What Are Your Analysts Doing All Day Long?
Considering how terrorists and extremist groups often take elaborate steps to mask their real identities, how can a compliance analyst be expected to identify who they should be flagging? The answer to this question will also answer the other age-old HR resourcing question - "you need 12 analysts on your team? What on earth are they going to be doing all day?"
Stage 1: Reviews just for reviews' sake
The first thing you should know is that there are three parts to the process of transaction monitoring and the first stage is what I like to call ‘checkbox compliance’ where you spend most of your day sifting through false positives. This is the process of ensuring that the most basic and obvious violations don’t make it past your filters. Imagine if a known terror group decided to be cheeky and use their annual name in a transaction, you don’t want to be the analyst or institution who allowed the transaction to go through without any investigation whatsoever. What this would look like in a real-life case would be a banking transfer for $5000 made with the transaction description DPRK Supreme Leader Nuclear Enrichment Donation and having it be dismissed without further review just because the analyst thought to themselves "hey no group would be that stupid, it's got to be a joke". A mistake like this would call into question the entire screening methodology used by your company.
In reality, though, most of these flagged transactions are going to seem so obviously irrelevant (to your human eyes, that is) that you may be completely surprised as to why you’re reviewing them in the first place. This in real life would look something like a transaction that was flagged for review because the payment was for an invoice to an Incubator but it hit the keyword filter for Cuba. There are ways around this which are discussed further in our insights article on Fuzziness and why it matters in AMLCFT.
Stage 2: What a tangled web we weave
The second stage would be analyzing the nexus of the transaction. This nexus refers to every touchpoint and stakeholder that relates to the original transaction. Among The things included are the corporate entity, their shareholders, beneficial owners, directors, senior management, their company or home addresses, shipping company used, and vessel names used to send the goods. Granted, what I just listed is not an exhaustive list, as the list of things you can check is staggering, while the list of things you should check is far more concise.
Now, the reason you do this second level of searching is to expand the scope of the red flags from just your basic name search in stage one, to cover all the possible proxies which a terrorist organization may use. This is because people tend to be creatures of habit or at least social animals that rely on the endorsements and recommendations of others. Perhaps you’ll find the transaction is tied to a shell company used by the terror group, or even a civilian company that has been put on a sanction list for dealing with terrorist groups in the past. There are also the usually preferred shipping partners used by terror groups because they are capable of getting cargo in and out of difficult ports or past customs and immigration. This is one of the key reasons that vessel names are listed on sanctions lists globally.
People don't start their lives out as terrorists, they work their way up and in the process they leave a paper trail of their activities and business affiliations which later they will try to cover up. This is where I'll take a moment to talk about how screening tools are so important, especially ones that are able to scan the entire transaction nexus and present both current and historical data. Doing this manually is possible, but a completely horrible allocation of resources if you begin thinking about how much time each review will take.
Stage 3: It's a numbers game
Now let's sum up the final stage, which is analyzing the transaction pattern itself. As in looking more at the numbers rather than at the names. At this point, you've already had something flagged due to a keyword, and you may or may not be able to dismiss it on that basis alone. But you now have to determine if there's anything suspicious about the transaction itself. Too big, too small, too frequent, or too ambiguous - many things can lead to a transaction being viewed as suspicious.
Now if you've gotten this far you've probably noticed that there's quite a bit to do in a day for an analyst, and that's just the investigation part. Next, they need to log everything down in a standardized (and pedantically thorough) format and where necessary decide if a transaction should remain blocked, released, or a 'Suspicious Transaction Report' filed to the authorities explaining everything that's transpired.
So in conclusion yes, HR I think I will be needing those 12 analysts.