What Is Transaction Monitoring in AML & How to Set It Up

What Is Transaction Monitoring in AML & How to Set It Up

Author avatar

Last Updated: January 18, 2024 by Tamas Kadar

Wondering how to monitor transactions to remain compliant with AML (anti money laundering) and CFT (counter terrorism financing) laws?

This article will clear any confusion on the topic, as well as explain where blacklists, potentially exposed persons, sanctions and SARs fit into the picture.

What Is AML Transaction Monitoring?

Transaction monitoring involves tracking customer transactions, including transfers, deposits, and withdrawals, in order to detect potential money laundering or other financial crimes. This process compiles and analyzes historical and current customer data to give an extensive overview and identify suspicious behavior.

While the ideal method would be to manually review every customer transaction before authorizing it, the workload would be unmanageable; most financial institutions employ software to monitor transactions, especially those above a certain threshold, to identify potential issues and prevent unwitting involvement in money laundering.

Transactions flagged as suspicious require further investigation to determine if they are genuine or false alarms. Continuous transaction monitoring is mandatory for businesses subject to anti-money laundering regulations.

Transaction monitoring is a crucial aspect of anti-money laundering efforts. Thresholds for AML checks are set by government agencies, but you can also establish your own monitoring criteria. Additionally, AML requirements involve checking transactions and customers against sanction lists, politically exposed individuals (PEPs), and suspicious accounts related to terrorism and international crime.

Why Is AML Transaction Monitoring Important?

Transaction monitoring is one of the key anti-money laundering processes. As such it aims to assist the economy battle shared threats such as terrorism financing, arms trading, human trafficking, corruption and so on.

top reasons to monitor transactions in AML

Any business at risk of helping money laundering must ensure it meets the legal requirements imposed by authorities.

When it comes to the thresholds at which transactions must be monitored, they are set by various national regulators, but the goals are always the same:

Last but not least, AML is paramount for organizations that want to:

  • avoid helping money launderers and other crime
  • maintain a good business reputation
  • avoid high AML compliance fines

AML Transaction Monitoring System

There are several key features that drive functionality and efficiency in AML transaction monitoring. Usually, these systems include:

  • Real-time monitoring and alerts: One of the most important features of AML transaction monitoring is the ability to move fast. Notice something suspicious? Don’t wait months to create your reports – you should be alerted straight away.
  • Custom rules: While AML regulations are pretty clear-cut, you still want flexibility in how you implement your transaction monitoring checks. Make sure your system supports custom risk rules.
  • Data capture and logs: You will need to show your data for AML reporting. Your system should be able to capture it at scale while meeting data protection requirements.
  • Velocity rules: Put simply, velocity rules are risk rules that look at certain user actions in time, including frequency and reoccurrence. They’re particularly helpful when you want to learn about user behavior in order to spot suspicious activity. 
Guide to Transaction Monitoring Software

Learn how transaction monitoring works and discover the best software and tools to mitigate risks.

Read more

How to Set Up Transaction Monitoring in AML

Let’s now look at what an AML transaction monitoring system can do.

We’re using the SEON’s fraud detection services for these examples, but any good AML tool should offer you more or less the same features. 

Setting Up a Rule for High-Risk Countries

1. Define which countries are considered high risk by creating a custom list called “High Risk Countries”.

2. Look at the IP addresses, and fill out the data for the IP country, adding those found on the international sanctions lists. Notice we use the country code.

3. Create the rule and call it “IP country is AML HIGH RISK”.

The rule checks if a user’s IP is on the list of high-risk countries and creates a REVIEW alert if so. You can also choose to automatically APPROVE or DECLINE the user’s transaction based on your risk appetite.

AML high risk country list rule

If it’s sent for manual review, your AML compliance team can check the details of the transaction for more information – or log the details to submit an AML SAR report. 

Note that this also added 10 points to our fraud score. You can set this yourself, choosing to have this add more or fewer points.


Setting Up a Rule for AML Transaction Threshold

This second rule will tackle an important feature of AML: ensuring transactions over a certain threshold are logged and monitored.

This is a very easy rule to set up, using the “compare” parameter, and the operator “greater or equal to”. We’ll set the value at $3000 to meet the latest US banking AML requirements.

The rule will trigger every time those settings are met. Note that you can manage the currencies in the settings, and change them at the rule level.


Setting Up a Velocity Rule for Suspicious Transaction Behavior

Velocity rules are more complex but equally easy to set up. Here’s one designed to alert your AML team when a user suddenly increases their weekly transaction volume.

This velocity rule:

  • aggregates the amount of all transactions over a 24-hour period.
  • looks for a sharp increase in spending (over 200%)
AML risk rule 200% increase in 24 hours

We’ve chosen to have the system add +20 to the person’s fraud score if this rule is triggered.

You can, of course, set your own scores for each triggered rule for more control over your AML strategy. 

Here is what it looks like on the Dashboard once the rule has been triggered. 

Transaction Monitoring: Key Takeaways

AML transaction monitoring appears pretty set in stone. You need to follow legal requirements to the letter and submit any suspicious data you find in due time.

However, with tools like SEON, you can take control of your AML fraud prevention strategy. By exposing hundreds of data points relating to user identity and transactions, you can create customized, flexible, and powerful rules that let you mitigate AML risk and stay safe from other types of fraud in the process.

We’ve looked at three examples of these rules earlier, but the sky’s the limit. In terms of functionality, you could also:

  • connect identity data with external sanctions of PEP lists to compare the results
  • create Zapier integrations to receive alerts via Slack or Microsoft 365
  • and much, much more

Best of all, all the data remains available at your fingertips if you need to submit SARs to the authorities, giving you full peace of mind when it comes to AML compliance. 

Frequently Asked Questions

Why do businesses need AML transaction monitoring?

AML transaction monitoring is a key part of national and international anti-money laundering strategy, which forces companies to examine transactions over a certain threshold. The transactions must be linked to someone’s identity to reduce the risk of money laundering.

What should I look for in AML transaction monitoring?

AML transaction monitoring needs to work in real-time and to alert your business of transactions above a certain threshold. The thresholds vary from one country to another, so it is important to ensure you are aware of the AML rules for every country in which you do business. 

How does AML transaction monitoring work?

For banks and other fintech organizations, this works by having software monitor all transactions and flag all those that exceed a certain threshold ($3000) for investigation, which often involves manual review. Additionally, the system ascertains that customers are not on PEP or sanctions lists. If anything seems suspicious after this, the bank ought to file a suspicious activity report (SAR).


  • UNODC: Money Laundering portal

Share article

Speak with a fraud fighter.

Click here

Author avatar
Tamas Kadar

Tamás Kádár is the Chief Executive Officer and co-founder of SEON. His mission to create a fraud-free world began after he founded the CEE’s first crypto exchange in 2017 and found it under constant attack. The solution he built now reduces fraud for 5,000+ companies worldwide, including global leaders such as KLM, Avis, and Patreon. In his spare time, he’s devouring data visualizations and injuring himself while doing basic DIY around his London pad.

Sign up for our newsletter

The top stories of the month delivered straight to your inbox