In July 2025, the FCA issued another multi-million pound fine for weaknesses in customer onboarding and transaction monitoring. Many financial services firms will recognise the issues exposed. That’s because controls built on static rules and one-off checks are struggling to keep pace with the complexity of modern financial crime.
And the scale of the problem isn’t exactly small. The National Crime Agency estimates that each year, more than £100 billion is laundered through the UK alone. On top of that, Cifas recorded a 13% rise in mule account activity in 2024, with many of those accounts passing initial checks before being repurposed to move illicit funds. When you look at it together, these trends point to a widening gap between what regulators expect and what many firms’ systems can currently deliver.
That’s also where enforcement is now heading. Regulators now want to see controls that are active, adaptable, and driven by live behavioural data. Passing an onboarding check once isn’t enough, and the real test is whether suspicious activity can be spotted early, with clear evidence to back it up.
3 reasons why financial crime controls break down
Many banks still rely on a combination of rules-based monitoring and point-in-time KYC. On paper, those processes might appear to meet compliance. However, in practice, they leave too much room for criminal activity to slip through.
Here’s why…
1. Rules don’t adapt
Rules-based systems work by flagging set scenarios: a transaction over a certain amount, activity in a high-risk country, or an unusual frequency of payments. But, once those rules are coded in, they’re slow to change. Criminals know this. They move just under thresholds, break up transactions, or change patterns in ways that stay inside the system’s comfort zone. Tightening rules often just floods investigation teams with false positives, diverting attention away from the activity that really matters.
2. Profiles never update
KYC at onboarding creates a snapshot in time. It says who a customer was when the account was opened, not who they are today. Accounts that pass initial checks can be taken over months later, or gradually start showing behaviour that doesn’t match the original profile. Without regular refresh, these changes slip through, and by the time they trigger a rule, the damage can already be done.
3. Outdated thinking
The latest FCA fine is just another example of a much wider pattern. Many institutions are still using systems designed for an era when “check once and monitor occasionally” was enough. Regulators now expect controls that can adapt in real time, informed by live behavioural data rather than static records.
Regulatory expectations are changing
Recent enforcement activity shows regulators want more than proof a firm has monitoring in place. They want evidence that it works in practice, at speed, and against today’s highest-risk patterns.
For the FCA, this means controls that can detect suspicious activity as it happens, understand the wider context around it, and adapt quickly when new typologies emerge. A series of small transfers, for example, may seem harmless in isolation but take on a different meaning when linked to other accounts in the network.
And this direction is consistent internationally. The EU’s new Anti-Money Laundering Authority will expect integrated, cross-border oversight. In the US, FinCEN is pushing for greater use of data analytics and technology to improve the quality of detection. Across the board, there’s an emphasis on:
- Reducing low-value alerts
- Retuning systems quickly when risks change
- Demonstrating effectiveness with clear, defensible metrics
Firms treating compliance as a periodic exercise are finding themselves under greater scrutiny. This means monitoring has to advance at the same pace as the threats it is built to detect.
From one-off checks to continuous oversight
Traditional monitoring processes create latency. Data is batched overnight, alerts appear hours or days later, and investigations follow in sequence. By then, funds have often moved beyond recovery.
Real-time monitoring removes much of that delay. It enables:
- Behavioural profiling at speed: creating a live baseline for each customer and flagging activity that doesn’t fit
- Network-aware detection: linking activity across accounts and institutions, so you see patterns like layering or mule networks before they spread
- Continuous KYC refresh: updating customer profiles as income sources, merchant categories, or transaction flows change, instead of waiting for a scheduled review
And that makes a big difference.
Shortening the detection window lowers operational cost by reducing investigation volumes, increases the chances of recovering assets, and frees analysts to focus on the alerts that carry the highest risk. It also means you can respond to new typologies faster, without the long lead times that come with rule recoding or system updates.
Delivering this capability is as much about design as it is about technology. Data infrastructure needs to handle live ingestion, monitoring, and case management systems must work seamlessly together, and governance processes have to support action as soon as an alert is raised. When those elements are in place, firms are better able to meet regulatory expectations and build stronger defences against financial crime.
Open Banking as an enabler for stronger controls
Traditional monitoring still struggles with blind spots. It can track what happens inside a single institution, but not how funds are moved across accounts and providers. That lack of visibility is one of the reasons suspicious activity can go undetected for weeks.
Open Banking changes that. With customer consent, it delivers live transaction data across multiple accounts, regardless of the provider. Here’s how that plays out:
| Capability | Example in practice | Benefit |
| Multi-bank visibility | Detecting funds leaving a personal account and appearing hours later in a business account at another bank before being transferred offshore. | Enables cross-institutional risk scoring and earlier disruption of laundering chains. |
| Behavioural context | Seeing an unusual series of cash deposits in the context of the customer’s historic income sources and transaction patterns. | Reduces noise by separating true anomalies from legitimate lifestyle or business changes. |
| Earlier anomaly detection | Spotting a spike in transfers to high-risk merchants or crypto exchanges within 24 hours of an account takeover. | Meets regulator expectations on timely identification of suspicious activity and increases asset recovery chances. |
| Continuous KYC refresh | Automatically updating a customer’s risk profile as income sources, spending categories, or geographies change. | Keeps risk scoring current without relying on infrequent manual reviews or reactive updates. |
For senior leaders, the advantage is twofold: the ability to detect and disrupt suspicious activity earlier, and the ability to evidence that detection with complete, contextualised data. And when regulators expect continuous, adaptive controls, that combination is becoming a key differentiator between adequate compliance and demonstrable effectiveness.
Practical steps for FS and Banking leaders
Recent enforcement has shown that regulators are looking closely at how quickly and effectively firms can detect, investigate, and escalate suspicious activity. The focus now is on controls that work in practice and can be evidenced clearly.
Step 1. Measure detection speed
Track the time from suspicious activity to alert, and from alert to escalation. Set clear tolerances and monitor them consistently. Shorter times increase the chance of recovery and show regulators the system is working as intended.
Step 2. Analyse behaviour patterns
Look beyond fixed rules by building a view of how each customer normally transacts — amounts, locations, counterparties, and payment types — and flag changes. Include connections between accounts to spot mule activity or coordinated transfers.
Step 3. Use wider data sources
Most undetected activity involves accounts outside your own institution. Bringing in live, regulated feeds such as Open Banking can reveal movements between accounts and providers that would otherwise be missed. Feed this directly into monitoring so it can be acted on immediately.
Step 4. Keep KYC current
Risk profiles should change when customer behaviour changes. Use triggers such as new income sources, different transaction types, or new geographies to update profiles and adjust monitoring accordingly.
Step 5. Prove the system works
Maintain a dashboard that tracks alert times, case volumes, false positives, and outcomes. This gives you an audit trail for regulators and a way to see where improvements have the most effect.
Step 6. Match governance to speed
If detection is fast but decisions are slow, the advantage is lost. Make sure escalation routes, decision-making authority, and investigation teams can respond at the pace at which alerts are raised. Use playbooks for the highest-risk scenarios so action happens without delay.
When these steps are in place, detection is quicker, blind spots are reduced, and performance can be demonstrated with evidence that regulators will accept.
From months to minutes: The new standard for financial crime detection
In financial crime, speed changes outcomes. The longer the delay, the more room there is for losses to mount, evidence to disappear, and trust to erode. Near-real-time detection changes the way you respond, making action faster, sharper, and better informed.
Open Banking data makes this possible. With regulated, real-time transaction insights, you can close the window between suspicious activity and decisive action. It’s a sharper, faster way to protect your customers and your organisation.
Talk to AperiData about how our regulated Open Banking data can help you cut detection times and strengthen your fraud detection controls.
Why firms choose AperiData
AperiData pairs regulated Open Banking access with the depth of insight fraud teams need to identify unusual activity in real time.
As one of the few Open Banking providers authorised as both an FCA-regulated Account Information Service Provider (AISP) and a Credit Reference Agency, AperiData delivers data that meets stringent regulatory standards, ready for both risk and compliance applications.
Key advantages:
✅ Granular transaction categorisation: Powered by proprietary machine learning models to classify income, spending patterns, merchant details, and transaction locations with high accuracy. This detail helps teams separate normal behaviour from genuine red flags with confidence.
✅ Risk flags and behavioural markers: Available via Categorisation as a Service (CaaS), Insight API, or Credit Console, highlighting anomalous debits, credits, and usage shifts that may indicate early-stage account takeover.
✅ Real-time data access: Supporting rapid detection and intervention before suspicious behaviour escalates.
✅ FCA-regulated status: Ensuring robust standards in security, compliance, and governance.
✅ Seamless API integration: Designed to plug straight into existing fraud workflows, platforms, and triage processes.
Detect earlier, triage faster, and focus resources where they can have the biggest impact.
