What Is AML Transaction Monitoring & How to Set It Up

The UN calculates that anywhere up to $2 trillion is laundered around the world ever year. And, although 91% of offenders end up in prison, an estimated 90% of money laundering-related crimes go undetected. This, combined with the rise in fintech, means that authorities are likely to continue the push for ever-stricter AML requirements.

Wondering how to monitor transactions to remain compliant with AML (anti money laundering) and CFT (counter terrorism financing) laws?

This article will clear any confusion on the topic, as well as explain where blacklists, potentially exposed persons, sanctions and SARs fit into the picture.

What Is AML Transaction Monitoring?

Anti-money laundering transaction monitoring is a monitoring process designed to ensure companies do not help criminals launder money.

By using AML software and tools to monitor transactions over a certain amount, you should be able to raise red flags before you accidentally help launder money.

Transaction monitoring is a key part of the anti-money laundering process. Government bodies set the thresholds over which a transaction must be checked for AML, but you can also implement your own monitoring at all times and/or for all transactions as well.

In addition to this, AML mandates also involve checking transactions and customers against lists of sanctions, politically exposed people (PEP), and suspicious accounts for terrorism and international crime.

Why Is AML Transaction Monitoring Important?

Transaction monitoring is one of the key anti-money laundering processes. As such it aims to assist the economy battle shared threats such as terrorism financing, arms trading, human trafficking, corruption and so on.

AML Transaction Monitoring - Reasons for it

Any business at risk of helping money laundering must ensure it meets the legal requirements imposed by authorities.

When it comes to the thresholds at which transactions must be monitored, they are set by various national regulators, but the goals are always the same:

  • to detect suspiciously large movements of money
  • to link these transactions with an identity
  • to log records of transactions to submit SARs (suspicious activity reports)

Last but not least, AML is paramount for organizations that want to:

  • avoid helping money launderers and other crime
  • maintain a good business reputation
  • avoid high AML compliance fines

How to Choose an AML Transaction Monitoring Solution

There are several key features that drive functionality and efficiency in AML transaction monitoring. Some of these include:

AML Transaction Monitoring - Must Have Features

  • Real-time monitoring and alerts: One of the most important features of AML transaction monitoring is the ability to move fast. Notice something suspicious? Don’t wait months to create your reports – you should be alerted straight away.
  • Custom rules: While AML regulations are pretty clear-cut, you still want flexibility in how you implement your transaction monitoring checks. Make sure your system supports custom risk rules.
  • Data capture and logs: You will need to show your data for AML reporting. Your system should be able to capture it at scale while meeting data protection requirements.
  • Velocity rules: Put simply, velocity rules are risk rules that look at certain user actions in time, including frequency and reoccurrence. They’re particularly helpful when you want to learn about user behavior in order to spot suspicious activity. 

How to Set Up an AML Transaction Monitoring Process

Let’s now look at what an AML transaction monitoring system can do.

We’re using the SEON’s fraud detection services for these examples, but any good AML tool should offer you more or less the same features. 

AML Transaction Monitoring - Setting up AML Risk Rules

Setting Up a Rule for High-Risk Countries

One universal AML rule is that you should know which countries you’re doing business with.

  1. Let’s start by defining which countries are considered high risk. Note that different vendors will have different options, but in the SEON platform, we can do this simply by creating a custom list called “High Risk Countries”.
custom list showing high risk countries

2. For this list, we are looking at IP addresses, so let’s fill the data field IP country and add those found on the international sanctions lists. Notice that the country code is using the two-character ISO 3166-1 format.

As you can see above, we are now filtering countries such as Burkina Faso (BF), Pakistan (PAK), and Yemen (YE).

3. Next, we’ll create the rule and call it “IP country is AML HIGH RISK”. It will look like this:

The rule checks if a user’s IP is on the list of high-risk countries and creates a REVIEW alert if so. You can also choose to automatically APPROVE or DECLINE the user’s transaction based on your risk appetite.

If it’s sent for manual review, your AML compliance team can check the details of the transaction for more information – or log the details to submit an AML SAR report. 

Below is the triggered rule. You can see that our user connected using an ISP linked to Pakistan, which is on our high-risk country list. The profile was therefore flagged for review.

Note that this also added 10 points to our fraud score. You can set this yourself, choosing to have this add more or fewer points.

AML high risk country list rule

Setting Up a Rule for AML Transaction Threshold

This second rule will tackle an important feature of AML: ensuring transactions over a certain threshold are logged and monitored.

This is a very easy rule to set up, using the “compare” parameter, and the operator “greater or equal to”.

We’ll set the value at $3000 to meet the latest US banking AML requirements.

Here is what the triggered rule looks like after our fictional user, Ivan, spent $3600.

Note that you can manage the currencies in the settings, and change them at the rule level.

The high-value transaction alone would have triggered a review. In this particular case, it also comes from a high-risk IP, which should make you more confident that extra checks are required.

Setting Up a Velocity Rule for Suspicious Transaction Behavior

Velocity rules are more complex but equally easy to set up. Here’s one designed to alert your AML team when a user suddenly increases their weekly transaction volume.

This velocity rule:

  • aggregates the amount of all transactions over a 24-hour period.
  • looks for a sharp increase in spending (over 200%)
AML risk rule 200% increase in 24 hours

We’ve chosen to have the system add +20 to the person’s fraud score if this rule is triggered.

You can, of course, set your own scores for each triggered rule for more control over your AML strategy. 

Here is what it looks like on the Dashboard once the rule has been triggered. 

You can see that the transaction has been sent for REVIEW due to its fraud score.
The system added 20 points due to the high volume of transaction, as well as 6.6 points due to another rule.

AML Transaction Monitoring: Key Takeaways

AML transaction monitoring appears pretty set in stone. You need to follow legal requirements to the letter and submit any suspicious data you find in due time.

However, with tools like SEON, you can take control of your AML fraud prevention strategy. By exposing hundreds of data points relating to user identity and transactions, you can create customized, flexible, and powerful rules that let you mitigate AML risk and stay safe from other types of fraud in the process.

We’ve looked at three examples of these rules earlier, but the sky’s the limit. In terms of functionality, you could also:

  • connect identity data with external sanctions of PEP lists to compare the results
  • create Zapier integrations to receive alerts via Slack or Microsoft 365
  • and much, much more

Best of all, all the data remains available at your fingertips if you need to submit SARs to the authorities, giving you full peace of mind when it comes to AML compliance. 

Frequently Asked Questions

Why do businesses need AML transaction monitoring?

AML transaction monitoring is a key part of national and international anti-money laundering strategy, which forces companies to examine transactions over a certain threshold. The transactions must be linked to someone’s identity to reduce the risk of money laundering.

What should I look for in AML transaction monitoring?

AML transaction monitoring needs to work in real-time and to alert your business of transactions above a certain threshold. The thresholds vary from one country to another, so it is important to ensure you are aware of the AML rules for every country in which you do business. 

How does AML transaction monitoring work?

For banks and other fintech organizations, this works by having software monitor all transactions and flag all those that exceed a certain threshold ($3000) for investigation, which often involves manual review. Additionally, the system ascertains that customers are not on PEP or sanctions lists. If anything seems suspicious after this, the bank ought to file a suspicious activity report (SAR).


  • UNODC: Money Laundering portal

Share article

Speak with a fraud fighter.

Click here

Author avatar
Gergo Varga

Gergo Varga is SEON’s Product Evangelist. With more than 10+ years of experience in the Hungarian and international risk management sphere, he has developed an astute knowledge of RiskOps and Open Source Intelligence. He is the author of SEON’s Fraud Prevention for Dummies guide.

Sign up for our newsletter

The top stories of the month delivered straight to your inbox