How and why to embed AML Lookbacks within financial firms?

In recent years, regulators have begun to scrutinize more closely financial institutions regarding the soundness of their AML/CTF program, dissecting the nuts and bolts of their procedures and controls. But the current set-up isn’t what they are solely looking at. “Lookbacks” to past transactions and suspicious behaviours are being increasingly demanded – a time consuming and costly activity that can take a toll on a Compliance department.


What is an AML Lookback?

An AML lookback is predominantly meant to uncover past suspicious activity and flaws within the financial institution’s monitoring systems. It may stem directly from the institution itself following an internal audit or may be ordered by a regulatory agency after a control.

The exercise can cover a wide range of transactions including, but not limited to, fund transfers, deposits and withdrawals, securities transactions, currency exchanges, and credit extensions. A financial institution may also assess the effectiveness of their Suspicious Activity Report (SAR) procedures or simply investigate a client’s past behaviour.

Lookbacks and KYC
A lookback may have various objectives, depending on what is needed, and these may include: determine the adequacy of the financial institution’s transaction monitoring system, their procedures and policies, the nature of certain transactions done in the past, dig into an individual’s activities after a suspicious event, implement a new standard (eg. crypto investments), or test the number of past hits for a new detection rule implemented in the transaction monitoring system.


The size of the undertaking can often take anywhere from a few days to several months, depending on the size of the financial institution, the soundness of its operating procedures and the technical efficiency of the systems in place.

It’s often viewed as an intrusive, burdensome, and somewhat punitive exercise for the various departments involved including compliance, operations, and IT for its costly and enormous time-consuming nature. Regulators will generally ask financial institutions to employ an independent third-party that can carry out the lookback for them.



What are examples of a lookback?

Private banking – the lookback methodology is also used to reconcile the ‘source of wealth’ in KYC investigations. For each different case, a client’s wealth will be traced back in the past. Important events like the sale of property, inheritance, professional revenues, historical interests, and dividends will be scrutinized to come to an estimation that reflects the client’s plausible current situation. Certain clients will provide proof like deeds and fiscal declarations to their relationship manager. In other cases, estimations will be calculated for the lack of documentation.

Correspondent banking – the exercise may involve analysing the historical data of past payment flows and assessing the risk of the bank’s past clients. This would imply going back a set number of years to screen all clients that the bank has worked with, paying close attention to ones from countries with high risks and business relationships that have been broken off, with a focus on country of origin and business, sanctions, negative news, and an accurate analysis of their transactions. A KYC scrutiny also applies to the client’s clients. If the correspondent bank is using KYC Register, one may analyse the documents (or lack of), ex. Wolfsberg Questionnaire, given by the clients prior to the use of the register to assess any red flags.
Examples of lookbacks


Insurance companies – a lookback may focus on the occurrence of past fraudulent activities. The exercise may focus on analysing the early termination of past premium life insurance policies to determine if there was any suspicious behaviour. This would also mean doing a thorough KYC check on the company’s clients, asserting that no false documentation was given in the past. In this case, an analysis of the detection systems used would be highly important to check if, and why, it failed to detect those frauds.



What can a financial institution do during AML lookback?

Financial institutions can ease the process of lookbacks by doing the following things:
  • 1

    Engage the right independent third-party: select a company that has had prior experience on lookbacks and that can understand the nature of your institution in terms of products, customers, and services that you offer. Make sure that they’re credible with the regulators.

  • 2

    System knowledge: make sure the third-party helping you has access to all systems (transaction monitoring, KYC etc.) from the beginning of the project and take time to thoroughly explain how they work.

  • 3

    Communication: a good level of communication is an important aspect of lookbacks. Answer all questions in a timely and efficient manner and make sure you and the third-party are on the same page.

  • 4

    Collaboration: work closely with the third-party as if they were part of your institution to ensure the most effective outcome for the project.






What can third-parties do during AML lookback?

During a lookback project, third-parties should do the following things, amongst others:
  • 1

    Knowledge: learn everything they can about the customer base, the services provided by the institution, the geographic areas they do business with, and the products they sell. Also make sure they fully understand the workings of their various systems (transaction monitoring, KYC, etc.)

  • 2

    Familiarisation: the third-party should familiarise themselves with the internal monitoring system and the extraction of the scope of data for analysis.

  • 3

    Data dictionary: the third-party should establish a data dictionary to integrate into the project so to better understand the company’s data structure.

  • 4

    Communication: a good communication is also fundamental from the third-party. They should provide regular reports and weekly status meetings to inform the institution of their progress, ask questions, or discuss any issues that have risen.




What should be the results of a lookback?

The key to a successful lookback is satisfying the regulator by demonstrating that the financial institution conducted an exhaustive, independent and documented analysis. It should have spotted any weaknesses and gaps within the procedures and monitoring systems, allowing the improvement and remediation process to effectively take place straight after.


Documentation is essential to a lookback. All checks, controls, and verifications, along with the final report, must be well documented so the regulator can precisely know what took place, how well was the exercise carried out, and what problems were found during the inspection. Every step of the way must be documented including meetings, the technicalities of data extraction, and the workings of the data tool.
Lookbacks and documentation


A series of past suspicious transactions and behaviours may have emerged the analysis of historical data and the financial institution must be ready to file a high number of SARs.

Lastly, it is imperative that a remediation plan be put in place to patch up the deficiencies discovered during the course of the lookback. The financial institution must update or alter any procedure or process affected and must take measures to ensure that their systems are effective.

As consultants, we will use the lookback methodology to perform gap analysis for your firm/financial institution. Our experts can guide you through the process of prevention and lookbacks for a wide range of areas through our experience and knowledge of IT systems, regulations, and regulators. Contact us for more information!
Piet De Vreese - Pideeco Network Partner
Piet De Vreese Managing Director
2 comments
Add your comment

Related articles

How to make business in Russia ? What are the different company types of Russia and how to conduct KYC on Russian counte...

AML Mon 08 January 2018

What is inside RegTech or Regulatory Technology ? What is the difference with FinTech ? RegTech Compliance industry help...

Financial firms Mon 01 April 2019

Compliance cost refers to all the expenses of a business in order to cover all the regulatory requirements imposed by th...

Financial operations Mon 02 December 2019

In today’s challenging environment, financial institutions are exposed to money laundering (ML), terrorist financing (...

Financial firms Tue 25 June 2019
Experts in risk management and regulatory compliance

Pideeco is a consultancy firm providing legal services, business solutions, operational assistance and educational material for professionals in the financial industry.

We are based in Brussels and we specialize in regulatory risk compliance services covering the Eurozone.

Pideeco combines professional Regulatory knowledge and technical expertise to safeguard your business’ reputational and operational risk. Our unique customer-centric approach helps us build strategical and legitimate cost-efficient remedies.

Working with us means reaching out to complementary people, allowing for original thinking and innovative vision.

Our Network Learn more about us