CTR: What It Requires and Who It Applies To

What is the CTR filing requirement?

The Currency Transaction Report is a mandatory filing under 31 U.S.C. § 5313, part of the Bank Secrecy Act signed into law in 1970. FinCEN administers the program. Covered institutions submit reports on FinCEN Form 112, which replaced IRS Form 4789 in 1996.

Congress created CTRs to give law enforcement a systematic record of large cash movements. The logic was direct: money laundering depends on cash, and mandatory reporting above $10,000 would create a searchable paper trail that investigators could act on. That $10,000 threshold was set in 1970 and has never been adjusted for inflation. In 2026 dollars, $10,000 from 1970 is worth roughly $80,000, which is why FinCEN now receives approximately 17.5 million CTRs annually (per FinCEN's published BSA filing statistics) and why financial institutions dedicate enormous compliance resources to a requirement that captures substantial volumes of routine commerce alongside genuinely suspicious activity.

CTR data feeds into FinCEN's financial intelligence database, which the FBI, DEA, IRS Criminal Investigation, HSI, and dozens of state agencies use to build money laundering, tax evasion, and narcotics cases. CTR information is also shared with foreign financial intelligence units under bilateral agreements.

One point compliance teams can't afford to miss: structuring cash transactions to stay below $10,000 and avoid a CTR is itself a federal crime under 31 U.S.C. § 5324, regardless of whether the underlying funds are legitimate. A retailer making three $3,300 deposits instead of one $9,900 deposit to avoid paperwork has committed a structuring offense.

The Anti-Money Laundering Act of 2020 directed FinCEN to review reporting thresholds and modernize the BSA's effectiveness, though no threshold change has taken effect as of mid-2026.

Who does the CTR requirement apply to?

The CTR requirement covers "financial institutions" as defined by 31 U.S.C. § 5312 and the implementing rules at 31 CFR Parts 1020-1029:

• Banks and bank holding companies. Federally chartered and state-chartered commercial banks, savings banks, savings associations, and credit unions. Community banks and large multinational institutions alike are covered, with no size threshold.
• Casinos and card clubs. Any casino or card club with annual gaming revenue exceeding $1 million must file CTRs. Nevada, New Jersey, and tribal gaming operations are all within scope.
• Money services businesses. MSBs registered with FinCEN are covered, including money transmitters, check cashers, and currency dealers/exchangers.
• Securities broker-dealers. Registered broker-dealers must file CTRs on qualifying cash transactions.
• Mutual funds. Open-end investment companies that sell shares directly to the public.
• Insurance companies. Life insurance companies that offer products with cash surrender values or policy loans.
• Dealers in precious metals, stones, and jewels. Dealers with gross annual revenues exceeding $50,000 are covered under 31 CFR 1027.

Thresholds apply per person, per day. If two branches of the same bank each receive $6,000 in cash from the same customer on the same day, the institution must aggregate those transactions and file a CTR for $12,000. That aggregation requirement is the source of most examination findings.

Foreign banks operating in the U.S. through licensed branches are subject to CTR obligations under 31 CFR 1020. Pointing to a home-country reporting regime doesn't excuse compliance.

The FinCEN CDD Rule intersects directly here: when filing a CTR on a legal entity customer, institutions must identify the entity's beneficial owner.

What does the CTR filing requirement mandate?

The core obligations under 31 CFR Parts 1010 and 1020-1029 are:

1. File FinCEN Form 112 for every cash transaction above $10,000. The threshold applies to currency: physical U.S. and foreign coin and paper money. Checks, ACH transfers, and wire transfers don't count, even when those instruments are later converted to cash.

2. Aggregate same-day transactions by the same person. Multiple cash deposits, withdrawals, or exchanges by the same customer on the same business day must be combined. You track this at the customer level, not the transaction level. Your systems need to support this.

3. File within 15 calendar days of the transaction. The 15-day clock starts on the transaction date, not when your compliance team reviews the flag. There's no grace period.

4. Collect and verify the customer's identification. For individuals: full legal name, date of birth, address, and an unexpired government-issued photo ID number. For businesses: legal name, EIN, and the name and ID of the person physically conducting the transaction.

5. Retain records for five years. The retention period runs from the filing date. Records must be retrievable on request. Examiners expect electronic indexing, not an archive box in a storage room.

6. Manage exemptions properly. Banks may exempt Phase I customers (other banks, government agencies, publicly listed companies) and Phase II customers (qualifying non-listed businesses) under 31 CFR 1020.315. Exemptions require a FinCEN Form 110 filing, annual renewal, and documented review for continued eligibility.

7. Never tip off customers. Notifying a customer that a CTR is being or will be filed on their account is prohibited and can constitute obstruction.

8. Train all relevant staff. Tellers, branch managers, and compliance personnel need annual training on identification, aggregation, and structuring detection. Training records must be retrievable at examination.

The relationship with SAR filing is worth clarifying: a CTR and a SAR can, and sometimes should, be filed on the same transaction. Filing a CTR doesn't eliminate the obligation to file a SAR if the underlying activity looks suspicious.

What evidence do regulators expect during a CTR examination?

Bank examiners from the OCC, FDIC, Federal Reserve, and NCUA will specifically test CTR compliance during BSA/AML examinations. Here's what they look for:

• Written BSA/AML program. A documented policy covering CTR identification, aggregation procedures, filing timelines, and exemption management. The board must approve it, and it must be reviewed annually.
• System-generated aggregation monitoring. Demonstrable evidence that your core banking system or BSA software tracks same-day cash activity by customer and flags aggregation requirements. Examiners will test this with sample transactions.
• CTR filing logs. A complete audit trail showing every CTR filed, the filing date, and the underlying transaction details. The log must make it easy to verify the 15-day deadline was met on every filing.
• Exemption documentation. For each exempt customer, a current FinCEN Form 110, documentation of the review, and evidence that annual renewals occurred. Stale exemptions are a red flag.
• Structuring detection procedures. Written procedures for identifying potential structuring and escalating to BSA staff. Examiners will ask how your institution distinguishes innocent multi-transaction customers from structurers.
• Training records. LMS records or sign-in sheets showing all relevant staff completed CTR training in the past 12 months. Training content must cover the aggregation rule specifically.
• Independent testing results. Evidence from your BSA independent audit, required under 31 CFR 1020.210 and 12 CFR Part 21, that CTR procedures were tested, findings documented, and deficiencies corrected.
• Management reporting. Board or senior management reports showing CTR filing volumes, error rates, and any late filings. Compliance leadership is expected to be tracking these numbers.

Common CTR compliance failure modes

These aren't theoretical. They show up repeatedly in enforcement actions and examination findings.

• Aggregation failures. The single most common finding. Two or more same-day cash transactions from the same customer that together exceed $10,000 aren't aggregated, and no CTR is filed. This happens when different tellers or branches handle transactions without a centralized system tracking daily cash totals per customer.
• Structuring by staff. In FinCEN's 2024 consent order against TD Bank, employees actively helped customers structure transactions to avoid CTR thresholds. That's a criminal violation, not an administrative deficiency.
• Late filings. Forms filed on day 16 or later, typically because manual review processes have no automated deadline tracking.
• Missing or incorrect identification data. Forms submitted without a complete government-issued ID number, or with a business name but no EIN, or with the wrong person listed as the conductor.
• Stale exemptions. Phase II exemptions applied to businesses without sufficient documented transaction history, or exemptions not renewed annually as required under 31 CFR 1020.315.
• Failure to detect structuring. Customer behavior showing daily cash deposits of $9,800 to $9,900 over several consecutive weeks, visible in transaction data, but no alert generated and no SAR filed. FATF Recommendation 20 treats suspicious structuring patterns as a mandatory reporting trigger, and U.S. examiners expect equivalent vigilance.
• Tipping off. Staff informing a customer that a CTR is being filed, allowing them to modify their behavior.

In FinCEN's 2018 action against U.S. Bank, the agency cited systemic failures in cash transaction reporting systems as part of a $185 million FinCEN penalty (FinCEN enforcement notice, February 2018).

Penalties for CTR non-compliance

The penalty structure runs from civil fines to criminal prosecution, and recent enforcement actions show regulators aren't pulling punches.

Civil penalties under 31 U.S.C. § 5321 run up to $25,000 per day for negligent violations. For intentional or willful violations, the ceiling is the greater of $100,000 per violation or twice the amount of the transaction involved. Forfeiture of the funds in question applies on top.

Criminal penalties under 31 U.S.C. § 5322 can reach $250,000 in fines and five years imprisonment for a single willful violation, and $500,000 with ten years imprisonment for a pattern of violations.

In practice, the largest enforcement actions involve multi-year, systemic program failures. FinCEN's October 2024 action against TD Bank NA imposed a $1.3 billion FinCEN penalty as part of a total settlement exceeding $3 billion across FinCEN, DOJ, OCC, and the Federal Reserve. The consent order cited TD Bank's failure to monitor and report suspicious transactions, including through its CTR systems, over a period from 2014 to 2023 (FinCEN press release, October 2024).

In January 2021, FinCEN assessed a $390 million penalty against Capital One for systemic BSA/AML failures, citing deficiencies in CTR and SAR filing for its Check Cashing Group (FinCEN press release, January 2021).

Penalties aren't limited to large institutions. Community banks under $1 billion in assets have received multi-million dollar civil money penalties for CTR program deficiencies.

Related regulations and international frameworks

CTR sits within a wider network of AML obligations, and understanding those connections matters for program design.

The immediate parent is the Bank Secrecy Act, which created both the CTR requirement and the SAR filing obligation in parallel. CTRs are threshold-based and automatic; SARs are judgment-based. Both can apply to the same transaction.

Section 326 of the USA PATRIOT Act (CIP) establishes the customer identification obligations that underpin CTR accuracy. You can't file a complete, accurate CTR without knowing who your customer is.

The FinCEN CDD Rule adds beneficial ownership identification requirements for legal entity customers, which directly affects how CTRs are completed for business accounts.

At the international level, FATF Recommendation 32 addresses physical cash crossing borders and requires countries to implement declaration systems for large international cash movements. The U.S. CTR is the domestic counterpart to those border controls, feeding the same financial intelligence picture.

Most FATF member countries have equivalent regimes. Australia's AUSTRAC requires Threshold Transaction Reports for cash above AUD 10,000. Canada's FINTRAC requires Large Cash Transaction Reports for CAD 10,000 and above. The EU harmonizes cash reporting across member states through 6AMLD, though individual thresholds vary by jurisdiction.

For institutions with cross-border operations, mapping how the U.S. CTR aligns with foreign equivalents is a practical necessity for consistent group-level AML policy.

How FluxForce supports CTR compliance

FluxForce AI agents monitor cash transaction activity in real time, automatically aggregating same-day transactions by customer and entity to flag CTR filing requirements the moment they're triggered. Nova Sentinel detects structuring patterns across transaction sequences and surfaces alerts for compliance review before they become examination findings. Automated form pre-population reduces manual data entry errors on FinCEN Form 112, and built-in deadline tracking ensures the 15-day filing window is met consistently. Exemption management workflows track annual renewal dates and flag stale customer exemptions. Book a demo to see it in a live environment.