Transaction monitoring is one of the most misunderstood AML obligations for Designated Non-Financial Businesses and Professions (DNFBPs). Most AML frameworks were originally designed for banks that sit directly in the flow of funds. DNFBPs do not. And yet, regulatory expectations for both remain broadly similar. This structural mismatch explains why so many DNFBPs struggle with "transaction monitoring," even when they are genuinely committed to compliance.
The Banking Model Was Never Built for DNFBPs
In banking, "transactions" are binary and data-driven: deposits, withdrawals, transfers, and card payments. Because money flows through the banking system, monitoring can be continuous and automated. Banks can build precise alerts around amount thresholds, velocity, counterparties, and jurisdictional shifts.
For a DNFBP, the definition of a "transaction" is far more ambiguous. It is often a professional or commercial event rather than a financial flow. Examples include:
- A company incorporation or trust formation
- A share transfer or appointment of a nominee director
- A property purchase or a high-value jewellery sale
Most DNFBPs do not hold client funds or control client bank accounts. They often lack oversight of what happens downstream after an engagement ends. Consequently, when regulations demand "ongoing transaction monitoring," DNFBPs are left struggling to translate that into something operationally meaningful.
DNFBPs Don't Monitor Money; They Monitor Behaviour
Across DNFBP sectors, monitoring signals are structural and behavioural — not transactional.
- Corporate Service Providers & Accountants: They look for the rapid formation of multiple entities, frequent changes in control, or resistance to providing source-of-wealth explanations.
- Real Estate Professionals: They observe buyers unconcerned with price, unusual urgency to close, or complex ownership arrangements designed to obscure the ultimate beneficial owner.
- High-Value Dealers: They encounter "walk-in" clients indifferent to valuations or those structuring purchases just below reporting thresholds.
For the DNFBP, risk is driven by human interaction — not algorithmic anomalies that can be detected through systems.
The Challenge of Episodic Interaction
Unlike banks, which see daily activity, DNFBP interaction is episodic. Long periods of silence are the norm. Red flags do not emerge through "transaction velocity"; they surface as isolated moments of friction — a sudden request for a rushed incorporation, or an opaque jurisdictional shift.
If you conduct a three-year lookback and find only three events (an incorporation and two annual filings), what exactly are you monitoring? This reality makes DNFBP monitoring qualitative rather than quantitative. It relies on professional judgement, not digital dashboards.
The Trap of "Paper Compliance"
When DNFBPs try to replicate banking controls by using generic threshold matrices or "tick-box" logs, the system breaks down. These controls often look robust on paper but become an operational pain point very quickly. Monitoring becomes procedural instead of analytical. Policies exist and forms are completed, but the actual risk remains unmitigated.
This is how "paper compliance" emerges: the appearance of oversight without the substance of risk management.
Reframing the Obligation: From Transactions to Relationships
To be effective, DNFBPs should pivot from "Transaction Monitoring" to Relationship and Engagement Monitoring. Instead of asking "What transactions should we monitor?", the better question is: "What behaviours or instructions should trigger a reassessment of this client's risk?"
This can be operationalised in three layers:
- Layer 1 — Event-Based Triggers: Automated triggers for review based on specific actions (e.g., new incorporations, property resales, or jurisdictional shifts).
- Layer 2 — Behavioural Signals: Documenting qualitative indicators such as evasiveness, lack of commercial logic, or urgency that doesn't match the deal profile.
- Layer 3 — Periodic Relationship Reassessment: Moving beyond "any suspicious transactions?" to ask: "Does this client's profile still make sense in light of their recent activity?"
The Real Compliance Challenge
DNFBPs are professional intermediaries, not system-driven institutions. Their AML effectiveness depends on how well professional judgement is embedded into daily operations. While banks have systems, DNFBPs have people.
If DNFBPs continue to treat monitoring as a procedural exercise rather than a judgement-based discipline, they remain vulnerable — not just to financial crime, but to regulatory enforcement.
Ask your team: What specific events trigger a risk reassessment today? Which behaviours are escalated, and which are ignored? Where is professional judgement actually documented? If the answers are unclear, your monitoring programme likely exists only on paper.

