The EU is making instant payments a standard feature of the financial system. For customers, that’s a win given money moves in seconds across borders. But for banks and regulators, it’s also a new headache. Instant payments don’t just speed up legitimate transfers. They also give criminals the ability to move illicit funds faster than ever before. That’s why the EU’s new AML package puts a sharper focus on transaction monitoring, thus making real-time detection a must-have for financial institutions actively involved in payments (primarily, credit institutions and payment institutions).
Traditionally, most transaction monitoring has been somewhat slow, where in many cases it even takes place post-event. A suspicious transaction might trigger an alert hours or days later, which was manageable in the world of slower settlement times. With instant payments, however, by the time an alert is generated, or by the time an alert is properly reviewed, the money may already be long gone. Fraudsters and money launderers know this, and they exploit the speed advantage. Real-time monitoring is the only way banks and payment institutions can stop or at least flag these transfers before they vanish beyond recall.
The new AML Regulation (EU) 2024/1624 (“AMLR”) and AML Directive (EU) 2024/1640 (“AMLD”) explicitly provide for “real-time monitoring”, but the obligations they set make it clear that timely detection and reporting are no longer optional. Banks must apply effective, risk-based systems, file suspicious transaction reports “without delay”, and protect the integrity of financial flows. Supervisors, including the newly formed AMLA, are likely to view outdated, batch-based monitoring as falling short of these standards.
In this context, a solid indication of the intentions of the EU legislator is laid out in recital nr. 72 of AMLR, which provides that:
- Obliged entities should also set up a monitoring system to detect transactions that might raise money laundering or terrorist financing suspicions. To ensure the effectiveness of the transaction monitoring, obliged entities’ monitoring activity should in principle cover all services and products offered to customers and all transactions which are carried out on behalf of the customer or offered to the customer by the obliged entity. However, not all transactions need to be scrutinised individually. The intensity of the monitoring should respect the risk-based approach and be designed around precise and relevant criteria, taking account, in particular, of the characteristics of the customer and the risk level associated with them, the products and services offered, and the countries or geographical areas concerned. AMLA should develop guidelines to ensure that the intensity of the monitoring of business relationships and of transactions is adequate and proportionate to the level of risk.
It is, therefore, clear that an adequate “monistoring system” is a crucial component of the obliged entity’s AML/CFT framework, while the fundamental principle of risk-based approach is also critical in determining the intensity of real-time transaction monitoring. Clients or products that are deemed to pose an elevated risk should, of course, be monitored closely via digital means. In this regard, AMLA’s guidelines will be very important in further clarifying the relevant obligations.
The European Banking Authority (EBA) has also been vocal on this front. In its opinions and guidelines, it has warned that instant payments increase exposure to money laundering, terrorist financing, and fraud risks. In accordance with the general principle of risk-based approach, EBA expects banks to adapt their controls to the nature of the products they offer, and that means (at least in most cases) monitoring instant payments with the same speed at which they are executed.
Of course, implementing real-time monitoring isn’t simple. Banks must balance effectiveness against practical issues like false positives, customer experience, and compliance team workloads. But the alternative of letting illicit flows slip through because the system only reacts after the fact, is obviously far riskier. Criminals are already deploying automation and AI to move funds in ways that exploit system weaknesses. Banks and payment institutions need comparable tools, from machine learning models to smarter risk scoring, to keep up.
The reality is that instant payments are here to stay. The EU promotes them because of the implied advantages on the economic level, and customers will expect them as the norm. While some obliged entities have made significant efforts in developing adequate real-time monitoring systems and policies, more work remains to be done for a safer financial landscape.
Leave a Reply