AML Red Flags — Complete Breakdown

Did you know that the Financial Action Task Force (FATF) was created in 1989? Since then, they have set grounds for a more stable action plan against money laundering and terrorist financing. However, the level of complexity in financial crime is rising, and companies must be vigilant when it comes to different risks — or, as we call them — AML red flags.

As illicit schemes become increasingly difficult to trace and malicious actors grow more sophisticated, compliance teams are consistently vigilant for signs of financial crime. To meet Anti-Money Laundering (AML) compliance requirements and enhance their overall AML strategies, regulated businesses implement systematic approaches to identify these risks.

AML red flags serve as indicators to identify when an individual or business is more prone to engaging in money laundering or other fraudulent activities. 

So, what can you do to protect your business and customers from the harmful effects of money laundering? This article outlines key AML red flags, offering an effective strategy to identify risks and prevent undesirable consequences associated with crimes like money laundering.

What is a Red Flag in AML?

In the context of AML compliance, a red flag, such as an unusually large transaction or a company from a sanctioned jurisdiction, is a warning sign that indicates potential criminal activity, such as money laundering.

The key goal of an AML red flag is to signal both companies and law enforcement agencies to potentially suspicious transactions associated with money laundering. Effectively identifying red flags is crucial for an effective AML program, requiring regulated businesses to build a clear process for the identification and investigation of flagged issues.

However, a red flag doesn’t automatically brand the customer or the company as a fraudulent entity. Often, regulated businesses must submit Suspicious Activity Reports (SARs) to authorities after detecting red flags among their clients.

Key Red Flag Categories

The FATF, as it describes itself as the global money laundering and terrorist financing watchdog, has provided a list of flags linked to the virtual asset service providers (VASPs) and their risks, as well as other financial institutions. 

In the report, the FATF offers valuable information for financial intelligence units, law enforcement agencies, prosecutors, and regulators to analyze suspicious transaction reports and monitor compliance with AML/CTF laws. 

In total, the FATF lists 42 red fags, which can be categorized into four key groups:
  1. Red flags related to the client. For example, they are overly secretive about where the money comes from, their identity, why they’re doing the transaction this way, who the beneficial owner is, etc. 
  2. Red flags that are linked to the source of funds. For instance, the customer uses multiple foreign accounts without a reasonable explanation, or there’s unexplained third-party funding for the transaction or associated fees without a clear connection or legitimate explanation.
  3. Red flags in terms of choice of lawyer. For example, the customer chooses guidance from a legal professional lacking expertise in a specific specialty, or they change advisors a number of times within a short timeframe or without a legitimate reason.
  4. Red flags in the nature of the retainer. For instance, the client engages in transactions that are atypical based on their business activities, or the operation being notarized is noticeably inconsistent with the size, age, or activity of the individual or legal entity involved.

Related: 40 Recommendations of the FATF — Overview

General FATF Warnings Regarding Money Laundering

When it comes to money laundering, which involves concealing the source of unlawfully acquired funds and introducing them into the legal financial system, the FATF has issued warning signs that help companies detect financial crime

According to the FATF’s report, some of the most frequently reported offenses include bribery and corruption, tax crimes, and fraud. That said, companies should look out for various combinations of money laundering techniques, being able to recognize the following warning signs:

  • Misuse of client accounts. For example, using seemingly legitimate corporate accounts for personal financial interests.
  • Purchase of real property. For instance, taking laundered funds and cleaning them by buying and selling real estate
  • Creation of trusts and companies. For example, trying to conceal ownership of the parties involved in the transaction to, once again, use illegally obtained assets. 
  • Managing client affairs and making introductions. For instance, opening a bank account on behalf of a client despite noticing the warning signs of money laundering by a politically exposed person (PEP). 
  • Undertaking certain litigation. For instance, if the dispute’s subject is made up (like having no real debt and just transferring proceeds of crime between entities) or if the litigation involves a contract related to criminal activity that a court wouldn’t enforce.
  • Setting up and managing charities. For example, legal professionals help create charities or non-profit groups, serve as trustees, and offer legal advice on charity-related matters. They might also be established for fraudulent purposes involving laundered proceeds.

Related: Examples of Money Laundering and Prevention Methods

10 Most Important AML Red Flag Indicators

The FATF international standards offer companies a comprehensive and consistent framework to create a robust AML program. To achieve this goal, firms should be aware of the key AML red flags, which include: 

1. Secretive Clients Who Don’t Want to Provide Personal Information

Companies should treat customers who don’t want to share personal information about themselves as a red flag. So, if a customer declines to provide information about themselves, organizations should evaluate the situation for suspicion, especially if there are ties to criminal activities. 

A use case example of this scenario would be a legal professional who’s approached online to set up numerous companies intentionally without providing details on identity, funds’ source, or purpose. Later on, they’re asked to create numerous companies without knowing their future use. However, the legal professional didn’t meet the clients or conduct due diligence. Later on, the companies were used for money laundering. 

That’s why customers sometimes want to hide details such as their identity, beneficial owner, the source of their money, and the reason behind the transaction. To address this, when bringing in new clients, companies must establish Know Your Customer (KYC) and customer due diligence (CDD) procedures. This ensures that all new customers provide accurate personal information, which is verified using official documents, such as passports or IDs. 

The five CDD steps involve:
  • Identifying and confirming the client’s identity.
  • Identifying beneficial owners when applicable.
  • Understanding the nature and purpose of the business relationship.
  • Knowing the source of funds involved.
  • Keeping records of the personal information for reference.

Related: What is the Difference Between CDD and EDD?

2. Unusual Source of Funds

Identifying the source of funds is challenging when cash deposits or crypto assets are involved. Similarly, transactions with substantial cash amounts, private funding, or transactions from high-risk countries can signal money laundering. Additionally, if someone with a low income unexpectedly engages in a high-value transaction, suspicions could be triggered.

For example, the source of funds can be taken as a red flag when there’s third-party funding without a clear link or a valid explanation. Also, if the funds come from a foreign country where there’s no apparent connection between the country and the client.

If companies identify any of these red flags, they should apply a risk-based approach to the client and follow the beneficial owner verification requirements. This tactic helps organizations understand the nature and purpose of the business relationship, as well as know more about the source of funds. 

3. Suspicious Transactions

Another red flag is suspicious or inconsistent transactions that require companies to conduct further investigations. Customers attempting to launder funds typically engage in transactions that, in a sense, differ from their typical behavior. 

Here are some examples of suspicious transactions that raise AML red flags:
  • If the person directing the operation is not an official party or representative.
  • If the transaction is unusual for the involved parties, especially if they are underage.
  • If a genuine person acting as a director or representative is not an appropriate representative
  • If there are multiple transactions between the same parties in a short timeframe.
  • There are parties or their representatives located in high-risk countries without a clear reason for their connection or with questionable links.

Other actions that are considered AML red flags in terms of suspicious transactions include large cash payments, unexplained third-party transactions, the use of multiple accounts, or the use of foreign bank accounts or virtual wallets, especially if they originate from diverse jurisdictions.

Related: The Role of AML Requirements for Payment Processors

4. Customers with a Questionable Track Record

If a new customer has a history of being convicted or involved in money laundering and other financial crimes, companies treat this as a red flag that also requires further investigation. In general, a red flag is also a new customer who has a suspicious track record or the slightest possible link to convictions for acquisitive crime or known associations with criminals. On top of that, relatives or close associates of known financial criminals should also be considered potential red flags. They are often used as channels for illegal activity. 

5. Geographic Risks and Inconsistencies

If a customer receives or sends money to uncommon geographic locations unrelated to their background or expertise, it raises suspicion. Similarly, transfers of funds to or between uncommon jurisdictions should be treated as AML red flags. Another example of such geographical risks is transactions coming from countries with a history of money laundering or corruption.

In general, this happens because criminals tend to exploit countries with weak measures against money laundering and terrorist financing. Since some countries haven’t fully implemented the latest AML safeguards, criminals exploit this security gap. They move illicit funds to less-regulated countries. This is especially common among virtual asset service providers. 

The FATF recommends being aware of key geographical risks that are typically linked to these red flag indicators: 
  • The customer’s funds are linked to an unregistered exchange in the customer’s or exchange’s jurisdiction.
  • The customer is using a virtual asset exchange or foreign money transfer service in a high-risk jurisdiction with inadequate regulation of virtual asset entities, including inadequate KYC/CDD measures.

To find out more about geographical risks, companies use the Basel Anti-Money Laundering (AML) Index and the Corruption Perception Index to gain insights on a country-by-country basis.

6. Adverse Media Mentions

Regulated businesses handling clients in sensitive industries or engaging in high net-worth transactions must screen negative news, in other words, their clients’ adverse media presence. While not all findings may trigger red flags, companies should consider additional checks if the client has an adverse media presence. For instance, if media checks reveal acquisitive crimes or predicate crimes related to this activity, it should raise a red flag for potential money laundering risk.

Adverse media covers various news and media sources, such as compromising data or financial and organized crime incidents, as well as other associations with political figures. That’s why a proper adverse media check can unveil involvement not only in money laundering or terrorist financing but also in crimes like racketeering or organized crime. 

To make adverse media screening more efficient, many regulated entities use automated adverse media checks for Enhanced Due Diligence (EDD). This helps streamline this process and stay informed about their clients’ media profiles and adverse track records.

7. Sanctions Exposure

Companies or entities that are on sanctions lists raise red flags because they show signs of potential involvement in money laundering and other unlawful activities. As a result, the sanctioned status demands heightened scrutiny. Since risk status changes and customers can be added to sanctions lists at any time, including after the initial onboarding stage, companies should screen sanctions lists constantly to stay compliant with AML regulations. 

Related: PEPs and Sanctions Checks Explained

8. Ultimate Beneficial Ownership is Confusing

Ultimate Beneficial Ownership (UBO) is a person or entity that owns or controls a partnership, company, trust, or another legal entity. Any inconsistencies in UBO information are a red flag in AML compliance. That’s why companies use UBO screening to dig deeper into the backgrounds of key figures and their financial transactions or dealings with third parties.

UBOs are often linked to shell companies, which is a red flag for potential money laundering. Money launderers often employ third parties to create intricate transaction chains with multiple accounts or intermediaries, obscuring the origins of illicit funds. That makes uncovering the beneficial ownership of companies in tax havens challenging, especially in less regulated countries.

Key indicating signs regarding suspicious beneficial ownership include:
  • Customers who are providing inadequate or inaccurate information about transaction beneficiaries.
  • Companies conducting wire transfers with an unusually high frequency or to an unusually large number of recipients.
  • Transactions that exhibit quantities inconsistent with the typical wealth profile of a corporation.
  • Transactions involving entities located offshore or in high-risk AML countries.

Consequently, UBO checks help companies mitigate risks and safeguard against potential liabilities arising from unlawful engagements with unfamiliar entities or individuals.

9. Involvement of Politically Exposed Persons

Politically exposed persons, or PEPs, are people who hold a public or government position. They are considered high-risk individuals because of their status and power. As a result, PEPs tend to show a higher risk of money laundering and terrorism financing.

So, if the customer has a current or past public position in a political or high-level professional role and is involved in uncommon private business activities in terms of frequency or characteristics, the company should exercise heightened scrutiny as per FATF guidelines.

For more high-risk sectors, the family members and close associates of PEPs should also be treated as red flags. Keep in mind that while being a PEP does not automatically indicate that an individual has engaged in criminal activity, it’s crucial to follow AML protocols. 

10. Suspicious Choice of Legal Representative

Many countries mandate the involvement of legal professionals. For example, when utilizing a client account, acquiring real property, establishing trusts and companies, or overseeing charities. That’s why it’s only natural that people select legal representatives based on their specific case. So, if a client chooses a lawyer who lacks familiarity with the regulations relevant to their industry or resides in a different country, it may be viewed as an AML red flag. 

Here are the key warning signs to be cautious about evaluating a customer and their choice of a legal representative:
  • Take note if a client frequently changes advisors or hires multiple lawyers without a valid reason.
  • Watch out if they hire a lawyer who lacks experience in a specific field or handling complex and large transactions.
  • Be cautious if a customer hires a lawyer from an unusual, far-away location without a good reason.
  • Be wary if a client is willing to pay much higher fees than usual without a good reason.

It’s important to note that not all legal professionals actively engage in providing these services, which criminals can potentially exploit. However, it’s common for criminals to use legal representatives in hopes of creating legitimacy for their criminal activities. 

Automation as a Final Stage for Detecting AML Red Flags

To keep up with the ever-changing AML compliance environment, companies often implement AML automation to keep their customer’s data safe and up-to-date. Onboarding customers, screening and monitoring their activity, and then investigating suspicious transactions, not to mention reporting them to relevant authorities — is a hassle. 

At iDenfy, we have mastered AML compliance and we can help you do the same with our complete RegTech suite that includes identity verification, AML screening (PEPs and sanctions, and more), as well as other fraud prevention tools, like IP address detection or address verification. 

Check our solutions in action right away. 

Save costs by onboarding more verified users

Join hundreds of businesses that successfully integrated iDenfy in their processes and saved money on failed verifications.