Transaction monitoring is the ongoing review and analysis of customer transactions to identify activity that may be unusual, suspicious, inconsistent with the customer profile, or linked to money laundering, fraud, sanctions evasion, or other illicit conduct. The FFIEC states that suspicious activity monitoring and reporting are critical internal controls and that firms should have policies, procedures, and processes to monitor and identify unusual activity. FATF similarly describes ongoing monitoring as scrutiny of transactions to determine whether they are consistent with the institution’s information about the customer and the nature and purpose of the relationship.
In the financial crime environment, transaction monitoring matters because onboarding and due diligence alone are not enough. A customer relationship that appears acceptable at entry can become risky later through changes in behavior, counterparties, jurisdictions, velocity of funds, or use of products and channels. Transaction monitoring is therefore one of the main ways a firm tests whether real activity still matches what it believes it knows about the customer. FATF’s banking and securities guidance both link ongoing transaction monitoring directly to the wider risk-based approach.
From a professional perspective, transaction monitoring is not simply a software solution or a library of rules. It is a control capability that combines customer understanding, monitoring logic, alert generation, investigation, escalation, and reporting. The FCA’s 2024 Financial Crime Guide updates specifically introduced guidance on how firms should implement and monitor transaction monitoring systems, including support for responsible innovation and new technological approaches.
A key point is that transaction monitoring should be risk-based and customer-aware. Monitoring is most effective when it assesses transactions against what is expected for that customer, product, geography, and business relationship, not just against generic thresholds. The FFIEC says a bank’s CDD program must include ongoing monitoring, on a risk basis, to identify and report suspicious transactions and to maintain and update customer information. That means transaction monitoring depends heavily on the quality of customer due diligence and profile information feeding it.
In practical terms, transaction monitoring may look for patterns such as rapid pass-through activity, structuring around thresholds, unusual counterparties, inconsistent source or destination of funds, abrupt changes in account behavior, suspicious cross-border flows, use of mule accounts, or activity that does not fit the stated purpose of the relationship. In securities and capital-markets settings, FATF’s sector guidance also stresses ongoing monitoring to assess whether transactions are consistent with what the firm knows about the customer and relationship.
The FCA’s recent guidance is especially relevant because it moved beyond generic expectations and addressed implementation quality. In PS24/17, the FCA said it was setting key guidance on how firms should implement and monitor transaction monitoring systems. The accompanying guidance refers to threshold-based, rule-driven systems and highlights the importance of calibration, testing, and outcomes such as false positives and intelligence value. This shows that regulators are no longer satisfied with firms merely having a monitoring system on paper; they expect firms to understand how well it actually works.
That makes calibration one of the most important professional issues in transaction monitoring. If scenarios are too broad, the firm can be overwhelmed by false positives and investigators may miss the genuinely higher-risk cases. If scenarios are too narrow, meaningful suspicious activity may never be surfaced. The FCA’s 2024 update explicitly addressed implementation and monitoring of transaction monitoring systems, while the FFIEC’s examination procedures include transaction testing to assess whether monitoring and reporting processes are adequately designed and effectively implemented.
Governance is central throughout. A mature transaction-monitoring framework requires clear ownership of scenarios, thresholds, model or rule changes, alert review standards, escalation paths, and SAR decision-making. Senior management should understand not only how many alerts are generated, but whether the system is identifying the right risks, whether backlogs exist, whether typologies are current, and whether the control remains aligned to the firm’s risk profile. The FFIEC treats suspicious activity monitoring and reporting as part of the bank’s overall BSA compliance program, which reinforces that transaction monitoring is a governance issue as much as a technical one.
Transaction monitoring is also closely linked to suspicious activity reporting. Monitoring is the mechanism that surfaces potentially suspicious behavior; investigation and escalation determine whether that behavior becomes a SAR or similar report. The FFIEC states that suspicious activity monitoring and reporting are critical internal controls, and its SAR materials describe suspicious activity reporting as a cornerstone of the BSA reporting system.
Ultimately, transaction monitoring is one of the core disciplines in the financial crime environment because it allows firms to test whether customer activity remains consistent with lawful, understood behavior over time. It is the practical bridge between customer due diligence and suspicious activity reporting. Without effective transaction monitoring, firms lose one of their main tools for identifying financial crime after the relationship has already entered the system.
