As regulatory pressure intensifies under frameworks such as AMLD6, FATF Recommendations, and DORA, financial institutions are expected to go beyond rule-based detection. Monitoring must now combine data intelligence, automation, and cross-institution collaboration to identify hidden risk in real time.
What suspicious activity monitoring involves
At its core, SAM is about recognizing deviations from normal customer behavior. The system continuously scans transactions, account activity, and customer interactions to detect anomalies that may indicate money laundering, fraud, or terrorist financing.
Typical suspicious indicators include:
- Rapid movement of funds through multiple accounts.
- Sudden changes in transaction volume or frequency.
- Transfers involving high-risk jurisdictions or sanctioned entities.
- Structuring or “smurfing” – breaking transactions into smaller amounts to evade detection.
- Activity inconsistent with a customer’s stated business or income.
When such patterns are detected, the system flags the activity for compliance teams to review and, where necessary, file a Suspicious Activity Report (SAR) with the relevant FIU.
The regulatory context
The
Financial Action Task Force (FATF) establishes the global standard for suspicious activity monitoring and reporting under Recommendation 20, requiring financial institutions to promptly report suspicious transactions to competent authorities.
In the EU, the
Sixth Anti-Money Laundering Directive (AMLD6) and
EBA Guidelines further strengthen obligations for monitoring and escalation. The
European Banking Authority expects institutions to apply risk-based monitoring that accounts for transaction type, customer profile, and geography.
In the United States,
FinCEN enforces parallel requirements under the
Bank Secrecy Act (BSA), mandating timely SAR filings and ongoing monitoring for unusual patterns.
Why SAM systems are under pressure
According to the Deloitte 2024 AML Benchmarking Report, up to 90% of alerts generated by traditional monitoring systems are false positives. This means compliance teams spend most of their time clearing legitimate transactions instead of investigating real threats.
Key challenges include:
- Static rules: Hard-coded thresholds fail to adapt to evolving criminal behavior.
- Data silos: Limited data sharing across departments or entities reduces visibility.
- Complex cross-border networks: Transactions often span multiple regulatory jurisdictions.
- Manual case handling: Investigations are slow, inconsistent, and resource-intensive.
As a result, even well-funded compliance programs remain reactive rather than proactive.
The shift to intelligent, risk-based monitoring
Modern suspicious activity monitoring systems are powered by AI, machine learning, and advanced analytics that continuously learn from historical data and behavioral context.
Capabilities include:
- Dynamic risk scoring: Assigns evolving risk levels based on customer and transaction data.
- Pattern recognition: Detects subtle anomalies that rules-based systems miss.
- Network analysis: Maps relationships between accounts, entities, and jurisdictions.
- Automated alert triage: Prioritizes high-risk alerts, reducing compliance workload.
These systems transform monitoring from a compliance cost center into a strategic advantage, providing insights that strengthen fraud prevention, CTF operations, and overall risk management.
Integrating SAM with CDD, AML, and fraud detection
Suspicious activity monitoring does not operate in isolation. It draws on data from
Customer Due Diligence (CDD),
Anti-Money Laundering (AML), and
fraud detection systems to build a complete picture of customer risk.
By integrating these systems, institutions can:
- Detect risk across multiple channels and business lines.
- Identify linked accounts and counterparties using shared data models.
- Improve alert accuracy and reduce false positives.
- Strengthen regulatory reporting and audit readiness.
This integrated approach aligns with the
Digital Operational Resilience Act (DORA) and FATF’s call for improved data sharing between compliance functions.
“Suspicious activity monitoring is no longer about flagging transactions — it’s about understanding behavior. The future lies in collaboration across banks and jurisdictions, powered by privacy-preserving analytics.”
- William Morris, Lead Enterprise Account Executive - UK
This represents the direction regulators and institutions are moving toward: intelligence sharing without compromising confidentiality.
Data privacy and collaboration challenges
Regulators increasingly encourage data collaboration between banks to improve risk detection. However, privacy laws such as GDPR restrict how personally identifiable information (PII) can be shared or processed.
This creates a fundamental tension: institutions need to collaborate to detect cross-border crime, but they cannot share the very data required to do so. The solution lies in technologies that allow computation on encrypted data without exposure — preserving both security and privacy.
Partisia’s perspective
Suspicious activity monitoring depends on collaboration, but collaboration cannot come at the expense of privacy. Partisia’s privacy-preserving data collaboration platform enables financial institutions to analyze transaction data jointly without revealing sensitive information.
Using Multi-Party Computation (MPC), banks, regulators, and analytics providers can securely identify risk patterns, match cross-bank transactions, and train detection models — all while keeping data private and compliant with GDPR, FATF, and DORA.
This approach enhances accuracy, reduces false positives, and enables real-time, cross-border intelligence sharing — the next evolution in suspicious activity monitoring.
Partisia bridges compliance, privacy, and technology — transforming SAM from a reactive requirement into a predictive, collaborative capability.