What Is Transaction Monitoring? Who Should Implement it? And How?

Transaction monitoring (TM) is the process of actively tracking and analyzing financial transactions of customers in order to prevent fraudulent activity.

Transaction monitoring has to detect any unusual behavior of customer’s transaction activity, in order to be able to identify any suspicious transaction, to or from customers. This avoids the risk of being involved in fraud, money laundering, terrorist financing issues or any other form of financial crime.

While Anti-Money Laundering (AML) is a significant driver for implementing a transaction monitoring system, it is not the only reason. There are other drivers and benefits associated with it, such as fraud prevention, customer protection and business protection, reputation management or avoiding engaging in business with sanctioned individuals among others. Transaction monitoring is in fact required to PSP (Payment Service Providers) by different parts of financial regulations.

Does this mean that 100% of transactions must be monitored? Yes. Must this monitoring be carried out manually by a human or is it automated? A combination of both. Let’s go into detail.

How Does a Transaction Monitoring System Work?

Each PSP will decide how to carry out and manage its transaction monitoring implementation. It will be a mixture of automated and manual processes. The automations will guarantee that transaction monitoring is constantly reviewing 100% of transactions and detecting unusual behavior on customer’s transaction activity.

Once an unusual behavior is detected, it is then a manual analysis by a human enters the process. The compliance team of the PSP will review the unusual behavior and collect all the necessary information to determine whether it is a false positive, and the activity is justifiable as appropriate, or whether a case needs to be opened to further analyze and determine whether the transaction is lawful or not.

How To Implement a Transaction Monitoring System?

It all starts with a KYC or Know Your Customer (or KYB, Know Your Business in case of corporations) process where the PSP identifies and verifies a new customer.

Understand the Risk

One of the many goals pursued by the KYC/KYB process is to understand the nature of the customer’s activity to assess the risks associated with the customer. This risk category will be taken into consideration when implementing the transaction monitoring rules for the specific customer. Depending on whether our client is a legal entity or a natural person, there will be different aspects to take into account when categorizing the risk.

Things such as:

  • Jurisdiction risk of customer
  • Customer’s sector risk
  • Customer’s model business
  • Jurisdiction risk of customer’s customers, amount, volume and type of transactions
  • If customer is AML concerned or not
  • Customer’s reputation or the source of wealth and funds of the customer could be taken

These can all be taken into consideration when assigning the risk category to a client.

Understand the Business

A second goal of the KYC/KYB that has an impact in transaction monitoring is understanding the customers business in order to know what transactions will be expected. This knowledge will also be the basis to implement appropriate rules to detect suspicious activity.

For some companies it will be usual to have 1000 transactions to 1000 different people from their own country with an average of 100 euros per month. While for others, an average month for them will have 100 transactions to 10 people living abroad and 10.000 euros per payment on average.

Applying Limits

Once the PSP has the knowledge of a customer and its expected transaction activity, this knowledge will have to be translated into rules for the automated tool in charge of flagging potentially suspicious transactions. These rules will have the purpose to detect, in an automated way, unusual behaviors in the customers transactions.

The PSP will not only have to decide which are the best rules but also the impact of the rules on the business. Rules can only raise alerts in real time or, not only raise them, but also take decisions in real time to stop the execution of a payment.

Making automated decisions in real time such as withholding transactions may have a big impact on the customer’s business, so a healthy balance between decision maker rules and notifying rules should be pursued. The PSP will have to decide which rules stop a transaction from being executed and which ones will only send an alert allowing the execution of the transaction.

Once the rules are live, the operations team will have to work in optimizing rules. False positives can overload the ops team but they need to have in mind that not detecting a true positive and being involved in a fraudulent transaction can bring serious legal implications, bad reputation and disastrous business consequences for customer’s and/or for the company itself.

What Kind of Rules Are Implemented in a TM System?

The correct definition of rules is essential to ensure a reliable transaction monitoring system. There are no good or bad rules. Most rules will be implemented that are specific for each customer and will depend mainly on the risk level of the customer and its expected transaction activity.

The amount of information depends on the context. For example, systems monitoring eCommerce transactions paid with credit card will have information related to the business, the payer card or IP location, the speed when filling in the form, etc. while others like wire transfers have more limited information.

What Rules Does Devengo Implement?

In our case, dealing with account to account payments, we have very little information so our rules are quite simple. There will be rules to make certain validations on the individuals sending transactions to our customers or on the individuals receiving transactions from our customers.

In this case a real time verification should be done against international screening lists to verify if the people involved in the transaction may be identified as a politically exposed person or could be an individual listed in an international sanction list.

To a lesser extent there can be generic rules that could affect all transactions of all customers which respond to an identified fraud trend. And lastly there could be emergency rules that respond to an ongoing suspicious activity.

Examples of the first type of rules, those based on the knowledge of the customer’s risk and their transaction activity, could be:

  • Maximum amount per transaction
  • Maximum number of transactions per minute/hour/day/month
  • Maximum amount transacted per minute/hour/day/month
  • Maximum number of transactions or amount per recipient
  • Maximum number and/or amount of incoming transactions per minute/hour/day/month or by sender
  • Variation in the number of transactions related to a different period of time
  • Amounts transacted to customer’s not common jurisdictions, etc.

All the rules are defined ad hoc for each customer based on the knowledge we have about them.

Third Party Rules

About the second type of rules, those affecting the third party involved in the transaction, we normally refer to rules that verify the identity of the individuals against international sanction lists, what is called in the industry as transaction screening.

These rules are essential to avoid being involved in criminal or fraudulent activities, but normally they involve a high volume of false positives. As 100% of the recipients and senders of our customers should be verified against international lists, depending on how much data of the third party individuals the PSP has, this can be difficult to handle.

The probability that the name of a recipient or a sender of a transaction, matches the name of a sanctioned individual, can be high if they have a common last name. But if the PSP does not have access to enough additional information of the third party individual involved that can help to rule out that it is the same person, this situation could lead to handling an important number of suspicious activity reports raised to the financial authorities.

The more information we have available from the third parties, the better. If the PSP’s customer is for example an e-commerce, where normally information such as address, country, date of birth is available then the number of false positives and the number of SARs (Suspicious Activity Report) should not be a problem.

The third and forth rules are less common but sometimes necessary. For example if the company or any of its customers have been victim of a fraud by a third party, the company could block any transactions received or sent to that third party.

What is the Output of the TM System?

So far we have talked about the inputs to the TM system, the transactions, and the rules, or evaluations, that we do with them.

As we have already mentioned, whenever a customer’s transaction activity is not as expected, and a rule detects it, an alarm will be raised by the system and assigned to the compliance team to review it manually.

The analysts working on the alert will have to decide if the activity is an unusual but legitimate transaction, or if it is a suspicious activity that requires opening a case or investigation, with the customer. In order to be able to decide, the analyst will review the transaction activity of the client and compare the behavior with previous customer’s activity patterns. If the information recovered is not enough to decide that the activity is legitimate, the analysts will open a case.

The analysts will collect information from the client, or review related documents that could help verify the source of funds, verify the recipient of the transaction and understand the purpose of it. All the information recovered will be added to the case. The decision made is documented, along with the rationale and details of the review.

Based on all the information and documents recovered and the risk involved in the operation, a decision is made, categorizing the alert as a false positive, a legitimate but unusual transaction, or a potentially suspicious activity requiring further action.

If the activity is considered suspicious a Suspicious Activity Report (SAR) has to be submitted by the PSP to the financial intelligence unit of the competent national authority.

What makes a TM system good or bad?

Having a compliance department bogged down by the number of false positives may be a problem for the PSP, but being implicated in a case of fraud, terrorism, or money laundering is worse. The PSP’s aim should be to seek a healthy balance.

This is achieved by learning from the results of manual reviews and constantly adjusting the rules and models of the monitoring system. Detecting fraud trends, both inside and outside the company will be of great value. The FATF (Financial Action Task Force) regularly publishes reports that raise awareness about the latest money laundering, terrorist financing, and proliferation financing techniques so that countries and the private sector can take the necessary steps to mitigate these risks.

Key Aspects When Implementing a TM System?

  1. Carry out a detailed KYC/KYB of your clients. This process will include verifying the individual/s, knowing the expected origin and destination of the funds, foreseeing the expected pattern of activity, acknowledge the risk level of the company’s sector or the person’s profile.
  2. Create personalized rules by client or type of client.
  3. The more data available on the payment’s recipients, the better to avoid false positives in the transaction screening.
  4. Know both internal and external trends of possible fraud.
  5. Continuously adjust the rules.
  6. Be rigorous in case management (reporting and submitting).

How does a TM affect my company?

The only thing the TM system from your PSP requires from your company is your collaboration. Any doubt raised should be resolved. Collaboration in terms of facilitating the information required fast and diligently. As we have said at the beginning, your PSP has a TM system not to bother you but to protect you and the financial system from fraud and criminal activities.

You might be asked about your activities, your services, your volumes, so it’s important you communicate any change that might impact your transactions with them: new markets, new products, etc. You might also be asked about the details of a specific payment to understand whom you are paying to or who is paying you and why. We have seen above that the identification of the parts is an important part of every payment. Sometimes this will be caused by false positives from the TM system, but you need to help them to identify them and learn. It can only improve your reputation.

If you have questions about their procedures or the kind of information that they might require from you, contact them and find the best way for this collaboration.


At Devengo we have implemented a robust transaction monitoring system that is constantly monitoring 100% of the operations, to ensure our main goal: protecting our clients’ funds from being involved in fraud, money laundering, terrorist financing issues or any other form of financial crime.

Suscribe to our newsletter

Receive periodic updates on new posts and features and monthly release notes.