandemic adds yet another dimension to what is already an involved situation. New compliance challenges linked to the outbreak are emerging, criminals are changing their behaviour to take advantage of the situation, and there’s widespread disruption to global financial markets.

It’s always best practice to continually review and improve your programme. But now there’s one more reason to consider how you need to update your processes, tools, and rules to make sure you’re compliant. With everything you have to do, it pays to find ways to simplify your approach and identify how can you get the highest return for your efforts. Reviewing your transaction monitoring rules and your approach to keeping them up to date is a great place to start. And it can have immediate effect now, as well as impact over time.

Rules are the backbone of any good transaction monitoring programme. But writing, tuning, and evolving them over time can be daunting and expensive. For reporting entities that have automated their AML programme, part of this reassessing means reviewing the rules you've set up in your AML software. Whether you use an automated system or a manual approach, how do you make sure your systems and workflows are working to remove risks and simplify processes? And how do you make sure your rules are not just effective but cost-effective?

The Jade team has helped scores of reporting entities and compliance teams—across multiple sectors and around the globe—implement, manage, and tune their rules over time. Working with great customers who have come up with good workflows and processes, we’ve come up with the following tips to help you during COVID-19 and beyond: 

1. Use what you know

It might go without saying, but it bears repeating – Your rules should always start with your risk profile. And you should use your internal expertise, experience, and business knowledge to create and improve your rules over time. As your rules run and you get data from your tools and feedback from the real world, you can use these insights to make small tweaks over time. Doing so will increase the sophistication of your rules and give you improved outcomes and fewer false positives. For COVID-19, this means you should become familiar with how money launderers and other criminals are exploiting the pandemic. This will help you decide whether you need new rules, simple tweaks to existing ones, or whether you have rules that already cover these scenarios. 

        Pro-tip for those considering or using automation software: Work with a platform that has useful reports to help you evaluate how your rules are working so you can evolve your AML programme. Choose one that gives you the flexibility to change rules yourself, one that gives you access to experts who can help you quickly.

2. Write a story

One way to describe a risk that needs a rule is to tell a story. This works when you’re creating new rules and when you’re reviewing and making changes. Telling a story is a great way to illustrate what a rule is for. At first you don’t need to worry about being precise or logical. The story is a starting point for a discussion and helps articulate the problem you need to solve with your rule in a way that’s easy to understand and discuss. Writing a story helps you create and test the precise logic of your rules over time.

Here’s an example of a story that helps build a rule to identify a specific pattern of suspicious behaviour:

A known risk in our business is deliberate overpayment, followed by a request for a refund. John Smith called to explain that he has “accidentally” overpaid his loan and wants a refund. His regular payment is $635 but he paid $6,350 and got a refund. He also asked for a similar refund 6 months ago.

“At Jade, we find story-telling a really effective method when you first implement Jade ThirdEye. It helps create an initial set of rules that will have an immediate impact without being overwhelming. It helps people hone in on what they need a rule to accomplish,” says Colin Dixon, Senior Product Manager for Jade ThirdEye.

3. Consider your data

First, knowing what data you have available is critical. You can’t write a rule if you don’t have the data to analyze it. For the example above, you would need to ask whether you can you unambiguously identify a refund transaction, for instance. And you would need to be sure the quality of the data is high enough to yield good results.

For example, if your risk profile identifies people living in a high risk country, but the customer’s country of residence isn’t captured or available to your transaction monitoring tools, or you only record the customer’s country if they're overseas, the rule has to assume that no country entered means the customer is local. 

Rules don’t like this sort of assumption. They work best with hard data. It’s not always easy to get the high-quality data and level of specificity you want, so it’s important to have continuous discussions with your IT team. In the meantime, make sure your rules are written in a way that takes your current data situation into account so you can rely on the alerts and information the rules are producing.

        Pro-tip for those considering or using automation software A system that can easily handle your organisation’s field naming and data conventions, rather than forcing you into a set format or labels, will make it easier for business users and analysts to understand, write, and update rules.

4. Build a good practice

In a recent customer webinar, over half our customers told us they review their entire set of rules at least once a year. Annual reviews are an important best practice to follow at a minimum. But our customers see the most success when they use annual or semi-annual reviews mixed with regular testing and team discussions. For example, one of our Building Society customers with a small team has a weekly team huddle to identify any potential updates based on changes in behaviour, data, feedback from the business, and the surrounding environment. This team was able to quickly tweak a few rules to address COVID-19 concerns. It also used information from its branches to build rules on the fly that identified and helped stop fraud.

Even early in the pandemic, ACAMS reported a shift in reporting entity behaviour. They noted that compliance officers are now reassessing their transaction monitoring approach to account for dramatic shifts in customer behaviour amid the global pandemic of the new disease. New information and behaviour has emerged since then, and both are sure to change again in the future. Making sure your rules are up to scratch and your team is productive isn’t always easy. But it’s always important.

Learn what to look for in an automation tool that uses rules to monitor transactions.

If you found this article insightful, make sure to register your free pass to the Financial Crime Virtual Summit to learn more on transaction monitoring and best practices to combat financial crime. 

Register here: https://www.iqpc.com/events-financial-crime-covid-19/