Real-time financial crime detection for a UK tier-1 bank.
Event-driven transaction monitoring pipeline replacing legacy batch-based AML with sub-second risk scoring, automated alert triage, and regulator-ready audit evidence.
"They replaced our overnight batch AML with a system that scores every transaction in real time. Our compliance team went from drowning in false positives to investigating genuine threats."
Chief Compliance Officer, UK Tier-1 BankFrom overnight batches to real-time intelligence
A UK tier-1 bank was running a legacy AML system that processed transactions in overnight batches. Suspicious activity was flagged 24 to 48 hours after the transaction occurred, by which time funds had already moved. The compliance team was overwhelmed by false positives, with over 95% of alerts turning out to be benign, while genuine threats slipped through undetected. With the FCA increasing pressure on banks to demonstrate real-time monitoring capabilities, the bank engaged Stratus Partners to replace the entire detection pipeline with an event-driven architecture capable of scoring every transaction in real time.
| Capability | Legacy Batch AML | Real-Time Detection Pipeline |
|---|---|---|
| Detection Speed | Overnight batch processing. Fraud discovered 24 to 48 hours after the transaction | Sub-500ms. Every transaction scored before settlement. |
| Alert Quality | 95%+ false positive rate. Compliance team overwhelmed with noise | ML-driven scoring. 85% reduction in false positives. Analysts investigate real threats. |
| SAR Filing | Manual process. Weeks of evidence gathering per Suspicious Activity Report | Automated. AI-generated narratives with full evidence chain. Filing-ready in minutes. |
| Audit Readiness | Spreadsheet-based evidence. Weeks to prepare for FCA review | Always audit-ready. Immutable logs, model version tracking, decision traceability. |
| Scalability | Fixed capacity. Degraded during peak periods (month-end, payroll) | Auto-scaling. Handles 50M+ transactions/month with consistent sub-500ms latency. |
Real-Time Transaction Monitoring Pipeline
Transactions flow from the payment switch through Kafka into the scoring engine. ML models and rule engines evaluate risk in parallel. High-risk transactions trigger automated alerts routed to compliance analysts.
flowchart LR
PS["Payment\nSwitch"] --> Kafka["Kafka / Kinesis\n(Event Stream)"]
Kafka --> SE["Scoring Engine\n(ECS Fargate)"]
SE --> ML["ML Models\n(SageMaker)"]
SE --> RE["Rule Engine\n(DynamoDB)"]
ML --> SE
RE --> SE
SE --> Decision["Decision:\nApprove / Flag / Block"]
Decision -->|"Flag"| AQ["Alert Queue"]
AQ --> CD["Compliance\nDashboard"]
CD --> SAR["SAR Generator"]
CD -.->|"Analyst Decisions"| ML
style PS fill:#6b21a8,stroke:#7c3aed,color:#fff
style Kafka fill:#1a1a2e,stroke:#7c3aed,color:#fff
style SE fill:#4c1d95,stroke:#7c3aed,color:#fff
style ML fill:#6b21a8,stroke:#7c3aed,color:#fff
style RE fill:#1a1a2e,stroke:#7c3aed,color:#fff
style Decision fill:#4c1d95,stroke:#7c3aed,color:#fff
style AQ fill:#1a1a2e,stroke:#7c3aed,color:#fff
style CD fill:#1a1a2e,stroke:#7c3aed,color:#fff
style SAR fill:#6b21a8,stroke:#7c3aed,color:#fff
← Scroll to explore diagram →
The Detection Architecture Stack
Every tool earns its place by solving a specific detection or compliance requirement.
- Amazon MSK (Managed Kafka) Real-time event streaming from payment switch and core banking. Handles 50M+ events/month with exactly-once delivery.
- Amazon SageMaker ML model serving for behavioural risk scoring. Models retrained weekly on analyst feedback. Sub-100ms inference.
- Amazon DynamoDB Low-latency rule lookups. Sanctions lists, velocity checks, geographic impossibility rules evaluated in parallel with ML scoring.
- Amazon ECS Fargate Scoring microservice and alert routing. Auto-scales during peak transaction periods without manual intervention.
- Amazon S3 + Athena Immutable transaction audit trail. Every score, decision, and model version stored for regulatory evidence.
- Amazon OpenSearch Real-time compliance dashboard. Case management, alert triage, and investigation workflows for the compliance team.
From reactive batch processing to proactive intelligence
Detection now happens inside the payment flow, not after it. Every transaction is scored, every decision is logged, and every model is versioned for regulatory traceability.
- Real-Time by Default Every transaction is now scored within the payment flow itself. No more overnight batches. No more 24-hour detection gaps where funds can disappear.
- Intelligence-Driven Detection ML models learn continuously from the bank's own transaction patterns and analyst feedback. Detection accuracy improves over time without manual rule updates.
- Automated Compliance Workflow SAR narratives are auto-generated with supporting evidence. Filing preparation that previously took weeks is now completed in minutes.
- Event-driven streaming pipeline on Amazon MSK with exactly-once processing guarantees
- ML scoring models trained on 12 months of the bank's historical transaction data and analyst decisions
- Real-time compliance dashboard with alert triage, case management, and full investigation workflows
- Automated SAR generation with AI-written narratives and a complete evidence chain per case
- Regulatory evidence pack including model governance documentation, decision audit trail, and FCA/JMLSG compliance mapping
FCA-ready, continuously
The FCA's Senior Managers Regime holds individuals personally accountable for AML failures. JMLSG guidance demands risk-based, proportionate monitoring. This architecture satisfies both frameworks by embedding compliance directly into the detection pipeline, not bolting it on afterwards.
- FCA Senior Managers Regime Full decision audit trail. Every alert, investigation, and filing linked to the responsible individual with timestamp and rationale.
- JMLSG Guidance Risk-based approach implemented via ML scoring. High-risk customers and transaction patterns receive enhanced monitoring automatically.
- SAR Filing (UKFIU) Suspicious Activity Reports auto-generated with AI narratives, supporting evidence, and submission-ready formatting.
- Zero regulatory findings Passed FCA thematic review on transaction monitoring controls with fully automated evidence packs.
- 85% reduction in false positives Compliance analysts now spend their time investigating genuine threats instead of clearing noise from the queue.
- Real-time regulatory visibility Compliance officers monitor transaction risk as it happens, not in yesterday's batch report. Suspicious patterns are surfaced in seconds, not days.
Is Your AML System
Keeping Up?
Legacy batch-based AML systems leave banks exposed for hours. The CRRI assessment benchmarks your detection capabilities and identifies where real-time monitoring would have the greatest impact.