Sharper cross-border monitoring

Brief

An international bank required an independent assessment of whether its transaction monitoring (TM) framework was truly fit for purpose across a growing, cross-border business. The challenge extended beyond scenario performance alone. Leadership needed clarity on whether data, coverage, control design and governance were sufficiently robust to support effective and proportionate monitoring across different products, customer types, and jurisdictions.

The bank’s monitoring environment supported a broad mix of activities, including corporate banking, financial institutions, trade finance, treasury, and capital markets. HKA was asked to assess whether the TM framework adequately reflected this complexity, including the risks associated with correspondent banking, trade finance, money laundering, sanctions, terrorist financing, and proliferation financing.

The review also needed to address a critical governance question increasingly relevant to regulated firms: how much assurance did the bank have over third-party, vendor-managed elements of its monitoring architecture? In this case, important parts of the extraction, mapping, and conversion logic sat outside the bank’s direct control, limiting transparency over how monitoring data was transformed before entering the TM system.

What we did

HKA conducted an independent assessment of the bank’s TM framework, focusing on the design and integrity of the control architecture. This involved reviewing the core end-to-end components of the TM framework including, data inputs, customer and product segmentation, scenario design, typology coverage, scenario governance and the alignment of the TM controls to the bank’s underlying risk profile.

We assessed transaction monitoring across multiple branches and jurisdictions, reviewing whether the framework was appropriately calibrated to different business activities and risk exposures. This included examining whether scenario coverage reflected the bank’s key financial crime risks across its core products and businesses.

The assessment required a combination of technical analysis with practical financial crime judgement. Through document review, walkthroughs, and scenario assessment, we identified where the framework was already showing maturity and where more fundamental uplift was required, particularly in data lineage transparency, data quality, typology coverage, scenario governance and model explainability.

A key part of the engagement was identifying where vendor managed processes had become a control issue in their own right. HKA highlighted gaps in visibility over externally managed data and logic, and translated these into a practical agenda for stronger vendor governance, oversight, and assurance.

We translated those findings into a clear, prioritised roadmap that leadership could use to guide remediation and and strengthen the framework over time.

Outcomes

The bank now has a clearer, more strategic view of the effectiveness of its transaction monitoring framework across products, branches, and risk types. HKA’s review highlighted where the control environment was already showing maturity, and where structural weaknesses in data, scenario design, coverage, governance, and vendor oversight could constrain monitoring outcomes if left unresolved.

Just as importantly, the work gave leadership a practical roadmap for strengthening transaction monitoring as an integrated control architecture. Rather than treating TM as a set of isolated rules, the bank now has a stronger foundation for linking business risk, monitoring design, vendor managed dependencies and governance into a more coherent, explainable, and sustainable framework.

• All TM scenarios assessed against the bank’s AML, sanctions, terrorist financing and proliferation financing risk profile.
• Multiple business lines reviewed, including corporate banking, financial institutions, trade finance, treasury and capital markets.
• Product coverage assessed across FI loan solutions, FX, money markets, bond activity and trade finance-related flows.
• Cross-branch and cross-product risk and usage monitoring reviewed, with challenge on branch and product-specific calibration and governance.
• Targeted recommendations delivered across data, scenarios, coverage, governance, and model oversight.
• A stronger vendor oversight agenda identified, improving visibility over third-party data extraction, mapping, scenario dependencies, oversight, and explainability.