Transaction Monitoring. Detect Suspicious Activity

You've onboarded a customer. Verified their identity. Assessed their ML/TF risk. Now what?

Now you watch what they do. Because that's where money laundering shows up: in the transactions.

Transaction monitoring is how you detect suspicious activity in real-time, identify patterns that don't make sense, and spot red flags before millions get laundered through your services.

What Is Transaction Monitoring?

Transaction monitoring means continuously reviewing customer transactions to detect:

• Unusual transactions — Size, frequency, or type that's abnormal for this customer
• Large or complex transactions — Transactions structured in complex ways that obscure their true purpose
• Patterns of transactions — Multiple transactions that together indicate suspicious activity
• Inconsistencies with customer profile — Transactions that don't match what you know about them

It's not about reviewing every single transaction manually. That doesn't scale. It's about having systems that flag transactions for review when they meet certain criteria.

Why It's Mandatory

AUSTRAC requires all reporting entities to have transaction monitoring programs. It's not optional. It's Part A obligations under the AML/CTF Act.

Your AML/CTF program must include:

• Risk-based systems and controls to identify suspicious matters
• Procedures for monitoring unusual, large, or complex transactions
• Processes to investigate and document flagged transactions
• Triggers for filing suspicious matter reports (SMRs)

If you're not monitoring transactions, you're not compliant. Period.

How Transaction Monitoring Works

Step 1: Define Normal Behavior

What does "normal" look like for each customer? That depends on their profile:

Customer: Salaried Employee
Normal: Monthly salary deposit, regular bill payments, occasional withdrawals
Unusual: Sudden $100,000 deposit, international wire transfers, cash withdrawals of $20,000

Customer: Small Business
Normal: Daily revenue deposits, regular supplier payments, payroll
Unusual: Large cash deposits when business usually operates on card payments, transfers to unrelated overseas entities

Customer: High-Net-Worth Individual
Normal: Large investment transactions, high-value property purchases, international transfers
Unusual: Sudden change to cash-heavy transactions, payments to shell companies, rapid movement of funds (layering)

Transaction monitoring systems build "behavioral profiles" for each customer. Then they flag deviations.

Step 2: Set Rules and Thresholds

Transaction monitoring uses rules to generate alerts:

Rule-Based Monitoring:

• "Flag any single transaction over $50,000"
• "Alert if customer makes 5+ deposits in one day"
• "Notify if transaction involves a high-risk jurisdiction"
• "Trigger if customer receives funds from a shell company"

Scenario-Based Monitoring:

• Structuring scenario: Multiple transactions just under reporting thresholds
• Rapid movement scenario: Funds deposited and immediately transferred out (layering)
• Round-dollar scenario: Transactions in exact round amounts (e.g., $50,000, $100,000) which is unusual for legitimate business

Step 3: Generate Alerts

When a transaction matches a rule or scenario, the system generates an alert. That alert goes to your compliance team for review.

Step 4: Investigate the Alert

Compliance staff review the flagged transaction:

• Is it genuinely unusual, or is it consistent with updated customer information?
• Can the customer explain it?
• Does it fit a known ML/TF pattern?
• Are there other red flags associated with this customer?

Most alerts are false positives. Customer bought a house (hence the large deposit). Business had a big sale (hence the revenue spike). You document your review and clear the alert.

But some alerts are genuine red flags. Those become SMRs.

Step 5: File SMR or Take Action

If investigation reveals suspicious activity, you file an SMR within 3 business days (or 24 hours for terrorism financing).

If risk is too high, you might also:

• Apply enhanced due diligence
• Freeze the transaction pending review
• Refuse to proceed with the transaction
• Terminate the customer relationship

What to Monitor For

Large Transactions

Not illegal, but higher ML/TF risk. Large transactions warrant scrutiny:

• Does the size match the customer's profile?
• Can they explain the source of funds?
• Is it a one-off or part of a pattern?

Unusual Transaction Patterns

It's not just individual transactions. Patterns matter:

Example: Layering
Monday: $200,000 deposited
Tuesday: $180,000 transferred to Account A
Wednesday: $180,000 transferred from Account A to Account B
Thursday: Account B transfers to offshore account

Each transaction alone looks normal. Together, it's layering — moving money through multiple accounts to obscure origin.

Example: Structuring (Smurfing)
Monday: Deposit $9,800
Tuesday: Deposit $9,500
Wednesday: Deposit $9,900
Thursday: Deposit $9,700

All just under the $10,000 TTR threshold. That's structuring. It's deliberate. It's suspicious.

Inconsistency with Customer Profile

Customer said they're a student with no income. They're depositing $50,000 monthly.

Customer's business is a corner store. They're receiving international wire transfers from Hong Kong.

Customer is 70 years old, retired. They're suddenly engaging in high-frequency day trading.

Transactions that don't match what you know about the customer are red flags.

Round Dollar Amounts

Legitimate business transactions often have cents. $4,387.63. $12,094.18.

Money laundering transactions are often round numbers. $50,000. $100,000. $250,000.

It's not definitive, but it's a pattern. Criminals deal in round amounts when they're moving money, not conducting legitimate business.

High-Risk Jurisdictions

Transactions involving countries with:

• Weak AML/CTF regimes
• High corruption
• Banking secrecy laws
• Known for drug trafficking or terrorism financing

FATF maintains a list. So does AUSTRAC. Transactions involving these jurisdictions get extra scrutiny.

Cash-Heavy Activity

Customer's business usually operates on card payments. Suddenly they're depositing large cash amounts. Why?

Cash is hard to trace. Criminals prefer cash because it obscures the money trail. High cash usage (when it doesn't match the business model) is suspicious.

Third-Party Payments

Customer receives funds from someone unrelated to them or their business. Or they pay someone who's not a known supplier or counterparty.

Why is this suspicious? It could be:

• Using intermediaries to hide beneficial owners (layering)
• Paying bribes or kickbacks
• Receiving proceeds of crime through a third party

Rapid Account Turnover

Customer opens an account. Large deposit. Funds transferred out within days. Account goes dormant.

That's a classic layering technique. The account exists just to move money, not to conduct ongoing business.

Manual vs Automated Monitoring

Manual Monitoring

You review transactions yourself. Works for very small businesses with low transaction volumes.

Pros: Low cost, human judgment
Cons: Doesn't scale, easy to miss patterns, inconsistent

If you've got 10 customers and 50 transactions monthly, manual monitoring might work. But most businesses need automation.

Automated Monitoring

Software monitors transactions, applies rules, generates alerts for human review.

Pros: Scalable, consistent, detects complex patterns, audit trail
Cons: Upfront cost, false positives, requires tuning

Banks and financial institutions use sophisticated transaction monitoring systems. They have to — they process millions of transactions daily.

Tranche 2 entities (lawyers, accountants, real estate) won't have the same volumes, but you still need systematic monitoring. ARCaml provides transaction monitoring functionality tailored to Tranche 2 use cases.

False Positives: The Challenge

Transaction monitoring generates lots of alerts. Most aren't actually suspicious. They're false positives.

Example:
Alert: "Customer deposited $75,000 — unusual amount"
Investigation: Customer sold their car
Conclusion: Not suspicious. Clear and close alert.

The challenge: If your monitoring system generates too many false positives, your compliance team gets overwhelmed. They start rubber-stamping alerts without proper review. And that's when actual suspicious activity slips through.

Good transaction monitoring systems are tuned to minimize false positives while still catching genuine red flags. That requires:

• Risk-based thresholds (higher thresholds for low-risk customers)
• Customer profiling (learning what's normal for each customer)
• Regular review of rules (adjust thresholds as you learn)

Documentation Requirements

AUSTRAC audits your transaction monitoring program. You need to demonstrate:

You have a system: What tools, processes, and rules do you use?

You're using it: Are alerts being generated? Reviewed? Documented?

You're acting on it: When alerts identify suspicious activity, do you file SMRs?

For every alert, document:

• What triggered the alert
• Who reviewed it and when
• What information was gathered during investigation
• What decision was made (clear, escalate, file SMR)
• Rationale for the decision

If you can't show documented alert reviews, AUSTRAC assumes you're not monitoring properly. That's a breach.

Real-World Red Flag: Commonwealth Bank

CBA's $700 million penalty included failures in transaction monitoring:

• Intelligent Deposit Machines were generating cash transactions over $10,000
• Those transactions should have triggered TTRs and monitoring alerts
• Systems failed to flag them
• Result: Over 50,000 unreported transactions, some linked to drug syndicates

CBA had transaction monitoring systems. But they didn't work properly for the new IDM channels. And that failure facilitated money laundering on a massive scale.

The lesson: Transaction monitoring isn't just about having a system. It's about ensuring the system actually works across all your channels and services.

Tranche 2 and Transaction Monitoring

For Tranche 2 entities entering AUSTRAC regulation in July 2026:

Lawyers: You'll monitor transactions through your trust accounts. Large deposits, unusual payment patterns, third-party payments — all need monitoring.

Accountants: Transactions you facilitate (like setting up structures, managing trusts) need monitoring. Are clients using structures in ways consistent with their stated purpose?

Real estate agents: Monitor for suspicious payment patterns in property transactions. Cash deposits, offshore buyers, complex structures, rapid flipping.

You don't need bank-level monitoring systems. But you need systematic processes for reviewing transactions and flagging red flags.

Technology: What You Need

Effective transaction monitoring requires:

• Rule engine: Define thresholds and scenarios that trigger alerts
• Alert dashboard: View and manage flagged transactions
• Investigation workflow: Document review process and decisions
• Customer profiling: Build behavioral baselines for each customer
• Reporting: Generate SMRs when required
• Audit trail: Record all monitoring activity for AUSTRAC review

Platforms like ARCaml integrate transaction monitoring with CDD and SMR reporting, so you're managing the entire AML compliance process in one system.

Common Transaction Monitoring Failures

No monitoring at all
"We do CDD at onboarding, that's enough." No. You need ongoing transaction monitoring.

Alerts pile up without review
Monitoring system generates alerts, but no one's reviewing them. That's worse than no monitoring — you've got evidence of potential ML/TF and you're ignoring it.

Documentation gaps
You reviewed an alert and cleared it. But there's no record of who reviewed it or why. AUSTRAC audit finds the alert. You can't explain the decision. That's a breach.

Thresholds too high
"We only flag transactions over $500,000." That's too high for most businesses. You're missing suspicious activity.

Not updating profiles
Customer's circumstances changed. Their business grew. But you're still using their original profile for monitoring. New activity looks unusual but it's actually legitimate growth.

No action on alerts
You detect suspicious patterns. But you don't file SMRs. Maybe you're worried about false accusations. But if it's suspicious and you don't report it, that's a breach.

The Bottom Line

Transaction monitoring is where AML compliance gets practical. You're not just collecting documents at onboarding. You're actively watching for money laundering as it happens.

Effective monitoring requires:

• Risk-based rules and thresholds
• Automated systems (for any meaningful transaction volume)
• Human review and judgment (because context matters)
• Documentation of every alert and decision
• Action when suspicious activity is detected (filing SMRs)

Get it right, and you detect money laundering before millions flow through. Get it wrong, and you're the vehicle criminals use to clean their funds.

AUSTRAC is clear: Transaction monitoring is mandatory. Build it into your AML program from day one. And when your system flags suspicious activity, investigate it properly and act.