What is the difference between AML and CFT?
Quick answer
AML (Anti-Money Laundering) addresses funds that are proceeds of crime, where the objective is to disguise their illegal origin in the financial system. CFT (Countering the Financing of Terrorism) addresses funds flowing to terrorist organizations, which can be legitimately sourced. Both are required under FATF's 40 Recommendations and most national financial crime frameworks.
The full answer
AML and CFT share regulatory infrastructure. They're governed by the same frameworks, processed through the same compliance programs, and filed under the same SAR regime. They're not the same obligation.
AML is the set of legal requirements designed to detect and report funds that are proceeds of a predicate offense: drug trafficking, tax fraud, corruption, or any of dozens of other defined crimes depending on jurisdiction. The money starts illegal. The criminal's job is to make it look legitimate by cycling it through the financial system. The bank's job is to detect that cycle.
CFT targets a different flow. A terrorist organization needs operating funds to recruit, train, and execute. Those funds don't need to originate from crime. Private donations, inheritance, legitimate employment wages, and business income have all funded terrorist activity. UN Security Council Resolution 1373 (2001) closed the statutory gap: member states are required to criminalize terrorist financing as a standalone offense, regardless of whether the underlying funds are themselves criminal proceeds. This is why most national AML statutes now include CFT provisions, not because they're the same problem, but because they share the same detection and reporting infrastructure.
The legal shorthand: in AML, the illegality is in the origin of the funds. In CFT, it's in the intended destination.
The regulatory framework
FATF's 40 Recommendations are the international standard for both. Recommendations 1 and 2 establish the risk-based approach that applies to AML and CFT combined. Recommendations 5 through 8 are CFT-specific: criminalize terrorist financing as a standalone offense, apply targeted financial sanctions without delay, and regulate the non-profit sector against misuse.
In the US, the Bank Secrecy Act covers AML. The USA PATRIOT Act (2001) layered in CFT requirements, most notably Section 314(a), which gives FinCEN authority to direct financial institutions to search their records for accounts or transactions linked to named terrorism suspects. Institutions must respond within two weeks. The EU's 6th Anti-Money Laundering Directive (6AMLD) explicitly lists terrorism financing among 22 predicate offenses covered under AML controls.
Both require SARs. Both require customer due diligence. Both require a documented risk program. The risk models, the detection logic, and the SAR activity codes differ.
What makes CFT harder to detect
Standard AML transaction monitoring looks for structuring, velocity, and accounts with unexplained high-volume activity. Those typologies catch some terrorism financing, but they're calibrated for a different problem.
The 9/11 Commission Report documented an operation funded at $400,000 to $500,000 total, much of it moved through ordinary US bank accounts in unremarkable amounts. No single transfer triggered the threshold alerts AML systems are designed to flag. Sanctions screening against OFAC's SDN list and the UN Consolidated Sanctions List catches the designated cases. Intelligence-led detection catches the rest. These are different tools.
Why this matters
Compliance teams that run a single combined AML/CFT program through one monitoring platform are making an architectural tradeoff. It's operationally efficient. It's also insufficient if the program doesn't account for CFT-specific typologies.
The most common gap: transaction monitoring tuned for AML thresholds, applied uniformly to CFT risk. A $400 wire to an individual who appears on no watchlist looks clean. It may not be. That's the CFT detection problem in a sentence.
There's also a SAR quality issue. FinCEN's definition of suspicious activity covers both AML and CFT, but FinCEN's SAR form includes a specific activity type for terrorist financing. Filing under a generic "other suspicious activity" code routes the report to the wrong law enforcement channels. Whether the MLRO or compliance officer files the SAR is a process question. Filing it with the correct activity type is a substance question. Both matter.
For institutions transacting with counterparties in elevated-risk jurisdictions, FATF Grey List status signals that a country has documented deficiencies in AML/CFT controls. The grey list raises both AML and CFT risk simultaneously, but for different reasons. A combined risk model that flattens those reasons misses the distinction regulators will ask about.
The difference between CDD and EDD is relevant here too. CFT often triggers EDD requirements where AML alone might not: non-profit organizations receiving international donations, PEPs with connections to conflict regions, clients conducting high-frequency low-value cross-border transfers. Knowing who the beneficial owner is applies to both, but in CFT the concern shifts to whether a designated individual controls an otherwise clean account.
AI-assisted transaction monitoring can address part of the gap. Behavioral models trained on CFT typologies catch low-value, low-frequency transfer patterns that rule-based AML systems miss. This adds modeling complexity, but the detection gain is worth it for institutions operating in high-risk corridors.
The FATF Travel Rule applies to virtual asset transfers above $1,000 USD equivalent. Originator and beneficiary information must travel with the transaction, giving compliance teams data on both ends. This applies to AML and CFT screening simultaneously, but the watchlist overlay and geographic risk weighting for each differ.
Trade-based money laundering is a case where AML and CFT converge in practice. Terrorist organizations use the same over- and under-invoicing techniques as traditional money launderers. The detection methodology is similar. The downstream escalation path is different: a TBML case with AML characteristics goes to financial intelligence. A TBML case with CFT characteristics goes to national security channels.
Related questions
- How does FinCEN define suspicious activity?
- What is the difference between a SAR and an STR?
- How does sanctions screening work?
- Can AI be used for AML transaction monitoring?
- Who files a SAR: the MLRO or the compliance officer?