Standard Chartered will soon begin sifting through a mountain of data for signs of possible money laundering or other criminal activity.
This is as a result of faults in the software critical to its anti-money laundering compliance programme, two sources with knowledge of the matter said.
The outcome of this review could affect any penalties regulators impose on the bank for anti-money laundering lapses.
Because Standard Chartered clears about two million US dollar transactions each month, the process of poring through the data will be "a huge piece of work" that could take months, one of the sources said.
As previously reported by Reuters, holes in the UK bank's anti-money laundering net were uncovered by a monitor imposed by the New York Department of Financial Services in 2012.
At that time, DFS and federal authorities took separate actions against Standard Chartered, fining the bank a total of $667m for violating US sanctions by hiding transactions linked to Iran.
As a result of the latest problem, Standard Chartered is once again under scrutiny from the DFS, the bank disclosed when announcing its earnings last week.
A penalty of over $100m and an extension of the monitorship is possible beyond its anticipated end in early 2015, another source said.
The findings of Standard Chartered's pending transaction review, known as a "look back," could affect the severity of any penalties imposed by DFS, one of the sources with knowledge of the issue said.
The more crime proceeds that flowed through the bank, the more it likely will have to pay, the source said.
The bank has done extensive planning for the review with help from an external consultant and is co-ordinating with the DFS to ensure it approves of the plan, one of the sources said.
It installed the problematic transaction-monitoring software system late last decade. It was supposed to flag suspect transactions, and then bank compliance staff could see whether there were signs of possible criminal activity that needed to be reported to authorities, said the other source.
However, the "detection scenarios" that tell the system what activity to flag for human review were not properly calibrated, the source said.
Although just "a handful" of the monitoring system's dozens of detection scenarios were flawed, the errors went uncorrected for years because the bank failed to properly test them, the source said.
While the bank thought certain transaction patterns were under automated scrutiny, they were not. "Nobody knew, people assumed it was being tested," the source said.
No one to date has been fired or disciplined over the matter, the source said.
Most of the scenarios have been corrected and efforts are underway to fix the others, the source said, adding that the bank plans to move to a new transaction-monitoring system early next year.