Financial institutions, iGaming, and crypto businesses have to implement transaction monitoring to stay compliant. Today, we’ll talk about the importance of such solutions, their risks, and best practices.
In October 2024, Austria’s financial regulator, FMA, ordered Euram Bank to cease its operations immediately due to deficiencies in money-laundering prevention measures. To avoid being fined, losing their license, or even going to jail, companies need to use transaction monitoring throughout the customer lifecycle.
Transaction monitoring helps prevent money laundering operations by scanning and analyzing financial data, such as deposits, withdrawals, and velocity of transactions. The process is meant to spot trends and discrepancies that may indicate financial crime.
Transaction monitoring seeks to answer the following questions:
To help you answer these questions, we at Sumsub prepared this article. We’ll talk about what transaction monitoring is and how efficient monitoring systems help avoid huge fines.
The simple answer is that any regulated company needs transaction monitoring. This includes, but is not limited to:
In general, any business that falls under AML regulations and deals with client transactions should adopt and implement transaction monitoring.
Organizations are legally obligated to comply with AML regulations, and failure to do so can result in substantial fines and legal actions. For example, Metro Bank was fined nearly £17 million by the UK’s Financial Conduct Authority for failing to address deficiencies in its AML transaction monitoring system.
Also, involvement in money laundering scandals can severely damage an organization’s reputation. Effective AML monitoring protects the financial system by detecting and preventing illicit activities, maintaining trust among consumers and investors. It also helps identify and address suspicious activities, reduces the risk of financial losses, and protects organizations from criminal exploits.
Anti-Money Laundering (AML) regulations require businesses to monitor transactions and report suspicious ones to authorities. This helps companies confront shared threats, such as terrorism financing.
| FATF Recommendation 10, transposed into many local AML laws, requires financial institutions to analyze transactions undertaken throughout the course of a business relationship. The goal is to ensure that transactions are consistent with the institution’s knowledge of the customer, including the source of their funds. Transaction monitoring systems—which we explain in more detail below—can help. |
In the banking industry, AML transaction monitoring is essential for detecting and preventing illicit activities such as money laundering and fraud. Despite significant investments in security measures, challenges persist. For instance, TD Bank agreed to pay over $3 billion in penalties after pleading guilty to violating federal anti-money laundering laws in October 2024. The bank’s inadequate monitoring systems allowed illegal activities, including the laundering of over $400 million from fentanyl sales, to go undetected.
The fintech sector’s expansion means strong AML measures are necessary to prevent financial crimes. A notable example is that Starling Bank was fined $37.5 million by the Financial Conduct Authority for inadequate measures against financial crime, including insufficient systems for pinpointing money laundering and screening high-risk customers.
Also, the nature of cryptocurrency makes for unique challenges for AML efforts. Regulatory bodies like the Financial Crimes Enforcement Network (FinCEN) have extended AML regulations to virtual currencies, requiring exchanges to use transaction monitoring to detect and prevent illicit activities. In 2021, FinCEN received over 1.1 million Suspicious Activity Reports, along with significant reports from cryptocurrency trading entities, which shows the critical role of transaction monitoring in this sector.
Companies need to follow the regulations when it comes to transaction monitoring. Otherwise, they might face huge financial penalties from the regulators. In March 2025, Robinhood Markets had to pay $29.75 million to settle probes by the Financial Industry Regulatory Authority (FINRA), including failing to respond to potential misconduct indications.
Transaction monitoring can be used to detect signs of illegal activities, such as:
To confront the spread of such activities, companies should focus on the following factors when conducting ongoing monitoring:
As the number of digital transactions grows every day, so too does the necessity of transaction monitoring. However, without an automated transaction monitoring solution, checking transactions and finding suspicious patterns would be virtually impossible.
Implementing an automated transaction monitoring solution will allow companies to efficiently monitor unusual financial operations. This way, they can effectively avoid fraud and financial crimes, which are always on the rise. Just in 2024, over $40 billion in cryptocurrency was transferred to illicit addresses, with projections showing that it could exceed $51 billion. This includes $2.2 billion stolen by North Korean hackers, $9.9 billion lost to scams, and $5 billion from high-yield investment schemes.
AML transaction monitoring continuously monitors transactions, detects fraud, and provides regulatory reporting documents to help organizations meet their compliance obligations. It’s done by analyzing user behavior patterns, transaction details, and other signals.
The monitoring process isn’t limited to financial transactions alone. Other events related to the account’s safety are also analyzed, including logins, password recovery, and more. This provides more data points to determine fraud patterns or other suspicious actions. There are solutions that combine all these data points using artificial intelligence trained to spot suspicious behavior patterns and activities.
However, failing to implement transaction monitoring systems can have severe consequences. Between June 2016 and December 2020, Metro Bank failed to monitor over 60.5 million transactions totaling more than $65 billion due to its flawed automated anti-money laundering system. Despite internal concerns, these issues remained unaddressed, which ultimately led to a $21.5 million fine by the Financial Conduct Authority.
Similarly, Morgan Stanley faced scrutiny for not adequately monitoring its wealth-management division, which oversees nearly $6 trillion in assets. Investigations revealed that weak AML controls allowed high-risk clients, along with those with links to terrorism and corruption, to conduct transactions without proper due diligence. This oversight shows the necessity of robust monitoring systems that track financial transactions and assess risk indicators like client background and transaction patterns.
Companies can avoid losses related to fraud, investigations, legal proceedings, and consumer refunds by establishing comprehensive anti-fraud transaction monitoring.
Implementing an effective Anti-Money Laundering transaction monitoring process requires strict regulations and consequences for non-compliance. Here are some of the key regulations for AML transaction monitoring:
1. Bank Secrecy Act (BSA)
Enacted in 1970, the BSA requires U.S. financial institutions to assist government agencies in detecting and preventing money laundering. Key requirements include:
2. Financial Crimes Enforcement Network (FinCEN)
FinCEN, a bureau of the U.S. Department of the Treasury, administers the BSA and enforces AML regulations. Its responsibilities include:
3. Financial Action Task Force (FATF)
The FATF is an intergovernmental organization established to develop policies to fight money laundering and terrorist financing. Its main aspects are:
Penalties for Non-Compliance
Not being compliant with AML regulations can have severe consequences, including but not limited to:
In the context of AML, the choice between batch and real-time transaction monitoring significantly impacts an organization’s ability to detect and prevent fraudulent activities.
Among the common fraud detection techniques, we have data mining, machine learning, and pattern recognition. These commonly used algorithms serve to identify patterns and correlations within large datasets and employ supervised and unsupervised learning models to predict and identify potential fraud by recognizing patterns and deviations from normal behavior.
There are also certain fraud patterns and red flags which can be recognized timely and stopped thanks to transaction monitoring. These include rapid transactions such as sudden increase in their frequency, large withdrawals and transfers, geographical anomalies, and using multiple accounts.
According to the Guidance for the UK financial sector, there are two approaches to transaction monitoring:
In both cases, the goal of monitoring is to identify unusual activities for further investigation.
The human eye is more prone to missing suspicious transactions, especially when dealing with high volumes. Machines, meanwhile, can work continuously with a lesser chance of leaving suspicious activity unnoticed. However, most automated systems still use basic approaches which can lead to an alarming number of false negatives. Still, AI and ML models get better as they get trained with more data and can establish and flag suspicious patterns in almost real-time.
Integrating AI into AML systems improves traditional rule-based approaches, which makes fraud detection more effective. To make sure their integration of AI is smooth, organizations should consider the following compliance checklist:
1. Conduct a comprehensive risk assessment
2. Develop a clear AI integration strategy
3. Ensure data quality and management
4. Select appropriate AI technologies
5. Implement continuous monitoring and evaluation
6. Provide training and awareness programs
7. Establish a robust governance framework
8. Engage in continuous improvement
Companies should be able to conduct real-time monitoring in order to instantly spot suspicious activities and report them to authorities. Another important feature that an efficient monitoring system should have is custom rules, allowing companies to customize the way that AML policies are implemented.
Real-time monitoring analyzes transactions as they occur, flagging anomalies instantly, whereas batch processing allows fraudulent transactions to be completed before they are reviewed. Additionally, criminals constantly evolve their tactics, and AI-powered real-time monitoring can quickly identify new fraud patterns.
Compared to real-time monitoring, batch processing is slower in fraud detection, has a high number of false positives, and isn’t able to prevent real-time money laundering schemes. Batch processing can also lead to compliance breaches, resulting in hefty fines.
Additionally, custom rules are very important for AML systems. Customization improves the system’s effectiveness in identifying suspicious activities and ensures compliance with regulatory standards. Customizable rules help institutions define monitoring criteria specific to their risk types, which helps them avoid potential fines. They also allow the adjustment of transaction thresholds and other criteria, which significantly helps focus resources on genuine threats.
Whether businesses choose to build their own transaction monitoring system, or instead consider a transaction monitoring solution, they should take the following steps before implementing either option:
Apply a risk-based approach. Businesses should carry out formal risk assessment of money laundering, terrorist financing, and other financial crimes. The risks vary based on the business’s products, customers profiles, and the nature and frequency of transactions. Once assessed, these risks should form the foundation of a transaction monitoring system. For example, once a business identifies which types of customers present a higher risk of money laundering, they can set a more frequent and intensive ongoing monitoring of their transactions. Move away from a heuristic rules based approach to a risk-based approach, with AI and ML data ingestion and flagging capability.
Integrate AI-driven solutions. AI and machine learning strengthen AML transaction monitoring by finding anomalies in real time and adapting to new fraud patterns. Businesses should train models on historical transaction data to recognize suspicious behaviors, such as unusual transaction volumes, rapid fund transfers, or deviations from typical customer activity. AI-powered systems continuously learn from new data, reducing false positives and improving risk detection. For instance, clustering algorithms can identify hidden connections between seemingly unrelated transactions, while natural language processing (NLP) can analyze unstructured data for risk signals.
Establish internal policies. The second step is to create an appropriate mechanism for the oversight, review, and approval of monitoring processes and parameters. Some of these policies may include:
Determine elements of suspicious behavior. Each company establishes red flags that signify suspicious behavior. These red flags depend on the size and nature of each company. Transaction monitoring solutions, therefore, should have the technical ability to such flags and timely notify staff members.
After establishing internal policies, companies will be able to define which transaction monitoring solution is more suitable.
Companies change over time and so should their transaction monitoring tools. So, if a company feels comfortable using a manual approach at first, they may switch to an automated solution after experiencing growth.
Customer risk assessments analyze information collected during onboarding to assign a particular risk level to the customer. These risk levels can be based on country of origin (low, medium, and high-risk countries, for example) or any other factor relevant to the company—for instance, age, nature and intended purpose of the business relationship, etc.
Based on these risk assessments, companies then determine the type of Customer Due Diligence that should be applied. If risk is determined to be low, Simplified Due Diligence (SDD) can be applied. If higher risk is assessed, Enhanced Due Diligence (EDD) may be required, which means asking for additional information or documents during onboarding or conducting transactions, such as source of funds or wealth, etc.
CDD consists of the following measures:
Additionally, you can use these steps to help with AML monitoring:
Transaction monitoring comes with several challenges, including high false positives, evolving fraud tactics, and regulatory compliance burdens. Each industry faces unique risks that need to be accounted for in AML strategies:
Automated transactions monitor user actions in real time, which saves company resources. Meanwhile, only some suspicious cases are assigned to the compliance team. Sometimes, a combination of both is necessary, especially in firms with a high volume of transactions.
A good example of this is HSBC which utilizes artificial intelligence to screen over a billion transactions a month for signs of financial crime, which helps in reducing false positives and manual reviews. It also employs AI to enhance the precision of financial crime detection, reducing alert volumes and the time spent on investigations.
JPMorgan Chase has invested heavily in AI and RPA technologies to improve business performance and operations by focusing on automating compliance and audit processes.
| Based on the Guidance for the UK financial sector, monitoring systems must: 1. Flag unusual transactions and/or activities for further examination. 2. Promptly submit such cases for review by the right person(s). 3. Take appropriate action on the findings of any further examination. |
If failing to perform transaction monitoring, companies risk being penalized by authorities, in addition to proliferating illegal activity. Therefore, when choosing a transaction monitoring provider, companies should have a set of requirements that would fit them.
To choose a suitable transaction monitoring solution, businesses may ask providers the following questions:
This isn’t the complete list of questions, as each list will be unique for a company. However, it provides an understanding of what a company should look for when choosing a transaction monitoring provider.
Transaction monitoring solutions allow users to see detailed information for each transaction, the rules or risk factors are used to calculate the risk score, and report the transaction if necessary. To maximize the benefits and minimize the cost of transaction monitoring tools, companies can look for the following features in the solutions.
Suitability for your business. Choose a solution that suits your risk-based approach and fits different types of customers and transactions.
Ease of integration. Look for solutions that are easy to set up. These can be solutions with no-code rules settings or those that provide technical support for integration, etc. For example, Sumsub’s solution can be fully integrated in 3-4 weeks.
Countries keep implementing stricter rules, making transaction monitoring mandatory for many businesses. As a result, companies start spending a bigger chunk of their revenue on transaction monitoring. In 2024, the market was valued at approximately $17.14 billion and is projected to reach $19.98 billion by the end of 2025, with a compound annual growth rate of 16.6%.
While transaction monitoring expenses increase, so are the financial penalties for non-compliance. Overall, US financial regulators accounted for 95% of the $4.6 billion in global fines in 2024, highlighting the importance of compliance with regulations in preventing fines and fraud.
Implementing advanced Anti-Money Laundering transaction monitoring strategies requires the development of rules specific to an organization’s risk profile. Best practices for rule creation include:
Implementing automation in AML case management significantly enhances efficiency and reduces fraud detection and compliance costs.
For example, US financial services firms get $4 in costs for every $1 of fraud loss, including legal fees, recovery expenses, and other related costs. The cost of combating fraud has increased by 16.2% since 2020, which demonstrates growing expenses in fraud management.
Luckily, by automating AML processes, financial institutions can achieve an average 25% reduction in annual compliance costs, which results in substantial operational savings.
Firms are obligated to file suspicious activity reports when illegal activity has taken place (or when suspicious activity has met the relevant reporting threshold, which varies from country to country). Therefore, a quick and easy suspicious activity reporting tool is a must-have. This makes it easier to inform regulators about risky activities indicative of money laundering, tax evasion, fraud, and other financial crimes.
Incorporating adaptive monitoring techniques (such as AI-driven detection, anomaly detection, behavioral analytics, and real-time monitoring) and dynamic risk scoring greatly helps with the identification of suspicious activities. Adaptive monitoring adjusts to evolving customer behaviors, while dynamic risk scoring evaluates risk levels in real time based on various factors. Vigilant monitoring and reporting help avoid massive scandals such as the Lehman Brothers scandal, where the global financial services firm hid over $50 billion in loans disguised as sales.
Businesses can also consider using one provider for the entire customer lifecycle, from the onboarding stage to transaction monitoring and reporting. This improves customer management, enabling the company to detect bad actors while improving the user experience for good ones.
It is prohibited to inform anyone involved in a flagged transaction that a Suspicious Activity Report (SAR) has been filed. SARs must only be provided to law enforcement when required. If an employee suspects money laundering, AML violations, or a suspicious transaction, they should report it to their manager or AML compliance officer. If a SAR is deemed necessary, it must be kept for a specific number of years along with any supporting documentation. Sumsub will soon provide customers with the ability to automate SAR filing in a few clicks on the dashboard.
When it comes to picking the right transaction monitoring vendor, the best solution has every check you need available in one flow. Below are features that set apart highly effective verification platforms from the rest:
If companies don’t monitor transactions, they run the risk of money laundering, fraud, and other crimes occurring on their platforms. That’s why governments have been tightening their AML regulations.
Sumsub’s transaction monitoring software allows you to detect all suspicious activities with one solution—from sign-up to their journey, with ongoing real-time monitoring.
Any regulated business is obligated to have transaction monitoring in place. The best solutions ensure that monitoring is integral to the entire verification flow, meaning that user, business, and transaction verification are connected. This way, you can use every single available data point to assess users, risks, and suspicious patterns. The structure of a transaction monitoring solution typically consists of the following steps:
To confront the spread of illegal activities, companies should focus on the following factors when conducting ongoing monitoring:
Transaction monitoring is an ongoing security process that helps companies detect suspicious transactions. Transaction monitoring software spots unusual patterns and reviews dubious transfers and transactions made in digital or fiat currencies.
Subscribe to continue reading
Enter your email address to get access to the full article
