AML Transaction Monitoring: Rules & Alerts

AML transaction monitoring is the continuous process of analysing customer financial activity to detect patterns indicative of money laundering or terrorist financing. In Canada, it is a mandatory requirement under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations, enforced by FINTRAC (Financial Transactions and Reports Analysis Centre of Canada).

This article is for informational purposes only and does not constitute legal, financial, or regulatory advice.

What Is AML Transaction Monitoring?

AML transaction monitoring means systematically reviewing customer transactions — individually and in aggregate — to identify activity inconsistent with the customer's known risk profile. FINTRAC's risk-based approach guidance requires reporting entities to implement ongoing monitoring of business relationships, including transaction monitoring proportionate to the risk level of each client (FINTRAC — Risk-Based Approach).

The monitoring process follows three stages:

1. Rule configuration: defining detection scenarios based on thresholds, typologies, and expected behaviour for each customer risk segment.
2. Alert generation: transactions matching a scenario trigger an automated alert for review.
3. Investigation and decision: compliance analysts examine alerts, determine whether they represent genuine risk, and escalate suspicious cases for a Suspicious Transaction Report (STR) submission to FINTRAC.

FINTRAC does not prescribe exact rules or threshold values — instead, firms must adopt a risk-based approach calibrated to their customer base, products, and geography.

Canadian Regulatory Framework: FINTRAC, RCMP and the PCMLTFA

The Canadian framework rests on several statutory pillars. The PCMLTFA (S.C. 2000, c. 17) requires all reporting entities to implement ongoing monitoring of business relationships as part of their compliance programmes, with enhanced measures for higher-risk customers (PCMLTFA).

FINTRAC guidance requires firms to establish systems and controls to detect and prevent financial crime. Firms that fail to monitor adequately face significant enforcement action: FINTRAC imposed CAD 5.2 million in administrative monetary penalties in 2024-2025 for non-compliance, demonstrating the regulator's willingness to take action against systemic failures (FINTRAC — Penalties).

Suspected money laundering must be reported to FINTRAC via a Suspicious Transaction Report (STR). The RCMP (Royal Canadian Mounted Police) is responsible for investigating money laundering offences under the Criminal Code (Part XII.2).

Detection Rules: Configuring Your Monitoring System

Transaction monitoring rules translate regulatory risk expectations into operational alerts. They should be documented, tested, and updated regularly as criminal typologies evolve.

Static rule sets carry a significant operational cost: industry benchmarks show that up to 95% of alerts generated by purely rule-based systems are false positives, draining compliance team resources. Aggregated data from our enterprise clients shows that combining behavioural analytics with rule-based detection brings fraud detection recall to 94.8% while keeping false positives at 3.2% — a ratio that pure rule-based systems cannot match. Calibrating rules with behavioural analytics and machine learning reduces this ratio while maintaining detection coverage.

Compliance professionals frequently raise two concrete pain points: the time cost of false positive investigations — typically 20–30 minutes per alert — and the challenge of setting appropriate thresholds across different customer segments (retail vs. corporate, domestic vs. cross-border).

Key Red Flags for AML Transaction Monitoring

A red flag triggers an investigation; it is not a conclusion. FINTRAC's guidance on indicators of money laundering and terrorist financing identifies sector-specific indicators that firms must incorporate into their monitoring systems (FINTRAC — ML/TF Indicators).

Core red flags to incorporate in your system:

• Behavioural anomalies: refusal to provide requested information, implausible explanations for unusual transactions, unexplained urgency.
• Geographic risk: transactions involving jurisdictions on the FATF grey or black lists, or Canada's list of high-risk countries (FATF High-Risk Jurisdictions, February 2026).
• Structuring: multiple transactions slightly below CAD 10,000 completed within a short window — a direct attempt to evade reporting obligations.
• Rapid fund cycling: funds received and retransferred within 24 hours, particularly to third-party accounts or virtual currency wallets.
• Profile-activity mismatch: a customer declaring low-turnover retail activity generating multi-million-dollar flows.
• Opaque beneficial ownership: corporate structures involving nominees or chains of entities without clear economic purpose.
• Shared digital identifiers: same devices, IP addresses, or phone numbers used across multiple distinct accounts — a key indicator of money mule networks.
• Adverse media: negative news matching customer profiles, especially involving financial crime, corruption, or sanctions.

These red flags should be built into your document compliance programme and applied consistently from customer onboarding through ongoing monitoring.

Reporting Obligations and Record-Keeping

Canadian firms face precise, non-discretionary reporting obligations. The key requirements are:

STR filing with FINTRAC: mandatory when a firm has reasonable grounds to suspect that a transaction is related to money laundering or terrorist financing. There is no minimum amount threshold — the suspicion itself triggers the obligation. STRs must be filed via FINTRAC's online reporting system (FINTRAC — Reporting).

Large Cash Transaction Reports (LCTRs): mandatory for cash transactions of CAD 10,000 or more, whether in a single transaction or multiple transactions within a 24-hour period by or on behalf of the same person or entity.

Electronic Funds Transfer Reports (EFTRs): mandatory for international electronic funds transfers of CAD 10,000 or more.

Record-keeping: all client identification records, transaction monitoring documentation, and STR-related material must be retained for a minimum of five years from the end of the business relationship, per PCMLTFA requirements.

Tipping off prohibition: once a STR is filed or under consideration, the firm cannot disclose this to the customer or third parties, under the PCMLTFA.

For sanctions-related monitoring, our article on OFAC and EU sanctions screening covers the complementary obligations in detail.

Implementing an Effective Monitoring Programme

A robust transaction monitoring programme requires four interconnected components:

1. Governance and accountability Appoint a Chief Compliance Officer with senior management access and clear authority to escalate and file STRs. The compliance officer must report regularly to the board on AML risks and the effectiveness of controls, per FINTRAC requirements.

2. Risk-based segmentation Apply proportionately higher scrutiny to higher-risk customers. A high-net-worth foreign politically exposed person requires different monitoring parameters than a domestic small business. Document your segmentation rationale — FINTRAC examiners review the logic behind your calibration decisions.

3. Calibration and testing Backtest your rules against historical data to measure false positive rates. Over-sensitive rules generate alert fatigue; under-sensitive rules create regulatory exposure. Document all calibration decisions and review rules at least annually, or when criminal typologies change.

4. Technology integration Automated transaction monitoring tools — such as those integrated into CheckFile's KYC solutions — combine rule-based alerts, behavioural scoring, and sanctions screening into a single auditable workflow. On the CheckFile platform, over 840,000 KYC dossiers processed for banking clients have revealed a 5.1% identity fraud rate at onboarding — anomalies that feed directly into downstream transaction monitoring calibration. This reduces manual burden and strengthens the audit trail regulators expect during examinations.

For a broader comparison of automated and manual approaches, see our guide on AI vs manual document verification.

Technology Outlook: AI, Real-Time Monitoring and 2026 Reforms

FINTRAC's evolving guidance emphasises that firms should move beyond static rule-based systems to intelligence-driven monitoring using behavioural analytics and explainable AI models (FINTRAC — Technology and Innovation).

Real-time monitoring — evaluating each transaction within milliseconds rather than batch-processing overnight — is increasingly the standard for payment institutions and fintechs. It enables intervention before funds become unrecoverable. Leading implementations combine:

• Business rules (velocity, geography, amounts)
• Graph analytics (detecting mule networks and linked entities)
• Anomaly models (deviations from individual customer behavioural baselines)
• Natural language processing (analysis of payment references and ordering party data)

Canada's ongoing PCMLTFA review process and FINTRAC's increasing focus on technology-driven compliance will bring higher expectations on monitoring system sophistication and senior management accountability across all reporting entity sectors.

Explore how CheckFile automates document verification workflows for regulated financial institutions, integrating KYC/AML checks from onboarding through ongoing monitoring.

Frequently Asked Questions

What is the purpose of transaction monitoring in AML?

Transaction monitoring in AML serves to detect suspicious financial activity — including money laundering, terrorist financing, and sanctions evasion — by comparing customer transactions against expected behaviour, regulatory thresholds, and known criminal typologies. It enables firms to meet their statutory STR-filing obligations and demonstrate effective controls to regulators.

What is the primary purpose of transaction monitoring in AML compliance?

The primary purpose is to ensure that firms can identify and report suspicious activity in a timely manner, satisfying both the preventive (detecting crime) and reactive (reporting crime) elements of Canada's AML regime. Effective monitoring also protects firms from regulatory sanctions, which can include significant penalties and reputational damage.

Why is ongoing transaction monitoring important in AML?

Customer risk profiles change over time: a client who poses low risk at onboarding may become high-risk due to changes in business activity, geographic exposure, or media coverage. Ongoing monitoring ensures that risk assessments remain current and that suspicious activity is detected throughout the business relationship, not just at the point of onboarding.

What thresholds trigger AML reporting in Canada?

There is no minimum financial threshold for STR filing — the suspicion triggers the obligation regardless of amount. However, mandatory reporting thresholds exist for Large Cash Transaction Reports (CAD 10,000 or more) and Electronic Funds Transfer Reports (CAD 10,000 or more for international transfers).

How should firms handle false positives in transaction monitoring?

False positives should be investigated, documented, and closed with a clear rationale recorded in the compliance system. Firms should analyse false positive patterns to improve rule calibration. FINTRAC expects firms to demonstrate that their alert review process is proportionate and risk-based — not a box-ticking exercise.