Skip to content
Magist
AnalyzeRegulationsVendorsCounselUpdatesCompareAbout
← All Controls

Transaction monitoring program

transaction-monitoring-programDomain: paymentsType: mixed

Description

A working transaction-monitoring program looks at customer activity in flight and after the fact, recognizes the patterns statutes and FATF guidance have flagged as suspicious (structuring, rapid movement of funds, geographic risk, transactions inconsistent with the customer profile), and escalates the suspicious cases through the regulatory reporting channels. The components are a rules engine and its tuning (typed rules, statistical models, or a hybrid), an alert investigation workflow with documented dispositions per alert, a SAR or STR drafting and filing path that satisfies form requirements without leaking suspicions outside the institution, and a model-risk-management posture examiners now expect for monitoring rules that use machine learning. The regulatory frame layers across regimes with similar structure. US Bank Secrecy Act suspicious-activity-monitoring at the MSB level under 31 CFR §1022.380 (with SAR filing to FinCEN within 30 days of detection, and the structured-transaction detection that catches sub-$10K splits intended to evade the CTR threshold). UK MLRs 2017 plus JMLSG ongoing-monitoring expectations with SAR filing to the National Crime Agency. EU AML transaction-monitoring obligations under the 2024 AML Regulation with Member State FIU STR filing. MiCA Title VI Articles 86-92 market-abuse monitoring for CASPs, plus Travel Rule data validation for crypto-asset transfers. The shape is constant across these; the specific reporting forms, the filing windows, and the suspicious-pattern templates differ in ways that matter to operations. The tuning question is where most monitoring programs live or die. Supervisors expect monitoring to be risk-based and tuned to the institution's specific customer cohort and product profile; off-the-shelf rule sets that have not been calibrated against actual customer behavior are a recurring examination finding. The false-positive rate has to be low enough that the investigation team can work each alert with real diligence; when it is not, alerts get cleared in batches without proper review and the program loses its credibility with examiners on inspection. Underreporting is the headline enforcement risk. Defensive over-reporting is its own problem: a SAR pipeline that floods the FIU with low-quality filings dilutes the value of the channel to law enforcement, and supervisors have started to read very high filing volumes as evidence the institution is using SARs as a liability hedge rather than as a real monitoring output. Evidence formats that hold up include the published monitoring-rules library with rationale per rule, the alert investigation logs showing reviewer and disposition, and the SAR filing records keyed to the underlying alert.

Applicability

Applies when: sector is fintech.

How predicates are evaluated

Required by (4 regulations)

  • US MTL

    BSA suspicious-activity-monitoring at the MSB level; SAR filing within 30 days of detection; risk-based monitoring with structured-transaction detection (sub-$10K splits to evade CTR threshold).

    Bank Secrecy Act, 31 U.S.C. §§5311-5336; 31 CFR Chapter X; per-state Money Transmitter Acts

    Source →

  • EU EMD2

    EU AML transaction-monitoring obligations under 2024 AML Regulation; Member State FIU STR filing.

    Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009

    Source →

  • EU MiCA

    CASP transaction monitoring including Travel Rule data validation; market-abuse monitoring under MiCA Title VI Articles 86-92.

    Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023

    Source →

  • UK FCA Payments

    MLRs 2017 + JMLSG ongoing-monitoring expectations; SAR filing to NCA; FCA examination focus on monitoring quality and filing volume.

    Payment Services Regulations 2017 (SI 2017/752); Electronic Money Regulations 2011 (SI 2011/99); FCA Handbook

    Source →

Fulfilled by (3)

  • comply-advantage · full · medium effort · $$
  • sumsub · partial · medium effort · $$
  • In-house build · high effort

Magist does not accept payment from vendors. Methodology.

Evidence formats

  • monitoring rules library
  • alert investigation logs
  • SAR filing records

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions.

Magist

Pre-launch regulatory analysis for product teams. Built by a lawyer, designed for PMs.

Tools

  • Analyze
  • Guided walkthrough
  • Vendors
  • Find counsel
  • Saved analyses

Reference

  • Scope by business model
  • Scope by jurisdiction
  • App ratings
  • Regulations
  • Compare regulations
  • Enforcement
  • Browse Controls
  • Vendor coverage
  • Radar
  • Pulse
  • Changelog
  • Guides
  • Regulatory updates
  • Open data
  • Corpus license
  • Ontology
  • State of Compliance

Solutions

  • For legal teams
  • For engineering
  • For executives
  • For law firms
  • For investors
  • For teams →

About

  • About Magist
  • Methodology
  • Editorial standards
  • Reviewers
  • Coverage status
  • Corrections
  • Trust
  • Coverage scope
  • How we handle data
  • Sub-processors
  • FAQ

Built by Neel Patel, a practicing in-house games attorney. Games touch more compliance domains at once than anything else in tech — Magist was designed around that.

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions. Operated by a Washington-licensed attorney. Not licensed in California or other US states. Magist provides legal information; consult a licensed attorney in your jurisdiction.

Magist is an instrument, not a consultancy. It does not sell compliance services or take payment from vendors for placement; the analysis is the same for everyone. No vendor, sponsorship, or referral fees, ever.

MethodologyLimitationsDisclosures

© 2026 Magist
TermsLicensePrivacySecurityLinkedIn