Ongoing monitoring is a risk management component designed for financial institutions and other companies to systematically screen customers, their transactions, and related activities that would potentially help detect criminal behavior.
As regulations undergo constant changes, the consequences of making one wrong move for businesses are major. That’s why companies strive to manage the growing risks of criminal activity. This proactive approach serves businesses the dual purpose of avoiding getting tangled in non-compliance scandals or facing enormous penalties for failing to prevent fraud within their operations.
Let’s not forget the infamous Bernie Madoff Ponzi scheme. This fraudulent operation exposed notable lapses in JP Morgan’s operations. Madoff’s investment scheme claimed to have robust ongoing monitoring procedures, which, if properly scrutinized, could have triggered red flags and raised suspicions. However, the case was treated with a lack of transparency. Suspicious behavior alerts were disregarded, leaving the fundamental aspect of ongoing monitoring out of the picture.
On March 12, 2009, Madoff entered a guilty plea to 11 federal crimes, including confessing to orchestrating the largest private Ponzi scheme in history.
That’s why relying on conducting due diligence during onboarding and at periodic intervals is no longer sufficient. Businesses should implement ongoing monitoring to capture changes on time, update customer profiles, and continually assess changing risks.
We dive deeper into this process below.
The Definition of Ongoing Monitoring
Ongoing monitoring, also referred to as continuous monitoring, is a vital process in the company’s KYC/AML compliance program. It involves regularly checking and verifying customer information to ensure ongoing compliance with regulatory requirements and to detect any illegal or suspicious activities.
As explained in the FATF Recommendations, ongoing monitoring is the process of continuous examination of transactions and customer behavior throughout the entire duration of a business relationship. This process ensures the periodic review of key information, including collecting and verifying customers’ transaction history and other relevant details.
Key facts to remember:
- Ongoing monitoring helps determine whether specific customers, especially those of higher risk, need additional due diligence measures.
- This continuous practice ensures that the business and its activities stay current and in line with the customer’s risk profile established at the first stage of the onboarding process.
- Ongoing monitoring is a crucial component within the financial system, ensuring that companies consistently comply with their compliance requirements and prevent illegal activities.
What is the Goal of Ongoing Monitoring?
The primary goal of ongoing monitoring is to ensure compliance with laws and regulations, such as anti-money laundering (AML) and countering the financing of terrorism (CFT). On top of that, ongoing monitoring involves regularly updating customers Know Your Customer (KYC). This ensures that the information is accurate and up-to-date, also contributing to the purpose of AML compliance.
With ongoing monitoring, companies aim to improve three core business goals:
- Improve regulatory compliance
- Boost internal operational agility
- Increase the level of security and customer satisfaction
Financial institutions must regularly update and validate the data, documents, or information gathered during the customer due diligence (CDD) process. Consequently, this collected information is used to determine the risk level associated with each customer. That’s why ongoing monitoring aims to systematically manage periodic reviews of existing records, focusing on customers classified as higher-risk. That’s why, through the ongoing monitoring process, businesses can detect and address potential instances of financial crime.
Why is Ongoing Monitoring Important?
Incorporating due diligence and a risk-based approach, which involves ongoing monitoring, is important for effective fraud prevention. Failing to implement proper monitoring procedures means that businesses can face regulatory and reputational challenges.
Not only that, but the lack of ongoing monitoring can result in the business slipping through illegitimate practices or even money laundering. If that happens, it creates challenges for businesses and authorities to trace the money’s source and identify the involved criminals.
Similar tactics can be used by those financing terrorist organizations, using legal activities to obscure the destination and supplier of funds. As a result, it’s crucial for companies to establish a robust AML compliance program backed by ongoing monitoring processes.
Key Reasons Why Companies Implement Ongoing Monitoring
Companies use ongoing monitoring practices for multiple critical reasons, primarily because they aim to:
- Conduct a proper KYC process. Ongoing monitoring enables companies to identify and verify the identity of their clients while continuously monitoring their activities for any signs of suspicious behavior. This proactive approach helps build an ongoing KYC process rather than a one-and-done procedure.
- Prevent fraud and other financial crimes. This approach plays a pivotal role in helping companies detect money laundering, terrorism financing, and other illicit activities. Continuously checking customers helps mitigate potential crimes through the detection and reporting of suspicious activities.
- Comply with AML/CFT requirements. Ongoing monitoring helps businesses meet international AML standards and requirements, which require companies to proactively identify, assess, and mitigate the risks linked to money laundering, terrorist financing, and other financial crimes.
- Focus on high-risk customers. Secretive clients who don’t want to provide personal data and users with unusual source of funds pose suspicion, but Politically Exposed Persons (PEPs) or sanctioned individuals already fall into the high-risk category. As risk levels change over time and PEPs and sanctions lists evolve, ongoing monitoring empowers businesses to keep up with accurate data and ensure compliance.
If businesses detect suspicious behavior in customers’ account activity, they need to submit a Suspicious Activity Report (SAR) to the relevant supervisory institutions.
How Does the Process of Ongoing Monitoring Work?
The ongoing monitoring process works by regularly examining the customer’s data and transactions. This enables companies to assess any potential risks that may have emerged since the initial customer onboarding. It’s a continuous effort to prevent financial crime throughout the whole business relationship.
There are certain signs that expose an ineffective ongoing monitoring process, for example, if the company:
- Provides an inadequate response to law enforcement inquiries.
- Neglects red flags identified through suspicious activity monitoring.
- Fails to update customer information and adjust risk profiles.
- Avoids monitorig a diverse range of transactions and neglects to adjust screening patterns in response to evolving risk profiles.
The frequency of ongoing monitoring can vary. It’s based on the risk perspective established during the first onboarding and the specific characteristics, such as the customer’s risk level or the company’s operating industry and its specifics. It additionally involves other key processes, like conducting internal audits to ensure adherence to laws and regulations, as well as to identify areas for improvement.
Steps that Complete the Ongoing Monitoring Process
The ongoing monitoring approach obliges businesses to incorporate several steps, including:
- Assessing potential risks. This initial component in ongoing due diligence focuses on recognizing and evaluating the risks associated with all clients, transactions, and associated activities, for example, the risk of money laundering.
- Integrating internal controls. Afterwards, companies should establish their own controls to mitigate potential fraud risks. In practical terms, this involves incorporating solutions such as identity verification to authenticate customer data before processing transactions, as well as policies for transaction monitoring and the reporting of suspicious activities.
- Regularly monitoring procedures. To stay in line with AML requirements, companies monitor their internal controls. This involves scrutinizing clients’ transaction data, as well as personal information, to investigate any suspicious activity.
- Reporting suspicious activity. If companies detect suspicious activity, they should further investigate its legitimacy. Otherwise, a SAR should be filed with the appropriate authorities.
- Conducting audits. Businesses also shouldn’t forget to regularly review their ongoing monitoring efforts to ensure the process is working effectively and the data is accurate and up-to-date. These assessments serve as a means to uncover potential vulnerabilities in your ongoing monitoring process.
Businesses should continuously evaluate the overall risk of potential crime in their current operations, address any suspicious activities within the company, and have a comprehensive understanding of the impact of both local and global laws on general AML policies. Ongoing monitoring helps achieve this goal.
Examples of Checks Incorporated into Ongoing Monitoring
To build a comprehensive ongoing monitoring process, businesses conduct various checks. Typically, they include:
PEPs who hold prominent positions, along with their family and associates, are more susceptible to corruption and may present an elevated risk of money laundering or corruption. Over time, regular customers can change their status and become PEPs. This happens for various reasons, for example, if the individual wins an election. For this reason, after giving the client a PEP status, it is necessary to flag and review their personal information and, if needed, subject them to enhanced due diligence (EDD).
Adverse Media Checks
Additional negative news, also called adverse media, checks might be necessary during ongoing monitoring if the customer is featured in negative news media globally. Such a feature could also indicate a heightened AML risk. Companies that monitor clients’ public profiles can recognize shifts in their risk profiles more easily, safeguarding the business from reputational harm.
Ultimate Beneficial Ownership (UBO) Checks
Ultimate beneficial owners (UBOs) are individuals who ultimately own or manage a company. Unfortunately, criminals use complex ownership structures to their advantage. For this reason, using shell companies may indicate an effort to conceal criminal activities and facilitate financial crime. Ongoing monitoring helps scrutinize ownership changes, pinpointing individuals who might pose heightened risks to the business and allowing for timely and appropriate action.
Companies should monitor sanctions lists to confirm that their customers are not under sanctions, involved with, or transacting with a sanctioned entity. Similar to PEPs, these lists undergo frequent updates, with additions and removals of individuals and entities. For example, Russia’s war against Ukraine highlights that sanctions lists can change unexpectedly.
Organizations can integrate RegTech tools to track the presence of their clients or their associates in the news or on sanctions lists, like the Office of Foreign Assets Control (OFAC) list. Moreover, certain countries, despite not being on any sanctions list or global watchlist, may still pose a high risk of exposure to money laundering and terrorism financing. For these countries, maintaining an ongoing compliance program is essential to prevent your business from being entangled in financial crime.
When is Ongoing Monitoring Necessary?
After initiating a business relationship with a customer, it is crucial to consistently monitor this association according to the company’s risk assessment. The primary reason behind the necessity of ongoing monitoring is the evolution of customer profiles. During the course of engagement with a client, their risk level may undergo changes. For example, shifting from low risk to high risk, or vice versa.
Examples of changing ongoing monitoring risks can include:
- Alteration in the customer’s risk profile. For example, receiving the PEP status. Failure to identify and assess risks associated with the potential breach or evasion of targeted financial sanctions or PEP status changes can subject institutions to regulatory and reputational risks.
- Risks associated with high-risk or sanctioned countries. If a company is not located in the same region as the customer, this case should be treated with suspicion. Unexplained connections and the movement of money between different jurisdictions are also more likely to be linked to criminal activity.
To avoid risks, companies simplify this process using third-party automation tools to track changes in personal data and customer risk profiles, like AML red flags such as large deposits. Internal compliance teams also often use external data sources, including reviewing articles online (manually screening adverse media) and databases like public sanctions lists.
However, nothing can match AML compliance software and its capabilities, including ongoing monitoring features that help companies analyze vast datasets and identify potential risks in real-time, which wouldn’t be possible through manual monitoring processes.
Great news. iDenfy has all the needed tools for a compliant ongoing monitoring process. Don’t hesitate — book your free demo.