Share the article
Subscribe for updates
Sardine needs the contact information you provide to us to contact you about our products and services.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Common AML Scenarios - Classic and evolving money laundering tactics

Money laundering is a $800 billion to $2 trillion global problem, affecting everyone. As gatekeepers to the financial world, banks and fintechs have a duty to report and block suspicious transactions. But they're struggling to keep pace with criminals’ shifting tactics and global networks. Fines are mounting. Earlier this year Brink was fined $37 million for insufficient transaction monitoring - which saw $800 million flow to criminal gangs. TD Bank was forced to pay $1.3 billion in October 2024 following evidence of overlooking anti-money laundering (AML) controls.  

In this article, we're looking at some of the classic and evolving methods, as well as the technology that can block them. 

1. Smurfing (or structuring) large sums into small ones before paying into an account (placement)

“Smurfing” is not as cute as it sounds. It is the process of breaking down one huge sum of money into smaller (and less suspicious) amounts. Fans of the smash TV series, The Sopranos, may remember how the mafia wife Carmala Soprano opened a series of brokerage accounts with different banks, depositing $9,990 in each one. This is because cash sums of less than $10,000 generally fly under the radar - they do not need to be reported to the IRS. As you can imagine, smurfing millions of dollars requires a lot of players each transporting small amounts, known as money mules.

Money mules push these fragmented funds into the financial system through a variety of channels, including cash, bank transactions, money services, pre-paid cards and cryptocurrency. The process of loading illicit money onto the financial system is known as “placement", and it is normally the first stage of money laundering. The whole process is often called placement, layering and integration. Criminals place the funds, “layer” the funds by moving them around to make them harder to trace before finally “integrating” by making them look legitimate (like company revenue).

These common patterns are often done by known bad actors and share common traits and identities. Standard KYC may miss these risk signals, however if we can see these signs before, during and after sign up we can manage that risk better.

How to block it: Prevent smurfingfake account creation with risk-based checks and AI-enhanced KYC 

Simply put, we do not recommend that financial services make thier own in-house DIY solutions for Know Your Customer (KYC) technology. There is too much at stake. 

Implement a robust and scalable AI-enhanced onboarding system that builds rich customer profiles without adding friction. In practice, this means being able to identify as much as possible about a user before they even begin submitting their documents or data. 

With pre-KYC account verification, firms can silently check for other bank accounts in this customer's name, for example with the same SSN. As well as verifying if the customer is real, they can glean further information about the potential customer from their other accounts, for example, if the customer is in good financial standing. 

If the potential customer has suspicious activity in their other bank accounts this may be worth flagging for further investigation. This is a vital way for firms to avoid their accounts being used as channels for smurfing. 

Firms should always know their customers’ true identity, source of income and transactional habits. But to prove these points, the onboarding system should be constantly scanning the IP addresses, location, mouse movements, users’ proximity to their mobile phone and more. Bad actors who “smurf” accounts are more likely to demonstrate expert behavior like knowing just where to click during a sign up process. To further curb the risk of money mules, we recommend continuously updatingcontinuously-updating sanctions screening software, and monitoring the entire client lifecycle. 

In our experience, a tiered risk model is the best way to strike the balance between regulatory and customer satisfaction. 

2. Integration: Concocting a complicated web of transactions

Once the dirty money has been loaded into the financial system - often within different times, currencies, places, amounts, and channels - they will move through a complex matrix of transactions, designed to be confusing to follow. 

Money mules need multiple accounts, many of which are created with false or stolen identities, creating yet more crime. A December 2024 case from Interpol, for example, uncovered 82,112 accounts used by 3,500 suspects - giving an average of 42 accounts each. 

Thousands of these “pass through” or "funnel” accounts are opened with the purpose of muddying the waters, with various amounts of criminal money flowing through. 

How to block it: Implement intelligence-sharing technology

One of the most effective ways to break the international flow of money laundering is to share intelligence with other organisations, both in-person and through technology. 

Together, firms can form a protective bubble, and warn each other of incoming threats or suspicious behaviour. This is an area where machine learning truly shines. Compliance technology runs round-the-clock, detecting patterns and flagging potential criminal activity. 

3. Re-consolidating the large sums with shell companies 

Traditionally, the separate illicit funds would be transferred to an opaque bank account or shell company (or shelf company), based in a tax haven such as the British Virgin Isles or Seychelles. From here, the trail of money usually cannot be followed any further. 

You can have shell companies owned by some people, within shell companies owned by others, within shell companies owned by someone different. This further blocks scrutiny. The explosive 2016 Panama Papers, for example, revealed how Russian President Vladimir Putin used his network of Oligarchs to conceal as much as $2 billion

From here, the shell company can be used in a variety of ways to send the funds back to the beneficial owner - directly or indirectly. Some use trade-based money laundering tactics, like issuing fake invoices. While others may buy huge luxury properties or super yachts, which can be rented out or chartered (by the shell company) for significant fees. 

How to block it: Implement robust KYB technology 

AI-enhancedAI-enchanced onboarding is not just for customers, but also for businesses. Using state-of-the-art analysis, it can identify patterns, anomalies, and suspicious clusters of activity. 

We would probably recommend implementing a tiered KYB model, so that the most suspicious companies undergo a much more extensive check. Shell company detection and look-through is a critical tool in any KYB flow. These checks often involve identifying any ultimate beneficial owners (UBOs) through complex corporate hierarchies. We recommend organizations find streamlined ways to collect this data in real-time so decisions can be made quickly. If risk is identified further investigation may be warranted, but if not, institutions can streamline their processes and not penalize good customers with simpler structures.

4. Manipulating invoices with trade-based money laundering 

An evolving tactic is to avoid infiltrating the financial system altogether using businesses, known as trade-based money laundering (TBML). Europol found that 86% of the EU's most threatening criminal networks use legal business structures to move illegal funds. 

While some use shell companies, 63% take over existing businesses (sometimes by force), or set up their own. The business owners are not always willing participants. In 2014, the Sinaloa Drug Cartel forced a small business in the fashion district of Los Angeles to launder $140,000 of ransom money to them after they kidnapped and tortured a family member.

TBML takes many different forms, making it difficult to track. But it usually centers around invoicing. A company could, for example, over-invoice exports or under-invoice imports, using trade documents as a smokescreen. Between 6% and 9% of all US export and import invoices are estimated to be altered. Criminals also manipulate the pricing, or charge for a service which is hard to quantify, like consultancy work. 

How to block it: E-invoicing as a potential solution

Experts point to the potential of e-invoicing. Since they are digital, every time they are altered, there is a digital footprint. And the invoice can be received instantly by tax authorities, at the time or even before the goods have been delivered. While it is not a perfect solution, it shows an increasing awareness and adds transparency. At a minimum any organization using such a solution also demonstrates less risk to your institution.

For financial firms thinking about their business clients, the best way forward is to analyzeprobably analsye income and expense flows with a critical eye. AI-enhanced KYB and transaction monitoring platforms, like Sardine’s, continuouslycontinously analyzeanalyse business transactions, directors, persons of interest, locations, and behaviorsbehaviours. If any suspicious activity is detected, compliance officers are quickly alerted. 

5. Converting currencies by moving goods

Traditionally, criminals have sought cash-intensive businesses like casinos, nightclubs, car washes or laundromats to mask their illicit funds. But for criminal gangs operating abroad, the job is only half done, and they need to convert the dollars into local currency. For example, in series like Ozark or Breaking Bad, the drug lords are based in Mexico. 

Unlike the movies, however, today's criminals do not generally carry suitcases of cash over the border to their bosses’ houses. Increasingly, they are converting dollars by moving goods. 

In 2024, for example, the Sinaloa Cartel used dollars from selling fentanyl to buy bulk cell phones, which they sold across stores in Mexico. This newer style of money laundering means that no cash crosses the border, it's an expanding part of the Black Market Peso Exchange. 

How to block it: Implement merchant risk software 

In the case of the cell phone store above, merchant risk software should be able to alert firms about suspicious transactional flows. Sardine, for example, has 4,800 money laundering-based features to identify red flags. 

We also recommend a focus on  Our proprietary spend card data, to monitorfor example, monitors how the merchant is distributing the funds, and whether that matches up with the initial onboarding information. 

This, when combined with a real-time assessment of a merchant, can flag any sudden changes in what a merchant is selling vs what they claim to sell or be incorporated to do. The use of Generative AI can help flag discrepancies between tax fillings, incorporation documents, websites, invoices and payment data.

6 .Crypto is the irrevocable payment tool for money launderers to cash out

While blockchain has the potential to create a lot more transparency in the financial system, today cryptoassets are one of the most popular money laundering tools because transfers cannot be revoked. A lot of the traditional laundering techniques of smurfing and creating confusing trails have evolved into the world of digital assets. 

Criminals take advantage of every stage of the system, from hacking other cypto users, to storing assets digitally or cashing them in for fiat currency. In 2020, $250 million worth of cryptocurrency was stolen by two North Korean hackers, who laundered the funds through Chinese over-the-counter traders. 

Criminals can rapidly move illicit funds from one location to another without ever crossing a boarder. What's more, they can hide the proceeds across a wide web of different crypto assets, like NFTs, or currencies. This can obscure transaction trails even more. While international police are cracking down on illegal sites like Garantex, with the arrest of one bad actor in March 2025, the problem persists. 

How to stop it: Implement AI-enhanced KYC, which monitors onchain and off chain data sources.

We reccomend organizations monitor both onchain and off-chain data sources to provide a complete picture of risk. For example, crypto wallet screening, combined with KYC, transaction monitoring, device, behavior, and other risk signals, provides a much higher resolution picture of what’s happening. Criminals often exploit the gaps between traditional finance and the crypto industry. Closing these gaps requires pulling together multiple sources of data into a single real-time dashboard for investigations and case management.

For crypto exchanges, the same fundamentals of KYC apply. As part of the onboarding process, firms should know the occupation, source of income and salary of the account holder. If a customer is transacting with more money than they officially make in their salary, this could be a sign of a money mule. AI-enhanced KYC platforms can continuously track the IP addresses, location of user, device characteristics and behavior for anomalies. 

Firms should also apply state-of-the-art transaction monitoring software, which flags suspicious activity. It can track patterns, relationships with other users and more. Sardine's AML software allows firms to build up to 500 of their own rules, to truly personalise the risk management to the unique compliance needs of the service. 

Stay one step ahead… 

In this article, we've listed six of the classic and evolving money laundering techniques. But criminals continue to re-invest in new tools all the time. Protection against money laundering requires evermore training, upskilling and investigations. Although it may feel like the works is never-ending, the good news is that our efforts will - and do - pay off. 

Cutting off the financial incentive means criminals have less funds to re-invest in new money laundering techniques. This can help the job get easier over time. It also means they have less money to continue committing crimes. Effective AML technology helps to stem the flow of fentanyl sales, terrorist financing, human trafficking, kidnappings, extortions and more. 

Every blocked transaction, Suspicious Activity Report and piece of intelligence shared is a win. Not just for compliance teams, but for the whole world. 

Together, we can combine our capabilities to provide inter-connected, world-leading compliance which never stops learning. 

Frequently Asked Questions (FAQ)

Q1: How often should we update our AML monitoring models and scenarios?
A:
AML threats evolve constantly. At a minimum, firms should review and update models quarterly, or whenever new risk indicators, regulatory guidance, or known typologies emerge. Continuous learning and periodic tuning keep your detection capabilities aligned with evolving threats.

Q2: Are advanced analytics and machine learning essential for AML compliance?
A:
While not mandatory, these technologies substantially improve detection accuracy and reduce false positives. Machine learning can spot nuanced patterns that rule-based systems might miss, making it a valuable addition to a robust AML toolkit. Investing in robust AML technology is an economy which pays for itself, helping to avoid regulatory fines stretching in billions and curbing criminal behaviour.

Q3: How can we reduce false positives without missing genuine suspicious activity?
A:
Adopting a risk-based approach, refining alert thresholds, and leveraging machine learning models help lower false positives. Additionally, enhancing KYC data quality ensures the system has accurate baselines for normal activity, improving alert precision.

Q4: Can we rely solely on automated systems to detect AML risks?
A:
Automated systems are vital, but they are most effective when complemented by skilled human analysts. Expert judgment, contextual understanding, and investigative experience remain critical for interpreting complex patterns and making informed compliance decisions.

Q5: What role do regulatory guidelines and industry consortia play in improving AML efforts?
A:
Compliance frameworks and guidelines from bodies like FATF, FinCEN, and the EU Commission guide best practices. Industry groups, information-sharing alliances, and regulatory sandboxes provide platforms to exchange knowledge, test solutions, and adapt to new AML typologies collectively. 

If you would like to join our industry group, Sonar, you can benefit from the shared intelligence and expertise of a wide range of members including Visa, Square, Airbase, Blockchain.com, Novo and Straddle. 

Share the article
About the author
Simon Taylor
Head of Strategy and Content