Anti-Money Laundering (AML) 2026 Guide: What It Is, Real Examples & How to Prevent It

July 2, 2026

Last Updated: June 25, 2026

Anti-money laundering refers to the set of rules, checks, and technologies that payment companies use to prevent criminals from disguising illegal funds as clean money. 

For any business that handles money, weak controls invite regulatory fines, license loss, and reputational damage. 

This guide explains what anti-money laundering is, how money laundering works, the techniques and red flags to watch for in payments, the main types of controls, real enforcement cases, and how to prevent it.

Key Takeaways (TL;DR)

  • AML protects your license, not just your books: Anti-money laundering controls are a legal requirement for regulated payment firms. Failure can trigger fines, enforcement action, and loss of the right to process payments.
  • Laundering moves in three stages: Criminals place dirty money into the system, layer it through complex transfers to hide its origin, then integrate it back as clean funds.
  • The scale is huge: UNODC estimates 2 to 5% of global GDP, or $800 billion to $2 trillion, is laundered every year.
  • Static rules miss modern schemes: Mule networks and transaction laundering look normal in single transactions. Catching them needs behavioral analysis across accounts and over time.
  • AI changes the economics: Real-time, AI-driven monitoring cuts false positives and manual review, so you scale compliance without scaling headcount.

AML That Cuts False Positives —
Not Your Compliance Team.

$800B–$2T laundered annually. Static rules can't keep pace.

Fraudio's AML combines patented network-effect AI, entity behavioral profiling, and case management with SAR-ready exports. Live in 3–14 days with no setup fees and pay-per-use pricing.

8×Proven ROI
600%Team Efficiency
3–14Days to Live
Explore the AML Platform

No setup fees · No contracts · ROI from day one

Table of Contents

  • What Is Anti-Money Laundering (AML)?
  • How Money Laundering Works: The Three Stages
  • Common Money Laundering Techniques
  • Anti-Money Laundering Example: How It Hides in Payments
  • Money Laundering Red Flags in Payments
  • Types of Anti-Money Laundering Controls
  • What an AML Compliance Program Requires
  • Anti-Money Laundering Regulations and Who Enforces Them
  • Why Anti-Money Laundering Matters for Payment Companies
  • How to Prevent Money Laundering: A Step-by-Step Plan
  • The Future of Anti-Money Laundering in 2026
  • How to Choose Anti-Money Laundering Software
  • How Fraudio Strengthens Anti-Money Laundering
  • Everything You Need to Know About Anti-Money Laundering
  • FAQs About Anti-Money Laundering

Anti-Money Laundering: At a Glance

AspectSummary
What it is
Rules, processes, and technology that detect and report attempts to disguise illegal funds as legitimate money.
Global standard
The Financial Action Task Force (FATF), whose 40 Recommendations shape national AML law.
Estimated scale
2–5% of global GDP, or $800 billion to $2 trillion, is laundered each year (UNODC).
Core stages
Placement, layering, integration.
Main controls
KYC and CDD, transaction monitoring, sanctions and PEP screening, SAR reporting, risk assessment.
Who must comply
Banks, payment processors, acquirers, fintechs, wallets, and remittance firms.
Biggest risk
Fines, license revocation, and reputational damage from undetected laundering.

What Is Anti-Money Laundering (AML)?

Anti-money laundering refers to the laws, controls, and technology that financial firms use to detect and report attempts to turn the proceeds of crime into legitimate-looking funds. 

The goal is to spot suspicious activity, document it, and report it to regulators before dirty money moves through your system undetected.

So what is AML in banking, specifically? For a bank or payment company, it's the day-to-day work of knowing who your customers are, watching how money moves through accounts, and flagging anything that doesn't fit. It covers both the policies you write and the monitoring you run on live transactions.

AML rarely travels alone. You'll usually see it paired with CFT, countering the financing of terrorism, written together as AML/CFT. Both lean on the same controls, but AML targets the proceeds of crime, while CFT targets money heading toward terrorist activity, even when the funds themselves are clean.

AML sits alongside fraud prevention but answers a different question. Fraud detection asks whether a transaction is legitimate; anti-money laundering asks whether legitimate-looking money has a criminal source. 

The two overlap, which is why modern fraud detection and AML increasingly run on the same data.

The model most countries follow comes from the Financial Action Task Force (FATF), the global standard-setter whose 40 Recommendations shape national law. Regulators expect every regulated firm to run a documented program that can prove it's working.

AML Built for the Payments Ecosystem.
Not Adapted from Banking.

~95% of alerts from traditional AML systems are false positives. Fraudio changes that.

Fraudio's AI-driven monitoring cuts alert noise 5× while catching what static rules structurally cannot — coordinated schemes across accounts, mule networks, transaction laundering, and layering across payment types.

8×Proven ROI
2B+Transactions
3–14Days to Live
Explore the AML Solution

No setup fees · No contracts · ROI from day one

How Money Laundering Works: The Three Stages

Money laundering follows a recognized three-stage model. Knowing each stage helps your team spot where a scheme is most visible, and where your controls need to be sharpest.

1. Placement

Placement is where criminals first introduce illegal cash into the financial system. They break large sums into smaller deposits, buy monetary instruments, or push funds through accounts that won't draw attention. This is the riskiest stage for the launderer, because the money is closest to its criminal source.

2. Layering

Layering moves the money through a series of transfers to hide its origin. Funds bounce between accounts, jurisdictions, payment methods, and shell entities until the trail is hard to follow. In payments, layering often runs through mule accounts and rapid transfers across wallets or alternative payment methods.

3. Integration

Integration returns the money to the criminal as clean, usable funds. They invest in property, luxury goods, or businesses, spending without attracting law enforcement. By this stage, the money looks legitimate, so prevention is far cheaper than recovery earlier in the chain.

Common Money Laundering Techniques

The three stages describe how laundering flows. The techniques below are the specific methods criminals use to move money through those stages, and several of them show up directly in payment systems.

  • Structuring (smurfing): Breaking one large sum into many small deposits or transfers that each stay under reporting thresholds, so no single payment trips an alert. In payments, that can look like a new merchant breaking a $90,000 batch into a dozen sub-$10,000 settlements spread over several days.
  • Shell companies: Routing funds through businesses that exist only on paper, with no real operations, to give dirty money a legitimate-looking source. The company invoices for consulting or imports that never happened, so the money lands looking like ordinary business revenue.
  • Trade-based laundering: Over-invoicing or under-invoicing goods and services to move value across borders while the paperwork looks ordinary. A shipment of phones worth $1 million might be billed at $3 million, quietly moving the extra $2 million across borders under a real trade deal.
  • Transaction laundering: A merchant processes payments for an undisclosed business, often illegal, behind a front that looks low-risk. A site registered as a clothing store can route card payments for an illegal gambling operation, hiding the volume inside what looks like normal retail.
  • Money mule networks: Recruited or fake accounts receive funds and quickly pass them on, scattering the trail across many people and corridors. The accounts often belong to people recruited through fake job ads, who forward a victim's funds within minutes of receiving them.
  • Crypto and virtual assets: Converting funds into digital assets and moving them between wallets and providers, now partly covered by the Travel Rule. A typical run swaps funds into stablecoins, hops them across several wallets and exchanges, then cashes out where checks are weaker.

These rarely show up alone in a real case. Drug cash might enter as structured deposits, pass through a shell company's fake invoices, get layered across mule accounts, then buy property, moving through several techniques and all three stages in one chain.

Most schemes mix several of these at once. For a closer look, see our guide to common money laundering schemes and how they map back to the three stages.

Anti-Money Laundering Example: How It Hides in Payments

A clear anti-money laundering example shows why static checks fall short. Take the two techniques most likely to hit a payment firm, transaction laundering and mule networks, and watch how each one plays out in practice.

  • Transaction laundering through a merchant: A merchant onboards as a low-risk digital seller but quietly processes payments for an undisclosed, illegal operation. Ticket sizes and volumes look consistent with the stated business, so event-level checks pass. Catching it means tracking the merchant's behavior over time, including refund patterns, dispute rates, and mismatches between the stated business model and actual flows.
  • Mule-network layering: A criminal group manipulates victims into sending funds, which land in a cluster of mule accounts that immediately disperse the money across wallets and payment corridors. 

Each transfer looks plausible alone. The scheme only becomes visible when you analyze inflow-to-outflow ratios and counterparty patterns across the whole receiving cluster.

In both cases, the laundering crosses payment types and accounts. A control that watches only one slice of the flow, or only single events, won't see the pattern in time.

Money Laundering Red Flags in Payments

The examples above share a tell: they only stand out once you step back from the single transaction. These are the red flags that most often expose money laundering in a payment flow.

  • Transactions just under reporting thresholds: Repeated amounts sized to stay below the level that would trigger a report.
  • Rapid in-and-out movement: Funds that arrive and leave an account within minutes, with no clear business reason.
  • Dormant accounts going active: An account that sits quietly for months, then suddenly moves large volumes.
  • Mismatched merchant activity: Volumes, ticket sizes, or refund rates that don't fit the business the merchant claims to run.
  • High-risk jurisdiction flows: Sudden transfers to or from regions known for weak controls or sanctions exposure.
  • Abnormal inflow-to-outflow ratios: A cluster of accounts taking in money from many sources and dispersing it just as fast, the signature of a mule network.

No single flag proves laundering, which is why these signals matter most in combination. Catching them in time means monitoring patterns across every payment flow, not one transaction at a time.

Types of Anti-Money Laundering Controls

There are several types of anti-money laundering controls, and a strong program runs them together rather than in isolation. Each one closes a different gap that criminals try to exploit. 

Modern AML follows a risk-based approach: you rate the risk each customer and product carries, then match the depth of your checks to it.

  • Know Your Customer (KYC) and Customer Due Diligence (CDD): Verify who your customers are at onboarding and understand the purpose of the relationship, so you can judge later activity against a baseline. Higher-risk customers, such as politically exposed persons, get Enhanced Due Diligence (EDD) with deeper checks.
  • Transaction monitoring: Watch payments in real time and over time to flag activity that deviates from a customer's normal behavior or known laundering patterns.
  • Sanctions and PEP screening: Check customers and counterparties against sanctions lists, politically exposed person (PEP) lists, and adverse media.
  • Suspicious Activity Reports (SARs): Document and report flagged activity to regulators in the required format and timeframe, with a full audit trail.
  • Risk assessment and governance: Score customers and products by risk, set thresholds accordingly, and make a compliance officer accountable for the program.

These checks scale to the customer: CDD is the standard level, EDD adds deeper scrutiny for higher-risk customers, and Know Your Business (KYB) applies the same diligence to company customers.

Transaction monitoring is where most payment firms feel the strain, because it runs continuously across every payment. It's also where AI makes the biggest difference, by cutting the false positives that bury investigation teams.

Two areas now demand extra attention. Crypto and virtual assets fall under the Travel Rule, which extends these controls to transfers between providers. And beneficial ownership rules mean you have to identify the real person behind a business, not just the account holder.

What an AML Compliance Program Requires

The controls above only work inside a documented program that regulators can inspect. 

Most AML rules, from the US Bank Secrecy Act onward, expect the same core pillars:

  • A designated compliance officer: A named, senior person, often the money laundering reporting officer, who owns the program and answers for it to regulators. In the UK, that's the named Money Laundering Reporting Officer, and in the US, a BSA officer, with the authority and budget to pause onboarding or freeze accounts when needed.
  • Written policies and a risk-based approach: Documented procedures that rate the risk of each customer, product, and market, then match the depth of checks to it. A remittance firm serving high-risk corridors would document tighter thresholds and more frequent reviews than one handling only domestic salary runs.
  • Ongoing staff training: Regular training so the people running onboarding and monitoring can recognize current laundering tactics. That means onboarding and monitoring staff keeping up with the latest mule-recruitment and transaction-laundering patterns, not sitting through a once-a-year slideshow.
  • Independent testing: Periodic review by someone outside the day-to-day team, to prove the controls work and surface gaps before a regulator does. An internal audit team or an outside firm re-runs a sample of alerts and onboarding files to check the controls actually catch what they should.
  • Ongoing monitoring and record-keeping: Continuous customer due diligence and a complete audit trail you can hand to a regulator on request. Most regimes expect customer records and transaction history to be kept for around 5 years, so the trail survives long after an account closes.

When one pillar slips, the whole program is exposed. The biggest enforcement cases usually trace back to a missing piece, an understaffed compliance team, untested controls, or alerts that no one worked on, rather than the absence of a tool.

Regulators care less about any single control and more about whether the whole program is documented, accountable, and provably working. That's the bar that an examination tests you against.

Anti-Money Laundering Regulations and Who Enforces Them

Anti-money laundering rules don't come from one rulebook. They start with global standards, get written into national law, and a different authority enforces them in each market you operate in.

  • Global standard (FATF): The Financial Action Task Force sets the 40 Recommendations that most countries build their AML and CFT laws around.
  • United States: The Bank Secrecy Act and the USA PATRIOT Act set the obligations, and firms file Suspicious Activity Reports with FinCEN, the US financial intelligence unit.
  • European Union: A series of Anti-Money Laundering Directives sets the baseline, and a new Anti-Money Laundering Authority in Frankfurt took up operations in 2025 to supervise the highest-risk firms directly.
  • United Kingdom: The Money Laundering Regulations set firms' duties, with the Financial Conduct Authority as the main supervisor.

Wherever you operate, the obligations are similar: know your customers, monitor transactions, screen against sanctions, and report what you find to your national financial intelligence unit. The penalties for getting it wrong are what make this matter.

Why Anti-Money Laundering Matters for Payment Companies

Weak anti-money laundering controls threaten the business itself, not just compliance paperwork. The consequences land fast, and they're hard to reverse.

Regulators can impose heavy fines and, in serious cases, revoke the license you need to process payments. Card schemes add their own penalties when illegal activity flows through your network. Reputational damage then follows, and customers and partners don't wait around for the headlines to fade.

The scale of the problem explains the scrutiny. UNODC estimates that 2 to 5% of global GDP, or $800 billion to $2 trillion, is laundered every year. Regulators expect firms to keep pace with criminals who constantly adapt.

The penalties are not abstract. In 2024, TD Bank agreed to pay about $3 billion to US authorities over anti-money-laundering failures, including a record $1.3 billion penalty from FinCEN, and it became the first US bank to plead guilty to conspiracy to commit money laundering.

There's an operational cost too. As volumes grow, manual investigation and false-positive alerts pile up, and many firms respond by hiring more analysts. That model breaks down at scale, which is why AML now depends on technology that improves detection without proportional headcount. 

The false-positive problem sits at the center of this. Industry estimates put the share of alerts from traditional AML systems that turn out to be false at around 95%, so teams spend most of their time clearing noise instead of catching crime.

When you compare tools, our guide to AML transaction monitoring shows how the leading systems score payments in real time.

How to Prevent Money Laundering: A Step-by-Step Plan

Knowing the stages and controls is one thing; acting on them in a live payment flow is another. This section turns the concepts above into a practical sequence your fraud and compliance teams can follow. Each step builds on the one before it.

  1. Verify customers and assess risk at onboarding: Run KYC and CDD before you process a single payment, and assign a risk score that sets how closely you'll monitor each account. A local coffee shop might clear with standard checks, while a crypto exchange or money-services business triggers Enhanced Due Diligence and tighter thresholds from day one.
  2. Monitor transactions in real time: Score payments at the point of authorization and continuously profile accounts over time, so you catch both suspicious events and suspicious patterns. A lone $9,800 transfer may look fine, but the same account firing off 9 of them to brand-new payees overnight is the pattern that should trip an alert.
  3. Screen against sanctions and PEP lists: Check every customer and counterparty so funds never move to a sanctioned person, country, or entity. Re-screen continuously rather than only at onboarding, because watchlists change daily, and a customer who was clean yesterday can appear on one today.
  4. Investigate with full context: Give analysts direct access to the transaction data, counterparties, and account history behind each alert, so they resolve cases in minutes rather than chasing data across systems. On one screen, an analyst should see the flagged payment, the counterparty, the account's history, and any linked accounts, instead of opening 5 tools to piece the story together.
  5. Report and document: File SARs in the required format with a complete audit trail, so you can prove the program works when a regulator asks. Most regimes set a clock, often around 30 days from detection, so a late or thin filing is itself a breach.
  6. Feed outcomes back into your models: Every confirmed case should make detection sharper and reduce false positives for the next one. When an analyst confirms a mule account, that verdict should feed the model so the next similar pattern scores higher on its own.

Here's how the steps work together. A newly onboarded merchant suddenly takes dozens of near-identical card payments from unrelated cards overnight, and real-time scoring flags the velocity while screening clears the names against watchlists.

An analyst opens the linked accounts in a single view, confirms the pattern, files a SAR inside the reporting window, and logs the outcome so the program keeps getting sharper with each case.

The hard part is doing all of this at speed and scale without drowning your team in alerts. That's where the technology behind your program decides whether it holds up.

The Future of Anti-Money Laundering in 2026

AML is shifting from periodic checks to continuous, data-driven monitoring. A few changes are reshaping what payment firms have to do this year.

  • A new EU supervisor: The Anti-Money Laundering Authority (AMLA) in Frankfurt is now operational and will directly oversee the highest-risk firms, with the EU's single rulebook landing in 2027.
  • Perpetual KYC: Rather than refreshing customer checks on a fixed cycle, firms are moving to continuous monitoring that updates risk the moment behavior changes.
  • AI as the baseline: Real-time, AI-driven monitoring is becoming the standard rather than the upgrade, because rule-only systems can't keep pace with alert volumes.
  • Crypto under the Travel Rule: Enforcement of identity-sharing rules for virtual-asset transfers is widening, pulling more providers into scope.
  • Real-time payments raise the bar: As instant and account-to-account rails grow, monitoring has to clear or stop a payment in the moment, not after it settles.

The common thread is speed and scale. Meeting these demands without piling on analysts is exactly where modern, AI-driven monitoring earns its place.

How to Choose Anti-Money Laundering Software

Once you know you need monitoring, the tool you pick decides how much crime you catch and how much time your team wastes. A few questions separate a system that gives you control from one that buries you in alerts.

  • Real-time scoring: Does it score payments at the moment of authorization, or only flag them after the money has already moved?
  • Breadth of training data: Does the model learn only from your own history, or from a wider network that has already seen the patterns headed your way?
  • Rules and AI together: Can your team set high-confidence rules that run first, with AI catching the subtler cases behind them?
  • Entities, not just transactions: Can it profile merchants and accounts over time, or does it only judge one-off events?
  • Time to deploy: Is it live in days, or does it need the months of integration that legacy systems demand?
  • Pricing and data residency: Do you pay per transaction with no setup fees, and can you deploy in the regions you operate in?

The more of these a tool answers in your favor, the lower your false positives and the less manual work you carry. It's also where networked, real-time monitoring tends to pull ahead of siloed, after-the-fact systems. For comparison on the best tooling, read our roundup guide on the best AML transaction monitoring software for 2026.

How Fraudio Strengthens Anti-Money Laundering

Static, siloed rules miss the schemes that cross accounts and payment types, and adding analysts to clear false positives doesn't scale. Catching modern laundering needs real-time AI working across all your payment flows, not one slice of them.

Fraudio's anti-money-laundering solution is built around the two things that matter most here. 

Its patented Network Effect AI learns from billions of transactions across issuing, acquiring, transfers, and more, so layering that across payment flows surfaces earlier than a siloed tool can manage. 

And its case management system includes audit trails and SAR-ready reporting, so your team moves from alert to filing without the manual overhead.

Payments unicorn Viva Wallet runs Fraudio for exactly this work. Its CIO, Makis Antypas, says Fraudio “enables us to detect fraudulent merchants and money laundering, ensuring the safety of our clients against fraud in payments.”

It's built for issuers, acquirers, payment facilitators, and fintechs that need stronger compliance without more headcount, and it's backed by ISO27001 certification. 

Trusted by Viva Wallet, Cashflows & more

AML monitoring that catches
what your current system misses.

Fraudio's centralized AI covers layering across payment types with case management and SAR-ready exports. Request a Proof of Results on your historical data — zero commitment required.

8×Proven ROI
3wkEarlier Detection
600%Team Efficiency
Start Your Free Trial

No setup fees · No contracts · ROI from day one

Everything You Need to Know About Anti-Money Laundering

CategoryCore Insight
Definition
The rules, processes, and technology used to detect and report attempts to disguise illegal funds as legitimate money.
Primary goal
Stop and report laundering before it moves through your system, while keeping legitimate customers unaffected.
Key stages
Placement, layering, and integration.
Main controls
KYC and CDD, transaction monitoring, sanctions and PEP screening, SAR reporting, and risk assessment.
Key regulators
FATF (global standard), FinCEN (US), the AMLD directives and AMLA (EU), and the FCA (UK).
Common schemes
Transaction laundering, mule-network layering, and shell-entity transfers.
Biggest mistake
Relying on static, siloed rules that can't see patterns across accounts and payment types.
Best practice
Real-time, AI-driven monitoring across a centralized dataset, with strong case management.
Common techniques
Structuring, shell companies, trade-based laundering, transaction laundering, mule networks, and crypto transfers.
Top red flags
Sub-threshold amounts, rapid in-and-out movement, dormant accounts going active, and merchant activity that doesn't match the stated business.
How to choose
Favor real-time scoring at authorization, broad network training data, rules that run before AI, and entity-level monitoring.
The Fraudio advantage
Network-effect AI, integration in days, pay-per-use pricing, and SAR-ready case management.

FAQs About Anti-Money Laundering

What is an anti-money laundering example?

A common anti-money laundering example is transaction laundering, where a merchant registered as a low-risk seller secretly processes payments for an illegal operation. Another is a mule network, where criminals route stolen funds through many accounts that quickly disperse the money to hide its origin. Both look normal in single transactions and only surface through behavioral analysis across accounts and over time. This is why real-time monitoring matters more than one-off checks.

What are the types of anti-money laundering controls?

The main types of anti-money laundering controls are KYC and customer due diligence, transaction monitoring, sanctions and PEP screening, suspicious activity reporting, and risk assessment. KYC verifies who customers are, monitors how money moves, and screens customers against watchlists. SAR reporting documents and reports flagged activity to regulators. A strong program runs all of these together rather than in isolation.

What is the difference between AML and KYC?

AML is the broad program that detects and reports money laundering, while KYC is one control within it. KYC, or Know Your Customer, verifies a customer's identity and risk at onboarding and during the relationship. AML also includes transaction monitoring, sanctions screening, and regulatory reporting. In short, KYC tells you who your customer is, and AML watches what they do with their money.

What are the three stages of money laundering?

The three stages of money laundering are placement, layering, and integration. Placement introduces illegal cash into the financial system, often through small deposits or monetary instruments. Layering moves the funds through complex transfers across accounts and jurisdictions to hide their origin. Integration returns the money to the criminal as clean, usable funds, typically through investments or asset purchases.

How does AI improve anti-money laundering?

AI improves anti-money laundering by analyzing billions of transactions in real time to spot patterns that static rules and manual review miss. It reduces false positives that overwhelm investigation teams and surfaces coordinated schemes like mule networks across many accounts. Models trained on a centralized dataset detect layering across payment types earlier than siloed systems. This lets firms scale compliance without proportionally growing their headcount.

How long does AML transaction monitoring take to deploy?

AML transaction monitoring can be deployed in days to a few weeks with a modern, API-based provider, compared with 5 to 14 months for many legacy systems. Cloud-native tools connect through an API and start scoring transactions quickly, with rule libraries available from day one. Firms that share historical data at setup get more detailed modeling sooner. Faster deployment matters because every month of delay leaves you exposed to undetected laundering.

Is anti-money laundering software worth it for smaller payment firms?

Anti-money laundering software is worth it for smaller payment firms because the cost of non-compliance, in fines and lost licenses, far outweighs the cost of monitoring. Pay-per-use pricing removes the large setup fees that once locked smaller firms out, so the cost scales with volume. Modern tools also cut the manual workload, letting a lean team handle compliance without hiring more analysts. For a growing fintech, that means meeting regulatory demands without slowing growth.

What are money laundering red flags?

They're signs that legitimate-looking activity may be hiding crime, such as transactions just under reporting thresholds, rapid in-and-out transfers, dormant accounts going active, and merchant volumes that don't fit the stated business. No single flag is proof, so they carry the most weight in combination and when tracked across accounts over time.

What are the most common money laundering techniques?

The most common are structuring, or many small sub-threshold deposits, along with shell companies, trade-based laundering, transaction laundering, money mule networks, and moving funds through crypto. Most real schemes combine several at once, so monitoring has to look across accounts and payment types rather than single transactions.

What should you look for in AML software?

Prioritize real-time scoring at the point of authorization, the breadth of the data the model learned from, and a system that runs rules before AI, so your team keeps control. Then weigh deployment time, whether it monitors entities as well as transactions, pricing, and data residency support.

Measure results yourself !

How about trying our solution  and experiencing the next generation for yourself?