Walking the compliance tightrope: Staying agile in the age of instant payments

by Alia Mahmud, Regulatory Affairs Practice Lead at ComplyAdvantage

Share this post

As real-time payment (RTP) schemes are increasingly adopted and the world transitions to ISO 20022, many firms naturally focus more on promoting transparency and managing risk than ever. 

This is particularly true for EU payment service providers (PSPs) and those operating within SEPA borders. The European Commission’s instant payments legislative proposal, which would require them to offer payment services in euros, is on the horizon.   

Our 2024 global compliance survey revealed that 50% of European firms are already part of an RTP program—four percentage points more than the global average. With a further 42% planning to join a program in the next 12 months, it’s clear that while these services create significant challenges for financial crime compliance—such as less time to detect and prevent illicit activity—firms know the net benefit is positive. 

So, how can financial institutions (FIs) balance user convenience and risk mitigation? Here are three things I think will help…

1) Master the brilliant basics

Being brilliant at the basics, such as transaction monitoring, is as essential as ever. Particularly in a world where PSPs have limited time to run customer and transaction checks. Additionally, even when suspicious activity is identified, firms’ response times are limited due to instantaneous access to funds.

However, since I began working in the compliance industry 13 years ago, significant-tech advancements have emerged. Alert prioritisation mechanisms allow firms to focus on the most suspicious activities, ensuring timely detection and response. Similarly, the availability of prebuilt rules and typologies streamlines deployment, enabling firms to customise their compliance measures to align with specific risk profiles.

Despite these advancements, there’s a concerning trend: many firms are lagging in fully embracing these innovations. This not only puts firms at risk of non-compliance but also leaves them vulnerable to emerging financial crime threats. 

However, here’s the good news: with the deployment of artificial intelligence (AI) overlay, firms can seamlessly triage alerts and adjust underlying rules’ thresholds, enhancing their compliance capabilities and bolstering their resilience.

2) Real-time screening needs real-time data

To meet this demand, collaboration between firms and data providers becomes essential. By forming a network, stakeholders can use their insights and resources to combat financial crime effectively. 

Within this network, timely updates and data exchange play a crucial role. Whether through alerts and real-time information sharing or the maintenance of an easily updatable database, the goal should remain consistent: to equip stakeholders with the necessary information to detect and prevent fraudulent activity swiftly.

However, achieving real-time data access and collaboration presents its own set of challenges. Technological infrastructures must be agile and adaptable, capable of processing vast amounts of data in real-time while maintaining robust security measures. 

3) Take lessons from the past

The expertise acquired from implementing data checks and real-time scoring in card networks can provide a solid foundation for navigating the rapid pace of real-time payments. This spans various aspects, including risk assessment methodologies, data analysis frameworks, and fraud detection techniques, which can be adapted and refined to suit the specific intricacies of RTPs. 

Furthermore, integrating data from card transactions into the analysis of fast payment data offers an opportunity to enhance end-user protection. By using insights from historical card transactions, such as transaction patterns, spending behaviours, and geographical indicators, organizations can deepen their understanding of potential risk factors and improve the effectiveness of fraud detection algorithms in real-time payment environments. 

This enhances the accuracy of risk assessments and enables proactive measures to address emerging threats and maintain the integrity of financial transactions.

Moreover, the collaboration between card and real-time payment data extends beyond fraud prevention to encompass broader risk management strategies. By correlating data from diverse sources, organizations can gain valuable insights – empowering them to make informed decisions and adapt their risk mitigation strategies accordingly.

More To Explore


Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?