Peaks & Troughs: What WTR Reporting Fluctuations Reveal About AML Oversight

The Mystery of the Curve

In theory, regulatory reporting should be a steady drumbeat. If Payment Service Providers (PSPs) repeatedly fail to transmit names and addresses under the Wire Transfer Regulation (WTR), the Financial Conduct Authority (FCA) should hear about it at a consistent pace. In reality, the numbers look more like a cardiograph — peaks, troughs, and sudden jolts that raise more questions than answers.

According to FCA data released under Freedom of Information, notifications surged in 2021 to 97, then fell sharply to 25 in 2023 before nudging back up to 30 in 2024 and 40 in 2025 (partial). That is not a gentle curve; it’s a cliff-edge collapse.

So what really drives these fluctuations? Do they reflect genuine changes in compliance quality? Or the unpredictable tides of reporting behaviour itself? The truth is, the dataset is too thin and too under-explained to give us certainty. All we can do is explore plausible dynamics, not definitive causes.

The Data Story: Numbers That Don’t Behave

The dataset covers six years of reporting: 18 in 2020, 97 in 2021, 55 in 2022, 25 in 2023, 30 in 2024, and 40 so far in 2025.

Figure 1. Notifications of Repeated Failures, 2020–2025.

The obvious outlier is 2021. Almost four times as many notifications were filed that year compared with 2020, followed by a halving in 2022 and then another halving in 2023. These aren’t small variations. They suggest something deeper than a smooth trend of improvement or deterioration, though the data itself cannot confirm what that “something” really was.

Why 2021 Surged

The first explanation lies in the exceptional context. In 2021, compliance teams were still navigating the operational chaos of the pandemic. Remote onboarding, high transaction volumes, and patchwork staffing all contributed to errors in payment messages. Incomplete names, missing account numbers, absent addresses - the very data points the WTR was designed to protect - were more likely to slip through.

But the pandemic only explains part of the story. Another factor was novelty. The FCA’s guidance on reporting “repeatedly failing PSPs” was still relatively fresh. Compliance officers tend to over-report when a new obligation lands on their desk. Better to be safe than sorry, especially when careers can be ruined by accusations of complacency.

It could be argued that 2021 was a year of over-flagging. Anything remotely questionable was escalated. Filing a report to the FCA became a defensive move, not just an act of regulatory cooperation.

Yet none of this is conclusive. We cannot say for certain whether 2021’s surge was driven by systemic weaknesses, defensive over-reporting, or both. What we do know is that the spike is real in the data, but the causes remain speculative.

Why 2023 Collapsed

If 2021 was about defensive over-reporting, 2023 may tell the opposite story: regulatory fatigue.

The FCA itself admitted in its FOI response that it does not track whether these notifications led to supervisory or enforcement action. In other words, compliance teams could send in their alerts, but the system provided no feedback loop. Without visible consequences, firms may have quietly concluded that reporting was a box-ticking exercise with no practical impact.

And if the regulator doesn’t seem to care, why should a hard-pressed compliance officer keep burning scarce time and budget on it?

Other dynamics were also at play. After the 2021 peak, some of the worst offenders may have been cut off as counterparties, reducing the pool of repeat failures. By 2023, firms had also adjusted post-pandemic, with fewer errors creeping into payment messages. And with a dataset this small, even a handful of cases shifting in or out of scope can dramatically reshape the curve.

But again, we can’t treat this as proven fact. The 2023 collapse could reflect better compliance, fatigue and disengagement, or simply statistical noise. The data alone cannot tell us which.

International Echoes

These cycles are not uniquely British.

In the United States, Suspicious Activity Reports (SARs) spiked after 9/11, when regulators demanded heightened vigilance. But by the mid-2000s, volumes plateaued, not necessarily because crime fell but because institutions recalibrated what they considered worth reporting. In Singapore, the Monetary Authority (MAS) has seen similar swings: upticks after tightening rules on cross-border payments, followed by declines as firms absorb requirements and normalise processes.

The pattern is familiar: new rule, initial surge, fatigue, decline. The numbers move not just with crime, but with psychology, incentives, and institutional memory.

What Fluctuations Really Tell Us

The instinct is to treat reporting data as a proxy for compliance health. More notifications equals more breaches; fewer notifications equals improvement. But the WTR curve suggests that assumption is shaky.

What the data really shows is the behaviour of compliance officers under different conditions: fear, novelty, pressure, indifference. The surge in 2021 reflected defensive reporting during crisis; the slump in 2023 reflected disengagement when the regulator gave no sign of listening.

But this is an interpretation, not a conclusion. The dataset is simply too limited to prove causation. At best, it reveals the mood inside compliance departments; at worst, it hides more than it shows.

Why It Matters: The WTR Blind Spot

If regulators misinterpret these fluctuations, they risk flying blind. A sharp fall in reports can be read as a success story - “the system is getting cleaner” - when in reality it may signal growing disengagement.

For policymakers, the danger is profound. Intelligence gaps open up precisely when global risks are intensifying: sanctions evasion around Russia, proliferation finance networks, terrorist funding through new digital channels. If reporting collapses in those conditions, the watchdog is left deaf at the very moment it needs to listen hardest.

And for firms, the temptation to under-report has its own risks. The absence of feedback may breed complacency, but regulators can always revisit obligations. A future crackdown could expose years of neglected reporting discipline.

Policy Implications

So how do we smooth the curve? The solutions are not complex. Regulators need to provide structured feedback on how reports are used, even in aggregated form. They need to demonstrate visible enforcement when chronic offenders are sanctioned, so that reporters see their alerts making a difference. And they could introduce periodic spot audits of reporting behaviour to guard against fatigue and drift.

None of this is radical. But without mechanisms to stabilise reporting discipline, we risk repeating the same pattern: surge, fatigue, decline.

Conclusion: Beyond the Curve

The real scandal may not be the failures that get reported to the FCA’s inbox. It may be the silent failures that never reach it at all.

The jagged curve of WTR notifications - 18, 97, 55, 25, 30, 40 - tells us less about money laundering risk than about the frailties of regulatory intelligence itself. But we must be cautious: the dataset is fragmentary, the context incomplete, and the causes uncertain. Peaks and troughs are the symptoms of a system that still hasn’t worked out how to keep compliance engagement steady over time.

Until that changes, every fluctuation in the graph should be read with suspicion. Because behind each trough, there may be a blind spot, and behind each peak, a panic.

Looking for practical ways to keep compliance engagement steady?

The WTR Knowledge Hub explains how to stabilise reporting discipline and avoid intelligence blind spots.

WireCheck validates structured payment data and helps compliance teams cut through the noise of inconsistent reporting.