Detection of shell companies in transaction monitoring
During a review (an audit), the Monetary Authority of Singapore (MAS) detected a security gap, that was reported to the affected bank as a regulatory finding. As a counter measure, it was intended to implement an automated solution for the exposure of offshore companies in the transaction monitoring of Oracle’s Mantra system. In doing so, technical possibilities had to be evaluated, and a process had to be set up, that identifies offshore companies within a transaction while simultaneously reporting back any findings to an AML system.
Regarding so-called high-risk entities (e.g., offshore companies), a standard scenario, within AML solution Mantras, was identified, that could be used to close the existing risk gap. Based on this scenario, by matching these high-risk entities with watchlist entries, offshore companies, that were involved in transactions can be identified. In order to implement this watchlist, two essential process steps need to be aligned and established. A first step had to make sure, that potential offshore companies, stemming from various sources, are merged in a single list, whose date quality needed to be examined and the list itself be centrally stored.
In a second step accountable personnel had to be nominated and enabled, to consign the list in an agreed upon format in the transaction monitoring system. Following a test phase, further tuning activities, as the calibration of threshold values, to create hits ensued.
During the final transfer to production, the scenario was put into service within Mantras and a process was established, to ensure a regular update of the watch list on both ends of the security anchors. All identified offshore companies are actualized in a global data lake on a daily basis. From this data lake, accountable employees receive a monthly automated list, that can be placed in the transaction monitoring system as a watchlist, before executing the monthly batch run of the system. All optimizations were documented in an audit-proof manner, thus allowing the company to close the security gap, found by the MAS.