Employees within the first line of defense (e.g., relationship managers, business executives, and backoffice operations functions) should understand the AML/CFT risks posed to the business in which they work. First line of defense employees are central to the management of customer and third-party risk and the timely escalation of potentially suspicious activity. LFIs should not rely solely on transaction monitoring systems to identify unusual and potentially suspicious activity in their customer population. First line of defense employees play a critical role in the detection and prevention of money laundering and the financing of terrorism and illegal organisations. Appropriately trained employees are in fact well-placed to identify suspicious transactions and assess that information once deemed reasonable—collected through interactions with a customer—now appears suspicious. They should therefore be trained regarding potential risk and risk mitigation and reporting within their business area. Employees should understand the regulatory requirements within the scope of their role; red flags associated with their customers, products, services, delivery channels, and geographies; and the appropriate escalation procedure both to their management and to the second line of defense without compromising their responsibility to report suspicious transactions.