Too Fast to Catch? Rethinking AML for the Real-Time Payments Era

Real-time payments (RTP) have rapidly become a defining feature of modern banking. With systems like the UK’s Faster Payments, the EU’s TARGET Instant Payment Settlement (TIPS), and the newly launched FedNow in the US, the expectation of instant value transfer is now embedded in customer behaviour. Banks are under pressure to meet these demands, offering immediate payment services that operate 24 hours a day, seven days a week. But while the pace of settlement has increased, the complexity of ensuring financial crime compliance in this accelerated environment has also grown. The challenge for banks is how to balance the promise of speed with the necessity of robust anti-money laundering (AML) controls.

The Disappearance of the Latency Buffer

Traditionally, payment systems operated with a built-in time buffer. Transactions routed via SWIFT, CHAPS or other legacy systems often took hours or even days to settle, giving compliance teams a crucial window in which to perform sanctions screening, transaction monitoring and investigative reviews. Manual holds or enhanced due diligence processes could be applied without materially impacting the customer experience. These delays, once considered a frustration, now seem like a luxury from a compliance perspective.

Compliance Challenges in a Real-Time Environment

The rise of RTP has effectively removed that buffer. Transactions settle in seconds, are often irrevocable, and take place around the clock. Once a payment has been processed, there is no opportunity to reverse it or to intervene in the flow of funds. This leaves financial crime teams with a vanishingly small window (sometimes milliseconds) to assess risk and stop suspicious transfers. It is no surprise that criminals are increasingly turning to real-time rails to rapidly move illicit funds before red flags can be raised.

Criminal Exploitation of RTP Channels

Criminal exploitation of RTP has become more sophisticated in recent years. There has been a marked increase in authorised push payment (APP) fraud, in which individuals are tricked into sending money to fraudsters. Synthetic identities are also on the rise, allowing criminals to establish accounts that appear legitimate but are designed purely for receiving and dispersing stolen or laundered funds. In some cases, open banking channels and payment initiation service providers are being leveraged to initiate real-time payments with limited oversight. Meanwhile, the use of money mule networks continues to expand, especially where individuals are recruited via social media to receive and redirect funds without understanding the full extent of their role in a laundering scheme.

Regulatory Expectations Are Rising

Regulators are responding. In the UK, the Financial Conduct Authority has made clear that the move to faster payments must not lead to a weakening of financial crime controls. The Payment Systems Regulator introduced new reimbursement requirements for APP fraud victims from 2024, forcing banks to absorb the cost in more cases unless they can demonstrate effective safeguards. Across the European Union, the Instant Payments Regulation and PSD3 proposal are set to mandate real-time sanctions screening and enhanced fraud measures as a condition for offering instant payments. In the US, while FedNow is in its early stages, both FinCEN and the Federal Reserve have reiterated that existing AML rules apply to RTP and expect institutions to ensure real-time fraud and identity controls are in place. The Financial Action Task Force, too, has underlined the importance of advanced analytics, continuous KYC and real-time data sharing in addressing the new threat landscape.

Global Disparities in AML Standards

Despite these efforts, global regulatory divergence remains a problem. A payment processed in seconds in one jurisdiction may be subject to entirely different monitoring expectations in another. This lack of harmonisation complicates compliance for banks with international operations and creates potential vulnerabilities that can be exploited by criminals moving funds across borders and between systems with varying levels of oversight.

Reimagining the Compliance Framework

Banks must therefore reimagine their approach to compliance. Legacy controls that rely on batch processing or manual review cannot operate at the speed of RTP. Instead, institutions must embed pre-transaction controls, including automated sanctions screening, risk scoring, and behavioural analytics, directly into the payment workflow. Transactions should be assessed in real time using models that factor in customer history, location, device data, transaction context and counterparty behaviour. Decisions must be taken within fractions of a second—and done accurately—to avoid disrupting legitimate activity or introducing unnecessary friction.

From Static KYC to Dynamic Risk Management

KYC can no longer be a one-time event at onboarding. Continuous KYC, which updates risk profiles based on evolving behavioural data and external intelligence, is becoming essential. A customer’s risk profile may shift significantly with a single transaction, and systems must be capable of identifying these changes and responding accordingly. Adaptive friction models can help manage this balance, allowing low-risk transactions to flow seamlessly while triggering enhanced scrutiny or tiered limits where risk thresholds are exceeded.

Transforming Operations & Culture

Real-time payments also demand new operating models. Compliance teams need the tools, training and authority to act instantly. Collaboration between compliance, technology, product and fraud teams must be embedded into business-as-usual. Data governance and quality become critical, as poor data inputs will undermine even the most advanced models. Financial institutions should also invest in cross-institutional threat sharing. Initiatives such as the UK’s Banking Protocol, CIFAS and the National Economic Crime Centre’s information exchange programmes demonstrate the value of shared intelligence in detecting and preventing financial crime at speed.

Building Trust Through Customer Protection

Alongside controls and collaboration, banks must consider the customer. The promise of RTP is one of convenience and empowerment, but it also exposes users to greater risk. When fraud occurs, customers often experience a sense of betrayal and frustration if the bank appears ill-prepared to help. Proactive communication about payment risks, fraud prevention tips and redress policies can help maintain trust. The incoming APP fraud reimbursement rules in the UK underscore the need for clear accountability and rapid resolution processes. Institutions that handle these interactions well will stand out for their integrity and customer focus.

Compliance as a Strategic Enabler

Importantly, compliance in RTP environments should not be viewed as a regulatory burden alone. Banks that lead in this space have the chance to differentiate themselves commercially. Real-time transaction data offers insights that can be used to improve customer segmentation, detect unmet needs, and offer better financial products. Compliance teams equipped with advanced analytics can identify threats earlier, reduce loss exposure, and streamline false positive resolution. In time, financial crime prevention can become not just a control function, but a strategic enabler of trust, efficiency and innovation.

Conclusion: Delivering Speed & Security in Tandem

The rise of real-time payments is irreversible. The financial crime risks they introduce are significant, but so are the opportunities to build smarter, more responsive compliance frameworks. Banks that invest in automation, intelligence and coordination will not only be better protected, but better positioned to thrive in a landscape defined by instant expectations. Speed and compliance are no longer competing priorities. In the world of RTP, they must be delivered together.

Is Your AML Framework Keeping Pace with Real-Time Payments?

We help banks deliver speed without compromising compliance. We build agile, regulator-aligned solutions that strengthen AML controls in a real-time world. Contact us to see how we can help you.