AML Transaction Monitoring: Rules, Thresholds and Red Flags
Complete guide to AML transaction monitoring for US businesses: BSA rules, CTR/SAR thresholds, red flags, and FinCEN compliance obligations under the Bank Secrecy Act.
Summarize this article with
ChatGPT
Claude
Perplexity
Gemini
GrokAML transaction monitoring is the continuous process of analyzing customer financial activity to detect patterns indicative of money laundering, terrorist financing, or other financial crimes. In the United States, this is a mandatory component of a Bank Secrecy Act (BSA)/AML compliance program, enforced by the Financial Crimes Enforcement Network (FinCEN), federal banking regulators (OCC, FDIC, Federal Reserve, NCUA), and state-level supervisors.
This article is for informational purposes only and does not constitute legal, financial, or regulatory advice.
What Is AML Transaction Monitoring Under the BSA?
AML transaction monitoring under the BSA means systematically reviewing customer transactions to detect activity that may constitute money laundering, structuring, sanctions evasion, or other financial crimes requiring a Suspicious Activity Report (SAR) or Currency Transaction Report (CTR). In October 2025, FinCEN โ jointly with the OCC, FDIC, Federal Reserve, and NCUA โ issued updated SAR FAQs that signal a shift toward effectiveness-based compliance, reducing the expectation of blanket SAR filings for low-risk activity (FinCEN SAR FAQs, October 2025).
The monitoring process follows three stages:
- Rule configuration: defining detection scenarios based on CTR/SAR thresholds, OFAC screening requirements, and behavioral typologies specific to each customer risk segment.
- Alert generation: transactions matching a detection scenario trigger an automated alert for compliance review.
- Investigation and filing decision: BSA officers examine alerts, determine whether a SAR is warranted, and file with FinCEN within the statutory deadline.
The BSA does not prescribe specific rule parameters โ instead, financial institutions must design programs "reasonably designed to prevent" money laundering, calibrated to their specific risk profile.
US Regulatory Framework: FinCEN, BSA, and Federal Banking Agencies
The US framework rests on three statutory pillars. The Bank Secrecy Act (31 U.S.C. ยงยง 5311โ5336) authorizes the Department of the Treasury โ through FinCEN โ to impose reporting and recordkeeping requirements on financial institutions to detect and prevent money laundering (FinCEN, The Bank Secrecy Act).
The USA PATRIOT Act (2001) significantly expanded BSA requirements, adding Customer Identification Program (CIP) rules, enhanced due diligence for correspondent accounts, and information-sharing provisions. The Anti-Money Laundering Act of 2020 (AMLA 2020) further modernized the BSA framework, requiring FinCEN to establish national AML/CFT priorities and mandating periodic program effectiveness assessments.
The FFIEC BSA/AML Examination Manual provides examiners with the framework for evaluating the adequacy of bank transaction monitoring systems โ and is the de facto standard for internal compliance program design.
Key Thresholds: CTRs, SARs, and Reporting Requirements
US firms face specific, statutory reporting thresholds that are more prescriptive than most other jurisdictions:
| Report Type | Threshold | Filing Deadline | Notes |
|---|---|---|---|
| Currency Transaction Report (CTR) | > $10,000 in currency (single business day) | 15 days from transaction | Includes deposits, withdrawals, ATM transactions, exchanges |
| Suspicious Activity Report (SAR) | โฅ $5,000 (or $2,000 for MSBs) | 30 days from detection (60 if no suspect identified) | No minimum for structuring-related SARs |
| Continuing SAR | Ongoing suspicious activity | 120 days after initial SAR | 90-day evaluation + 30-day filing window |
| FBAR | Foreign accounts > $10,000 at any point | April 15 (extended to Oct 15) | Per 31 U.S.C. ยง 5314 |
The current $10,000 CTR threshold has not been adjusted since 1970. In 2025 dollars, that original threshold would be approximately $80,000 โ meaning modern CTRs cover a vastly wider range of ordinary business transactions than Congress originally intended. The proposed STREAMLINE Act would raise the CTR threshold to $30,000 and SAR thresholds to $3,000โ$10,000, though this legislation remains pending as of March 2026 (Silent Eight Blog on CTR Threshold).
Structuring is unlawful: breaking up transactions specifically to stay below the $10,000 CTR threshold violates 31 U.S.C. ยง 5324, regardless of whether the underlying funds are from legitimate sources. Transaction monitoring systems must be designed to detect structuring patterns across accounts and time periods.
AML Transaction Monitoring Rules for US Financial Institutions
Detection rules must address the full spectrum of BSA/AML risk scenarios. They should be documented in the institution's BSA/AML policy, tested through independent testing, and updated as FinCEN issues new guidance or typologies.
| Rule Category | Example Scenario | Indicative Threshold |
|---|---|---|
| Currency transactions | Cash deposits near $10,000 CTR trigger | $8,000โ$10,000 range |
| Structuring | Multiple sub-threshold cash transactions | Detected sequences below $10,000 |
| Wire transfers | International wires to OFAC-listed countries | Any amount |
| Rapid fund cycling | Funds retransferred within 24 hours | > 80% of balance |
| Unusual volumes | Transaction volume 3ร above historical average | > 2ฯ deviation |
| PEP/OFAC connections | Transactions with sanctioned individuals or entities | Any amount (OFAC match = mandatory block) |
| MSB/Crypto flows | Transfers between money service businesses | Patterns above $3,000 |
Industry benchmarks show that rule-based systems generate false positive rates of up to 95% of all alerts, consuming enormous compliance resources. The October 2025 FinCEN SAR FAQ update explicitly encourages institutions to move toward effectiveness-based monitoring that reduces unnecessary filings while maintaining detection of genuine threats.
Compliance professionals frequently highlight two pain points: the cost of investigating false positives (20โ30 minutes per alert on average) and the challenge of setting appropriate thresholds across customer segments (retail vs. commercial, domestic vs. international).
Key Red Flags for US AML Transaction Monitoring
A red flag triggers an investigation; it is not a filing requirement. FinCEN issues SAR Activity Reviews and advisories that document red flags โ the FinCEN Advisory on Human Trafficking (FIN-2014-A008) and the 2023 National Money Laundering Risk Assessment provide current typologies that institutions must incorporate into detection rules (FinCEN National AML Risk Assessment 2023).
Core red flags to incorporate in your monitoring system:
- Structuring indicators: multiple cash transactions just below $10,000, same-day across branches or accounts, or using multiple individuals (smurfing).
- OFAC matches: any transaction involving a name, entity, or jurisdiction on OFAC's Specially Designated Nationals (SDN) List requires immediate blocking and OFAC reporting โ not a SAR.
- Rapid fund cycling: funds received and moved out within 24 hours, particularly to third-party accounts, prepaid cards, or crypto wallets.
- Geographic risk: transactions involving FATF-listed jurisdictions, countries subject to comprehensive OFAC sanctions (Cuba, Iran, North Korea, Russia, Syria), or FinCEN-designated high-risk geographies.
- Business-type mismatches: a business account generating transaction patterns inconsistent with its declared industry (e.g., a retail store receiving wire transfers from offshore entities).
- Layering patterns: rapid movement through multiple accounts or financial institutions designed to obscure the source of funds.
- Third-party check cashing: negotiation of third-party checks, especially in large volumes or combined with cash transactions.
- Cryptocurrency red flags: rapid conversion between crypto and fiat, use of mixing services or privacy coins, transfers to unhosted wallets from high-risk accounts.
These red flags should be incorporated into your document compliance program and consistently applied from onboarding through ongoing monitoring.
SAR Filing Requirements and Procedures
US institutions face precise SAR filing obligations:
Filing deadline: SARs must be filed no later than 30 calendar days after the date of initial detection. If no suspect is identified at the time of detection, the institution may take an additional 30 days โ but may not delay filing more than 60 days after initial detection under any circumstances.
Continuing activity SARs: if suspicious activity continues after an initial SAR, a continuing SAR must be filed within 120 calendar days of the initial filing (allowing a 90-day evaluation period followed by a 30-day filing window).
SAR confidentiality: Federal law (31 U.S.C. ยง 5318(g)(2)) prohibits disclosure of a SAR or its contents to the subject of the SAR or any other person. Unauthorized disclosure ("tipping off") is a federal crime.
No SAR required for OFAC matches: OFAC matches are reported directly to OFAC, not via SAR. A separate OFAC report is required for blocked transactions. However, a SAR may also be appropriate if the transaction itself suggests underlying money laundering beyond the sanctions concern.
For sanctions-related monitoring obligations, see our article on OFAC and EU sanctions screening.
Building an Effective BSA/AML Monitoring Program
A robust monitoring program under US standards requires four core components:
1. Board and senior management oversight The BSA/AML compliance program must be approved by the board of directors and have active senior management oversight. The BSA Compliance Officer must have direct access to senior management and the board. FinCEN examiners assess whether the "tone at the top" genuinely supports effective AML compliance.
2. Risk-based customer segmentation Apply higher scrutiny to higher-risk customers, consistent with FinCEN's Customer Due Diligence Rule (CDD Rule, 31 C.F.R. ยง 1010.230). Segment your customer base by risk rating, and calibrate monitoring thresholds, alert parameters, and review frequency by segment. High-risk customers require Enhanced Due Diligence (EDD).
3. Independent testing BSA regulations require independent testing of the AML program, typically conducted by internal audit or a qualified third party. Testing must assess the adequacy of transaction monitoring coverage, alert investigation quality, and SAR filing timeliness. Document test results and remediation actions.
4. Training All relevant personnel must receive BSA/AML training appropriate to their role. Front-line staff must be trained to recognize and escalate red flags; compliance officers require more in-depth regulatory knowledge. Training records must be maintained.
For automated compliance tools that integrate with your existing workflows, see how CheckFile's solutions support KYC/AML compliance from onboarding through ongoing monitoring.
Technology and the 2026 BSA/AML Reform Outlook
FinCEN and federal banking agencies are working in 2026 on a proposed rule setting out requirements for an effective BSA/AML program, shifting focus from technical box-checking to program effectiveness โ a reform that has significant implications for how transaction monitoring systems are evaluated during examinations.
The AML Act of 2020 mandated that FinCEN establish national AML/CFT priorities to guide financial institutions in designing their monitoring programs. The current priorities (published 2021) include: corruption, cybercrime, terrorist financing, fraud, transnational criminal organizations, drug trafficking, human trafficking, and proliferation financing.
Effective monitoring programs in 2026 increasingly combine:
- Rule-based alerts (velocity, geography, amounts, CTR/SAR thresholds)
- Behavioral analytics (deviations from individual customer baseline)
- Network analysis (detecting money mule networks and layering structures)
- AI-assisted investigation (prioritizing alerts for human review)
For investment advisers: FinCEN's rule extending BSA requirements to registered investment advisers has been delayed to January 1, 2028 (from the original January 1, 2026 effective date), giving RIAs additional time to implement compliant monitoring programs.
Frequently Asked Questions
What is the purpose of transaction monitoring in AML under US law?
Under the BSA, transaction monitoring serves to identify suspicious activity requiring SAR filing, detect currency transactions requiring CTR filing, and identify structuring or other evasion attempts. It is a required component of every financial institution's BSA/AML compliance program.
What triggers a Currency Transaction Report (CTR)?
A CTR is required for any cash transaction โ or series of related transactions โ that totals more than $10,000 in currency on a single business day. This includes deposits, withdrawals, currency exchanges, and purchases of monetary instruments. Structuring transactions to avoid this threshold is a federal crime.
What is the minimum amount for filing a Suspicious Activity Report?
SARs are required for transactions of $5,000 or more (or $2,000 for money services businesses) that involve known, suspected, or reasonably suspected money laundering, structuring, or other specified violations. There is no minimum for structuring-related SARs โ suspicious structuring must be reported regardless of the amounts involved.
How long must BSA records be retained?
BSA regulations generally require financial institutions to retain records for five years from the date of the transaction or the date the record was created. CTRs and SARs must be retained for five years from the date of filing.
What happens if a SAR is not filed when required?
Failure to file a required SAR can result in civil penalties of up to $1 million per day of violation, or $1 million per violation for willful violations. Federal banking regulators can also take formal enforcement actions, including cease-and-desist orders and civil money penalties. Criminal liability may attach in cases of willful non-filing.