Share the article
Subscribe for updates
Sardine needs the contact information you provide to us to contact you about our products and services.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Transaction Monitoring: How AI improves performance and efficiency

Transaction Monitoring (TM) is critical to any business that moves money. It’s one crucial way governments and the financial system prevent money from flowing to criminals, rogue states, and terrorists. Financial institutions must collect records about the transaction and the individuals or businesses transacting at every payment or movement of money.

It sounds easy in principle. In practice, it’s incredibly complex and often highly manual. This leads to too much manual review, a high false positive ratio, and analysts left dealing with difficult-to-understand transaction data and spreadsheets. 

Building an effective, successful transaction monitoring program and solution for the 21st century requires a data-driven approach. Sardine was built by data scientists who have worked across BSA/AML compliance and fraud and experienced the challenges first-hand. We built the Sardine platform starting with transaction monitoring and working back.

That means we can reduce your false positives, and manual effort and improve your effectiveness. How? Read on. 

What is Transaction Monitoring?

Transaction monitoring is critical to managing financial crime.

Any business that moves money is subject to strict financial crime, anti-money laundering (“AML”), and sanctions monitoring regulations. These are coordinated by the Financial Action Task Force (“FATF”) and applied by domestic and international regulators and governments. The laws are designed to manage threats such as terrorism financing, arms trading, human trafficking, and corruption. 

In the United States, the Bank Secrecy Act (BSA) and the Patriot Act require reporting and record-keeping to ensure that the proceeds of crime or any illegal activity cannot be brought into the financial system. 

Each of these risks is nuanced in how they apply to CIP (Customer Identification Programs) and Transaction Monitoring. FATF maintains a full glossary:

  • Money laundering: Is money received for an illegal activity such as human trafficking, drug trafficking, or corruption.
  • Sanctions: The United States, European Union, and United Kingdom maintain lists of “sanctioned entities” such as the OFAC list. Sanctions are a diplomatic tool designed to disrupt economic exchange in return for concessions. The term may be familiar when applied to Geopolitical issues such as Russia’s invasion of Ukraine. 
  • Politically Exposed Persons (PEPs): PEPs include domestic and foreign politicians or officials who are at risk of bribery, corruption, or involvement in crime. Often, a “PEP screening” will encompass the wider family of the PEP themselves.
  • Adverse media screening: Helps in detecting potential risks associated with customers, vendors, business partners, and transactions by scanning various sources like news articles, social media posts, regulatory filings, and court records.

Important note: Many checks like PEP or adverse media screening occur during the customer identification process (CIP) but can be applied equally at a transaction (i.e., with transaction monitoring).

Additionally, while these are the checks most commonly associated with anti-money laundering and sanctions programs, they’re not exhaustive. 

Transaction Monitoring applies whenever a transaction occurs.

Transaction monitoring is the process of recording transactions when a certain threshold is met. For example, anything above $3,000 must be recorded. They are also required by law to inform whenever a transaction of more than $10K is made via CTR report. 

A transaction monitoring system generates a “transaction alert” that can be analyzed at a customer level by an AML analyst. AML analysts may file a report called a Suspicious Activity Report (SARs/STRs) with the appropriate authorities. 

Suspicious Transaction Examples

A Transaction monitoring alter is generated when a transaction or series of suspicious transactions because they do not match the customer’s known or expected transactional behavior. 

Some examples could be:

  • The customer deposits a one-time cash payment of €20K, which is not observed to be in line with their known profile and offers no reasonable explanation for this deposit. All other transactions the customer makes align with their expected activity. In this case, the SP should report only the suspicious transaction to the FIAU by submitting a SAR/STR regarding the €20K transaction.
  • The customer's expected turnover is €20K per year. However, the transactional activity shows that the customer's turnover adds up to €50K per year. In this case, the reporting entity should submit an SAR/STR with the FIAU, highlighting all the transactions carried out by the customer, totaling €50K. 
  • The customer carries out a series of deposits different from their usual or expected activity. No explanation for this was provided. In this case, the reporting entity should submit an STR containing all the transactions made by the customer, which gave rise to the suspicion. 

A sophisticated transaction monitoring system would identify these and countless alternatives and create an alert (albeit without creating too many false positives).

AML Typologies

There are countless typologies, but for the purposes of this piece we will focus on the typologies recommended by FinCEN that can be identified with Transaction Monitoring. (See our previous guide into AML 101).


  • Alters or cancels transaction to avoid BSA recordkeeping requirement ($3000)
  • Alters or cancels transaction to avoid CTR requirement ($10,000)
  • Transaction(s) below (near) BSA recordkeeping threshold
  • Transaction(s) below (near) CTR threshold


Layering is a stage in the money laundering process where illicit funds are moved through a series of complex financial transactions to make their origin and ownership harder to trace. This typically involves multiple transfers, conversions, and movements of funds across different accounts and jurisdictions, often using sophisticated techniques to obscure the trail of the illicit funds. The goal of layering is to create a complex web of transactions that make it difficult for authorities to return the money to its illegal source. Below are some patterns that FinCEN expects a TM system to catch:

  • Unusual Transaction Patterns: Sardine can analyze accounts for transactions that deviate significantly from normal behavior, such as sudden transaction volume and frequency increases.
  • Multiple Transactions: Sardine can identify accounts involved in multiple transactions, especially those involving transfers between accounts and jurisdictions.
  • Complex transactions: Sardine can flag transactions that involve multiple parties, currencies, or financial instruments, as these could be used to obfuscate the origin of funds
  • Round Number transactions: Sardine can highlight transactions that frequently involve round numbers, which may indicate an attempt to hide the true nature of the transaction.
  • Geographic Anomalies: Sardine can identify transactions originating from or sent to high risk jurisdictions or countries known for money laundering.

Money Laundering

Below are the typical scenarios that FinCEN expects to catch in Money Laundering categories. These patterns are easy to see with Transaction Monitoring. 

  • Suspicious use of multiple accounts 
  • Suspicious use of noncash monetary instruments
  • Suspicious exchange of currencies

Suspicious activity

These are the typical scenarios that FinCEN expects to catch in the Suspicious categories. Transaction monitoring makes the below patterns easy to see. 

  • Transaction with no apparent economic, business, or lawful purpose
  • Two or more individuals working together
  • Suspicious use of multiple transaction locations

Transaction Monitoring Challenges

The Sardine founders have worked across fraud and compliance and struggled with the traditional approaches in their careers. These challenges are all too common.

1. A high false positive ratio. Despite being a critical control, transaction monitoring has become under pressure as organizations battle an increasing volume of alerts, SARs, and suspicious activity. Some organizations report dealing with false positive rates as high as 95% or 99%. If very few alerts become SARs, this indicates a high false positive ratio. 

2. Leads to too much (costly) manual review. If every alert has to be manually investigated, and a high percentage of those are false positives, operations teams can spend a massive amount of time dealing with cases that were ordinary activity. This creates a poor customer experience, costs for the business and does not help achieve the objectives of an effective BSA/AML program.

3. Made worse by hard-to-read or obfuscated rules make it hard to debug cases. If the rule that led to an alert is hard to understand, or worse, it comes with very little data about what triggered the alert, it can be confusing to the analyst. Why did this alert fire? This leads to many False Positives and lost time for the AML Analyst.

4. And poorly formatted transaction data. Often analysts receive raw payments or ledger entry data and have to reverse engineer a pattern from those transactions. This data can be poorly formatted, contain errors, and contain confusing reference codes or recipient names. 

5. With poor Case management UX. If case management is complex, it will take AML analysts a long time to examine the transactions. Unfortunately, the legacy tools, while comprehensive, often suffer from feature bloat. Great dashboard and user experience design for analysts is about ensuring they can do the most frequent tasks fastest. Taking a cue from modern design, we’d ideally want a simple solution on the surface but layers on depth for power users.

These challenges often have three root causes 

  • Poor communication exists between fraud and AML compliance tools (and teams). Fraud tools can block transactions. This is especially helpful in RTP, where criminals use the speed of money to exploit weaknesses in batch-based transaction monitoring and controls. Compliance teams often do not use this but know that what starts out as a possible fraud could be a money mule or sanctions hit. 
  • Legacy tools and point solutions that don’t solve the fundamental data issues. Teams might have a traditional transaction monitoring solution from their core provider and maybe a case management tool from another. Few of these enrich the underlying data and bring it to a quality where it is human-readable and can be easily visualized. 
  • Reliance on manual effectiveness testing. Manual testing often samples a few transactions, with incomplete data and spreadsheets. This is a very limited way to test and not indicative of the entire customer base. Compliance leaders are flying blind. Read our guide to 10x’ing BSA/AML effectiveness for how to fix this.

Sardine Transaction Monitoring Product Features

Ideally, we’d have a solution that:

  1. Deflects false positives with AI by detecting them as fraud before they become a compliance alert. Any transaction that is rejected prevents a future case from being created.
  2. Enriches transaction data with AI by cleansing it and connecting it to other data points about the customer or their related entities automatically.
  3. Brings this data together in a simple-to-understand visual tool like a network graph that allows an analyst to follow the hierarchy of data, transactions, and entities. 
  4. Automatically tests for effectiveness over 100% of the customer base and transactions, with a dashboard demonstrating this effectiveness to compliance leadership.
  5. Comes pre-loaded with best-in-class rules and has a no-code rule editor for quickly creating new batches and routines as well as creating potential fraud controls to deflect false positives automatically.
  6. Performs Sanctions, PEPs and adverse media screening every 24 hours on the entire customer
  7. Uses Generative AI to help with SAR narrative creation by pulling together all data into a clear summary.

By starting at the transaction monitoring and working back, that’s exactly what we built.

1. Real-time and Batch Transaction Monitoring

Transaction monitoring should work in real-time and batch mode. Some companies call real-time transaction monitoring ‘transaction screening.’

  • Real-time transaction monitoring can block a transaction likely to be fraudulent, deflecting an alert. It can also help manage the emerging issues cause by RTP, where criminals exploit RTP to beat batch-based transaction monitoring.
  • Batch-based transaction monitoring can queue transactions requiring human review and combine 1,000s of data signals into a simple visual case management system and network graph to file a timely SAR.

An example of where real-time transaction monitoring is used today is Sardine's ability to detect real-time declines for a person flagged as PEP(politically exposed person) who received suspicious transactions in the last seven days. 

Batch Transaction Monitoring, also called post-event monitoring, is best for transactions that need to be manually reviewed. In Batch Transaction Monitoring, you can have the ability to create complex rules, as it is sometimes challenging to create complex rules in real-time without impacting performance.

2. No or low-code Rule Editing

Compliance teams need to quickly create new rules without relying on vendors, 3rd parties or engineers. We enable this with a no-code and low-code rule editor. In Sardine, the batch rules are called Routines

Config Templates enable the AML analyst to enter the parameters for those for a given scenario. 

3. Rule Templates

Templates are a time saver. Sardine comes pre-loaded with 1,000s of templates that help analysts quickly build new rules. 

4. UAR/SAR filling via case management

A non-bank entity with a partner bank (like a Fintech or a SaaS platform) typically creates an Unusual Activity Report (UAR) to file with its partner bank. Sardine allows the non-bank to create UARs and submit them to their bank in a secure channel without exposing PII to email.

Users can create and generate SAR/UAR reports and automatically submit them to FinCEN or appropriate authorities. 

5. Effectiveness testing and Reporting

AML officers are required to deliver key activity reports to their regulators, which Sardine provides automatically. They need to maintain activity report which shows:

  1. The number of unusual transactions detected;
  2. The number of unusual transactions analyzed;
  3. The number of reports of suspicious transactions or activity (distinguished by country of operations); 
  4. The number of customer relationships ceased by the credit or financial institution due to AML/CFT concerns; 

Additionally, Sardine automatically runs effectiveness testing across the entire customer population. These tests provide a ratio of alerts to SAR filling and the ability to change rules and back-test them against historic data without a data-science team or analyst involved. Sardine’s account management team works closely with clients to help them maintain and improve their BSA/AML effectiveness over time. 

6. Initial and daily Sanctions, PEPs, and Adverse Media screening. While most solutions perform an initial check, Sardine also provides ongoing daily OFAC Sanctions, PEP, and Adverse Media screening, ensuring screening of existing and new customers. 

7. SAR narrative Generation with AI. With all of this data in one place, cleansed and available our Generative AI can build SAR narratives to save operations teams time and effort.


Sardine was built by a team that has led Infosec, Fraud, and BSA/AML compliance in their careers. The insight from this journey is that cybersecurity, fraud, and financial crime are all connected through data. 

As a result, Sardine was the first company to design Fraud and AML as a single solution, which made it perfect for Transaction Monitoring. A background in data-science and data-engineering meant the team focussed on data quality, automation, and AI from the beginning. 

We believe we can meaningfully reduce your false positives and manual review, all while increasing the effectiveness of your BSA/AML program. If you want to know more, why not contact us?


What are Suspicious Activity Reports (SARs) vs  Suspicious Transaction Reports (STRs)?

SARs and STRs are the same thing. FATF uses the word STRs, while the U.S. calls them SARs. They are reports that must be filed by financial institutions when they detect potentially suspicious transactions.

They provide valuable information to law enforcement agencies and regulatory bodies. 

When should SARs be filed?

 Regardless of the amount, SARs must be filed for criminal violations involving insider abuse.

Suspicious transactions meeting specific criteria should also trigger SAR filings. 

What makes a good SAR?

Quality matters! Accurate and detailed content is essential.

Examiners evaluate a bank’s policies and processes for identifying and reporting suspicious activity. 

How do banks collaborate in filing SARs?

In the US banks work with their state’s Financial Intelligence Unit (FIU) to file SARs. The FIU investigates further to assess threats. In the UK, companies submit with UK Financial Intelligence Unit (UKFIU), etc. 

What are AML typologies?

Typologies are common patterns associated with money laundering, such as structuring, smurfing, and trade-based laundering. 

Share the article
About the author
Zahid Shaikh
Head of Risk Products