During 2007, HKMA completed a round of thematic examinations of selected banks focused on transaction monitoring. While banks have generally established appropriate MIS reports for transaction monitoring, the systems and procedures of certain banks are not considered to be sufficiently effective, having regard to the types of business activities they engage.
The guidance paper seeks to highlight the essential features of an effective transaction monitoring system. Some of those major detailed guidances are set out below:
- Good understanding of customers and updating of their risk profiles on a risk-sensitive b basis are important elements of an effective transaction monitoring system.
- The monitoring system should comprise two components: (a) monitoring by front-line staff; and (b) monitoring of past transactions.
- Front-line staff are in the best position to identify unusual activities because they know most about the customers. They should be well trained to perform this function.
- Periodic MIS reports should at a minimum cover the following transactions: cash transactions, wire transfers, cheque transactions, loan payments and prepayment, and reactivation of dormant accounts followed by unusually large or frequent transactions.
- The current transaction should be compared with the past transaction patterns and risk profile of the customer.
- Suspicious transactions identified by the system should be carefully investigated and followed up.
- An automated transaction monitoring system should be used but it can't replace human awareness in detecting unusual or suspicious activities.
- Parameters or criteria used to generate monitoring reports require regular review and updating.
This guidance paper may not be very practical but at least it alerts us to a more serious attitude towards transaction monitoring.
Those guidelines are more useful to bank accounts than securities accounts.
ReplyDeleteI wonder how many securities houses have ever made reports to the JFIU? So far, I suppose people in the securities industry are hesitate to make STR. One of the reason, I guess, is because it is rather difficult to "judge" transactions are suspicious even by the lowest standard.