Payments modernisation AML: Identifying where risk sits
Under a swathe of unprecedented payment modernisation, AML measures at financial institutions (FIs) are under threat. With real time transactions pinging from country to country across e-commerce sites, remittance fintech apps, and in offline channels, there’s never been a more fertile period for payment service providers (PSPs) to enhance their digital experiences. But also to strengthen their defences against tech-savvy criminals.
So sophisticated have fraud typologies gotten to beat the system that it’s the largest contributor of financial crime in the UK, with more than 200,000 cases reported in 2025. Faster payments fraud risk will never slow down if legacy systems to process transactions and identify wrongdoing stay as-is; a point recognised by over 90% of institutions that are actively modernising their AML infrastructure amid new payment rails, and digital types including e-wallets or variable recurring payments.
This operational overhaul is necessary to keep criminals at bay, and even before that, to ensure AML compliance UK-wide is met to maintain the nation’s status as a leading fintech powerhouse. Customers and regulators alike expect tight data privacy, swift verification and monitoring to ensure real time payments happen, meaning the modernisation of payment systems is needed quicker than is being acted – highlighting the limitations of avoiding fraud and AML convergence.
The regulatory pressure of payments modernisation AML
As with every form of technological advancement, the sheer speed of modernisation can easily leave unprepared businesses behind. Especially as it raises expectations from customers that feel who they bank with should, crudely, ‘stick with the times’.
When it comes to real time payments, UK firms will of course feel accountable for facilitating cross-border payments safely and without friction for their customers, but it also comes with an AML compliance caveat in most jurisdictions. Over 70 countries utilise instant payments systems, and regions such as the EU regulate for accelerated credit transfers. If PSPs’ payments infrastructure get outpaced by both regulatory change, financial fraud and the growing role of digital assets (including currently un-legislated cryptocurrencies), the ramifications could see pioneering market entrants revoked entirely in the worst cases.
Continually, the race to provide innovative payment products has been seen at odds with budgets, resource capacity, siloed fraud and AML teams, and the digital maturity of anti-fincrime systems – and compliance being seen a cost centre that cannot possibly adapt to provide robust oversight that prevents crime, avoids fines, and maintains a leading presence in the financial sector. When you map this against the diverse financial ecosystem of large banks down to niche alternative financial products, the regulatory barriers for the UK’s smaller, resource-strapped businesses seem even less scalable.
Quick changes to the UK payments infrastructure
The compliance landscape draws together multiple players given AML’s now-crucial role for a range of accountable financial (and non-financial) businesses. Collaboration is key to reshape AML compliance culture, and address ways that every bank, fintech, regional regulator, government body and law enforcement agency is able to meet AML milestones, as well as create an environment for digital payments to flow freely and safely for legitimate customers – and contribute to a standardised practical framework for instant payments AML that’s advanced enough to deter fraudulent activity,
In order to appeal to the global trend of secure real time payments, UK commercial and challenger banks, fintechs and PSPs are likely already connected via the Faster Payment System infrastructure (operated by Pay.UK) that can transfer up to £1 million in single e-payments at any time or CHAPS (operated by the Bank of England). Institutions are also regulated by the Payment Systems Regulator (PSR) to increase interbank connectivity and drive market competition, which will soon be consolidated into the UK’s leading regulator – the Financial Conduct Authority (FCA) – to address cryptocurrency legislation.
This displays more steps in the right direction to monitor, detect, and report potential fraud or laundering activity in digital assets, bolstered by structured payment data that has become the leading standard since November 2025 through ISO 20022 payments. Swift ISO 20022 migration marks a gamechanger for facilitating cross-border high-value payments, as financial institutions (FIs) can contextualise the nature of transactions immediately, alerting anomalous activity for enhanced due diligence, sanctions screening, and accurate investigative efforts into high-risk behaviours.
Speed, scale and data compliance through the cloud
Standards such as ISO 20022 is an enabler of greater instant payments AML, but is only a proactive operational advantage if maintained in a functional, efficient AML and fraud detection system. A single risk-based platform achieves fraud and AML convergence by drawing teams together to detect suspicious payment alerts that cross both teams’ paths – including potential muling activity and repeated transactions from revictimisation scams – especially now that the PSR incentivises PSPs to reimburse victims of APP fraud.
And still many organisations are not maintaining workflows and tools that are dynamic enough to adapt to digital payments regulation (UK based or otherwise). Over 70% automate less than half of their AML activities, which can have dramatic effects on false positives rates, where AI-driven compliance can monitor and verify payment data with immediate effect for instant transactions to be made without delay.
Again, the answer to the compliance-to-scale conundrum lies in transforming payments modernisation toward cloud-based infrastructure and collaboration with RegTech providers. In that way, existing fraud and AML controls can be unified, and user-set high-risk thresholds can be attuned to an FIs’ regulatory frameworks and data standards – which can account for evolving digital payment types still under regulatory review.
With an elastic architecture, the cloud maintains an operational advantage for businesses by ingesting high volumes of customer data and data-rich payments (under ISO 20022) and achieving fast connected payment methods through APIs and watchlist screening capabilities. Cooperatively working with RegTech means continuous, automated transaction monitoring can become more commonplace, and the puzzle piece for facilitating real time payments and submitting evidence-based suspicious activity reports (SARs) to the National Crime Agency (NCA).
Where next for instant payments AML?
Now that compliance cannot be relegated to a bolt-on function, its ‘integrated’ role is being looked at by a range of FIs and PSPs through RegTech partnerships. This year, the market is expected to reach $21.5 billion, and rising – with unions able to achieve payments modernisation through risk-based intelligence and flexibility to the evolving high-velocity payment environment. With that, instant payments AML marks a strategic choice to stand out in the competitive financial product market.
The cultural shift toward connected and robust AML frameworks and platforms is ongoing. With RegTech tools existing to help all areas of the financial market comply with strict rules, and maintain operational resilience without downtime, security risk or being left behind by the sheer scale of digital transformation taking place in the fincrime underworld, the years ahead could look brighter for PSPs – as well as their demanding (and growing) customer bases, and global efforts to keep the cross-border financial system running speedily and safely.
