All the financial institutions we’ve worked with have deployed a transaction monitoring system that alerts the bank to suspicious activity. Sophisticated financial institutions have entities exhibiting unusual activity automatically sent to the due diligence team for review. This review results in the KYC information for that entity being updated.
Firms also monitor or refresh their customer and counterparty due diligence information on a regular schedule: high-risk entities every six months to a year; medium-risk entities every two years; low-risk entities every three years. Some larger banks monitor their customers much more closely, screening entities on a daily basis against commercial databases of Sanction List hits and adverse news.
Ongoing Monitoring–Regulatory Highlights
BSA/Patriot Act: “As due diligence is an ongoing process, a bank should take measures to ensure account profiles are current and monitoring should be risk-based. Banks should consider whether risk profiles should be adjusted or suspicious activity reported when the activity is inconsistent with the profile.”17
FinCEN: “Based on past efforts and ongoing industry and regulatory consultation and outreach, FinCEN believes that an effective CDD program includes conducting ongoing monitoring of the customer relationship and conducting additional CDD as appropriate, based on such monitoring and scrutiny, for the purposes of identifying and reporting suspicious activity.”18
FATF: “Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of the relationship to ensure that the transactions being conducted are consistent with the institutions knowledge of the customer, their business and risk profile, including, where necessary, the source of funds.”19