Oct 7, 2024

Oct 7, 2024

Oct 7, 2024

Industry

Industry

Industry

TCSPs have been overlooked by transaction monitoring system providers

Khalil Osman

I started my career in fintech specifically focusing on AML transaction monitoring. I spent a few years at Revolut building these systems. I also implemented one at Wio Bank. Many years later I find myself building the operating system for the trust and corporate services industry, with AML being a fundamental part of it. This has made me realize that the transaction monitoring solutions that have been built so far are not well suited for TCSPs, as they were primarily built for banks and fintechs.

To build a system that solves transaction monitoring for TCSPs, we need to rethink 3 key parts of the transaction monitoring process: data ingestion, transaction analysis and manual review.

Data ingestion

Banks and fintechs process transactions for their customers themselves so they have a complete record of these transactions. On the other hand, TCSPs will, at most, have access to their customer’s bank account and be able to initiate transactions; however, in some cases they might not have access at all.

This results in banks and fintechs having the transactions data stored in internal databases in a structured manner. TCSPs usually have to resort to PDF bank statements that they download themselves from their customer’s bank account or that the customer shares with them.

The transaction monitoring systems that are currently in the market provide great APIs to connect with other systems to allow for transaction data to be fed automatically. However, they are not well suited to ingest unstructured data, such as bank statements, so TCSPs are left having to copy transactions manually.


Comparing transaction monitoring in banks and fintechs vs TCSPs

Transaction analysis

When building transaction monitoring systems for banks and fintechs, there is a lot of emphasis on the rules that are set up to alert transactions for manual review. Given the unit economics of those businesses and the volume of transactions, it would be infeasible to review each transaction manually for every customer. Therefore, the systems are designed in a way where all transactions are processed but only the ones that meet certain criteria are reviewed by a person. This criteria is defined by an AML expert and is set so that it is able to identify when one or a group of transactions has a higher risk of money laundering or terrorist financing. 

A great amount of resources is dedicated to ensure that the rules are designed to detect unwanted activity and that once implemented they actually work as specified. In order to achieve that, some transaction monitoring systems include no-code rule builders, simulation environments and sample testing tools.

TCSPs tend to have a much closer relationship with their customers and often deal with customers that do few but large transactions. They will thus typically review all transactions manually on a periodic basis (for example, monthly or quarterly). What TCSPs need is a transaction monitoring system that reminds them of when they need to perform transaction monitoring, indicates whether they have included all bank accounts in their review and flags any missing transaction.

Manual review

Once a transaction (or group) has been alerted by the transaction monitoring system at a bank or fintech, a team of compliance specialists will review the transactions, perform further investigation, potentially request information from the customer and make a decision. The decision can involve closing the alert as a false positive or escalating for submission of a Suspicious Activity / Transaction / Matter Report. This is always accompanied with an explanation of the rationale for the decision.

As explained before, in the case of banks and fintechs, only transactions that meet certain criteria are reviewed, while TCSPs usually review all transactions. This means that in the case of TCSPs it is a lot more common that transactions being looked at by a person do not have anything anomalous. Examples of this are recurring transactions that, when alerted by the transaction monitoring system of a bank and reviewed, will not be alerted again for some time; however, a TCSP would review each transaction every time.

TCSPs need a system that aids them in the review of transactions by collecting information about previous reviews, flagging transactions that need more attention (e.g.: new counterparties, much higher amounts than usual) and reduces the effort in requesting information or evidence from customers to justify transactions (e.g.: invoices, contracts).

Conclusion

At Custos, we are building the operating system for trust and corporate service providers. We understand the importance of transaction monitoring for the sector so we have built a system that is catered to their specific needs. Our solution saves countless hours in data entry by ingesting bank statements and extracting the transactions automatically. It also generates alerts when information is missing or the review has not been completed thus avoiding fines due to non-compliance. Transactions similar to other transactions that have been reviewed before will be identified so that the previous investigation can be leveraged.

I started my career in fintech specifically focusing on AML transaction monitoring. I spent a few years at Revolut building these systems. I also implemented one at Wio Bank. Many years later I find myself building the operating system for the trust and corporate services industry, with AML being a fundamental part of it. This has made me realize that the transaction monitoring solutions that have been built so far are not well suited for TCSPs, as they were primarily built for banks and fintechs.

To build a system that solves transaction monitoring for TCSPs, we need to rethink 3 key parts of the transaction monitoring process: data ingestion, transaction analysis and manual review.

Data ingestion

Banks and fintechs process transactions for their customers themselves so they have a complete record of these transactions. On the other hand, TCSPs will, at most, have access to their customer’s bank account and be able to initiate transactions; however, in some cases they might not have access at all.

This results in banks and fintechs having the transactions data stored in internal databases in a structured manner. TCSPs usually have to resort to PDF bank statements that they download themselves from their customer’s bank account or that the customer shares with them.

The transaction monitoring systems that are currently in the market provide great APIs to connect with other systems to allow for transaction data to be fed automatically. However, they are not well suited to ingest unstructured data, such as bank statements, so TCSPs are left having to copy transactions manually.


Comparing transaction monitoring in banks and fintechs vs TCSPs

Transaction analysis

When building transaction monitoring systems for banks and fintechs, there is a lot of emphasis on the rules that are set up to alert transactions for manual review. Given the unit economics of those businesses and the volume of transactions, it would be infeasible to review each transaction manually for every customer. Therefore, the systems are designed in a way where all transactions are processed but only the ones that meet certain criteria are reviewed by a person. This criteria is defined by an AML expert and is set so that it is able to identify when one or a group of transactions has a higher risk of money laundering or terrorist financing. 

A great amount of resources is dedicated to ensure that the rules are designed to detect unwanted activity and that once implemented they actually work as specified. In order to achieve that, some transaction monitoring systems include no-code rule builders, simulation environments and sample testing tools.

TCSPs tend to have a much closer relationship with their customers and often deal with customers that do few but large transactions. They will thus typically review all transactions manually on a periodic basis (for example, monthly or quarterly). What TCSPs need is a transaction monitoring system that reminds them of when they need to perform transaction monitoring, indicates whether they have included all bank accounts in their review and flags any missing transaction.

Manual review

Once a transaction (or group) has been alerted by the transaction monitoring system at a bank or fintech, a team of compliance specialists will review the transactions, perform further investigation, potentially request information from the customer and make a decision. The decision can involve closing the alert as a false positive or escalating for submission of a Suspicious Activity / Transaction / Matter Report. This is always accompanied with an explanation of the rationale for the decision.

As explained before, in the case of banks and fintechs, only transactions that meet certain criteria are reviewed, while TCSPs usually review all transactions. This means that in the case of TCSPs it is a lot more common that transactions being looked at by a person do not have anything anomalous. Examples of this are recurring transactions that, when alerted by the transaction monitoring system of a bank and reviewed, will not be alerted again for some time; however, a TCSP would review each transaction every time.

TCSPs need a system that aids them in the review of transactions by collecting information about previous reviews, flagging transactions that need more attention (e.g.: new counterparties, much higher amounts than usual) and reduces the effort in requesting information or evidence from customers to justify transactions (e.g.: invoices, contracts).

Conclusion

At Custos, we are building the operating system for trust and corporate service providers. We understand the importance of transaction monitoring for the sector so we have built a system that is catered to their specific needs. Our solution saves countless hours in data entry by ingesting bank statements and extracting the transactions automatically. It also generates alerts when information is missing or the review has not been completed thus avoiding fines due to non-compliance. Transactions similar to other transactions that have been reviewed before will be identified so that the previous investigation can be leveraged.

Blog

Blog

Blog

Our latest blog posts