Anti Money Laundering; Everything I learned

I've been working in this FinTech company; they have a software which has a lot of modules like CKYC, AML, Screening, Insider Trading etc., but I'm working on the AML Module which detects money-laundering activities in Banks, NBFCs, Capital, and Commodity Markets. How? They have scenario-based software. They have a set threshold for all these scenarios. If the transaction, either a payment or a receipt, exceeds this specific threshold, it generates alerts. So, this software we are talking about has over 800 scenarios in all the segments. Banks and NBFCs use transaction files, payment gateway logs, UPI logs, Forex Transactions, Loan, and credit Records, etc. But what about Broking? Because we clearly don't get any transaction file in which it maps the investor to the broker/brokerage to the Depository Participant to the depository (CDSL/NDSL) and to the Clearing Member and to the exchange (NSE/BSE) and to the settlement at the EOD. The securities which the investor bought are only reflected on T+1 day, earlier it used to be T+2. So, when it comes to Broking, the stock exchanges release a few types of files every day at EOD which contain all the information we need to map the clients. These are the same types of files used by brokerage firms like Zerodha and Upstox (our clients) to detect ML.

The first file type is called the BhavCopy, which provides a daily summary of all traded securities, including opening, high, low, closing prices, and traded volumes. For instance, the BSE Cash BhavCopy file is named `eq_csv.zip`, and similar files exist for the NSE Cash and NSE FNO segments as well.

The next file is the Instrument File, which lists all tradable securities in a specific segment, including security symbols, ISINs, and market lot sizes. For example, the BSE Cash Instrument File is named `SCRIP.zip`, and there are corresponding files for NSE Cash and FNO segments.

Another critical file is the UCC File, which contains details of clients such as client codes, names, addresses, and personal information. The UCC file format differs for NSE and BSE but generally ends with `.LST` for NSE and `.TXT` for BSE.

The Trade Files record all executed trades for the day, with specific file names for each segment. For example, BSE Cash Trade Files are named `BR.`, while the NSE Cash Trade File follows the format `_.txt.gz`.

Depository Files from CDSL and NSDL contain valuable data for reconciliation. The CDSL files include the Client Master (DPS8) with client details, the ISIN File (CD03) with securities ISIN codes, the Transaction File (DP57) that logs all client transactions for the day, and the Holding File (DPM4) that records clients' securities holdings at the end of the day. The Price File provides closing prices of securities for specific dates.

Similarly, the NSDL files include the Client Master File (APOC) with client KYC information, the Security Master File (Sec Mast ISIN) with securities details, the Transaction File (TXN Download) summarizing daily transactions, and the Corporate Action File (COD File) detailing corporate actions such as dividends or splits. The Holding File (HLDG File) lists securities held by clients, and the Combined File is a consolidated file that contains client, transaction, and holding data for reconciliation.

There are also Margin and Position Files for NSE FNO, which include the MG13 (Margin File) detailing margin requirements for FNO trading and the PS03 (Position File) which provides details about open positions in the FNO segment.

To analyze these files, they must be uploaded to the software, which then runs all the scenarios and detects if there is any transaction that exceeds the threshold. The uploading process is relatively easy because most of the files are available online, and the system can automatically merge them using HTTP GET requests. However, much of the process remains manual. If there is any alert, the transaction is sent to the registry, and if any discrepancies are found, the complete transaction history is sent to the case manager in the same software. The client must review the alert, and if it is deemed suspicious, they will file a Suspicious Transaction Report (STR), which will then be forwarded to the Financial Investigation Unit (FIU) under the Ministry of Finance, Government of India for further investigation.

Now, one important aspect to consider is that sometimes, transactions may be split into smaller amounts to avoid detection. For example, if the threshold is ₹1 crore, a person might transfer ₹99 lakh twice to avoid triggering the alert. This is a form of money-laundering known as "smurfing" or "structuring". To address this, the software must monitor multiple smaller transactions within a short time window and flag these patterns if their cumulative value exceeds the threshold.

So in a nutshell, all these tasks seem like a lot of work for financial entities, but they don’t have any other way to go unless they follow a compliance route. The finance sector has many regulators because we are talking about money, which is people's lives, so the number of regulators means the compliance they need to meet. Everyone is just trying to make a quick buck out of it, not for the cause. Because what if the money is below the threshold? Nobody detects it.