CTR: What It Requires and Who It Applies To

What is CTR?

The Currency Transaction Report (CTR) is a mandatory disclosure filed with the Financial Crimes Enforcement Network (FinCEN) when a financial institution processes more than $10,000 in physical currency for or by a single person in one business day. The requirement comes from the Bank Secrecy Act of 1970 (31 U.S.C. § 5313), the foundational statute behind the BSA (US-FinCEN) compliance framework. FinCEN codified the current filing rules under 31 C.F.R. § 1010.311 and standardized the filing instrument as FinCEN Form 112, previously issued as IRS Form 4789 and later FinCEN Form 104.

Congress created the CTR to build a searchable audit trail for large cash movements. The reasoning was direct: legitimate businesses rarely move tens of thousands of dollars in physical currency on a routine basis, but drug traffickers, tax evaders, and other financial criminals do. By mandating reports on every transaction above the threshold, law enforcement gets a database of cash activity without needing probable cause first.

The regulation has grown sharper over time. The Money Laundering Control Act of 1986 criminalized structuring, the deliberate practice of breaking large cash transactions into smaller amounts to avoid the $10,000 trigger. The USA PATRIOT Act of 2001 integrated CTR obligations with expanded AML program requirements. The AMLA 2020 directed FinCEN to modernize CTR reporting, reduce low-value filings, and improve data utility for law enforcement agencies.

The CTR is a threshold-based report, not a judgment call. If cash crosses $10,000 in a day, the filing is mandatory. This is distinct from a SAR (Suspicious Activity Report), which requires an analyst to identify suspicious behavior before filing. A transaction can trigger both: large enough to require a CTR and suspicious enough to warrant a SAR on the same day.

Who does CTR apply to?

The CTR requirement covers a broad set of financial institutions defined in the BSA. The obligation is not limited to traditional banks.

Covered entity types include:

• Commercial banks and savings institutions, including national banks supervised by the OCC and state banks supervised by the Federal Reserve or FDIC
• Credit unions, both federally chartered and state-chartered
• Thrift institutions: savings and loan associations and savings banks
• Casinos and card clubs with annual gaming revenues above $1 million, covered under 31 C.F.R. § 1021.311
• Money services businesses (MSBs), including money transmitters, currency dealers, and check cashers registered with FinCEN under the MSB Registration requirement
• Broker-dealers in securities, subject to sector-specific rules under 31 C.F.R. § 1023.311
• Mutual funds, covered under 31 C.F.R. § 1024.311

The rule applies only to transactions in currency: physical U.S. coins and bills, or foreign currency equivalents. Wire transfers, ACH payments, checks, and debit card transactions are not "currency" for CTR purposes, regardless of amount.

There is no minimum size threshold for covered institutions. A community bank with $50 million in assets carries the same CTR obligation as a global systemically important bank.

Certain well-known customers can be formally exempted. Under 31 C.F.R. § 1020.315, banks may exempt U.S. federal, state, and local government agencies, publicly traded U.S. companies listed on a major exchange, and established business customers with a demonstrated history of regular large cash activity. Exemptions must be documented at the outset, reviewed annually, and revoked if the customer's risk profile changes.

What does CTR require?

The core obligation is straightforward. The operational details are where compliance programs succeed or fail.

1. File when cash exceeds $10,000 in a single business day. The threshold applies to currency transactions conducted by, through, or to a financial institution. Multiple transactions by the same person at any branch of the same institution on the same business day must be aggregated toward the threshold.

2. Apply the aggregation rule. If a customer deposits $6,000 in the morning and $5,000 in the afternoon at different branches, the combined total is $11,000 and a CTR is required. Tellers at individual branches may not see the full picture. Automated aggregation in core banking or transaction monitoring systems is standard practice in compliant institutions.

3. File within 15 calendar days of the transaction date. Filings must go through FinCEN's BSA E-Filing System. Paper filings are not accepted for most institution types.

4. Identify both the conductor and the account holder. Two identities must be captured: the individual physically conducting the transaction and, if different, the person on whose behalf it is conducted. This requirement intersects directly with Customer Due Diligence (CDD) and Know Your Customer (KYC) obligations. Institutions that don't maintain current customer identification on file will struggle to complete CTRs accurately.

5. Record the transaction type, amount, date, and account number on FinCEN Form 112, including all required identification fields for each party.

6. Retain CTR records for five years from the filing date. This is mandated under 31 C.F.R. § 1010.430. Records must be available for regulatory inspection without undue delay.

7. Do not notify the customer. Telling a customer that a CTR has been or will be filed is prohibited under 31 U.S.C. § 5318(g)(2). This prohibition applies to employees at every level, from tellers to relationship managers.

8. Enforce the structuring prohibition. Deliberately breaking transactions into amounts below $10,000 to avoid a CTR is a federal crime under 31 U.S.C. § 5324, regardless of whether the underlying funds are legitimate. This applies to customers and to institution employees who facilitate structuring.

What evidence do regulators expect?

FinCEN examiners and prudential regulators (OCC, FDIC, Federal Reserve) look for documentation of a functioning CTR process, not just a stack of filed forms.

An audit-ready institution will have:

• Written CTR policies and procedures covering transaction aggregation, identification requirements, the Phase I and Phase II exemption process, and escalation paths when staff identify potential structuring attempts
• Training records confirming that front-line staff (tellers, customer service representatives, branch managers) have completed CTR training annually. The curriculum must cover the aggregation rule, proper Form 112 completion, and the tipping-off prohibition
• System configuration documentation confirming that transaction monitoring software or the core banking platform automatically aggregates same-day cash transactions by customer across all accounts and branches. Reliance on manual teller judgment is a finding
• CTR filing logs with timestamps, BSA E-Filing System confirmation numbers, and exception documentation for any filing that was late, incomplete, or amended
• Exemption files for each Phase I and Phase II-exempt customer, with annual review documentation and written confirmation that the customer still meets the exemption criteria in 31 C.F.R. § 1020.315
• Cross-referencing procedures confirming that compliance staff know when to pair a CTR with a SAR (Suspicious Activity Report). Large cash transactions at round numbers, conducted by nervous customers, or followed immediately by outbound wire transfers are textbook dual-filing scenarios
• Independent testing results from internal audit or an external reviewer, completed within the last 12 months, with documented findings and corrective actions

Examiners also pull transaction data directly. If they find large cash entries in account statements that produced no CTR filings, each missed filing is a separate violation.

Common failure modes

Real enforcement actions reveal the same patterns across institutions of every size.

• Failure to aggregate same-day transactions. A teller sees a $6,000 cash deposit and processes it without a CTR. A second branch later in the day sees a $5,000 deposit from the same customer. Neither triggers a filing. The CTR is never submitted. This is the most common operational failure in multi-branch institutions and the most predictable one.

• Structuring by insiders. In several enforcement cases, bank employees have coached customers on how to stay below the $10,000 threshold. In 2021, FinCEN assessed a $390 million civil money penalty against Capital One covering willful BSA failures that included thousands of missed CTRs and SARs at its check-cashing subsidiary. Senior management was aware of deficiencies for years.

• Exemption file decay. Institutions grant Phase II exemptions to business customers and then stop reviewing them annually. The customer's transaction behavior shifts, the risk profile changes, and the exemption stays on file unchallenged. Examiners find stacks of outdated exemption records on nearly every exam.

• Over-reliance on teller judgment without automated tools. Asking tellers to "flag" large cash deposits without automated aggregation across accounts, transaction types, and branches produces consistent misses. This is not a training problem; it's a process design problem.

• Late filings treated as minor issues. FinCEN's 15-day window is firm. Institutions that habitually file on day 14 or maintain a backlog of pending CTRs face examination findings, even when total volumes are low.

• MSB accounts not monitored separately. Money services businesses are high-risk by definition under FinCEN guidance. Banks that don't apply heightened transaction monitoring to MSB account cash activity routinely miss filing thresholds across a high-velocity customer segment.

Penalties for non-compliance

FinCEN has statutory authority to impose civil money penalties (CMPs) for CTR violations under 31 U.S.C. § 5321. The penalty ranges are specific.

• Negligent violations: up to $1,000 per violation per day
• Pattern of negligent activity: up to $50,000 per pattern, in addition to per-violation penalties
• Willful violations: up to the greater of $100,000 per violation or the amount of the underlying transaction, with no daily cap
• Willful violations by a financial institution: up to $1 million per violation, or double the amount of the transaction involved

The Capital One case set the modern benchmark. FinCEN's $390 million penalty in January 2021 addressed a check-cashing subsidiary that operated for years without a functioning AML program. Thousands of CTRs and SARs were not filed. Senior management was aware. The consent order documents in detail how FinCEN calculates penalties when institutional awareness of deficiencies is established.

In October 2024, TD Bank pleaded guilty to conspiracy to commit money laundering and BSA violations. The combined penalties from the DOJ, FinCEN, OCC, and Federal Reserve totaled $3 billion. The bank's failures included allowing drug cartel proceeds to move through U.S. accounts without required CTR filings, over a period of years.

Criminal liability under 31 U.S.C. § 5322 applies to individuals, not just institutions. Willful violation carries up to five years in prison, rising to ten years when the offense is part of a pattern of illegal activity or involves more than $100,000 in a 12-month period.

Related regulations and frameworks

The CTR is one component of a broader compliance structure. Understanding how it connects to adjacent requirements helps institutions avoid gaps.

The Bank Secrecy Act is the parent statute. BSA (US-FinCEN) imposes the full suite of AML obligations: CTRs, SARs, CDD, and record-keeping. Every CTR program operates inside a broader BSA compliance program, and exam findings in one area routinely produce scrutiny in the others.

The FinCEN CDD Rule (31 C.F.R. § 1010.230) requires banks to identify and verify the beneficial owners of legal entity customers. Accurate CTR completion for entity accounts depends directly on the FinCEN CDD Rule (US-FinCEN) data. Without reliable beneficial ownership records, institutions can't identify who the "person on whose behalf" a transaction was conducted.

FATF Recommendation 32 covers cash couriers and the physical movement of bulk currency across borders. Domestic CTRs address in-institution cash transactions; FATF Rec 32 (FATF) addresses the complementary risk: undeclared physical cash transport. The underlying criminal behavior is the same.

FATF Recommendation 20 is the international standard for suspicious transaction reporting, which the U.S. SAR requirement implements domestically. FATF Rec 20 (FATF) and the CTR are designed to work together. The CTR flags transaction volume above a threshold; the SAR flags behavioral indicators of money laundering. Both are often needed for the same customer.

Section 314(a) of the PATRIOT Act allows FinCEN to compel financial institutions to search records for accounts and transactions linked to law enforcement subjects. Section 314(a) (US-FinCEN) requests and CTR data are frequently used together by investigators building money laundering cases. Institutions that file accurate, timely CTRs become more useful partners in investigations.

The AMLA 2020 is actively reshaping how FinCEN prioritizes CTR data. The Act directed FinCEN to evaluate whether the $10,000 threshold, unchanged since 1970, should be adjusted for inflation, and to focus reporting on geographic areas and customer segments with the highest law enforcement value.

How FluxForce supports CTR compliance

FluxForce's AI agents automate the detection work that CTR compliance requires. Aiden Flux monitors cash transaction streams continuously across accounts, branches, and time zones. The aggregation logic that manual teller processes routinely miss is applied automatically. Nova Sentinel flags structuring patterns before a transaction clears, giving compliance teams time to act. Every alert includes a full evidence trail mapped to the specific BSA regulatory obligation. For institutions managing high cash volumes across multiple branches, this is where the Regulatory Compliance Automation capability pays off directly. Book a demo to see how FluxForce handles CTR aggregation at scale.