Real-time banking transaction checks have ceased to be a “regulator’s last-mile requirement” and have become an element of business strategy. When a system promptly detects anomalies, stops a fraud attempt, and automatically generates reports, a company not only complies with regulations — it saves time, retains customers, and reduces operating expenses.
The COREDO team has carried out dozens of projects in the EU, the UK, Singapore and Dubai, from company incorporations and licensing to launching real AML processes and integrating transaction monitoring into payment infrastructure. In this article I examine in detail how real-time transaction monitoring works, which regulatory expectations currently dominate, and which solutions work in practice. I will show case studies, performance metrics, approaches to reducing false positives, and highlight the questions you should ask technology providers.
Why businesses need transaction monitoring
transaction monitoring in real time, it’s not just about AML. Real-time fraud detection protects revenue, and compliance monitoring of payments reduces the risk of fines and blocking by correspondent banks. Under PSD2 and open banking the customer expects instant transaction approval, and the bank expects explainability and auditability of decisions. Without real-time AML systems a company loses speed and flexibility, and the risk of undetected schemes increases.
What is monitored when checking transactions?
Which parameters do banks monitor?
Temporal payment patterns
Sanctions screening of payments and PEPs
Sanctions screening of payments is based on matching against the sanctions lists of OFAC, the UN and the EU, as well as local regulators’ lists. SWIFT screening and sanctions checks of correspondent banks are important for international transfers, especially when operating through the correspondent account network.
Monitoring transaction chains and TBML
Analysis of transaction chains and graph analysis reveal complex schemes, including trade-based money laundering (TBML). Clustering transactions to identify schemes and graph analysis of transfer chains help reveal “bridges” between groups of companies and shadow counterparties.
Requirements in the EU, the UK and Asia
In different jurisdictions — the EU, the UK and Asia — regulatory requirements set the compliance framework for financial and crypto-asset services. Below we examine in detail the key international standards and European rules, including the recommendations of FATF, the AMLD5/AMLD6 directives and EBA guidance.
FATF and EBA recommendations on AMLD5/AMLD6
The FATF legal standard sets the foundation: a risk-based approach, continuous monitoring, data governance and independent assessment. In the EU, the AMLD5 and AMLD6 directives have strengthened requirements for UBO identification, internal controls and liability for facilitating money laundering.
PSD2 and open banking: monitoring
GDPR, privacy-preserving analytics and eIDAS
FCA and sanctions lists
The FCA and regulatory expectations on AML in the UK emphasize the importance of model explainability and the reliability of sanctions screening. Banks and PSPs are required to match sanctions lists and PEPs in real time, taking into account fuzzy matching and the counterparty’s context.
How to build a real-time AML system
The architecture of real-time AML requires measured approaches to data processing if you want to actually build a system without headaches and ensure stable operation as volumes grow. The choice between batch and stream comes down to a trade-off between latency and throughput.
Batch vs Stream: latency and throughput
The batch approach is suitable for retrospective analytics and periodic analysis, but it does not catch instantaneous risks. The stream approach provides minimal latency and high throughput, which is critical for merchant flows, payroll, and instant payments.
Stream processing: Kafka, Flink, Storm
Tools for real-time transaction monitoring typically include Apache Kafka as an event bus and Flink or Storm for computations. Such a stack supports complex time windows, aggregates, deduplication, and stateful processing for transaction scoring.
Integration of Core Banking and PSP Enrichment
API integration with Core Banking and PSP allows pulling transactions, sessions, KYC/CDD data, and authorization context. Data enrichment — geolocation, BIN, AML watchlists, corporate directories, sanctions lists — improves scoring quality.
Scaling for peak loads
Scaling for peak loads, for example during holiday payrolls or sales, requires elasticity and prioritization. Flow control in multi-currency and cross-border payments takes into account FX volatility and correspondent account limits.
On-prem vs cloud: SIEM log storage
On-prem solutions increase control and are suitable for banks with strict regulations on log retention in the EU and Asia. Cloud speeds up deployment and reduces CAPEX, but requires clear data boundaries and encryption.
Monitoring triggers: database and context
Effective monitoring begins with clear rules and properly configured triggers that translate raw data from the database into actionable insights. Next, we’ll examine how rule-based scenarios and contextual rules use information from the database.
Rule-based scenarios and contextual rules
Scenarios for AML automation (rule-based) include threshold amounts, frequency, country-risk lists and merchant blacklists. Contextual rules for AML add a “healthy” behavioral baseline and customer links: usual IP addresses, devices, counterparty types and time windows.
Bank limits and limit checks
Onboarding and KYC/CIP/EDD
How to manage false positives and KPIs
Practices for reducing false positives include customer segmentation, contextual features, adaptive windows and feedback from analysts. Performance metrics for AML systems — precision, recall and false positive rate — help balance sensitivity and accuracy.
Hybrid machine learning approaches
Machine learning helps reveal hidden patterns in large volumes of data, and hybrid approaches allow combining expert rules with models for greater robustness and explainability. Below we consider how these methods are used for anomaly detection and behavioral monitoring.
Machine learning for anomaly detection and monitoring
Machine learning for transaction anomaly detection adds depth on top of rules. Behavioral monitoring of customers’ transactions uses clustering, graph features and gradient boosting for complex patterns.
Explainability and regulatory requirements
Explainability of ML models in AML and regulatory requirements prescribe understandable reasons for each alert and auditing and traceability of ML decisions. Case management systems for investigations should store the model version, the feature set and escalation steps.
Privacy and risks of third-party models
COREDO Case Studies: the Path to AML Monitoring
COREDO case studies demonstrate the path from obtaining a license to real implementations of an operational AML monitoring system in financial market products. Using the example of a PSP in the EU, we show how the licensing stage smoothly evolves into building a real-time platform and an operating system for AML.
PSP in the EU: from licensing to real-time
In Estonia, the COREDO team assisted a PSP in obtaining a license and implementing real-time AML. We integrated Kafka and Flink, configured SWIFT screening, the OFAC/UN/EU sanctions lists, and contextual rules for the merchant flow.
Fintech and Open Banking in the UK
Payment Company in Singapore and Dubai
In Singapore and Dubai, COREDO built payment compliance monitoring with a focus on cross-border and multi-currency flows. We applied hybrid scoring, enriched data with geolocation, and implemented TBML controls based on documentary inconsistencies.
Mass Merchant Transactions
Performance metrics: cost and ROI
Assessment of implementation cost, projected ROI and a set of key performance metrics — essential elements when planning digital projects in a bank. Below we will examine in detail what makes up the budget for an average bank.
Implementation cost for an average bank
How much does it cost to implement a real-time transaction monitoring system for an average bank? In our experience, TCO over 12–18 months ranges from 0.9 to 2.5 million euros, including licenses, implementation, integrations and team training.
Accuracy and speed metrics
Which metrics demonstrate ROI from real-time monitoring? Reduction in false positive rate, increase in precision/recall, average time to investigate (MTTR), share of automated SARs, proportion of fraud losses prevented and cost per case.
ROI: where the business value comes from
Questions for vendors regarding the SLA
Preparing your business for bank monitoring
Businesses should prepare in advance: bank monitoring implies transparent reporting, proof of sources of funds and tidy registration documentation. Below are practical steps for opening an account and registering in the EU.
How to open an account in the EU and register
Monitoring for the registration of legal entities in the EU is not a formality but a real criterion for bank onboarding. How to prepare a company for banks’ AML checks before opening an account?
Policies, playbooks and reporting
Incident management and playbooks for AML operations should describe escalations, priorities, actions for mass payments and payroll, as well as rules for operating on weekends and holidays.
Validation and log storage
End-to-end data validation and reconciliation eliminate discrepancies between transactions and balances and increase confidence in alerts. Log retention policies in the EU and Asia specify retention periods and requirements for protection and access.
What do banks expect from licenses?
When obtaining financial licenses (crypto, forex, payment services) regulators evaluate not only policy but also operating processes: KYC/CIP/EDD, sanctions screening, international transfer controls and false positive management.
International transfers
How to choose a provider and tooling
The right tooling when selecting a provider defines what analytical and operational tasks can be solved quickly and reliably. This is especially important for graph visualization capabilities.
Graph visualization and AML-as-a-Service
Questions for providers on SLA and GDPR
Reducing investigation costs
How to reduce operational costs for AML investigations? Adopt lean investigation and triage models, automate enrichment, use prioritization by risk score, implement case templates and active feedback training.
Strategic partnership with COREDO
When a business prepares for international expansion, company registration and Licensing: only the first chapter. Real transaction monitoring becomes the operational backbone that supports risk management, the trust of partner banks, and stable unit economics. If you combine rules and ML, build a transparent data architecture and explainable models, the system not only meets AML standards – it helps the business grow.
COREDO combines legal and financial expertise with strong engineering practice. We support registration in the EU, the United Kingdom, the Czech Republic, Slovakia, Cyprus, Estonia, Singapore, and Dubai, help obtain licenses and launch compliance processes that withstand scrutiny from regulators and banks. If you are building an international payments business or scaling corporate payments, the COREDO team prepares a roadmap, implements real-time monitoring and configures metrics that show real ROI.