Rethinking SAR thresholds in 2026 has become unavoidable as APP scams surge alongside the rapid expansion of instant payments across Europe.
According to Flagright, as SEPA Instant credit transfers move firmly into the mainstream, fraudsters have adapted quickly, exploiting the speed, convenience and irrevocability of real-time payments.
By late 2024, around 16% of all SEPA credit transfers were processed instantly, up from under 10% just a few years earlier. Fraud volumes, however, have grown far faster. Fraudulent instant payment transactions increased by roughly 175% in recent years, compared with about 98% growth in overall instant payment usage. In 2024 alone, total payment fraud losses across the EEA reached €4.2bn, up 17% year on year, with credit transfer fraud rising 24%.
Regulators have consistently pointed to APP scams as the main driver, noting the “high damages per fraudulent transaction” and the disproportionate impact on consumers, who absorbed around 85% of credit transfer fraud losses because the payments were technically authorised.
The operational reality of real-time payments is placing unprecedented strain on traditional AML detection models. Legacy controls were built for batch processing and delayed settlement, allowing banks time to observe patterns and intervene before funds moved. Instant payments have eliminated that buffer. Funds can be dispersed across multiple institutions and jurisdictions within minutes, sometimes seconds, leaving compliance teams with little opportunity to react.
Fraudsters exploit this by rapidly layering stolen funds through numerous small transfers, often into crypto exchanges or mule accounts, before suspicion can even form. By the time monitoring systems trigger alerts and a SAR is filed, the activity has already concluded, reducing reporting to an after-the-fact compliance exercise rather than an effective crime-prevention tool.
These challenges are compounded by fragmented visibility across the payments ecosystem. In many APP scams, no single institution sees the full picture. A victim’s bank may only see one outgoing transfer, while the receiving bank sees a single inbound credit that appears benign in isolation. Only when activity is aggregated, often at the mule account level, does the suspicious pattern become clear.
Without real-time, behaviour-based monitoring, such convergence can easily be missed. At the same time, firms are under pressure to avoid delaying instant payments, creating a difficult trade-off between customer experience and crime prevention. Regulators have been explicit that speed does not dilute AML obligations, yet many monitoring systems remain ill-suited to this environment.
Against this backdrop, questions are mounting over whether existing SAR thresholds are fit for purpose. Many SAR regimes still rely heavily on value-based triggers, calibrated around large or unusual transactions. APP fraud, by contrast, is characterised by fragmentation. Instead of a single €50k transfer, fraudsters may move ten €5k payments, each of which looks routine on its own.
Transactions are often authorised, plausibly described, and consistent with legitimate payment behaviour, further complicating detection. The true risk lies not in the value of individual transfers, but in the behavioural patterns around them. These dynamics expose clear gaps in threshold-driven SAR programmes.
European policymakers are increasingly signalling a shift away from static thresholds towards behaviour-led reporting. Under AMLD6 and the forthcoming EU AML Regulation, firms are expected to adopt more proactive, typology-driven monitoring and to integrate advanced technology into their AML frameworks.
The launch of the EU Anti-Money Laundering Authority (AMLA) in 2025 is expected to accelerate this shift by harmonising supervisory expectations and intervening directly where controls fall short. Supervisory bodies such as the European Banking Authority have already highlighted that fraud risk in instant payments can be up to ten times higher than in traditional transfers, reinforcing the need for real-time detection and earlier reporting.
Parallel reforms under PSD3 and the new Payment Services Regulation further lower the practical bar for intervention. These rules strengthen fraud prevention obligations, introduce enhanced liability for APP scams, and explicitly permit PSPs to delay or block payments where strong evidence of fraud exists.
In effect, firms are being encouraged to act on suspicion immediately rather than waiting for certainty. In this context, SARs are expected to follow behavioural red flags, regardless of transaction size.
Supervisory messaging across the EU is increasingly consistent. Firms are being told that suspicion, not confirmation, should drive reporting; that low-value transactions can still indicate serious criminal activity; and that reporting should happen earlier in the lifecycle of suspicious behaviour.
With greater liability for fraud losses and closer scrutiny from AMLA, institutions that cling to high internal thresholds risk falling out of step with regulatory expectations.
For PSPs and FinTechs, adapting to this new normal requires practical change. Monitoring rules must be recalibrated to prioritise patterns over values, capturing behaviours such as rapid fund pass-through, multiple new payees, or convergence at mule accounts. Real-time behavioural analytics and dynamic risk scoring are increasingly essential, enabling intervention during the payment flow rather than after settlement.
Firms are also being pushed to converge fraud and AML operations, recognising that scam proceeds and money laundering are now inseparable in channels like instant payments. Industry intelligence-sharing and improved customer education further strengthen defences.
Technology is playing a critical role in enabling this shift. Unified, real-time compliance platforms and explainable AI are helping institutions analyse streaming transaction data, reduce false positives, and surface meaningful alerts quickly. Platforms such as Flagright exemplify this approach by combining transaction monitoring, fraud detection and case management in a single system, allowing firms to intervene within the narrow SEPA Instant window and generate richer, more timely SARs supported by transparent analytics.
Looking ahead to 2026 and beyond, the direction of travel is clear. Regulators expect firms to treat scam-related activity as inherently suspicious, even when amounts are small. The emphasis is shifting from reactive reporting to proactive prevention, from static thresholds to dynamic behaviours.
Institutions that adjust their SAR regimes accordingly, investing in real-time technology and fostering a culture of early escalation, will be better positioned to protect customers, satisfy supervisors and disrupt scam networks before losses escalate. In the instant payments era, the €1,000 transfer stopped today may be the intelligence that prevents a far larger fraud tomorrow.
Find more on RegTech Analyst.
Copyright © 2026 FinTech Global
