Denver, Colorado

TRANSACTION MONITORING BEST PRACTICES

FOR

BSA/AML REGULATION

PRESENTER: ANDREW SIMPSON

Agenda

• Getting the Data Right

• Analytics for Monitoring

• From Monitoring to Insights

• Realizing the Value

• Q&A

Getting the Data Right

Dimensions for Analytics

Customer

GeographicHousehold

*Transaction dimension excluded because presentation limited to WU activities.

Data Challenge

• Existence

• Completeness

• Validity

• Accuracy

Data Refinement

• Parsing

• Standardizing

• Fuzzy Matching

ParsingSource House Street Suffix City Zip Code State Country

234 Leader Ave, Denver, Colorado, 80327, United States 234 Leader Ave Denver 80327 Colorado United States

234 Leadr Avenue, Denver 234 Leadr Avenue Denver Colorodo

Leader St., Denver, USA Leader St. Denver USA

StandardizingSource Number Street Suffix City Zip Code State Country

234 Leader Ave, Denver, Colorado, 80327, United States 234 Leader Avenue Denver 80327 Colorado USA

234 Leadr Avenue, Denver 234 Leader Avenue Denver 80327 Colorado USA

Leader St., Denver, USA Leader Avenue Denver 80327 Colorado USA

Best of Breed RecordSource Number Street Suffix City Zip Code State Country

234 Leader Avenue, Denver, Colorado, 80327, USA 234 Leader Avenue Denver 80327 Colorado USA

Virtual Customer ID

• Fuzzy matching

• A unique ID

• This allows us to create a virtual single instance of the customer

• Apply similar concept to other dimensions (household and geographic)

• Still very valuable even without the fuzzy matching

Virtual ID Name Address ID Presented Certainty

100900212 Andrew Simpson 234 TRELAWNEY CIRCLECONYERSGA 30013

DL#0**~*33 100

100900212 Andrew Simpson 234 TRELAWNEY ROADCONYERSGA 30013

95

100900212 A. Simpson DL#0**~*33 90

Analytics for Monitoring

Driven by Risk Assessment

• What to monitor?

• Frequency?

• Focus on highest risk

• Segmentation

Thresholds

• Straightforward where amounts over threshold.

• Identify single customer structuring:

– Multiple transactions exceeding threshold within the day

– Intentionally staying below the threshold (e.g. $2,990)

Structuring

• Multiple transactions by a customer across locations to evade CTR filings.

• Individually below threshold but cumulatively above.

Hints

Benefits from refined customer and household data

Exclude noise like P.O. Boxes, blanks or invalid addresses

Make the time period for review a variable (i.e. don’t just use a day)

Smurfing

• Multiple transactions by multiple customers across locations to evade CTR filings.

• Individually below threshold but cumulatively above.

• May be to the same recipient.

Hints

Isolate all the suspected smurfs and then examine receivers for trends

Correlate the receiver with information from your network analysis – later in PPT

Flipping

• Receives a transaction and quickly resends or vice-versa.

• May keep a small portion (“fee”).

Hints

Make the timeline for the flip a variable and do “what-if” to see what works best

Make a distinction between a fee taken or not. Then examine other inbounds that are not flipped.

“Mules”

• Sending from and receiving at the same location.

Hints

Suggest you limit this to same location or city so as to not mix with flipping.

Make a distinction between a fee taken or not. Then examine other inbounds.

Networks

• Layering evidenced by a collection of smurfing, flipping, mules, etc.

• Correlation between senders and receivers

Hints

There are some good tools available to do this. However you can achieve something success with just summaries.

Multiple Customers - Same Address

Hints

Benefits from refined data

Exclude noise like P.O. Boxes, blanks or invalid addresses

Prioritize by number of customers or amounts sent or frequency

Single Customer - Multiple Addresses

Hints

Benefits from refined data

Reduce false positives by using more than just name (e.g. ID)

Prioritize by number of addresses or amounts sent or frequency

Inherently Risky

• Identifying transactions to and from “high” risk countries.

• Refer to Financial Action Task Force (FATF) website – fatf.org

Elder Abuse

• Treat transfers from elderly customers as higher risk

• Also correlate to high risk payout locations/recipients

• HQ Compliance should detect any structuring

Hints

Make the age variable by sex

Flag known recipients and trigger a red flag on future transfers

NGO/Charity/Religious

• Use keywords to detect

• Treat as higher risk transactions

• May be used for tax evasion and money laundering

Hints

Adjust thresholds for detection based on existing cases

Add new keywords over time

Collusion Detection

• Trending by locations and employee:– Falsified addresses (“ANYWHERE STREET”)

– Invalid or duplicated IDs

– Invalid or duplicated SSN

From Monitoring to Insights

By Locations

• What locations am I having a challenge with?

• What is the most frequent anomaly detected?

• What controls are failing?

Indicators

• Why did we allow the structuring?– Was not aware of the requirements

– Not structuring (false positive)

– Scared of customer

• What actions were taken?– Filed a SAR

– Requested additional details

– Rejected transfer

Realizing the Value

Risk Scoring

Customer VID: 900989873

Name: Paul Barton

Risk Rating: High

Indicators:Threshold Reached (6 red flags)

Smurfing (25 red flags)

SARs filed (20)

Using multiple addresses (4 locations)

Actionable Insights

• Identify what controls are not working

• Address root cause

• HQ Compliance should play oversight role

• Allow locations to play localized role

• History and context are important

• One platform to coordinate all activities

Q&A

Presenter:

Note that neither CaseWare nor Western Union is stating that these are the absolutely requirements for compliance. This presentation is intended to suggest approaches and provide examples to the participants.

Andrew Simpson Chief Operating OfficerCaseWare Analyticsandrew.simpson@caseware.com