What is the difference between AML and fraud?

The full answer

AML and fraud describe different stages of financial crime, not different crimes.

Fraud is the predicate act: obtaining money or property through deception, misrepresentation, or theft. U.S. federal law covers over 250 fraud statutes, including bank fraud (18 U.S.C. § 1344) and wire fraud (18 U.S.C. § 1343). The defining element is criminal intent to deceive and obtain something of value.

AML is the regulatory response to what happens after that crime. The FATF three-stage model covers placement, layering, and integration: introducing proceeds into the financial system, obscuring their origin through transactions, and reinserting them as clean assets. Banks are required to monitor for and report suspected laundering under the Bank Secrecy Act, filing SARs with FinCEN.

The distinction is real. But the two categories aren't separate in practice. Fraud generates proceeds. Those proceeds typically require laundering. Both may require a SAR. How does FinCEN define suspicious activity? covers when that filing obligation attaches.

Who handles each inside a bank

Fraud teams own real-time controls: authorization rules, device fingerprinting, velocity limits at the point of transaction. AML and BSA teams own monitoring and reporting: transaction surveillance, customer due diligence reviews, and SAR filing. In most banks, these sit in different departments with different reporting lines.

That structure creates a gap. A fraud case resolved internally, without escalation to BSA/AML, may never trigger the SAR review regulators require. The FFIEC BSA/AML Examination Manual is direct about this: fraud-related suspicious activity must go through the same SAR decision framework as AML-detected activity. Banks that get this wrong have faced enforcement consequences ranging from Matters Requiring Attention to consent orders.

Who files a SAR, the MLRO or the compliance officer? explains how that reporting responsibility is typically allocated. How long do banks have to file a SAR? applies equally to fraud-related SARs.

The overlap regulators care about

Mule accounts are the clearest example. An account receiving stolen funds and forwarding them sits at the boundary of fraud (receiving the money) and laundering (moving it to obscure the origin). The receiving bank didn't commit the fraud. It still has AML exposure if it fails to detect and report the pattern.

APP fraud creates the same problem from a different angle. The victim authorizes the payment, so it's not unauthorized under traditional fraud definitions. The receiving bank still faces AML exposure when an account rapidly receives and forwards funds, regardless of how the authorization was obtained.

Trade-based money laundering often starts as invoice or customs fraud. Over-invoiced or under-invoiced goods serve as both the fraud mechanism and a way to move value across borders. By the time AML monitoring catches the pattern, the fraud and laundering are part of the same transaction.

Structuring is a third crossover point. A fraudster breaking deposits into sub-threshold amounts to avoid a Currency Transaction Report is committing a BSA offense (31 U.S.C. § 5324), regardless of whether the underlying fraud investigation is open or closed.

Why the silo breaks detection

Fraud detection and AML monitoring run on different timescales. Fraud detection runs in real time at authorization. AML monitoring analyzes patterns over days or weeks. A customer who fails a fraud check, gets cleared, and then launders money through a legitimized account looks clean to an AML system without access to the fraud history.

AI-based AML transaction monitoring is beginning to close this gap. Systems that process signals from both fraud and AML data catch patterns that single-domain tools miss. The false-positive problem improves when the system knows a customer's fraud history. Across the industry, 90-95% of AML alerts are false positives, and fraud signal integration is one of the more effective ways to reduce that rate.

Why this matters

Banks have paid nine-figure penalties for AML failures that originated with fraud-related suspicious activity that was never reported. FinCEN consent orders consistently cite cases where fraud, resolved internally by the fraud team, never reached the SAR review process. That's a compliance control failure, not just a fraud team error.

The practical fix requires technology integration and escalation procedures that cross both functions. Most banks are still working on it. What happens when a bank fails an AML exam? shows what's at stake: consent orders, civil money penalties, and in the most serious cases, court-appointed monitorships.

Compliance programs that treat fraud and AML as unrelated functions are building in blind spots. The SAR obligation doesn't distinguish between fraud proceeds and other criminal proceeds. If the activity is suspicious, it gets evaluated.

Related questions

• What is the difference between AML and CFT?
• How does FinCEN define suspicious activity?
• What is APP fraud?
• How do mule accounts get detected?
• What is the difference between a SAR and an STR?

Related concepts and regulations

• What is the difference between CDD and EDD?
• What is trade-based money laundering?
• How long do banks have to file a SAR?
• Can AI be used for AML transaction monitoring?
• What happens when a bank fails an AML exam?