Currency Transaction Report (CTR): Definition and Use in Compliance

What is Currency Transaction Report (CTR)?

A Currency Transaction Report is a mandatory federal disclosure that financial institutions must submit to the Financial Crimes Enforcement Network (FinCEN) whenever a customer conducts currency transactions totaling more than $10,000 in a single business day. The requirement comes from the Bank Secrecy Act (31 U.S.C. § 5313), and the current reporting form is FinCEN Form 104. Institutions have 15 calendar days from the date of the transaction to file.

The $10,000 threshold is a bright line. There's no judgment call about whether the transaction looks suspicious. If the cash crosses that amount, the filing is required. That's the core distinction between a CTR and a Suspicious Activity Report (SAR): SARs require a compliance officer to form a reasonable belief that activity is suspicious, while CTRs are automatic once the cash threshold is met.

The obligation covers a wide range of entities. Banks, credit unions, money services businesses, casinos, and certain non-bank financial institutions all fall under the BSA's reporting requirements. For compliance teams at those organizations, the practical scope is clear: any time a customer uses cash and the daily total exceeds the threshold, a report goes to FinCEN.

Aggregation is where the complexity lies. The rule applies to all currency transactions by or on behalf of the same person in a single business day, regardless of how many separate transactions are involved. A customer who makes three separate cash deposits at different branches, totaling $11,500, has triggered the filing requirement. Systems that don't aggregate across channels, locations, and tellers will miss those cases. That's a recurring finding in federal examinations under 31 CFR § 1010.310.

Exemptions exist, but they're narrower than most institutions expect. Phase I exemptions cover entities with inherently public transaction records: other banks, publicly traded companies, and government agencies. Phase II exemptions are discretionary and apply to non-listed businesses with documented, established cash patterns. Both categories require annual review. If a Phase II exempt customer sells the business and the exemption isn't removed, the institution is filing nothing on a customer it no longer knows.

How is Currency Transaction Report (CTR) used in practice?

Most institutions run CTR compliance through a combination of core banking alerts and a dedicated AML platform. The core system flags transactions at the point they're entered. The AML system aggregates all cash activity across the business day and identifies which customers crossed the threshold. Compliance staff review that output and submit reports via FinCEN's BSA E-Filing System before the 15-day deadline.

It sounds simple. It isn't.

Multi-branch aggregation is the most common source of examination findings. Take a customer who deposits $5,200 at a main branch in the morning and $5,900 at a suburban location in the afternoon. Whether those two items link correctly depends entirely on the data architecture between core banking, the branch network, and the AML platform. Institutions that have grown through acquisition frequently run parallel legacy systems that don't share customer identifiers in real time. That gap shows up as missed CTR filings.

Structuring detection sits directly adjacent to the CTR workflow. If a business customer who previously made weekly $14,000 cash deposits switches to daily $9,100 deposits, that pattern looks like deliberate avoidance. The compliance team should revisit the full Customer Due Diligence (CDD) profile and consider whether a Suspicious Activity Report (SAR) is warranted. Structuring is a standalone federal crime under 31 U.S.C. § 5324, and it doesn't require proof that the underlying funds are dirty.

CTR filing rules and automation have become a focus for compliance technology buyers. Automated aggregation and structuring detection can catch filing gaps before examiners do. But the report itself still requires human review before submission. Accuracy of the identification data on Form 104 is a compliance obligation, not something a system can certify on its own.

CTR data also feeds backward into AML risk management. Analysts look at a customer's CTR history as one input when assessing cash risk tier, setting enhanced monitoring thresholds, and preparing for KYC refresh reviews on cash-intensive business accounts.

Currency Transaction Report (CTR) in regulatory context

The CTR program operates within a layered regulatory structure. FinCEN issues the underlying regulations at 31 CFR Part 1010 and receives the reports. Examination authority sits with the federal prudential regulators for depository institutions: the OCC for national banks, the FDIC for state non-member banks, the Federal Reserve for state member banks, and the NCUA for credit unions. Non-bank financial institutions are examined directly by FinCEN.

CTR programs are scrutinized in two distinct contexts: routine BSA/AML examinations and targeted enforcement. During routine examination, examiners review the institution's aggregation logic, exemption list maintenance, and a sample of filed CTRs for data accuracy. In enforcement, FinCEN can pursue civil money penalties under 31 U.S.C. § 5321 for willful violations, and criminal penalties under 31 U.S.C. § 5322 for individuals can reach $500,000 and 10 years in prison for pattern violations.

The stakes are real. The 2012 HSBC consent order, which involved a $1.9 billion settlement with U.S. authorities, identified failures across the entire AML program, including transaction monitoring and suspicious activity reporting deficiencies that ran alongside inadequate cash reporting controls. More recently, FinCEN has brought civil actions against regional banks and MSBs where CTR aggregation failures contributed to systemic BSA violations.

Internationally, the CTR model reflects FATF Recommendation 29, which requires member countries to mandate threshold-based cash transaction reporting to a financial intelligence unit. The U.S. program is regularly cited in FATF mutual evaluation reports as a reference structure. CTR data shared through the Egmont Group's FIU network also supports cross-border investigations where cash moves through multiple jurisdictions.

For teams managing BSA/AML compliance, the CTR isn't only a reporting requirement. FinCEN uses aggregated CTR data to identify geographic cash concentrations, sector-level anomalies, and emerging typologies. Filing accurately means contributing to that analytical picture. Filing inaccurately means distorting it.

Common challenges and how to address them

The most common CTR problems aren't about failing to file. They're about filing late, filing with errors, or missing aggregated transactions entirely. FinCEN examination findings consistently point to three areas: multi-channel aggregation gaps, stale exemption lists, and identification data errors.

Multi-channel aggregation is the hardest problem to fix. A customer who uses mobile deposit, an ATM, and a teller window on the same day may not generate a single linked record if those three channels write to different databases. Banks on fragmented core systems often rely on overnight batch reconciliation to catch those links, which means same-day detection is impossible and the 15-day filing window becomes tight. One practical approach: build an intraday aggregation layer between core banking and the AML platform that queries across channels before end-of-business. It adds operational complexity, but it removes the examination exposure.

Exemption list maintenance is a quieter problem. Consider a community bank that granted a Phase II exemption to a restaurant group in 2021. That group sold in 2023, but the exemption stayed in the system. The new owner is a different legal entity with no documented cash history, and the bank is now failing to file CTRs on a customer it has never assessed. Annual review of every active exemption, with documented rationale and a sign-off trail, is the minimum standard. Some institutions have found it more practical to eliminate Phase II exemptions entirely and file the CTRs rather than maintain the review cycle.

Identification data errors on Form 104 are the most immediate compliance risk. The form requires the customer's full legal name, date of birth, address, and government ID number. If the branch collected a driver's license number that doesn't match the account record, the CTR is deficient. This problem traces back to Know Your Customer (KYC) quality at onboarding. Weak identity verification at account opening creates a cascade of data quality issues that surface on CTRs years later.

AML transaction monitoring rules tuning can help separate legitimate high-cash business patterns from structuring indicators, reducing investigator workload while keeping the CTR aggregation logic accurate.

Related terms and concepts

The CTR sits inside a broader web of AML reporting obligations, and understanding its relationships to adjacent requirements is essential for any compliance program.

The Suspicious Activity Report (SAR) is the most directly related concept. The two reports differ in kind: CTRs are threshold-triggered; SARs require a subjective determination of suspicious activity. They apply independently and can overlap on the same transaction. A customer depositing $14,000 in cash who is the subject of an active law enforcement inquiry may require both a CTR, because the cash exceeded $10,000, and a SAR, because the activity is suspicious. Both carry safe harbor protection for the filer under 31 U.S.C. § 5318(g)(3), and both travel to different parts of FinCEN's analytical infrastructure.

The Suspicious Transaction Report (STR) is the international counterpart to the SAR, used across FATF member countries outside the U.S. Many of those jurisdictions also maintain a large cash transaction report that mirrors the U.S. CTR structure. Compliance officers at multinational institutions manage both frameworks, as reporting thresholds and filing timelines vary by jurisdiction.

Customer identification quality directly affects CTR accuracy. For business accounts, the Know Your Business (KYB) process determines whether the legal entity on the CTR matches the account record. For accounts with complex ownership structures, the Ultimate Beneficial Owner (UBO) identity may also be required on the form when the beneficial owner is directly involved in the cash transaction.

Structuring is the connected criminal offense. Breaking cash deposits into sub-$10,000 amounts to avoid CTR filing is a federal crime under 31 U.S.C. § 5324, separate from whatever underlying activity prompted the behavior. Detecting structuring requires the same aggregation infrastructure that supports accurate CTR filing, so the two compliance obligations share a common technology foundation.

The AML Risk Assessment Step-by-Step Guide provides additional context on how institutions assess customer cash risk profiles, which feeds directly into CTR exemption decisions and enhanced monitoring thresholds for high-cash accounts.