What recent enforcement says about the future of financial crime monitoring

In July 2025, the FCA issued another multi-million pound fine for weaknesses in customer onboarding and transaction monitoring. Many financial services firms will recognise the issues exposed. Controls built on static rules and one-off checks are struggling to keep pace with the complexity of modern financial crime.

The scale of the problem is significant. The National Crime Agency estimates that more than £100 billion is laundered through the UK each year. On top of that, Cifas recorded a record 217,000 fraud cases in the first half of 2025, including over 118,000 cases of identity fraud and more than 38,000 facility takeovers. Together, these figures highlight the widening gap between regulatory expectations and the reality of what many firms’ systems can deliver.

That’s also where enforcement is heading. Regulators want to see controls that are active, adaptable, and driven by live behavioural data. Passing an onboarding check once isn’t enough. The real test is whether suspicious activity can be spotted early, with clear evidence to back it up.

3 reasons why financial crime controls break down

Many banks still rely on a combination of rules-based monitoring and point-in-time KYC. On paper, those processes might appear to meet compliance. In practice, they leave too much room for criminal activity to slip through.

1. Rules don’t adapt
Rules-based systems flag pre-set scenarios: a transaction over a certain amount, activity in a high-risk country, or an unusual frequency of payments. Once coded, those rules are slow to change. Criminals know this. They move just under thresholds, break up transactions, or adjust patterns to stay inside the system’s comfort zone. Tightening rules often just floods investigators with false positives, diverting attention from genuine threats.

2. Profiles never update
Onboarding KYC creates a snapshot in time. It shows who a customer was when the account was opened, not who they are today. Accounts that pass initial checks can be taken over months later, or drift into behaviours that no longer match the original profile. Without regular refresh, these changes are missed and by the time they trigger a rule, the damage is done.

3. Outdated thinking
The latest FCA fine is just one example of a much wider pattern. Many institutions are still using systems designed for an era when “check once and monitor occasionally” was sufficient. Regulators now expect controls that adapt continuously, informed by live behavioural data rather than static records.

Regulatory expectations are changing

Recent enforcement activity shows regulators want more than proof that monitoring exists. They want evidence that it works in practice, at speed, and against today’s highest-risk patterns.

For the FCA, this means controls that can detect suspicious activity as it happens, understand the wider context, and adapt quickly when new typologies emerge. A series of small transfers, for example, may look harmless in isolation but takes on a different meaning when linked to other accounts in the network.

The direction is consistent internationally. The EU’s new Anti-Money Laundering Authority will expect integrated, cross-border oversight. In the US, FinCEN is pushing for greater use of data analytics and technology to improve detection quality. Across the board, there’s an emphasis on:

• Reducing low-value alerts
  
  

• Retuning systems quickly when risks change
  
  

• Demonstrating effectiveness with clear, defensible metrics
  
  

Firms treating compliance as a periodic exercise are under increasing scrutiny. Monitoring has to evolve at the same pace as the threats it is built to detect.

From one-off checks to continuous oversight

Traditional monitoring processes create latency. Data is batched overnight, alerts appear hours or days later, and investigations follow in sequence. By then, funds have often moved beyond recovery.

Real-time monitoring reduces much of that delay. It enables:

• Behavioural profiling at speed: creating a live baseline for each customer and flagging activity that doesn’t fit
  
  

• Network-aware detection: linking activity across accounts and institutions to spot patterns like layering or mule networks before they spread
  
  

• Continuous KYC refresh: updating customer profiles as income sources, merchant categories, or transaction flows change, instead of waiting for a scheduled review
  
  

This makes a measurable difference. Shortening the detection window lowers operational costs by reducing investigation volumes, increases the chances of recovering assets, and frees analysts to focus on the alerts that carry the highest risk. It also means firms can respond to new typologies faster, without the long lead times required for rule recoding or system updates.

Delivering this capability is as much about design as it is about technology. Data infrastructure must handle live ingestion, monitoring and case management systems need to work seamlessly together, and governance processes have to support rapid action. When those elements align, firms are better able to meet regulatory expectations and build stronger defences against financial crime.

Open Banking as an enabler for stronger controls

Traditional monitoring still struggles with blind spots. It can track what happens inside a single institution, but not how funds move across accounts and providers. That lack of visibility is one reason suspicious activity can go undetected for weeks.

Open Banking changes that. With customer consent, it delivers live transaction data across multiple accounts, regardless of provider.

For senior leaders, the advantage is twofold: the ability to detect and disrupt suspicious activity earlier, and the ability to evidence that detection with complete, contextualised data. As regulators move towards continuous, adaptive controls, that combination is becoming a clear differentiator.

Practical steps for financial services leaders

Recent enforcement has shown regulators are focusing on how quickly and effectively firms can detect, investigate, and escalate suspicious activity. The priority is controls that work in practice and can be evidenced clearly.

Step 1. Measure detection speed
Track the time from suspicious activity to alert, and from alert to escalation. Set clear tolerances and monitor them consistently.

Step 2. Analyse behaviour patterns
Go beyond fixed rules by building a view of how each customer normally transacts — amounts, locations, counterparties, and payment types, and flag changes. Include connections between accounts to spot mule activity or coordinated transfers.

Step 3. Use wider data sources
Most undetected activity involves accounts outside a single institution. Bringing in live, regulated feeds such as Open Banking can reveal movements between accounts and providers that would otherwise be missed.

Step 4. Keep KYC current
Risk profiles should change when customer behaviour changes. Use triggers such as new income sources, different transaction types, or new geographies to update profiles and adjust monitoring accordingly.

Step 5. Prove the system works
Maintain dashboards that track alert times, case volumes, false positives, and outcomes. This provides an audit trail for regulators and highlights where improvements have the most effect.

Step 6. Match governance to speed
Fast detection without fast decision-making delivers little benefit. Escalation routes, decision-making authority, and investigation teams need to match the pace of alerts raised.

When these steps are in place, detection is quicker, blind spots are reduced, and performance can be demonstrated with evidence regulators will accept.

From months to minutes: The new standard for financial crime detection

In financial crime, speed changes outcomes. The longer the delay, the greater the room for losses to mount, evidence to disappear, and trust to erode. Near-real-time detection transforms the way institutions can respond, making action faster and better informed.

Open Banking data makes this possible. With regulated, real-time transaction insights, firms can close the window between suspicious activity and decisive action.