Payment institutions Wwft & Sanctiewetgeving

Transaction monitoring at payment institutions: a challenging task

10 min reading time

No financial institution can escape the supervision of the Money Laundering and Terrorist Financing (Prevention) Act (Wwft). After ING and ABN Amro were fined by the Dutch Central Bank (DNB) for a lack of compliance with the Wwft, Rabobank has received a draft instruction too. In order to meet the obligations arising from the Wwft, banks have invested large amounts of money and manpower in improving their transaction monitoring. Because of the large number of transactions, efficiency remains important. Therefore, traditional methods such as simple business rules are increasingly being exchanged for complex, advanced machine learning techniques.


The previous article about payment institutions and the Wwft touched on several challenges that these institutions may face when dealing with the Wwft and the Sanctions Act 1977 (SW). Among other things, the establishment of a transaction profile and its monitoring was discussed. In this second article, Mark Croes from RiskQuest and Remco Voogt from Charco & Dique elaborate on transaction monitoring and the recent developments in this field. We will see that payment institutions still have big steps to take. At the same time, this is also an opportunity to make use of the lessons learned at banks, and to set up transaction monitoring properly and efficiently from the get-go. In this way, payment institutions can remain efficient and retain competitive advantages.

Pre- and post-transaction monitoring

Transaction monitoring can be divided into two categories:

  • In pre-transaction monitoring (also called transaction filtering), various checks are done before the transaction takes place. Here the focus lies mainly on preventing violations in the area of financial or economic sanctions, for example trade in weapons or transactions to sanctioned countries.
  • In post-event transaction monitoring or simply transaction monitoring, after the transaction has been done, there is a check for “unusual transaction patterns and client transactions, which by their nature pose a higher risk of money laundering or terrorist financing.” [1]


In the remainder of the article, we will mainly focus on the second category, post-event transaction monitoring. This involves everything that is done after the transaction has taken place. Once client transactions have been processed, various methods can be used to look for unusual transaction patterns.

Developments in post-transaction monitoring

The post-transaction monitoring landscape has seen a period of much innovation in recent years due to increased investment. Previously, business rules (decision rules) were mainly used to flag potentially suspicious behavior. This involves, for example, sending a signal when a customer spends more than an X amount of cash.

The disadvantage of these business rules is that only known forms of money laundering, terrorist financing etc. are detected. After all, a specific business rule must be written that then only identifies those transactions as potentially suspicious. In addition, it takes a lot of effort to keep track of all these business rules, since they are essentially large fishing nets to catch certain behavior. Experience shows, however, that it takes a lot of manpower to pick out the real cases of money laundering or terrorist financing. Therefore, machine learning techniques have been used for some time now. These techniques use a complex algorithm to recognize certain behavior. Within machine learning, there are two types: supervised and unsupervised.

The downside to business rules is that only known forms of money laundering and terrorist financing are detected.

Supervised learning

Supervised learning uses data with a label. The label indicates whether certain behavior is undesirable or not. These labels are available if there is historical data that has been investigated for money laundering, terrorist financing or other undesirable behavior. The computer then learns to make a connection between the data and the label. This data can consist of all kinds of “features” that describe transaction behavior. For example, the number of international transactions that a customer makes in a given period, but also features that describe the customer himself, such as age. The algorithm then learns to make a connection between the labels and these features. The trained model can then be applied to new transactions to recognize undesirable behavior.


Unsupervised learning

But oftentimes, a payment institution does not have access to historical data with known instances of unlawful behavior. Or that it is looking for still unknown forms of such behavior. This is where unsupervised learning can be useful. Unsupervised learning involves algorithms that learn without the use of labels. Here it is unknown which historical transactions are undesirable, but the algorithm learns to recognize “normal” behavior. Since the majority of customers do not make criminal transactions, the algorithm will learn that this is normal behavior. Any deviations from this will be flagged as unusual. This does not mean that deviations by definition involve money laundering or criminal behavior, but they are worth looking into.

Transaction monitoring at payment institutions

As the number of fintechs such as payment service providers increases, so will the amount of data available to these service providers. At the same time, the need for a good transaction monitoring framework at these service providers will also increase. After all, they now form an important link in the transaction landscape and must ensure that their services are not used by criminals. This provides both opportunity and urgency to make great strides in setting up this framework. In 2016, DNB already conducted a thematic study “post-event transaction monitoring at payment institutions“, and the attention paid to these payment institutions will not diminish any time soon.

Payment institutions still have major steps to take when it comes to transaction monitoring. This is precisely why it is important to make use of the lessons learned from traditional banks.

'Lessons learned'

Payment institutions still have major steps to take when it comes to transaction monitoring. This is precisely why it is important to make use of the lessons learned from traditional banks. In this way, payment institutions do not have to fall into the same pitfalls. Below are a few examples of these lessons learned:

  1. Combine business rules and machine learning

An important lesson is to make use of machine learning techniques, in order to limit the time-consuming work of creating and maintaining business rules. It is not recommended to replace business rules, but a combination of both techniques is ideal. As discussed, in the initial phase unsupervised will be more suitable given the amount of labeled data.

  1. Combine transaction monitoring and customer research

It is also possible for payment institutions to use intelligent models to recognize certain suspicious patterns among customers. This could include merchants or web shops where the customers often use multiple payment service providers within a single transaction. This adds an extra layer so that the origin of the transaction is even harder to trace. If this happens remarkably often with a particular web shop, it may indicate that this shop is not acting bona fide. In this way, transaction monitoring can strengthen the customer research.

  1. Share information with other financial institutions

As the data on criminal behavior and parties involved is expanded, it can be used for network analysis. This allows payment institutions to identify any clusters involved in criminal behavior. In an ideal situation, these insights are also shared among payment institutions themselves or with traditional banks. This makes it easier to detect rogue entities, and at potentially lower cost.

PSD2 advantage

In addition to learning from the best practices of traditional banks, payment institutions can also take advantage of the benefits that PSD2 brings. The introduction of PSD2 allows payment institutions to do an analysis on historical banking transactions with the consent of this potential customer. This will allow them to already screen prospective customers during the onboarding process and create an expected transaction profile. This transaction profile will then serve to better recognize deviant behavior from the expected profile. An intelligent tool that can be used for this purpose is the RiskQuest Navigator, which provides insight into the customer’s profile during the screening process.

The right balance

Fintechs, including payment institutions, can learn a lot from the developments in transaction monitoring at banks. It is important to get transaction monitoring right the first time, so that an efficient and scalable system is created that helps fintechs maintain their competitive advantages.

At the same time, it is important to pay attention to the specific risks and characteristics that payment institutions have to deal with, such as the international nature of the transactions. In certain cases, payment institutions will have to make different choices from banks, for example because the payment institution has more or less information available in certain cases.

Want to know more?

Our consultants can provide you with a proper interpretation of the Wwft requirements and translate them into your daily practice. In addition, our specialists have developed an e-learning course on transaction monitoring. This training enhances your understanding of the legal requirements in the area of transaction monitoring and helps you to practice the skills you need to monitor transactions effectively.

Transaction monitoring e-learning Get in touch