top of page

Transaction Monitoring 2025 – How to Make It Effective for Your Business

Transaction monitoring

Transaction monitoring has been a foundational element of customer due diligence (CDD). It enables financial institutions to prevent and detect financial crime by taking a deeper look at their customer's transactional activities. Traditionally built around rules and thresholds, these systems were designed to catch known patterns of suspicious activity and support compliance with regulatory obligations.


But the role of transaction monitoring is changing. What worked five years ago doesn’t meet today’s needs. Criminal networks have become more adaptable, sophisticated, and faster at exploiting gaps in financial controls. Their methods are increasingly tailored to bypass static rules - especially in high-volume or fast-moving businesses.


At the same time, regulatory expectations have evolved - with greater focus on outcomes, responsiveness, and alignment with national priorities. This is the challenge Wolfsberg addresses directly in its 2025 statement on Monitoring for Suspicious Activity (MSA) Part II: Transitioning to Innovation.


The document outlines a clear shift in expectations - and a practical framework to help institutions modernise their approach.


Transaction Monitoring vs Monitoring Suspicious Activity


Wolfsberg's statement draws a deliberate line between Transaction Monitoring (TM) and Monitoring for Suspicious Activity (MSA).


  • TM is often rules-based, reliant on thresholds, and focused on transactional anomalies.

  • MSA is broader, combining transaction data with customer behaviour, typologies, risk indicators, and other contextual information.


What is expected from your organisation:

Your business should no longer view TM as a standalone detection engine. It needs to function as part of a multi-layered detection strategy, drawing on inputs across the customer lifecycle and aligning with law enforcement priorities.


Comparison transaction monitoring vs monitoring suspicious activity
Comparison Traditional TM vs MSA (Wolfsberg's approach)

It’s not About the Tool – It’s about Effectiveness


The AML tech space is crowded. Behavioural analytics, AI-driven platforms, graph-based models, and vendor solutions all offer faster, smarter ways to detect suspicious activity. But implementation alone doesn’t guarantee effectiveness.


Wolfsberg’s message is clear: effectiveness depends on how monitoring is designed, validated, and governed - not just which tool you choose.


What is expected from your organisation:


If your business is planning to modernise its TM system, it needs to ensure that the system:


  • Detects high-priority risks tied to your exposure

  • Produces meaningful alerts that support investigation

  • Aligns with the risk appetite and priorities of your business

  • Improves SAR quality and investigative outcomes


The focus must shift from “technology first” to “outcome first.”


Key Practices to Build an Effective TM System in 2025


1. Redefine What “Good” Looks Like


Most institutions are still measuring monitoring performance by volume - number of alerts triggered, number of SARs filed, percentage of accounts reviewed.

Wolfsberg recommends moving away from volume-based metrics and toward quality and relevance. In practice, that means using:

  • Priority risk coverage: Can the model detect typologies relevant to your products, customers, and geographies?

  • Expanded data use: Is the model using behavioural signals, contextual information, and internal intelligence — not just transactions?

  • Precision and recall: How many alerts lead to meaningful investigations? How much risk are you missing?

  • SAR quality: Is law enforcement receiving valuable, timely information?


Define these indicators clearly, and build your validation process around them.


2. Design for Integration, Not Isolation


Transaction monitoring should not operate in a vacuum. Effective monitoring in 2025 must integrate with your wider financial crime programme. That includes:


  • Connecting typology insights from investigations to model design

  • Using front-line feedback and internal reporting to refine risk indicators

  • Ensuring monitoring models interact with customer risk scoring and onboarding data

  • Making it easy for investigators to access context when working alerts


Wolfsberg stresses that monitoring should complement - not duplicate - other controls. If your systems aren’t connected, you’re likely underutilising critical data.


3. Treat Transition as a Strategic Business Change


Wolfsberg explicitly advises against comparing new models to legacy systems. If the new model is designed to detect different, higher-value risk, then matching legacy alerts isn’t meaningful.


Instead:


  • Start by defining new goals - such as stronger detection of high-priority threats or better alignment with typologies

  • Run proof-of-concept testing against historical data to evaluate whether new models meet those goals

  • You don’t need to replace your entire TM system in one go. Introducing improvements gradually 


4. Apply the Right Level of Oversight


Many institutions delay monitoring improvements because of model governance complexity. In many cases, financial crime models are subject to the same oversight as prudential or credit risk models - even though the risks are fundamentally different.


Wolfsberg calls for fit-for-purpose model governance:


  • Don’t apply “one-size-fits-all” Model Risk Management (MRM) processes to financial crime models

  • Tier model oversight based on materiality to your business - not just on complexity

  • Align audit, assurance, and MRM functions to avoid duplicated reviews and delays.


If your institution’s review process is taking months per model change, you are not in a position to respond to new threats. The business impact of delay must be part of your governance decision-making.


5. Prioritise Explainability: Internally and for Supervisors


Every model your business deploys should be explainable, not just to regulators, but to the analysts using it day-to-day.


Wolfsberg recommends explaining models across three dimensions:


  • Risk coverage:What risks is the model targeting, and how were typologies selected?

  • Model design: What inputs drive predictions, and how is the output calculated?

  • User application: How should investigators interpret and action the results?


If analysts can’t explain why a model generated an alert, the investigation will stall — and trust in the system will erode.


Build visualisation and summary tools into your design process. And train investigative teams on how to interpret model outputs from day one.


Final Considerations


Wolfsberg’s 2025 statement aims to help institutions design monitoring systems that are relevant to today’s risks, aligned to law enforcement priorities, and built for operational use.


For your business, this means:


  • Reassessing your current monitoring architecture against updated expectations

  • Prioritising effectiveness and usability - not only complexity or volume

  • Making explainability, validation, and integration core parts of your strategy

  • Aligning oversight with the purpose of financial crime models, not legacy MRM structures


Institutions that move early and structure their systems accordingly will be far better placed to meet regulatory scrutiny, reduce false positives, and surface the risks that truly matter.

 

bottom of page