Module 3: AML Transaction Monitoring

Understanding money laundering typologies, how transaction monitoring systems work, and how to investigate and escalate alerts.

Lesson 3.1 — The AML Framework

Anti-Money Laundering (AML) refers to the set of laws, regulations, and procedures designed to detect and deter the practice of generating income through illegal actions and making that income appear legitimate. The BSA is the primary U.S. AML statute; it is supplemented by the USA PATRIOT Act, FinCEN regulations, and FFIEC examination guidance.

A compliant AML program must include five elements per the BSA:

Policies, procedures, and internal controls reasonably designed to prevent money laundering
Designation of a BSA/AML Compliance Officer with sufficient authority and resources
Ongoing employee training — which you are completing now
Independent testing and audit of the program at least annually
Customer Due Diligence (added by FinCEN's 2018 CDD Rule)

Lesson 3.2 — Money Laundering Typologies

Money laundering typically proceeds in three stages: placement (introducing illicit funds into the financial system), layering (obscuring the trail through complex transactions), and integration (making funds appear legitimate). Understanding how each stage operates in practice is essential for identifying suspicious activity.

Smurfing (Structuring)

Breaking up large cash deposits into multiple smaller deposits below the CTR $10,000 threshold, often using multiple individuals ("smurfs") or accounts. Watch for: multiple sub-$10,000 deposits within short time periods, particularly with no corresponding business activity.

Layering Through Wire Transfers

Rapid movement of funds through multiple jurisdictions and accounts to separate the money from its criminal source. Red flags: multiple incoming and outgoing wires in quick succession with no retained balance, transactions passing through high-risk jurisdictions (Iran, North Korea, Russia, certain offshore financial centers).

Trade-Based Money Laundering (TBML)

Using trade transactions (imports/exports) to move value across borders. Methods include over- or under-invoicing goods, multiple invoicing of the same shipment, or falsely describing goods. Particularly common in B2B international wire activity.

Shell Company Layering

Use of multiple legal entities (LLCs, corporations) often registered in secrecy jurisdictions, to obscure the beneficial owner. The 2018 FinCEN CDD Rule directly targets this typology by requiring beneficial ownership collection at the 25% threshold.

Key Red Flags — Memorize These

Customer avoids providing CIP information or provides inconsistent information; cash deposits are inconsistent with stated business type; transactions have no apparent business purpose; customer is evasive when asked about the nature of transactions; multiple accounts for a single entity with internal transfers; transactions just below reporting thresholds; rapid movement of funds with no economic purpose.

Lesson 3.3 — Transaction Monitoring Systems

Financial institutions use automated Transaction Monitoring Systems (TMS) to detect potentially suspicious activity. These systems apply a set of rules or models to transactional data and generate alerts when thresholds are exceeded or patterns match known typologies.

Common TMS scenarios include:

High-velocity cash deposits (multiple deposits summing to $X within N days)
Large round-dollar wire transfers to new, non-established counterparties
Rapid account turnover (funds in and out within hours)
Transactions to/from high-risk jurisdictions
Dormant account suddenly active with large transactions

Lesson 3.4 — Alert Investigation Workflow

When a TMS generates an alert, it enters a review workflow:

Level 1 (Analyst) Review: First-line analyst reviews the alert, gathers transaction data, and assesses whether the activity is explainable or suspicious. If explainable, the alert is cleared with documentation. If suspicious, it is escalated.
Level 2 (Senior Analyst / Team Lead) Review: Second-line review of escalated alerts. May request Enhanced Due Diligence, contact relationship manager for business purpose explanation, or review prior SAR filings on the customer.
Compliance Review: Final review determines whether a SAR is required. Compliance team drafts or approves the SAR narrative and authorizes filing.

Investigation Scenario

A TMS alert fires for Customer A: 5 ACH credits totaling $48,000 received over 3 days from 4 different senders, followed immediately by 2 wire transfers totaling $47,500 to accounts at two different international banks. The account balance never held more than $3,000 before this activity. How do you approach the investigation?

This is high-risk activity consistent with an account being used as a funnel account — receiving funds from multiple sources and immediately sending them out, with no economic retention. Investigation steps: (1) Review customer onboarding KYC — is this activity consistent with stated business purpose? (2) Identify the senders — are they known to the customer? (3) Research the receiving banks — high-risk jurisdiction? (4) Check for prior SARs on the customer or any senders/receivers. (5) Given the pattern, this likely meets the SAR threshold — escalate to Level 2 with a recommendation to file.

Module 3 complete. Continue to SAR Filing (compliance officers) or take the knowledge check.

Module 4: SAR Filing → Take Knowledge Check