Money Laundering: Definition and Use in Compliance

What is Money Laundering?

Money laundering is the process of making criminally obtained funds appear legitimate. The UNODC estimates between $800 billion and $2 trillion moves through laundering networks each year, representing 2 to 5 percent of global GDP. Those figures are uncertain by nature, since the activity is concealed by design. But they reflect the consensus of international law enforcement bodies including the Financial Action Task Force (FATF).

The mechanics follow a three-stage model FATF codified in the early 1990s.

Placement is first. Criminal proceeds enter the financial system through cash deposits at banks, currency exchanges, or money service businesses. The launderer's exposure is greatest here because it requires physically introducing cash where records exist. One common technique is structuring: breaking large sums into smaller deposits below the $10,000 threshold that triggers a Currency Transaction Report, spread across multiple accounts or branches.

Layering follows. Multiple entity transfers, currency conversions, cross-border wires, and inter-company loans work to separate funds from their criminal origin. A single tranche of drug proceeds can pass through six or seven entities across three continents before reaching the final stage.

Integration completes the cycle. Funds re-enter the legitimate economy as apparently lawful income. Real estate is a common vehicle: a launderer buys a property through a shell company, holds it briefly, then sells, producing a clean transaction price that looks like an ordinary property investment.

Under 18 U.S.C. § 1956, money laundering is a standalone federal crime with a maximum 20-year sentence. The UK's Proceeds of Crime Act 2002 goes further, criminalizing any use or possession of criminal property without requiring prosecutors to identify a specific predicate offense.

That broad legal definition carries a practical implication: banks aren't only exposed for knowingly processing drug money. They face liability for failing to ask adequate questions about funds that turn out to be criminal, even when no one at the institution suspected wrongdoing.

How is Money Laundering Used in Practice?

For compliance teams, money laundering is the threat that gives every AML control its purpose. The daily work is distinguishing transactions, customers, and patterns that represent genuine risk from those that are simply unusual.

Transaction monitoring is the primary detection tool. Systems generate alerts based on rule thresholds and behavioral models. A customer deposits $9,800 in cash three times in a week. A corporate account receives a large inbound wire and disperses it immediately to six payees. A newly onboarded business shows transaction volume twenty times what its stated turnover would predict. Each fires an alert; an analyst then determines whether it warrants investigation.

Customer Due Diligence (CDD) is the foundation. Anomaly detection requires a baseline: who is the customer, what do they do, and what activity is expected? Know Your Customer (KYC) procedures at onboarding establish that baseline. For high-risk customers, including Politically Exposed Persons (PEPs) or entities with complex ownership structures, the bank applies Enhanced Due Diligence (EDD) with source-of-wealth documentation.

When an analyst concludes that activity is suspicious, the output is a Suspicious Activity Report (SAR). U.S. banks file with FinCEN within 30 days of detecting suspicious activity, or 60 days if no suspect is identified. There's no penalty for filing on a transaction that turns out to be legitimate.

We've seen banks carry SAR backlogs of 4,000 or more open cases. When the queue reaches that level, analysts spend most of their time on low-value work, and genuine laundering patterns get buried. The fix isn't more headcount; it's smarter triage. Banks that score alerts by risk indicators, customer history, and network relationships before routing to human review clear backlogs faster and catch more real activity.

Adverse media screening adds another layer. A customer who looks clean in transaction data but appears in news coverage tied to fraud or organized crime warrants re-evaluation, even without a specific transaction flag.

Money Laundering in Regulatory Context

Money laundering sits at the center of more regulation than almost any other financial crime. In the United States, the Bank Secrecy Act of 1970 created the reporting infrastructure: Currency Transaction Reports (CTRs) for cash transactions above $10,000, SAR filing obligations, and record-keeping requirements that support law enforcement subpoenas. The Money Laundering Control Act of 1986 added criminal liability for banks and individuals. The USA PATRIOT Act of 2001 bundled counter-financing of terrorism (CFT) obligations into the same framework and strengthened due diligence requirements for foreign correspondent accounts.

Globally, FATF sets the standards. Its Forty Recommendations define adequate AML/CFT programs, and its mutual evaluation process assesses country-level compliance. Countries that fail evaluations face grey-listing, which signals to the international banking community that transactions involving that jurisdiction warrant closer scrutiny. Banks serving clients in FATF Grey List countries typically apply enhanced due diligence across the relationship.

In the EU, the Anti-Money Laundering Directives have progressively raised requirements. The Sixth Anti-Money Laundering Directive (6AMLD), effective December 2020, extended criminal liability to legal entities, harmonized predicate offense lists, and added cybercrime and environmental crime to the categories that produce launderable proceeds.

Enforcement is not theoretical. ING paid $900 million in a Dutch prosecution settlement in 2018 for AML failures that allowed drug traffickers and corrupt officials to move funds through the bank. Westpac's 2020 settlement with Australia's AUSTRAC reached AUD 1.3 billion, still the largest corporate penalty in Australian history. Danske Bank's Estonian branch processed an estimated €200 billion in suspicious transactions between 2007 and 2015.

The Money Laundering Reporting Officer (MLRO) carries personal accountability for the program's integrity. Regulators have shown growing willingness to pursue individual enforcement actions alongside corporate penalties, and the "we had a policy but controls failed" defense is effectively exhausted.

Common Challenges and How to Address Them

The most persistent operational problem is alert volume. Large banks run transaction monitoring systems that generate tens of thousands of alerts each month. When 95 to 99 percent of those alerts close as no suspicious activity found, analysts spend most of their time on false positives, and real laundering patterns hide in the backlog.

Calibration is the primary fix. Banks that review rule sets against actual SAR outcomes, then tune thresholds based on what produces actionable cases, reduce false positive volume materially. One North American bank cut false positives by 70 percent over 18 months by replacing broad rules with risk-scored, behavior-specific ones, without losing detection coverage.

Trade-based money laundering (TBML) is one of the hardest typologies to detect. It works through over- and under-invoicing, multiple invoicing for single shipments, and misdescribed commodities. A container of electronics arrives with an invoice three times market rate; the excess is a criminal transfer embedded in trade settlement. Banks processing the underlying letters of credit have limited visibility into physical goods flows and often rely on counterparty representations they can't independently verify.

Beneficial ownership obscuration is persistent. Launderers use layered shell company structures and nominee shareholders to hide the true Ultimate Beneficial Owner (UBO). A bank can complete adequate KYB checks on the immediate contracting entity while a sanctioned individual controls it three layers up. The Corporate Transparency Act, effective January 2024 in the U.S., requires UBO disclosure to FinCEN, but the registry is law enforcement-facing; banks still need to conduct their own ownership analysis.

Smurfing persists despite being a standalone offense in most jurisdictions. Multiple couriers deposit just below the CTR threshold across branches or institutions. Catching it requires network analysis that surfaces common controllers across accounts, not reviews of individual accounts in isolation.

Real-time payment rails add pressure. Funds move in seconds; detection systems built for batch-era volumes can't keep pace. This adds latency risk to decisions that have to happen in milliseconds, not minutes.

Related Terms and Concepts

Money laundering connects to a broad network of financial crime and compliance concepts. Understanding those connections matters when building a program that actually addresses the threat.

Terrorism financing is related but distinct. Money laundering conceals criminal proceeds. Terrorism financing directs funds, often legitimately sourced, toward criminal ends. ISIS financed operations through both criminal proceeds and donations, requiring controls on both concealment behavior and outbound flows to designated entities. AML and CFT programs overlap but aren't identical.

Predicate offenses are the crimes that generate the proceeds. Drug trafficking, fraud, corruption, human trafficking, cybercrime, and tax evasion are common predicates. FATF's Forty Recommendations define a minimum list; U.S. law covers more than 250 specified unlawful activities. Compliance teams need to understand which predicates their institution is most exposed to: a bank with heavy trade finance activity faces materially higher TBML exposure than a pure retail lender.

Mule accounts are the placement mechanism for much consumer-facing laundering. Individuals, sometimes knowingly and sometimes not, receive and forward criminal proceeds through personal accounts. Mule networks can process hundreds of millions annually. Identifying them requires behavioral analysis at the network level: accounts that receive and immediately disperse funds from multiple unrelated sources, with no obvious business rationale.

Sanctions screening intersects with AML at the identity layer. Sanctioned individuals and entities route through unsanctioned intermediaries to launder proceeds. A bank that doesn't identify the UBO may process transactions that benefit a designated party without knowing it. The OFAC 50 Percent Rule is directly relevant: entities 50 percent or more owned by a sanctioned party are themselves subject to sanctions even when not explicitly named on a list.

The Financial Intelligence Unit (FIU) is the destination for SAR filings. FIUs analyze, enrich, and share financial intelligence with law enforcement and foreign counterparts. The quality of that intelligence depends on what banks actually submit, which is why SAR narrative specificity matters as much as filing volume.

For any compliance team auditing its program, money laundering is the organizing threat. Every control, from KYC at onboarding to SAR filing at case close, exists to answer one question: whose money is this, where did it come from, and does it belong here?