The Czech National Bank (ČNB) published a supervisory benchmark for client checking via transaction monitoring – this in reaction to repeated shortcomings found in this field. Transaction monitoring is an integral part of measures aimed at uncovering and investigating suspicious deals. The new benchmark covers the regulatory basis, monitoring set-up and settings, transaction risk assessment, and the follow-up action that must be taken by liable parties.

Liable parties must act in accordance with the so-called risk-oriented approach – that means considering risk factors related to clients, country of origin, products, services, transaction, and supplier chains. However, according to ČNB, the liable parties fail to continuously adapt to the changing risk factors and their internal regulations are also insufficient, with operating procedures and methodological guidelines lacking instructions on how to evaluate scenarios, set up thresholds, update parametric data and lists, investigate alerts, and place clients on whitelists.

According to ČNB, quality, integrity, completeness, and correctness of input data are absolutely essential for efficient transaction monitoring, with invalid or incorrect data causing high error rates in transaction risk detection. Flaws in data collection originate during entry or regular client checks already when these are performed poorly or not at all.

Is monitoring transactions between accounts of one client, or between clients who fall under the same liable party necessary as well? ČNB believes that “the term trade for AML purposes refers to any conduct that could potentially lead to the laundering of proceeds”. Liable parties should apply a risk-based approach in their operations and have a defined set of internal transaction types labelled as higher-risk in terms of AML (Anti-Money Laundering), based on a previous assessment. According to ČNB, excluding one client’s internal transactions or transactions between clients of the same liable party from transaction monitoring without previous assessment and evaluation is unacceptable.

Nonbank financial institutions
are generally riskier in terms of AML, which is why clients must be checked more thoroughly as well. Banks need to have access to sufficient information about clients of nonbank financial institutions, as well as information on how these institutions manage AML risks. This means having access to the following information:

  • the quality of the AML rules and procedures applied (the Wolfsberg AML questionnaire as a stand-alone source is considered insufficient by the ČNB),
  • the business model,
  • possible deals nonbank financial institutions offer to their clients,
  • the structure of the client portfolio served by the nonbank financial institution (to assess the country-of-origin risk factor),
  • the countries from/to which transactions will be directed,
  • penalty risk management.

Banks should consider risk factors and information received during the check when they set up their specific detection scenarios.

ČNB also points out the importance of transaction monitoring of accounts of investment vehicles as well. Monitoring incoming and outgoing payments on a client’s current account is not an effective way to monitor suspicious transactions.

Moreover, ČNB discusses IT and information systems requirements, with the ability to work backward to reconstruct the key processes and having clearly defined processes for changes and development of information systems being most important. Any outsourcing of systems or processes must be managed properly too, and data must be backed up regularly.

Alert investigation time limits

According to AML regulations, banks must uncover (create an alert) and investigate (look into the alert) suspicious transactions within “a reasonable time period” – something to consider when setting up timeframes for alert creation and investigation. “An alert created by a scenario designed to monitor daily or weekly transaction history must be processed immediately or within a couple of days at most. An alert created by a scenario monitoring longer stretches of transaction history (weeks, months) or working with more complex conditions (like cash flow changes, money flowing within ESS/ESSO) should be processed within a month”, says ČNB.

When alert conditions are met but the alert itself is created weeks later, such process is also deemed insufficient by the ČNB which points out that alerts take too long to investigate (dozens or even hundreds of days). In our opinion, the time frame for alert investigation starts on the day the monitored transaction took place, not on the day the alert was created. And when a bank closes an alert without submitting a report of a suspicious deal, the reason given for such a decision must be well-documented, along with all conditions and information that were considered in the evaluation of the said alert.

Our services

  1. We will assess the effectiveness of your internal AML/CFT (Anti-Money Laundering / Combating the Financing of Terrorism) management and control system and your risk assessment system in the context of the products and services you provide. We will get to know your regulatory base and suggest steps for improvement.
  2. We will put your transaction monitoring to a test, evaluating the settings of your detection scenarios and proposing procedures to meet the benchmark requirements. We will also take a good look at your source data and its quality, providing advice on what needs to be monitored in investment vehicle accounts and where to find information you need to run checks.
  3. We will set up a process to evaluate the clients of nonbank financial institutions and suggest appropriate steps to implement further improvements.

Read ČNB ’s full Supervision benchmark 2/2023 here.