AML Red Flags: Suspicious Activity Indicators for US Compliance Teams

AML red flags are behavioural, transactional or documentary indicators that suggest a customer relationship or financial transaction may be connected to money laundering, terrorist financing or another financial crime. Under US federal law, identifying these indicators and acting on them is a legal requirement under the Bank Secrecy Act (BSA), 31 USC §5311, enforced by the Financial Crimes Enforcement Network (FinCEN). Regulated financial institutions that fail to maintain adequate systems for detecting and reporting suspicious activity face severe civil and criminal penalties — the TD Bank enforcement action of 2024 resulted in a $1.8 billion BSA penalty, the largest in history against a US bank.

FinCEN received more than 4 million Suspicious Activity Reports (SARs) in fiscal year 2022, reflecting both the volume of financial crime exposure and the depth of BSA compliance obligations across the US financial system.

This article is provided for informational purposes only and does not constitute legal, financial or regulatory advice. Regulatory references are accurate as of the publication date. Consult a qualified legal professional for guidance tailored to your institution's circumstances.

What Are AML Red Flags Under US Law?

An AML red flag is any indicator that gives a covered financial institution reasonable grounds to suspect that a transaction involves funds derived from illegal activity, is designed to evade BSA reporting requirements, or lacks a lawful purpose. A red flag does not establish guilt: it triggers an obligation to investigate further and, where suspicion cannot be resolved, to file a Suspicious Activity Report (SAR) with FinCEN.

The BSA and its implementing regulations (31 CFR Part 1020 for banks, Part 1022 for money services businesses) require covered institutions to file a SAR when they know, suspect, or have reason to suspect that a transaction involves funds from illegal activity, is designed to evade reporting requirements, or lacks a lawful purpose. The FATF 40 Recommendations provide internationally recognised typologies that inform FinCEN guidance documents and Suspicious Activity Report filing requirements.

The Anti-Money Laundering Act of 2020 (AMLA 2020), enacted as part of the National Defense Authorization Act, represents the most significant overhaul of US AML laws since the USA PATRIOT Act. Among its provisions, AMLA 2020 requires FinCEN to establish AML program effectiveness standards and creates new whistleblower protections for BSA reporters. The Corporate Transparency Act (CTA) of 2021 — also part of this package — requires beneficial ownership disclosure to FinCEN for most US companies, targeting the shell company structures frequently used to layer illicit funds.

Categories of AML Red Flags

Red flags fall into four primary categories. The table below provides a structured overview that compliance teams can use as a baseline framework for their BSA/AML programs.

When red flags from multiple categories appear together, the overall risk level increases materially and must trigger a formal internal review and likely SAR filing, regardless of the relationship's commercial value to the institution.

For a broader view of documentary compliance obligations that sit alongside these indicators, see our document compliance guide.

Sector-Specific Red Flags

Banking and Depository Institutions

Banks are subject to the most comprehensive BSA obligations and face the widest variety of red flag typologies. FinCEN's SAR filing thresholds for banks are $5,000 for insider transactions and $25,000 for all other transactions — but there is no minimum threshold for structuring-related SARs, which must be filed regardless of the dollar amount involved.

Key indicators for the banking sector include:

• Frequent cash deposits just below $10,000 across multiple branches or tellers on the same day.
• Accounts that remain dormant before suddenly processing high volumes of wire transfers.
• Customers requesting large quantities of sequentially numbered monetary instruments.
• Business accounts with cash-intensive transaction patterns inconsistent with the stated business type.

The $10,000 Currency Transaction Report (CTR) threshold under 31 CFR §1010.311 requires banks to report every cash transaction exceeding $10,000. Structuring — deliberately breaking transactions into smaller amounts to evade CTR filing — is itself a federal crime under 31 USC §5324.

Money Services Businesses (MSBs)

MSBs — including money transmitters, check cashers, currency dealers, and prepaid access providers — are registered with FinCEN and must file SARs for transactions of $2,000 or more where suspicious activity is detected. Key red flags include:

• Customers conducting multiple transfers at or just below the $3,000 identification threshold for funds transfers.
• High volumes of small outbound transfers to the same foreign recipient accounts.
• Customers presenting multiple identification documents with inconsistent personal information.
• Transactions involving jurisdictions without adequate AML oversight.

Cannabis Banking

Despite federal illegality, cannabis-related businesses (CRBs) operate legally under state law in many states. FinCEN's 2014 guidance on BSA expectations for banks serving CRBs created a specific red flag framework:

• CRBs depositing cash significantly inconsistent with the scale of their stated retail operations.
• Transactions suggesting that a CRB is serving as a front for another business or individual.
• Deposits that appear to involve disproportionate volumes of small-denomination bills.
• CRBs operating in states where cannabis remains illegal under state law.

Banks choosing to serve CRBs must file "Marijuana Limited" or "Marijuana Priority" SARs on an ongoing basis as part of their FinCEN-compliant CRB banking program.

Crypto-Asset Service Providers

Virtual asset service providers (VASPs) are treated as MSBs under FinCEN regulations and must comply with full BSA requirements including SAR filing. Sector-specific red flags include:

• Use of mixing, tumbling or privacy coin protocols to obscure transaction trails.
• Transactions to or from addresses associated with OFAC-sanctioned entities or darknet marketplaces.
• Customers who refuse to disclose the source of their cryptocurrency holdings relative to transaction size.
• Rapid conversion between multiple cryptocurrencies to layer the transaction trail.

Trade Finance and International Commerce

Trade-Based Money Laundering (TBML) exploits the complexity of cross-border commercial transactions. FinCEN has issued specific advisories on TBML typologies:

• Significant discrepancies between invoice values and market prices for described goods.
• Vague or inconsistent cargo descriptions on shipping and trade finance documents.
• Payments made by or to unrelated third parties with no disclosed commercial relationship.
• Prepayments substantially above the standard commercial value of the underlying contract.

US Legal Framework: BSA, FinCEN, and SAR Filing Obligations

The primary US AML legislative framework consists of the Bank Secrecy Act (31 USC §§5311–5336), the USA PATRIOT Act (2001), the AMLA 2020, and the CTA 2021, supplemented by FinCEN regulations and interagency guidance from the Federal Financial Institutions Examination Council (FFIEC).

FinCEN's Customer Due Diligence (CDD) Rule (31 CFR §1010.230), effective since 2018, requires covered financial institutions to identify and verify the beneficial owners of legal entity customers — any natural person owning 25% or more, plus one person with significant control. This rule directly targets the shell company structures used to conceal the true owners of illicit funds.

SAR filing deadlines: SARs must generally be filed within 30 calendar days of initial detection of facts that constitute a basis for filing. A 60-day extension is available when no suspect has been identified at the time of initial detection. For ongoing suspicious activity, continuing SARs must be filed at least every 90 days.

SAR filings are submitted to FinCEN via the BSA E-Filing System. The content of a SAR is protected from disclosure under 31 USC §5318(g)(2) — the tipping-off prohibition. It is a federal offense to disclose to a subject or third party that a SAR has been filed. This prohibition applies permanently, not just during any associated investigation.

OFAC compliance runs parallel to BSA compliance: the Office of Foreign Assets Control (OFAC) administers economic sanctions programs against specific countries, entities, and individuals. Transactions involving OFAC-designated parties must be blocked or rejected, and violations are subject to civil penalties of up to $1 million per transaction regardless of whether the institution knew of the sanctions nexus.

Civil penalties for BSA violations can reach $1 million per violation or twice the amount of the transaction, under 31 USC §5321. Criminal penalties for willful violations include imprisonment of up to 10 years, under 31 USC §5322.

From Detection to SAR Filing: the Internal Process

Effective management of AML red flags follows a structured five-pillar BSA compliance program. The absence of a clear internal workflow is among the most common findings in FinCEN and bank regulatory examinations.

Step 1 – Detection. The red flag is identified through automated transaction monitoring, document verification tools, or by a staff member. CheckFile's platform flags 94% of fraudulent documents in under 2 seconds (CheckFile internal benchmark, March 2026), enabling compliance teams to identify documentary red flags at onboarding rather than retrospectively.

Step 2 – Internal escalation. The identifying staff member escalates to the BSA Officer — the US equivalent of the UK's MLRO — using the institution's internal reporting procedures. Staff who knowingly fail to report suspicious activity internally may face individual liability.

Step 3 – Investigation. The BSA Officer or a designated analyst reviews the transaction history, KYC file, open-source information, and OFAC screening results. The investigation must be documented in full, whether or not it results in a SAR.

Step 4 – SAR decision. If the suspicion cannot be resolved, the BSA Officer files a SAR via the BSA E-Filing System within the applicable deadline. For transactions requiring a hold, the institution should not execute the transaction pending SAR filing where possible.

Step 5 – Record retention. All supporting records — including the SAR itself and the underlying documentation — must be retained for five years from the date of filing, in accordance with 31 CFR §1010.430. Federal regulators may examine SAR records during Bank Secrecy Act examinations.

Our anti-money laundering compliance guide covers the governance and organizational requirements that underpin this process. Explore how CheckFile integrates document verification into AML compliance workflows, or review our pricing plans.

Common Questions from Compliance Forums

Is there a minimum dollar threshold to file a SAR?

Not for suspicious activity. The SAR filing obligation is triggered by suspicion, not transaction size. A $500 transaction can warrant a SAR if the surrounding circumstances are sufficiently suspicious — particularly in structuring scenarios where there is no minimum amount. The $5,000/$25,000 thresholds for bank SARs refer to the minimum transaction amounts that trigger the mandatory filing obligation for detected suspicious activity; they do not limit the filing of SARs for transactions below those amounts when structuring or other evasion is suspected.

Does filing a SAR expose us to liability if the customer sues?

No. The tipping-off provision of the BSA (31 USC §5318(g)(2)) provides a complete safe harbor from civil liability for SAR filers, provided the SAR was filed in good faith. Disclosing to the customer that a SAR has been filed, however, eliminates this protection and creates criminal exposure for the disclosing individual.

Frequently Asked Questions

What is the difference between a red flag and a SAR trigger?

A red flag is a preliminary indicator that requires further investigation. A SAR trigger is the conclusion reached after that investigation — the point at which the institution knows, suspects, or has reason to suspect that a transaction involves illegal activity. Not every red flag produces a SAR trigger, but every SAR must have been preceded by at least one red flag that was documented and assessed.

Who is the BSA Officer and what are their responsibilities?

The BSA Officer is the designated individual responsible for day-to-day BSA/AML compliance, including overseeing SAR filing, conducting or supervising internal investigations, and serving as the primary liaison with FinCEN and bank examiners. Unlike the UK's MLRO, the BSA Officer role does not carry individual criminal liability by statute — but individual liability can arise under the BSA's willfulness standard and through enforcement actions by federal banking regulators.

How does CheckFile support the detection of AML red flags?

CheckFile's document verification platform analyses the authenticity of identity documents, proof of address and financial records submitted during customer onboarding and ongoing due diligence reviews. It identifies inconsistencies, alterations and documents originating from high-risk sources in real time. Our KYC solution for banking and financial services integrates this verification into the onboarding workflow.

What are the penalties for BSA violations in the US?

Civil money penalties can reach $1 million per day per violation or twice the amount involved under 31 USC §5321. Criminal penalties for willful BSA violations include imprisonment up to 10 years and fines up to $500,000 per violation under 31 USC §5322. FinCEN and the OCC may also impose cease-and-desist orders and require compliance program remediation. The 2024 TD Bank enforcement action — resulting in a $1.8 billion penalty and an asset cap — illustrates the severity of systemic BSA failures.

Where can I find FinCEN's current guidance on AML red flags?

FinCEN publishes regulatory advisories, guidance documents, and Suspicious Activity Report statistics. The FFIEC BSA/AML Examination Manual, available on the FFIEC website, provides the most comprehensive public documentation of regulatory expectations for AML red flag detection and SAR filing. Review our pricing plans to understand how CheckFile fits your compliance budget.