Transaction & Cases

In order to continuously identify suspicious transactions, conspicuous customer behaviour and money laundering typologies, the establishment of a seamless, IT-supported data processing system is mandatory for individual obligated parties. Provided that the relevant transaction data is made available to us, we take over the evaluation of the transactions. Based on the risk-based approach, we automatically compare all transactions with regard to relevant indicators and money laundering typologies. In the process, potential misconduct on the part of your employees - insofar as it is recognisable in the data provided - is also recognised and marked accordingly. If relevant and/or potentially suspicious transactions are identified, we transfer them to our digital case management system for further processing.

We provide you with an option for submitting anonymous information (whistleblower system). This can be used to send us information about suspicious transactions and conspicuous customer behaviour. In addition, our money laundering reporting officers offer your customers, suppliers and employees the opportunity to exchange confidential or anonymous information about suspicious incidents and transactions.

Our case management system processes conspicuous transactions from transaction monitoring as well as reports that we receive via other channels. In addition, it is possible to create cases manually. As part of case management, cases are automatically categorised as far as possible and a decision proposal is pre-formulated. Based on the categorisation, cases are handed over to our compliance experts, who finally take the necessary steps for further clarification together with you and carry out the evaluation of the case. If an FIU report has to be submitted, each case can be exported as an XML file for transfer to the FIU's goAML software.

According to § 6 paragraph 4 GwG, organisers and brokers of games of chance are obliged to "operate data processing systems by means of which they are able to detect both business relationships and individual transactions in gaming operations and via a player account that are to be regarded as dubious or unusual (...)". Here, a particularly elaborate form of transaction monitoring is required, for which Kerberos, however, offers special solutions.

Transaction monitoring must also be carried out by almost all other obligated parties according to the general due diligence obligations (§10 GwG). Although no special data processing systems are prescribed as for organisers and brokers of games of chance, a systematic approach is also appropriate here as opposed to manual individual case checks. According to § 10 paragraph 1 number 5 GwG, "the continuous monitoring of the business relationship including the transactions carried out in the course thereof (...)" must be ensured. Although a wide variety of thresholds and preconditions apply, the principle applies irrespective of exemptions: the general due diligence requirements must be applied to all transactions in which connections with money laundering or terrorist financing exist or in which doubts arise as to the identity of the persons to be identified.

This formulation suggests that in case of doubt, it is better to check once more and, if necessary, submit suspicious activity reports than once too little. Efficient monitoring by experts can provide a remedy here, taking into account all safety standards. For obligated parties, submitting a large number of SARs as a precautionary measure also means a great deal of additional work with not necessarily increased security.

Transaction monitoring looks for unusual or dubious transactions that are potentially related to money laundering. The possible transactions are described in money laundering typologies, among other things. In addition, however, internal company experience must also be used to assess the transactions. Organisers and brokers of games of chance must regularly update their data processing systems in this respect.

According to Section 10 (1) No. 5 GwG, the general due diligence obligations include the continuous monitoring of the business relationship, including the existing documents and information on the contracting parties, their beneficial owners, business activities, customer profile and, if necessary, information on the origin of the assets. All these documents must be updated at appropriate intervals, taking into account the respective risk.

All measures taken must also be documented in an audit-proof manner and made available to the supervisory authorities upon request.

All records of the measures taken to prevent money laundering must be stored for a period of five years and made available to the supervisory authorities upon request. The requirements of the GDPR must be taken into account. The records may also be stored digitally, provided they can be made legible to the supervisory authorities within a reasonable period of time.

The submission of SARs takes place via the FIU's reporting portal goAML. Every obligated party must register here, even if no report has yet been submitted. Only if the portal is not accessible may the reports also be submitted by post. A form from the authority must be used for this purpose. Third parties, i.e. service providers such as Kerberos, can also submit SARs for you.

Transactions for which a SAR has been filed may only be carried out after the end of the third working day following the filing of the SAR. Unless, of course, there is feedback from the FIU or public prosecutor's office prohibiting this. If the FIU or a public prosecutor's office has already sent a consent to carry out the transaction, the transactions may also be carried out earlier.

It is also important to note that obliged persons may not inform anyone about the submission of a SAR, unless they are government agencies or further exemptions under Section 47 (1) GwG.