Implementing Real-Time Inbound Payment Profiling: Are You Ready to Manage AML Issues?

By Robert Tharle & Adam McLaughlin

NICE Actimize recently released a new white paper on this topic, titled “The Moment for Implementing Real-Time Inbound Payment Profiling is Now: Are you ready to manage the AML issues?” by Robert Tharle and Adam McLaughlin, available to download here.

When I participated on a panel on Authorised Push Payment (APP) Fraud at NICE Actimize’s ENGAGE Client Forum in London recently, many organisations thought they needed to do inbound profiling, but few showed any concrete plans to implement this measure. There was a clear question at the front of everybody’s minds that day; could alerting and interdicting a payment here be construed as ‘tipping off’?

This got me thinking, were there any other anti-money laundering issues for financial institutions looking to tackle mules and APP fraud as a beneficiary bank? Moreover, why is there now momentum to change to real-time transaction monitoring, and what is the best approach to remaining compliant?

Looking at the UK’s 2018 fraud numbers according to UK Finance, both the level of fraud losses at c£450m via domestic payments are high and the mule accounts that facilitate these frauds are also high. These losses were spread over 100,000 cases, which after taking account of duplication and multiple layers, means the likely number of mules was in excess of 250,000 for 2018.

The majority of these mules are retail customers and most of the payments are domestic, and while usually considered to be low risk, the current level of fraud suggests this is not the case.

These statistics show that current controls around KYC, CDD and transaction monitoring, along with application and post application fraud profiling, are not working as well as they should, leading to half a billion pounds of money laundering.

This situation provides a clear trajectory towards the adoption of real-time inbound profiling for fraud, but this also clearly overlaps with AML and may not be as simple to implement as fraud processes, given the current regulatory landscape.

The law does not stipulate precisely how the monitoring should be performed; however, there should be a system in place to monitor behaviour against known money laundering typologies and accompanying red flags. This system will usually be run in batch and an alert may be generated for an AML investigator to review. The subsequent investigation will help to determine whether the transaction is suspicious and whether a Suspicious Activity Report (SAR) filing is required.

Real-time payment profiling brings with it additional AML considerations, not least the requirement to file a DAML SAR. If you are in the UK and suspect the funds are proceeds of crime, then you must not move the funds until you receive a defence from the UK NCA. Moving the funds means you have potentially committed an offence under POCA 2002, Part 7, Section 327, 328 or 329. A conviction for any of these offences can result in a significant custodial sentence.

When investigating potential money laundering offences, you also need to keep in mind the offence of “tipping off” (Section 333A). It is an offence for a person in the regulated sector to tip off a person suspected of money laundering that a lawful disclosure (SAR) has been made, or that there is a money laundering investigation ongoing, if the tipping off is likely to prejudice the investigation. In other words, does the tipping off serve as an intentional act by an individual to inform a suspect so that evidence can be destroyed, or action taken, which will likely hamper any investigation.

Fraud operations and fraud investigators need to consider AML legislation when looking at potential fraud on their client’s accounts. As a rule of thumb, if you suspect a fraud has occurred and the funds have left the victim’s account, then this is money laundering and will require a SAR filing consideration. If you are the receiving bank and have stopped onward transmission of the funds, then you need to consider a DAML SAR.

Do you have adequate information to form suspicion? If you suspect that the activity you are investigating is a criminal offence and the funds have been received as a result of those actions, then you should file a SAR. At this point, any enquiry to the suspect could be considered tipping off, although if it is done in good faith it is unlikely to result in criminal action.

If you have insufficient information to form suspicion and only have a hunch something is not right, then an enquiry to the account owner (even if they may be the suspect) is likely to be the next investigative step. A carefully worded enquiry is completely legitimate, providing you do not mention that you suspect their involvement in fraud or talk about the possible filing of a SAR to law enforcement.

Simply asking the individual about the transaction to which you are concerned, and seeking additional clarification about the purpose of this transaction forms the basis of a good investigation. I would even say that it is integral in building enough information to determine whether the activity is truly suspicious.

With the rise in the number of complex fraud cases, especially in connection with the rise of APP, there is both the opportunity and need to provide cross-skilling between fraud and AML teams. This can be assisted by utilising one case management tool across both areas with automated elements, such as SAR filing and entity views. Not only do high levels of automation mean that investigators are doing more investigating, and less admin work, workflow automation also helps avoid errors that could lead to further criminal conduct on the part of a fraudster.

Because the fraud investigator would have to think more about the AML issues than is typically the case, further training and guidance will become necessary. Reviewing KYC, transaction history including payments type, geographies or narratives would all need to be ingrained in the processes, along with the need for a SAR and whether the account should be closed or left for monitoring. Most fraud analysts may not have familiarized themselves with many of the AML processes up to this point.  

We’ve seen in our own experiences that it is perfectly possible to stop fraud on the inbound payment, without breaching AML legislation, and we have already seen where this would have a positive effect on disrupting the fraudsters and stemming the flow of funds in their direction.

Real-time inbound profiling may not be widely in place this year, but it is quickly becoming a necessary move that financial institutions will need to take.