Standard Chartered_HongKong
A taxi drives past Standard Chartered's main branch in Hong Kong on Aug. 6, 2014. Reuters/Tyrone Siu

(Reuters) - Standard Chartered Plc will soon begin sifting through a mountain of data for signs of possible money laundering or other criminal activity, as a result of faults in the software critical to its anti-money laundering compliance program, two sources with knowledge of the matter said.

The outcome of this review could affect any penalties regulators impose on the bank for anti-money laundering lapses.

Because Standard Chartered clears about two million U.S. dollar transactions each month, the process of poring through the data will be "a huge piece of work" that could take months, said one of the sources. Both sources spoke on condition of anonymity as they are not authorized to speak publicly about the matter. As previously reported by Reuters, holes in the British bank's anti-money laundering net were uncovered by a monitor imposed by the New York Department of Financial Services (DFS) in 2012. At that time, DFS and federal authorities took separate actions against Standard Chartered, fining the bank a total of $667 million for violating U.S. sanctions by hiding transactions linked to Iran.

As a result of the latest problem, Standard Chartered is once again under scrutiny from the DFS, the bank disclosed when announcing its earnings last week. A penalty of more than $100 million and an extension of the monitorship are possible beyond its anticipated end in early 2015, another source said.

A spokeswoman for Standard Chartered declined to comment.

A spokesman for the DFS also declined to comment.

The findings of Standard Chartered's pending transaction review, known as a "look back," could affect the severity of any penalties imposed by DFS, one of the sources with knowledge of the issue said. The more crime proceeds that flowed through the bank, the more it likely will have to pay, the source said.

The bank has done extensive planning for the review with help from an external consultant and is coordinating with the DFS to ensure it approves of the plan, one of the sources said.

The bank installed the problematic transaction-monitoring software system late last decade. It was supposed to flag suspect transactions, and then bank compliance staff could see whether there were signs of possible criminal activity that needed to be reported to authorities, said the other source.

However, the so-called "detection scenarios" that tell the system what activity to flag for human review were not properly calibrated, the source said.

UNTESTED SCENARIOS

Although just "a handful" of the monitoring system's dozens of detection scenarios were flawed, the errors went uncorrected for years because the bank failed to properly test them, the source said. While the bank thought certain transaction patterns were under automated scrutiny, they were not. "Nobody knew, people assumed it was being tested," the source said.

No one to date has been fired or disciplined over the matter, the source said.

Most of the scenarios have been corrected and efforts are underway to fix the others, the source said, adding that the bank plans to move to a new transaction-monitoring system early next year.