What does ongoing monitoring or periodic reviews of a customer involve and why are they so important?
By Michelle Bailey
Regulation 28(11) of the MLR 2017 states that “The relevant person must conduct ongoing monitoring of business relationships, including -
a) scrutiny of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile;
b) undertaking reviews of existing records and keeping the documents or information obtained for the purpose of applying customer due diligence measures up-to-date.
A Hard-hitting fact
Several firms still aren’t getting it right which has resulted in some of the largest FCA fines ever being issued in the past two years:
June 2020 Commerzbank, London branch fined £37.8 million by the FCA for AML failings including their ongoing review processes involving both customer due diligence and ongoing transaction monitoring.
April 2019 Standard Chartered Bank fined £102.2 million by the FCA for poor AML controls including their ongoing monitoring processes.
So, what is ongoing monitoring?
Ongoing monitoring involves checking to ensure that a customer’s transactions are in line with what is expected of them based on a firms existing knowledge of that customer and respective peer group. It also involves refreshing a counterparties CDD documentation to ensure documentation is kept up to date and that the risk category applied to them is either the same as it was when they were originally onboarded, or is amended to reflect any changes that may have occurred since previous reviews. Customers can undergo a number of changes in their lifespan such as name and address changes, changes of ownership or if a new sanction or embargo becomes applicable. Whilst firms would likely be notified of material changes, an ongoing review ensures that anything which has not been brought to their attention is captured and reflected in the client files.
I once completed a review on a customer who was regulated when they were originally onboarded, however just before their three-year review cycle they became unregulated and became a “UK corporate body”. Due to the nature of the customers activities, their structure and ownership, they went from being classified as low risk to high risk and therefore required a more frequent review going forward, and enhanced due diligence.
The frequency of ongoing monitoring and review should be determined by the level of risk associated with the relationship and the cycles upon which ongoing monitoring takes place will be determined by a firm’s risk appetite. Typically, low risk counterparties are reviewed every three years, medium risk counterparties every two years and high-risk counterparty relationships every year, as they are subject to enhanced on-going monitoring. Some firms risk appetite dictates that reviews are carried out on a more regular basis and some customers may even require a review before every transaction. Furthermore, applying Simplified Due Diligence to a customer or transaction does not remove the obligation to conduct on-going monitoring, although the level and extent of this may vary in order to reflect the lower level of money laundering and terrorist financing risk which has been assessed. Ongoing monitoring involves ensuring we continually know who our customers are, which links back to one of my previous blogs (Know Your Customer. What does this actually mean and who is responsible?)
Transaction Monitoring is also a key element of an AML framework and ongoing customer reviews. A risk-based approach to transaction monitoring will take the inherent risks of the products, services, and volume of transactions into account. Methodologies for transaction monitoring may include:
Profiling. This is where the customer’s account and transaction history is compared to their specific profile information and that of the relevant peer group, in order to create a clear picture of a customer’s activity.
Rules based parameters which define fixed pre-set thresholds to determine unusual activity, such as an abnormal size or frequency for that customer or peer group, or geographic destination.
Firms also need procedures in place for dealing with dormant accounts, ensuring there is a process for identifying reactivation and also for customers who haven’t had any contact with the firm for some time.
Why is ongoing monitoring so important?
JMLSG guidance states that by monitoring customer activity we can identify any activity which appears to be out of the ordinary or unusual. If there is any activity that appears unusual and cannot be explained, then there is a chance that this could relate to money laundering and terrorist financing. Continual monitoring allows firms to risk assess their customers and helps to know their customers in order to create greater confidence that the firm is not being used as a vehicle for financial crime.
Ongoing monitoring is designed to help prevent financial services being used to facilitate money laundering, terrorist financing and proliferation financing. By continually reviewing a customer’s activity and CDD, firms ensure they can spot and report any suspicious activity. It allows patterns and trends to become evident and this is paramount for detecting potential criminal abuse.
The fines from the past two years show that firms are not always placing enough emphasis on the importance of ongoing reviews. Firms can tend to place more resources onboarding new customers rather than allocating resources to ongoing monitoring, meaning that backlogs occur which leaves a firm vulnerable to potential harm. Staff often aren’t aware of the importance of ongoing monitoring due to insufficient knowledge and training, which can lead to this process being given low priority. It can also be the case that senior management need to engage more frequently to set the right tone, sending the message that ongoing monitoring is a key part of any anti-financial crime framework.
Ongoing monitoring is, of course, a fundamental component of an anti-financial crime framework, its importance cannot be underestimated.
Beyond the regulatory obligations, all of us should keep in mind that anti-financial crime controls exist to starve criminals of resources, and ongoing monitoring will support that objective. At Shapes First we can help you to understand how your products and services might be vulnerable to criminal exploits, we can also provide CPD certified training for your staff. If you would like to have an initial discussion, get in touch.