Lessons Of The Transaction Lookback

Recent years have seen a growing list of financial institutions undertaking voluntary or regulator-requested reviews of previously performed transactions to identify unusual or potentially suspicious activity. Generally, the exercise is undertaken because regulators have judged that an institution's anti-money-laundering controls and transaction monitoring systems have been inadequate to surface and stop money laundering or terrorist financing.

Financial institutions engaged in the so-called "transaction lookback" face numerous challenges in a process that is typically long and labor-intensive. Rarely does an institution have the resources, or full range of expertise, to handle the lookback from the initial steps of extracting and sensibly compiling all relevant data through the stages of transaction investigation and if necessary, the filing of Suspicious Activity Reports (SARs). As a result, a host of AML consultants have sprung up to assist with some, or all, stages of the process, while software solution providers offer products to extract, test, and host the data under review. This article examines the investigative phase of a lookback, including preparation, analysis and reporting, and highlights the key components to the successful investigation of transactions to be reviewed during a lookback.


To best prepare for the investigative phase of the lookback process, it is critical to choose wisely the tool that will extract, test, and host the data under review. An optimal tool should be constructed on a risk-based model that allows for fine-tuning to appropriately assess the specific risks of the financial institution and the type of transactions being reviewed.

As it is typical for the period of transactions under review to be one year or longer, the original population of transactions can be arduously large. Based on a risk assessment, the tool should identify and extract from the original population those transactions that trigger potential indicators of risk for money-laundering and terrorist financing activity. Such an extraction isolates transactions necessitating review and creates a subset of data that is ultimately more manageable during the investigative process.

To further facilitate investigation of transactions, and thus the quality of SAR filings, the tool should query for commonalities to create groupings of wires that together appear to constitute a relationship among transacting parties for purposes of analysis. Such groupings may constitute the "cases" upon which investigation is ultimately conducted.

Only with the right review tool is a financial institution able to begin investigating its cases and parties to the transactions - itself a long, labor-intensive, and expensive undertaking.


Prior to setting analysts to the task of investigating cases, financial institutions must have guidance manuals and resources in place, with all necessary approvals, for the investigation and reporting of case-findings. The guidance must be thorough, specific, and consistent, and still provide for discussion and approval of special-case handling or one-off situations. At a high level, such guidance should cover:

Project objectives and background;

Institutional ethics and compliance policies;

Project oversight managers, institution organizational charts, chains of command, and contact information;

Case-routing and approvals processes; and

Discussion/appeals process.

Additionally, the manuals should provide specific guidance to project analysts and managers, with regards to the examination, investigation, analysis, recommendation, and subsequent writing of the case analysis and decision rationale. Such guidance should cover:

Functions of the transaction hosting tool;

Transaction examination process;

Process to choose parties for investigation;

Specific due diligence/investigative procedures;

Reporting templates;

Protocols for communications;

Underlying risk assessments, definitions, and assumptions;

Authorized investigative sources; and

Internal lists of authorized and unwanted relationships.

These resource materials can and should be updated throughout the project to stay abreast of changes or refinements to guidance as well as the identification of new investigative tools or information that may be relevant to other analysts in regard to their investigative process.


Transaction lookbacks can require large numbers of analysts, working over several months, in order to complete the investigative phase. It is likely that training will have to be conducted several times with different groups of rotating or expanding analyst teams.

It is also likely that the analyst teams will be composed of people with various professional backgrounds and experience, from the business and payments side to law enforcement, compliance, or regulatory backgrounds. Therefore, their expertise and skill-sets will likely be divergent, and training must be crafted to identify and enhance potential knowledge gaps, particularly in the following areas:

Transaction analysis, including flow of funds;

Bank internal instruction and coding;

Underlying risk assessments;

Investigative databases, sanctions lists, institution-specific lists, and compliance registries; and

Due diligence investigative protocols.

Consistency and accuracy in investigations, analysis, and reporting of a case are imperative; a financial institution's oversight committee, as well as regulators and auditors, will test case findings during the lifetime of the project as well as after completion of the project. Therefore, the continuing review of cases through a robust quality assurance process can assist with ensuring adherence to project guidance and procedures.

Organization and Teaming

Iterative review is key, and financial institutions can develop in-house project management and reporting structures that work best for their specific project needs. But all should have consecutive and independent review layers once a case is investigated, analyzed, documented, and reported by an analyst, and before a case reaches compliance for validation of the case decision, i.e., a "Recommendation to File a SAR" or a "Recommendation to Close" a case.

The data hosting tool in use for such a project should have built-in controls capable of monitoring the movements of cases through previously determined review channels, and an audit trail of promotions and demotions through the system should be clear.

Although analysts work independently on their cases, the creation of teams of analysts reporting up to the same reviewer can have the following benefits:

Collaboration and sharing of knowledge and experience;

Camaraderie, teamwork, and morale;

Increased consistency of investigation, analysis, and reporting; and

Increased accuracy of investigation, analysis, and reporting.

Additionally, such teams can be customized for special case-handling that deviates from the general investigative protocol. The need for special case-handling is often identified during the course of the project.

Case Decision Making And Likely Results

Because of the punitive nature of these projects, likely resulting from a finding of deficient control mechanisms, and through the very nature of the data-mining exercise and subsequent case creation, many transactions are likely to have characteristics and indicators of questionable activity. This exercise is designed to identify potentially suspicious transactions, entities, and patterns. Therefore, a financial institution should be prepared for a good percentage of cases being recommended for SAR filing, and should take steps to build a team of SAR preparers and implement the appropriate tools to efficiently prepare and submit the large number of filings.

A financial institution can build certain efficiencies into the investigative process by carefully developing guidance that lays out how transactions are to be examined for indicators of suspicious activity, which and how many entities in a given case will be subject to investigative due diligence, what resources and databases will be employed, and defining the thresholds and scenarios for decisioning transactional activity as suspicious or reasonable.

The level of discretion granted to an analyst should be clearly defined. Internal Compliance staff have access to a greater body of confidential information and knowledge that can allow for more informed decisions to file or close a case. Thus, there is an expectation that the institution will be actively involved in the decisioning process, rather than merely accepting the recommendation of an analyst.

Case Categorization And Special Case-Handling

Although every case will have its share of risk attributes, a good data hosting tool can additionally label and group cases by specific risk categories. Many of these are obvious: Potentially Sanctioned Countries, Prior SAR Suspect, 314(a) Request Entities.

Other categories can be specific to the business line of the financial institution involved or to the pattern of transaction activity evinced through the data-mining process.

Regardless of how deep and comprehensive the guidance is at the beginning of the project, it is likely that updated or clarified guidance will be required at varying points of the lookback. Every institution, and every lookback, has its share of cases and scenarios that have not been addressed in the guidance. Updated or clarified guidance can be developed to match the needs of a particular set of cases, and should be submitted for the same necessary approvals required for the initial guidance.

Such special handling can include accelerated due diligence on certain entities presenting predetermined obvious characteristics, the insertion of an additional layer of review because of the appearance of certain risk factors, or the inclusion of approved language specific to a particular case category. Special handling protocols should be subject to all necessary reviews, tests, and approvals prior to launch, and should be memorialized in an update to the guidance.

Communication And Collaboration

Whether the transaction lookback is handled entirely by a financial institution's own personnel, or whether outside contractors and/or consultants assist, frequent and regular meetings are essential to successful completion of the project. Analyst teams should meet regularly with their reviewers; secondary reviewers should have ongoing discussions with analysts and initial reviewers; and project managers should meet regularly with analysts and reviewers, as well as with compliance and operations. Ongoing dialogue and continuous reference to the project mandate and protocols will assist with consistency, accuracy, and efficiency through the long months of the investigative phase.

Begin work on a final report early, and schedule many hours for the data hosting tool technologist: In-depth data regarding the scope, refinements, and final results of the investigative phase will be needed, and expected, for final reporting.

Transaction lookbacks can take many, many months. The repetition and tedium of the long-haul can be hard on all personnel involved, and therefore, there is always a danger of a lapse in quality. Changing teams, as well as rotating the size and type of cases given to each analyst, can help alleviate project fatigue. Coffee and bagels on Friday mornings help, too.

KPMG Forensic delivers powerful thought leadership and breadth of resources that can help your financial institution address transaction monitoring issues to comply with AML legislation and international standards - from the USA PATRIOT Act and Bank Secrecy Act to OFAC and FATF. An experienced adviser can make a world of difference. For details, contact Laura Durkin at 212-872-5779, or ldurkin@kpmg.com.

Published September 1, 2007.