Transaction monitoring is the core detective control in any payment institution's AML framework. It is the system through which firms identify potentially suspicious transactions for investigation and, where appropriate, reporting to the National Crime Agency. The FCA's recent enforcement actions have highlighted that transaction monitoring failures are among the most common and most consequential AML deficiencies in payment firms. This article sets out the FCA's current expectations and provides practical guidance for building an effective monitoring framework.
The FCA's Core Expectations
The FCA expects transaction monitoring to be risk-based, proportionate and effective. This means:
Business model alignment. Monitoring rules must reflect the specific characteristics of the firm's business. A money remittance firm serving diaspora corridors has a fundamentally different risk profile than a merchant acquirer processing UK e-commerce payments. The FCA expects monitoring rules to be designed from the ground up based on the firm's actual customer types, transaction patterns and risk factors — not adopted from a generic template.
Comprehensive typology coverage. The monitoring system must be capable of detecting the full range of money laundering and terrorist financing typologies relevant to the firm's business. For payment institutions, this typically includes: structuring (breaking transactions into smaller amounts to avoid thresholds), rapid movement of funds through multiple accounts, unusual geographic patterns, transactions inconsistent with the customer's stated purpose, dormant account activation, and round-sum or near-threshold transactions.
Appropriate thresholds and parameters. Monitoring rules must use thresholds and parameters that are calibrated to the firm's actual transaction data. Thresholds that are too high will miss suspicious activity; thresholds that are too low will generate excessive false positives and overwhelm the investigation team.
Ongoing calibration. The FCA expects monitoring systems to be regularly reviewed and recalibrated based on emerging typologies, changes in the firm's business profile, feedback from SAR filings and internal investigations, and regulatory guidance.
Alert Investigation and Management
Generating alerts is only the first step. The FCA expects a structured approach to alert investigation:
Prioritisation. Firms should implement a risk-based prioritisation framework so that the highest-risk alerts are investigated first. This may involve automated scoring based on customer risk rating, transaction value, geographic risk and typology relevance.
Investigation methodology. Each alert investigation should follow a documented methodology — reviewing the customer's profile, transaction history, CDD information and any previous alerts. The investigator should form a conclusion on whether the activity is genuinely suspicious and document the rationale.
Outcome recording. The outcome of every alert investigation must be recorded, including the conclusion, the supporting rationale, and any actions taken (SAR filing, enhanced monitoring, account restriction, exit).
Feedback loops. Investigation outcomes should feed back into the monitoring system to improve future effectiveness. If a particular rule generates a high false positive rate, the parameters should be reviewed. If a SAR filing results from a transaction pattern not covered by existing rules, a new rule should be developed.
Effectiveness Testing
The FCA expects firms to conduct regular effectiveness testing of their transaction monitoring systems. This includes:
- Back-testing against known suspicious activity to verify that the monitoring system would have detected it
- Above-the-line and below-the-line testing to assess whether the system captures relevant activity while managing false positive rates
- Gap analysis to identify typologies not covered by existing rules
- Performance testing to ensure the system can process transaction volumes without delays or failures
Testing should be conducted at least annually and documented in detail. The results should be reported to senior management and used to inform monitoring system improvements.
What Firms Should Do Now
- Review your monitoring rules against your current business model and risk profile — ensure alignment.
- Assess typology coverage against current NCA and FATF guidance.
- Calibrate thresholds using your actual transaction data — not industry averages.
- Implement a structured alert investigation and escalation framework.
- Conduct annual effectiveness testing and document the results.
Regulatory Counsel advises payment institutions on transaction monitoring framework design, calibration, testing and regulatory compliance. Contact us for a free initial consultation.
Frequently Asked Questions
At least annually, and whenever there are material changes to the firm's business model, customer base, transaction patterns or the regulatory environment.
Generic monitoring rules that are not calibrated to the firm's specific business model and risk profile. The FCA expects bespoke, risk-based monitoring.
A systematic assessment of whether the monitoring system is detecting the suspicious activity it should be detecting — including back-testing against known cases and gap analysis.
Every alert investigation must record the alert details, the investigation steps taken, the customer and transaction information reviewed, the conclusion reached and the rationale for that conclusion.