Risk & Economy » Compliance » Real-time payments are testing the limits of compliance

Real-time payments are testing the limits of compliance

A Q&A with Rocio Suarez, Financial Crime Expert at LexisNexis Risk Solutions, on why legacy systems can’t keep up with real-time finance — and what must change.

Rocio Suarez has spent years thinking about what happens when regulations shift faster than systems can adapt. As Director of Financial Crime Compliance at LexisNexis Risk Solutions, she advises financial institutions across Europe on how to stay aligned with anti-money laundering rules, counter-terrorist financing policies, and customer due diligence standards.

Speaking with The CFO at the sidelines Money20/20 Europe in Amsterdam, Suarez was clear on one thing. The acceleration of payments infrastructure, particularly in Europe, is placing compliance teams under strain.

Real-time payments have become a business imperative. But the systems designed to manage financial crime risk were not built for this level of speed.

“Instant payments are being positioned as the new standard,” she said. “But many institutions are still trying to understand what that means for compliance. Processing a transaction in under ten seconds leaves very little room for traditional checks.”

Her concern is well-founded. The European Commission’s proposal on instant credit transfers will require euro transactions to be executed within seconds, twenty-four hours a day. This raises practical questions about how institutions will monitor for fraud or sanctions breaches without slowing down the process.

Rocio Suarez @ Money20/20 2025 Europe in Amsterdam

According to Suarez, the answer lies in smarter infrastructure. She believes that financial crime prevention must evolve from a linear process into something more dynamic. Instead of relying on isolated checkpoints, institutions need systems that assess customer risk in real time and adjust to new information as it becomes available.

One idea gaining traction is perpetual KYC. Rather than verifying a customer at onboarding and revisiting their profile every few years, institutions would maintain a continuously updated picture of risk.

Suarez supports the concept, not as a technological trend, but as a necessary shift in how financial institutions understand the people and businesses they serve.

“Perpetual KYC allows institutions to react more intelligently,” she said. “You can start to integrate different pieces of information across the business and move away from fragmented controls. It’s not just about compliance. It’s about knowing who you are doing business with at all times.”

This question of integration is a recurring theme. Many compliance functions still operate separately from fraud, risk, and operations teams. Data is not always shared. Insights are delayed.

Suarez argues that this approach is no longer viable in a digitised economy where financial crime threats often cross functional lines.

“Institutions are looking for ways to share data securely between departments,” she said. “You can’t tackle fraud or money laundering in isolation. The more joined-up your internal processes are, the better your decisions will be.”

She is not alone in this view. Across the industry, there is growing recognition that compliance is no longer just a matter for the second line of defence.

The tools and decisions used to manage financial crime risk increasingly shape business models, customer experience, and regulatory standing.

Yet many firms are still playing catch-up. Enforcement activity is rising. Penalties for weak controls have grown larger and more frequent. Regulators are asking tougher questions, and they expect detailed answers.

“Compliance is not static,” said Suarez. “Risk evolves. Criminal methods evolve. The systems we use need to evolve as well. That means being able to adjust quickly, having access to good data, and investing in the right mix of technology and human expertise.”

Artificial intelligence, she said, has a role to play, particularly in areas such as transaction monitoring and anomaly detection. But it must be deployed with care, and always with an understanding of the broader regulatory environment.

For financial institutions, the implications are clear. Compliance is no longer about meeting a baseline. It is about building resilience into operations, and about treating regulatory alignment as a continuous process rather than a fixed goal.

As Suarez sees it, success will depend on an institution’s ability to stay alert, respond quickly, and think beyond departmental boundaries. The faster finance moves, the more deliberate compliance will need to become.

Share
Was this article helpful?

Comments are closed.