The 10 Most Common AML Red Flags to Watch Out for in 2025

Given the complexities and evolving nature of Anti-Money Laundering (AML) regulations, it is increasingly necessary for financial institutions to adopt holistic compliance solutions to ensure adherence.

The consequences for failing to comply with AML regulations can be severe. Earlier in 2025, Estonia’s Money Laundering Data Bureau revoked B2BX Digital Exchange OÜ’s operating license for failures in customer due diligence, transaction monitoring, and risk assessments. The payment provider Ratepay was also recently fined €25,000 for suspected money laundering by Germany’s BaFin. 

High-profile cases like these emphasize just how important it is for financial institutions to watch out for any red flags that could be a sign of money laundering. 

Doing so is mandatory in regulated industries, like banks, fintechs, or cryptocurrency exchanges, as part of their AML programs. However, unregulated industries also need to be vigilant of the red flags of money laundering to limit exposure to criminal elements, particularly as many behaviors that trigger AML alerts can also be signs of fraud.

This article tells you what the biggest AML red flags are, as well as the importance of a risk-based approach when working with customers, conducting Customer Due Diligence (CDD) checks and developing an ongoing transaction monitoring system. All of these procedures involve determining red flags that indicate suspicious customer activity.

What is an AML red flag?

AML red flags are signs of potential money laundering. Many of the behaviors that trigger AML alerts can also be signs of fraud. 

Imagine someone already convicted of money laundering opening 10 different accounts under 10 different aliases, all paid for in cash stuffed inside a suitcase that glows in the dark, and insisting on wiring the money to five high-risk jurisdictions. And they refuse to tell you where any of the money’s from. That’d be an AML red flag.These are signs you need to pay close attention to this person, and you should be aware of how to act. In many cases, companies need to submit FIU reports (SARs or STRs)to authorities. While a red flag is by no means a guarantee that someone is engaged in money laundering, it’s a good idea to know how to act to make sure you don’t come to any harm.

Main types of AML red flags

The FATF indicates several red flags that can tip companies off about potential money laundering, dividing them into the following categories.

Red flag category	Example
Client’s behavior	The client is overly secretive or evasive about their identity
Source of funds	The client is using multiple bank accounts for no good reason
Use of legal professionals or structures unnecessarily	A client approaches a law firm to set up multiple offshore companies and trusts in various jurisdictions
Nature of the retainer	The client is involved in transactions that do not correspond to their usual business activities
Geographical risk	The client is from or involved with a jurisdiction known for high corruption, lack of AML enforcement, or international sanctions

FATF warnings: When to be concerned

The FATF warns that criminals use one or a combination of the following to launder money:

• Misuse of client accounts—use of corporate accounts for personal purposes, carding fraud, money mules
• Property purchases—investing the proceeds of crime in real estate
• Creation of companies with complicated ownership structures and trusts—retaining control over criminally derived assets while inhibiting law enforcement from tracing the origin and ownership of the assets
• Managing client affairs and making introductions—use of bogus representatives to make  companies and trusts look more legitimate and avoid additional checks
• Lending—when one company lends money to another in cash, which is paid back in non-cash

We’ve chosen the ten most common types of red flags in money laundering. The full version of the report “Money Laundering and Terrorist Financing Vulnerabilities of Legal Professionals” can be found here.

The 10 biggest red flags

• Red flag #1: Overly secretive clients

  If a customer doesn’t want to provide their personal information, that’s a red flag that should draw your attention. According to the FATF, some of the information that customers deliberately hide includes:

  • Who they are

  • Who their beneficial owner is

  • Where their money is coming from

  • Why they’re performing the transaction

  Therefore, companies have to implement Know Your Customer (KYC) checks and Customer Due Diligence (CDD) procedures. This way, all new customers are mandated to provide the required information, which is verified using official documents.

• Red flag #2: Suspicious personal information

  New clients can have a questionable personal history. Therefore, companies should pay extra attention to customers with convictions for acquisitive crime or known connections with criminals. It’s also worth keeping a close eye on relatives of someone involved in illegal activities.

• Red flag #3: Questionable source of funds

  According to this FATF report, questionable sources of funds include:

  • “Third-party funding either for the transaction or for fees/taxes involved with no apparent connection or legitimate explanation

  • Funds received from a foreign country when there is no apparent connection between the country and the client

  • Funds received from high-risk countries.”

• Red flag #4: Atypical transactions

  If a customer conducts unusual transactions, a certain level of suspicion should arise. This includes:

  • Receiving and withdrawing large amounts of money on a regular basis without a clear economic purpose

  • Depositing unusually large amounts of private funding, especially in cash

  • Using multiple bank accounts or foreign accounts without good reason

  • Repaying mortgages much earlier than the initially agreed maturity date or securing loans pledged by third parties unrelated to the borrower

  To detect such patterns, companies have to establish transaction monitoring policies and systems. At the moment, businesses increasingly rely on automated transaction monitoring solutions, which can be combined with KYC checks.

• Red flag #5: Irrational choice of legal representative

  People typically hire legal representatives that correspond to their needs. That’s why if a client chooses a lawyer that’s not familiar with their industry-specific regulations, or doesn’t reside in the same country, it can be considered a red flag.

• Red flag #6: Politically Exposed Person (PEP)

  Another red flag may come from Politically Exposed Persons (PEPs). A PEP is an individual who is currently (or has been) in a powerful public position, such as a high-level politician or judge. Since PEPs are exposed to sensitive information, there’s a higher possibility that they might abuse their position. Therefore, companies should have their policies intact when working with such customers. If you want to learn more about PEPs and how to work with them, read our guide here.

• Red flag #7: Usage of virtual assets

  The use of virtual assets (e.g., cryptocurrencies) alone doesn’t indicate a red flag, but using virtual assets without proper Travel Rule compliance and KYC coverage can increase AML-associated risks. If it is detected that a customer exchanges fiat into crypto on a regular basis without an apparent reason, this should raise suspicion. To learn more about the FATF’s regulations on virtual assets, read our Travel Rule guide. Suggested read: Crypto Scams to Be Aware of in 2025: A Guide for Businesses and Users

• Red flag #8: Presence on sanctions lists

  Companies need to ensure that their customers aren’t on any sanction lists. In many cases, customers may be added to a sanctions list after initial onboarding. Therefore, companies have to check sanctions lists on an ongoing basis. Suggested read: Effective Sanctions Screening: Best Practices for Preventing Financial Crime (2025)

• Red flag #9: Presence in adverse media

  Companies need to monitor whether their customers have any adverse media presence. This means any sort of compromising information discovered across various sources (including traditional media, databases of international organizations, blogs, etc.). A proper adverse media check can expose complicity in money laundering, terrorist financing, financial fraud, racketeering, organized crime and much more.

• Red flag #10: Geographic inconsistencies

  If a customer receives or sends money to unusual geographic locations that have nothing to do with their background or area of expertise, this can be considered a red flag. Further suspicion should arise if the location can’t be tracked or is a high-risk country.

Red flags by industry

There are certain red flags that are specific to particular fields.

Banks 🏦

Criminals tend to use banks for money laundering in three stages. The first stage, placement, involves introducing illicit money into the financial system. The second, layering, features a number of complex transactions designed to hide the origin of the illicit money. The final stage, integration, returns the illicit money to criminals in a way that appears legitimate. You can find a full guide on AML in banking here.

Crypto 🪙

Crypto transactions may raise concerns when they involve unusual sizes, destinations, or patterns. Red flags also include the use of mixing services and compromised exchanges, as well as structuring (where large transactions are broken down into smaller amounts to avoid detection). Suspicious user behaviors, like constant changes in personal information, are another red flag. If you want to read more about money laundering red flags in the crypto industry, how to spot them, and what to do, read our article here.

Gambling 🎰

A big red flag for gambling platforms is large cash deposits followed by minimal or even no gambling. Buying chips or credit and then cashing out without playing or a very low amount of gambling can also be an indication of money laundering. To read more about AML compliance in casinos and gambling platforms, check out our guide here.

Suggested read: 6 most popular forms of money laundering in casinos

Traders and broker-dealers 📈

Traders and broker-dealers need to look out for the rapid movement of funds, coupled with low beginning and ending daily balances. Foreign exchange transactions and large transfers from clients with no trading background are also potential red flags. To explore trading regulations around the world, check out our guide here.

Real estate 🏡

Real estate is another potentially high-risk sector. Red flags include anonymous buyers, the use of shell companies, and buyers or funds in jurisdictions with weak AML regimes, high levels of corruption, or known support of terrorism. Other red flags include discrepancies between the buyer’s official income and property value, unexplained geographic distance between the buyer and the property, property values that are far under- or overpriced, and large cash payments. To learn more about money laundering red flags in real estate, check out our guide here.

E-commerce 🛍️

Money laundering red flags in e-commerce include multiple high-value purchases that don’t match normal buyer behavior, large or frequent refunds, especially using different payment methods, and the use of fake or unverifiable customer information. While common, mismatched billing and shipping addresses, as well as multiple accounts using the same payment method or device, can be potential indicators of money laundering. For more on money laundering and fraud in e-commerce, read our guide here.

How to be an AML red flag detective

Spotting AML red flags isn’t just about a gut feeling. It starts with solid Customer Due Diligence (CDD) practices. Before onboarding a new client, businesses need to verify the client’s identity, understand where their money is coming from, and figure out their associated risk level for money laundering, terrorist financing, and proliferation financing. 

If the client is high risk, like a beneficial owner is a politically exposed person (PEP) or a customer has ties to a high-risk jurisdiction, you’ll need to use Enhanced Due Diligence (EDD), which includes even more thorough checks. These essential first lines of defense let you know who you’re really dealing with before you put your company at potential risk of involvement in money laundering. 

Your responsibility to spot AML red flags doesn’t stop once you’ve onboarded a client. Ongoing monitoring is your second line of defense in spotting AML red flag indicators and is essential for keeping tabs on suspicious client behavior over time. This includes keeping an eye on transaction patterns and flagging suspicious behaviors, like clients refusing to update their details or dormant accounts suddenly moving around huge sums of money. Having an AML solution with automated tools and risk-based strategies makes this process easier than ever, putting suspicious behavior on your radar before it risks snowballing into disaster.

Good AML programs include transaction monitoring systems to analyze transaction volumes, patterns, and frequencies in real time, flagging anything that seems off, like unusual money transfers or attempts to hide money trails through layered transactions.

Suggested read: AML Compliance Program: The Essential Guide for 2025

Data analytics and machine learning are key to detecting red flags. These technologies sift through historical transactions to recognize suspicious patterns and know how to spot even subtle red flags. Keeping KYC details up to date is also crucial in helping you stay aware of changes in a client’s risk profile or behavior.

Finally, training employees to spot red flags, like what counts as odd or flag-worthy behavior, can be invaluable. Combining these methods into a smart compliance program can help stay ahead of the risks of financial crime and spot red flags. But what should you do if you spot one?

Make life easier with reusable KYC

With verification processes at the heart of AML/KYC compliance, it’s increasingly essential to streamline checks while avoiding verification hurdles and repeated document uploads. 

Reusable KYC solutions make this possible and allow companies to securely share verified user data for overlapping customers. This improves conversion rates without sacrificing compliance. The data is fully encrypted and transferred in line with global regulatory standards.

Sumsub ID takes it even further. Sumsub ID allows users to create a secure digital identity profile with stored, verified documents and data. This leads to higher pass rates, fewer drop-offs, and stronger compliance standards.

Together, Sumsub ID and Reusable KYC deliver a smooth onboarding experience. Their use reduces friction, eliminates redundant checks, and maximizes conversion rates—all while blocking fraudsters and ensuring full compliance.

What to do when you spot a red flag

You’ve spotted a big AML red flag as part of your ongoing monitoring—$500K was sent from a company to a dormant account and is being sent on to 20 other accounts with the reference “Mind Your Business, Ltd.” But what now?

Step 1: Flag

First, you’ll need to flag it for further investigation. That means documenting the red flag to start an internal review to figure out whether it’s genuinely suspicious or just normal business activity. 

Step 2: Review

After flagging the activity, conduct a thorough review. This may involve reaching out for more information from the customer, re-examining their past transactions, or using data analysis tools to help you understand what’s going on. If the activity is consistent with legitimate customer behavior and the risks can be reasonably mitigated, document the rationale and monitor more closely moving forward. 

Step 3: Report

If something still doesn’t seem right, the next step is to file a FIU report (a SAR or an STR) with the relevant authorities. 

Sumsub supports reporting workflows to make this easier by exporting case files for FIU reports and helping to track escalation chains. 

Step 4: Prevent

Now, take the opportunity to tighten up your company’s AML practices and policies to help you better catch similar risks in the future. 

Best practices for AML compliance

Keeping your company safe from money launderers requires a proactive and coordinated approach to AML compliance. Make sure you have strong CDD procedures in place during onboarding, as well as up-to-date KYC information and effective EDD checklists for high-risk customers. Having accurate data makes spotting red flags early much more likely.

Ongoing monitoring is also key to catching suspicious activity in real time. Sumsub offers powerful tools to make AML regulatory compliance easier, with AI-powered monitoring and automated identity verification to take the pressure off your team and minimize costly mistakes.

On top of this, a multi-layered approach is crucial. Combining transaction monitoring, KYC processes, and reusable identity helps organizations stay up to date with regulations while reducing exposure to fraud and regulatory penalties.

FAQ

• What are examples of AML red flags?

  Examples of AML red flags include big, unexplained transactions, sudden changes in transaction behavior, the involvement of high-risk jurisdictions, or clients being reluctant to provide necessary documentation.

• How do you detect red flags in AML?

  You can detect red flags through tools like automated transaction monitoring, customer due diligence (CDD), and behavioral observations.

• What is the purpose of identifying AML red flags?

  Identifying AML red flag indicators helps detect and prevent money laundering, ensuring regulatory compliance. This stops financial institutions from being involved in illegal activities, which not only helps fight crime but also protects institutions from heavy penalties and reputational damage.

• What should you do if a red flag is triggered?

  If a red flag is triggered, you should flag the transaction, conduct a thorough review, and file a FIU report (SAR or STR) if necessary, while also strengthening internal controls.

• What are the categories of red flags in money laundering?

  The FATF identifies red flag indicators in money laundering based on themes such as the client’s behavior, the source of funds, the nature of the transaction, geographic risk, and complex ownership chains.