Insights

Why Transaction Monitoring Is So Difficult for DNFBPs

Transaction Monitoring for DNFBPs

Transaction monitoring is one of the most misunderstood AML obligations for Designated Non-Financial Businesses and Professions (DNFBPs). Most AML frameworks were originally designed for banks that sit directly in the flow of funds. DNFBPs do not. And yet, regulatory expectations for both remain broadly similar. This structural mismatch explains why so many DNFBPs struggle with "transaction monitoring," even when they are genuinely committed to compliance.

The Banking Model Was Never Built for DNFBPs

In banking, "transactions" are binary and data-driven: deposits, withdrawals, transfers, and card payments. Because money flows through the banking system, monitoring can be continuous and automated. Banks can build precise alerts around amount thresholds, velocity, counterparties, and jurisdictional shifts.

For a DNFBP, the definition of a "transaction" is far more ambiguous. It is often a professional or commercial event rather than a financial flow. Examples include:

Most DNFBPs do not hold client funds or control client bank accounts. They often lack oversight of what happens downstream after an engagement ends. Consequently, when regulations demand "ongoing transaction monitoring," DNFBPs are left struggling to translate that into something operationally meaningful.

DNFBPs Don't Monitor Money; They Monitor Behaviour

Across DNFBP sectors, monitoring signals are structural and behavioural — not transactional.

For the DNFBP, risk is driven by human interaction — not algorithmic anomalies that can be detected through systems.

The Challenge of Episodic Interaction

Unlike banks, which see daily activity, DNFBP interaction is episodic. Long periods of silence are the norm. Red flags do not emerge through "transaction velocity"; they surface as isolated moments of friction — a sudden request for a rushed incorporation, or an opaque jurisdictional shift.

If you conduct a three-year lookback and find only three events (an incorporation and two annual filings), what exactly are you monitoring? This reality makes DNFBP monitoring qualitative rather than quantitative. It relies on professional judgement, not digital dashboards.

The Trap of "Paper Compliance"

When DNFBPs try to replicate banking controls by using generic threshold matrices or "tick-box" logs, the system breaks down. These controls often look robust on paper but become an operational pain point very quickly. Monitoring becomes procedural instead of analytical. Policies exist and forms are completed, but the actual risk remains unmitigated.

This is how "paper compliance" emerges: the appearance of oversight without the substance of risk management.

Reframing the Obligation: From Transactions to Relationships

To be effective, DNFBPs should pivot from "Transaction Monitoring" to Relationship and Engagement Monitoring. Instead of asking "What transactions should we monitor?", the better question is: "What behaviours or instructions should trigger a reassessment of this client's risk?"

This can be operationalised in three layers:

The Real Compliance Challenge

DNFBPs are professional intermediaries, not system-driven institutions. Their AML effectiveness depends on how well professional judgement is embedded into daily operations. While banks have systems, DNFBPs have people.

If DNFBPs continue to treat monitoring as a procedural exercise rather than a judgement-based discipline, they remain vulnerable — not just to financial crime, but to regulatory enforcement.

Ask your team: What specific events trigger a risk reassessment today? Which behaviours are escalated, and which are ignored? Where is professional judgement actually documented? If the answers are unclear, your monitoring programme likely exists only on paper.