What is the penalty for a missed CTR?
Quick answer
A missed CTR carries civil penalties up to $25,000 per willful violation under the Bank Secrecy Act. Institutional pattern failures can reach $1,000,000 or the transaction amount. Criminal referrals under 31 U.S.C. § 5322 carry fines up to $250,000 and imprisonment up to five years. ---
The full answer
A Currency Transaction Report must be filed within 15 calendar days of a cash transaction exceeding $10,000. The filing obligation sits in 31 U.S.C. § 5313 and its implementing rule at 31 CFR § 1010.306. Miss the window, or don't file at all, and you're looking at penalties under two statutes.
Civil penalties (31 U.S.C. § 5321):
- Negligent failure: up to $500 per violation at the statutory floor, adjusted upward annually under the Federal Civil Penalties Inflation Adjustment Act. A pattern of negligent violations carries a $50,000 ceiling.
- Willful failure: up to the greater of $25,000 or the transaction amount, per violation.
- Institutional willful failure or a documented pattern: up to $1,000,000 or the transaction amount, whichever is greater.
Criminal penalties (31 U.S.C. § 5322):
Standard criminal referral to DOJ: fine up to $250,000 and/or imprisonment up to five years. When the violation is part of a pattern of illegal activity, those numbers become $500,000 and ten years. FinCEN handles civil penalties directly; criminal exposure requires a DOJ referral.
How FinCEN sets the number:
Cooperation matters more than most compliance teams expect. An institution that self-identifies a CTR gap, files voluntary self-disclosure, and remediates before the exam typically faces a lower penalty or no financial penalty on a first occurrence. An institution where examiners discover the gap faces the higher end of the range. The duration of the gap, transaction volume affected, prior enforcement history, and quality of the existing AML program all shift the final number.
The 15-day clock runs from the transaction date, not the discovery date. A transaction on the 1st must be reported by the 16th. Late filing after an exam catches the gap is treated materially worse than a self-corrected error.
Structuring is a parallel and independent offense. If transactions were deliberately broken up to avoid the $10,000 threshold, 31 U.S.C. § 5324 applies separately, even without evidence of an underlying crime. Penalties stack. FinCEN's published enforcement actions include cases where institutions faced both CTR and structuring penalties on the same underlying conduct — the January 2021 Capital One $390 million consent order is the highest-profile recent example of CTR failures at institutional scale.
For current inflation-adjusted penalty amounts, see the annual Federal Register notice and the 31 U.S.C. § 5321 statutory text.
Why this matters
A single missed CTR, self-reported and corrected, rarely becomes a financial penalty. The risk profile changes fast once the gap is systemic.
Examiners treat CTR completeness as a leading indicator for overall AML program health. Fifty missed CTRs found during an exam (rather than self-disclosed) is enough to generate a Matter Requiring Immediate Attention (MRIA) rather than a standard MRA. MRIAs carry mandatory board-level reporting requirements and defined remediation timelines.
We've seen mid-market banks with otherwise sound AML programs receive formal enforcement actions because their CTR automation had an untested edge case: multi-branch same-day aggregation logic that wasn't configured for the institution's actual transaction mix, or foreign currency exchange transactions at specific branch types that bypassed the monitoring threshold. AI-driven transaction monitoring handles these aggregation patterns better than static rule sets, but only when validated against the institution's specific transaction data.
The 15-day CTR deadline runs independently of the 30-day SAR filing window. A transaction that triggers both a CTR obligation and a potential SAR obligation requires both filings on their separate timelines. Examiners check each independently. A strong SAR doesn't compensate for a missing CTR on the same transaction.
CTR data gaps also affect what flags an institution for a regulatory exam. FinCEN uses CTR filings to build transaction baselines across the financial system. Unexplained gaps in an institution's CTR volume, or statistical anomalies in the transaction types reported, are among the signals that can trigger off-cycle exam activity.
High false positive rates in AML alert queues and CTR completeness failures often trace to the same configuration problem. Monitoring systems tuned to generate large volumes of analyst-facing alerts tend to be the same systems where aggregation logic is poorly calibrated. Overloaded analysts working through thousands of false positives each month don't have the capacity to run secondary verification on CTR thresholds.
The direct penalty figure is rarely the most expensive part. AML compliance at a mid-market bank already runs tens of millions annually. A consent order adds mandatory independent compliance monitoring, typically for 12 to 24 months, at the institution's expense. That monitoring bill often exceeds the civil money penalty itself.
Related questions
- How long do banks have to file a SAR?
- What triggers a regulatory exam?
- Can AI be used for AML transaction monitoring?
- Who files a SAR — the MLRO or the compliance officer?
- What percentage of AML alerts are false positives?
Related concepts and regulations
- CTR (Currency Transaction Report)
- SAR (Suspicious Activity Report)
- Customer Due Diligence (CDD)
- FATF Recommendation 11 — Record Keeping
- FATF Recommendation 1 — Risk-Based Approach