AML / FinCEN Compliance Pack

• CTR Threshold — Transactions exceeding $10,000
• CTR Aggregation — Multiple transactions aggregating to $10,000+ in one day

• Structuring Pattern Detection — 3+ transactions between $8K-$10K in 24 hours
• Sub-Threshold Velocity — 5+ transactions between $8K-$10K in 24 hours
• SAR Velocity — Total transaction volume exceeding $25K in 24 hours

• SAR Threshold — Transactions ≥ $5K with high-risk types
• High Value Transfer — Wire/transfer transactions > $50,000

• Dormant Account Reactivation — High-value transactions from dormant accounts
• Balance Mismatch — Transaction amounts not matching balance changes
• Round Amount Pattern — 3+ round-dollar transactions in 30 days

• Fraud Indicator — Cash-out/transfers to previously empty accounts

{
  "AND": [
    { "field": "type", "operator": "IN", "value": ["CASH_OUT", "TRANSFER", "WIRE"] },
    { "field": "amount", "operator": ">=", "value": 10000 }
  ]
}

Transactions exceeding $10,000 via CASH_OUT, TRANSFER, or WIRE must be reported to FinCEN.

• Average Fine: $1.4B (HSBC 2012 fine - failure to monitor transactions)
• Breach Example: HSBC allowed $881M in money laundering by drug cartels

{ "field": "amount", "operator": "aggregate_sum", "value": 10000 }

Multiple transactions by or on behalf of the same person during any one business day shall be aggregated for CTR purposes.

• Average Fine: $700M (FinCEN fine - systemic aggregation failure)
• Breach Example: Bank failed to aggregate multiple $9K cash deposits made same day

{ "field": "amount", "operator": "BETWEEN", "value": [8000, 10000] }

No person shall structure, or assist in structuring, any transaction for the purpose of evading the CTR reporting requirement.

• Average Fine: $200k+ (Individual fines for structuring)
• Breach Example: Customer made three $9,500 deposits over 3 days to avoid CTR

{ "field": "amount", "operator": "BETWEEN", "value": [8000, 10000] }

Flag any customer account with 5 or more transactions in a rolling 24-hour period where individual transaction amounts are between $8,000 and$10,000.

• Average Fine: $2M (Institutional fine for pattern detection failure)
• Breach Example: Gambling site ignored frequent $9K transfers between users

{ "field": "amount", "operator": "aggregate_sum", "value": 25000 }

Flag any individual account with transaction volume exceeding $25,000 within any 24-hour period.

• Average Fine: $613M (U.S. Bancorp 2018 - capped transaction monitoring)
• Breach Example: Bank set monitoring thresholds too high, missing high-velocity smurfing

{
  "AND": [
    { "field": "type", "operator": "IN", "value": ["TRANSFER", "WIRE", "CASH_OUT"] },
    { "field": "amount", "operator": ">=", "value": 5000 }
  ]
}

The Institution shall file a SAR for any transaction totaling $5,000 or more where it suspects illegal activity.

• Average Fine: $450M (Capital One 2021 fine - SAR program failures)
• Breach Example: Bank failed to file SARs on millions of dollars in suspicious activity

{
  "AND": [
    { "field": "type", "operator": "IN", "value": ["TRANSFER", "WIRE"] },
    { "field": "amount", "operator": ">", "value": 50000 }
  ]
}

Flag any WIRE or TRANSFER transaction exceeding $50,000.

• Average Fine: $100M+ (Penalty for failing to verify origin of funds)
• Breach Example: High-value wire transfers to shell companies in offshore jurisdictions

{ "field": "amount", "operator": ">", "value": 5000 }

Flag any account inactive for 90+ days when that account conducts a transaction exceeding $5,000 within the first 30 days of reactivation.

• Average Fine: $15M (Average fine for identity theft/money laundering via dormant accounts)
• Breach Example: Identity thieves hijacked dormant accounts to funnel fraudulent funds

{ "field": "balance", "operator": "mismatch", "value": 0.01 }

Flag any transaction where the balance change does not match the transaction amount.

• Average Fine: $5M (Fine for poor internal controls)
• Breach Example: Technical error allowed double-spending, used as exploit by fraudsters

{ "field": "amount", "operator": "round_check", "value": 1000 }

Flag any series of 3 or more round-dollar transactions within 30 days.

• Average Fine: $1M (Indicator of sophisticated money laundering)
• Breach Example: Iterative $10,000,$20,000, and $5,000 transfers used to mask origin

{
  "AND": [
    { "field": "type", "operator": "IN", "value": ["CASH_OUT", "TRANSFER"] },
    { "field": "oldbalanceDest", "operator": "==", "value": 0 },
    { "field": "newbalanceDest", "operator": ">", "value": 0 }
  ]
}

Transactions to accounts with zero prior balance that result in a credit may indicate fraudulent activity.

• Average Fine: $3.4B (Combined annual impact of transaction fraud)
• Breach Example: Attacker emptied multiple newly-created accounts via rapid transfers