Check out the courses we offer

Red Flags: Suspicious Money Laundering Activities to Watch Out For

[modified_date]

Financial crime such as money laundering is a formidable issue for everyone in society. The total cost has been estimated in the trillions of pounds, and the human cost can be devastating. The Law Commission estimates that money laundering costs every household in the UK £255 a year and allows criminals to profit from their crimes. 

Money laundering is an international concern for the UK given that the United Kingdom, and London in particular, is one of the world’s leading financial centres, and a significant financial hub. It is estimated that an average of 1.5 trillion dollars is laundered globally each year, which roughly equates to 3.6% of the world’s gross domestic product.

Tackling money laundering will assist in tackling crimes of all types not only in the UK but also globally, including corruption, fraud, the drugs trade or human trafficking, which are often financed by the proceeds of money laundering. Prevention and detection are a key defence against financial crime, and no institution can work in isolation to tackle and reduce money laundering.

What is money laundering

What is money laundering?

Money laundering is the process of concealing the origins of money obtained through illegal means, and transforming it into legitimate assets. It is defined in Section 340 of the Proceeds of Crime Act 2002 (POCA) and it covers a wide range of circumstances, involving any activity concerning the proceeds of any crime, such as but not limited to:

  • Trying to turn money raised through criminal activity into so-called clean money – this is a classic form of money laundering
  • Possessing or transferring the benefit of acquisitive crimes such as theft and fraud, and funds generated from crimes such as tax evasion – this includes the possession by an offender of the proceeds of their own criminal activity
  • Possessing or transferring stolen goods
  • Being directly involved with any criminal or terrorist property, or entering into arrangements to facilitate the laundering of criminal or terrorist property
  • Criminals investing the proceeds of their crimes in a whole range of financial products

Money laundering usually consists of the following stages:

  • Placement – The laundering of criminal proceeds is often required because of the cash-intensive nature of the underlying crime, for example drug dealing, where payments are in cash, often in small denominations. Money is placed into the financial system or retail market or smuggled to another country. The aim of the money launderer is to avoid detection by the authorities and to then transform the criminal proceeds into other assets.
  • Layering – Layering is an attempt to conceal or disguise the source and ownership of the criminal proceeds by creating complex layers of financial transactions. These layers obscure the audit trail and provide anonymity. The purpose is to disassociate the criminal proceeds from the criminal activity which generated them. Layers are usually created by moving monies in and out of accounts and by using electronic fund transfers.
  • Integration – Integration involves incorporating the criminal proceeds into the legitimate economic and financial system, thereby assimilating it with other assets in the system. The integration of so-called clean money into the economy is achieved by the money launderer making it appear legally earned or obtained.

Each individual money laundering stage can be extremely complex due to the criminal activity involved and can involve multiple individuals involved in organised crime.

The legal framework

There are several key pieces of legislation and regulation in the UK’s anti-money laundering (AML) framework. These include:

  • Proceeds of Crime Act 2002 amended by the Serious Organised Crime and Police Act 2005 – this sets out the primary offences related to money laundering:
    – Concealing, disguising, converting, transferring or removing criminal property from the UK
    – Entering into or becoming involved in an arrangement which facilitates the acquisition, retention, use or control of criminal property by or on behalf of another person
    – The acquisition, use and/or possession of criminal property
  • Terrorism Act 2000
  • The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR)
  • Criminal Finances Act 2017 which includes the powers to serve Unexplained Wealth Orders (UWOs) which allow the recovery of criminal assets
  • Terrorist Asset-Freezing etc. Act 2010
  • Anti-Terrorism, Crime and Security Act 2001
  • Counter-Terrorism Act 2008, Schedule 7
  • Data Protection Act 2018 and the General Data Protection Regulation (UK GDPR)
  • Economic Crime (Transparency and Enforcement) Act 2022: A recent addition aimed at bolstering the enforcement of economic crime offences, including money laundering
  • The Financial Services and Markets Act 2023

The following legislation applies to money transmission businesses only:

  • Regulation (EU) 2015/847 on information accompanying transfers of funds (the Payments Regulation)
  • Payment Services Regulations 2017

Financial institutions in the UK are required to adhere to stringent anti-money laundering (AML) obligations:

  • Customer due diligence (CDD) – Organisations must verify the identity of their customers and understand the nature of their business to assess risk.
  • Ongoing monitoring – Regular monitoring of customer transactions is necessary to detect unusual or suspicious activities.
  • Suspicious activity reporting (SAR) – Financial institutions must promptly report suspicions of money laundering to the National Crime Agency (NCA).
  • Internal controls and training – Robust internal controls and adequate employee training are vital to ensure compliance with AML regulations.

Compliance with AML legislation and regulations is not an option for organisations, it is a legal obligation. Regulatory bodies such as the Financial Conduct Authority (FCA), His Majesty’s Revenue and Customs (HMRC) and NCA have robust powers to enforce AML regulations, including conducting investigations and imposing sanctions. Penalties for non-compliance can be severe, ranging from financial fines to criminal prosecution if an organisation does not comply with the anti-money laundering legislation and regulations. Other advisory or regulatory bodies also include:

  • The Office for Professional Body Anti-Money Laundering Supervision (OPBAS)
  • The Solicitors Regulation Authority
  • UK Gambling Commission
  • The Association of Chartered Certified Accountants (ACCA)
Red flags for money laundering

Red flags for money laundering

Red flags are common warning signs alerting organisations, regulators and law enforcement such as the police and the NCA to a suspicious transaction that may involve money laundering. Knowing about and understanding red flag indicators helps organisations to recognise transactions that signal potential suspicious activity.

Although spotting any signs of money laundering is a continual challenge for organisations, there are some common warning signs to look out for despite criminals continually adapting their techniques. Let’s look at some of the most common money laundering red flags:

  • Client evasiveness, secrecy or general reluctance to provide information – This may include clients seeking undue anonymity or secrecy and not willingly revealing their identity or who the beneficial owner is, what the source of their income is, or an unwillingness to disclose data or documents required to enable a transaction. The client may also be acting through a third party and the third party is not being transparent about who they are acting on behalf of or who the ultimate beneficiary is. When clients are uncooperative or evasive in response to requests for additional information or documentation, this can also be a significant warning sign.
  • High volumes of cash transactions through the business – Certain business sectors are more susceptible to money laundering. For example, the archetypal money laundering business is a pizza restaurant or a nail salon or similar, where there are high volumes of cash transactions and dirty money can be added in by inflating the turnover. This should arouse particular suspicion when there are no records such as till receipts to back up the cash volume. Also, large cash deposits being made using night safe facilities and cash deposit machines, thereby avoiding direct contact with the bank, and a large aggregate amount of cash being deposited with the bank in numerous small amounts, or at different branches, to avoid scrutiny.
  • Multiple accounts under the same client – If clients own and operate multiple accounts under the same details, their accounts require regular verification and monitoring to eliminate the possibility that they are operating as money mules, i.e. third parties that launder money on behalf of financial criminals. UK banks identified more than 50,000 suspected money mules in 2021, a 24% increase on the previous year. Criminals recruit the public, including exploiting children, to form networks of mule accounts to move money taken from fraud victims and other criminal funds.
  • Source of funds is unusual – Clients trying to launder funds will often try to carry out unusual transactions, or the transaction may have unusual features. These may include but are not limited to:
    – Large cash payments
    – Unexplained payments from a third party or third-party funding
    – Large private funding that does not fit the business or personal profile of the payer
    – Loans from non-institutional lenders
    – Use of corporate assets to fund private expenditure of individuals
    – Use of multiple accounts or foreign accounts
    – Size, nature, frequency or manner of execution
    – Early repayment of mortgages/loans
    – Short repayment periods for borrowing
    – An excessively high value is placed on assets/securities
    – Involving unnecessarily complicated structures or steps in the transaction
    – Repetitive instructions involving common features/parties or back-to-back transactions with assets rapidly changing value
    – The transaction is unusual for the client, type of business or age of the business
    – Unexplained urgency, requests for shortcuts or changes to the transaction particularly at the last minute
    – Use of a Power of Attorney in unusual circumstances
    – No obvious commercial purpose to the transaction
    – Abandoning transaction and/or requests to make payments to third parties or back to source
    – Monies passing directly between the parties
  • Frequent changes in professional advisers – A business that frequently changes its accountants, for example, may not be allowing the adviser to get too close to the business and to spot changes in financial or behavioural patterns. Also, a business that chooses advisers who are geographically remote without any obvious explanation may also be a red flag.
  • Account holders from High-Risk Countries – Also any business assets, such as properties, that are located in high-risk countries including countries that are tax havens. The business could also have directors, owners or other people involved with the company who are residents in high-risk countries.
  • Politically exposed persons involved with the business – A politically exposed person (PEP) is someone who has been appointed by a community institution, an international body or a state (including the UK) to a high-profile position within the last 12 months. A full list of PEP roles is published by the UK Government. Evidence shows that a politically exposed person is likely to abuse their position for the purpose of committing money laundering and terrorist financing offences.

Understanding the red flags associated with financial transactions and following a concise but thorough customer due diligence process can help combat and avoid implications in money laundering crime.

Customer due diligence

Customer due diligence (CDD)

Customer due diligence is the process of collecting and evaluating information provided by a customer or potential customer. It is an important operation, especially for organisations in the financial industry. It enables organisations to assess the money laundering and terrorism financing risks of a client, and whether the work they wish an organisation to undertake may expose the organisation to money laundering risk.

Traditionally, CDD only covered financial services, but regulators widened the scope to other regulated sectors and, more recently, unregulated sectors. Types of businesses and organisations that are required to conduct CDD include, but are not limited to:

  • Banks
  • Building societies
  • Insurance companies
  • Pension providers
  • Credit unions
  • Foreign exchange
  • Other financial institutions
  • Solicitors
  • Money service businesses
  • Cryptocurrencies dealers
  • High-value dealers
  • Trust or company service providers
  • Accountancy service providers
  • Estate agencies
  • Bill payment service providers
  • Telecommunications, digital and IT payment service providers
  • Small payment institutions
  • Art market participants
  • Letting agencies
  • Bookmakers, casinos and other gambling establishments
  • Online gambling

There are over 100,000 businesses subject to money laundering regulations in the UK and although each business is responsible for its own compliance with CDD, the Financial Conduct Authority (FCA) monitors and enforces CDD compliance. 

Customer due diligence means taking steps to identify customers and checking that they are who they say they are. In practice this means obtaining a customer’s:

  • Name
  • Photograph on an official document which confirms their identity
  • Date of birth
  • Residential address

The best way to do this is to ask for a government issued document such as a passport or driving licence, along with utility bills, bank statements and other official documents. Other sources of customer information include the electoral register and information held by credit reference agencies.

CDD consists of performing background checks, and screening potential and existing customers to ensure they are not involved in illegal activity. The key steps to performing CDD are verifying, screening, risk assessing and monitoring customers.

Under regulation 27 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) you must carry out CDD measures when:

  • Establishing a business relationship
  • Carrying out an occasional transaction that amounts to 15,000€ or more, or the equivalent in other currencies
  • You suspect money laundering or terrorist financing
  • You doubt the accuracy or adequacy of documents or information previously obtained for CDD

Once a customer’s details have been captured for CDD, a business must decide whether to engage with them based on the information presented. Businesses can use a risk scoring or rating system, such as ‘low risk’ or ‘high risk’, or a score to help them determine the level of risk the customer poses and what action to take. Possible actions might include to decline, to investigate further or to pass. Businesses using a risk-based approach should not only rely on their own experiences and observations but also take a proactive approach in seeking out information about money laundering trends and threats from external sources.

Under regulation 28 (11) you must carry out ongoing monitoring of business relationships. Ongoing monitoring is defined as:

  • Scrutiny of transactions undertaken throughout the course of the relationship, including, where necessary, the source of funds, to ensure that the transactions are consistent with your knowledge of the client, their business and the risk profile
  • Undertaking reviews of existing records and keeping the documents, or information obtained for the purpose of applying CDD, up to date

When the business relationship or occasional transaction has ended, you must keep records of CDD documents and supporting evidence for five years. After five years, you must delete personal data unless:

  • Express consent is given to retain that data
  • Your business is required to retain the personal data, for example, for the purposes of court proceedings
Reporting suspicious activities

Reporting suspicious activities

Although complex, the existing money laundering regulations have at their heart a simple requirement, namely that, after careful procedures have been followed, if a worker or institution in the financial services or any related sectors has suspicions about a transaction it should be reported to the relevant authorities. Reports can also be submitted by private individuals where they have suspicion or knowledge of money laundering or terrorist financing.

The reports of suspect activity are officially called Suspicious Activity Reports or, more generally, SARs. They have to be made in a prescribed manner on a special form. The quality of a SAR can affect the ability to prioritise and process the report. It can also affect the relevant agency’s decision or ability to investigate. Poor quality reporting can lead to unnecessary delays, particularly where a defence against money laundering has been sought, and can cause face-to-face problems with clients, customers or suppliers. Once a SAR has been made, consideration needs to be made about if and how any change is needed about the way interactions with the client are made in order to avoid committing the offences of “tipping off” and “prejudicing an investigation”. The UK Financial Intelligence Unit provides guidance on submitting SARs, which should be followed.

A person may commit an offence if they fail to make a SAR after information their knowledge or suspicion of money laundering is based on comes to them because of a disclosure made under:

  • Section 330 POCA – if they work in the regulated sector
  • Sections 337 or 338 POCA – if they work in the non-regulated sector

These are known as the ‘failure to disclose’ offences.

Submitting a SAR protects you, your organisation and UK financial institutions from the risk of laundering the proceeds of crime. You should always in the first instance follow your organisation’s policy and procedures on Suspicious Activity Reporting. There may, however, be circumstances when a person needs to ‘blow the whistle’ to the authorities on suspicious activities, and they may be concerned about their own protection. 

Whistleblowers are protected by the Public Interest Disclosure Act 1998 (PIDA), which means that they may obtain a remedy if they are hurt, suffer detriment or are dismissed because they have blown the whistle in the public interest. This is enforceable through an Employment Tribunal. Under PIDA, if a whistleblower makes a report to a prescribed person, such as the Financial Conduct Authority (FCA), they will potentially qualify for the same employment rights as if they had made a report to their employer. To qualify for these rights, as well as meeting the criteria found on GOV.UK, the worker must have a reasonable belief that:

  • The matter being reported falls within the remit of the prescribed person, as described in the second column of the Schedule to the Prescribed Persons Order headed ‘Description of matters
  • The information reported is substantially true

Suspicious Activity Reports (SARs) alert law enforcement to potential instances of money laundering or terrorist financing, and are a vital source of intelligence not only on economic crime but also on a wide range of criminal activity. They provide information and intelligence from the private sector that would otherwise not be visible to law enforcement.

Some SARs provide immediate opportunities to stop crime and arrest offenders, others help uncover potential criminality that needs to be investigated, while others provide intelligence useful in the future. SARs provide intelligence about criminal methods, contribute to the UK’s understanding of crime and inform strategies to reduce the impact of crime. SARs can also help establish a geographical picture or pattern of the vulnerability of a particular sector or product, and can be used in the analysis of suspicious activity before and after a specific event such as a terrorist incident.

A single SAR is often used multiple times by different users for different purposes. For example, the information within a SAR may inform HM Revenue and Customs (HMRC) about taxation, local police about fraud or theft and a government department about an issue or weakness in a financial product. 

SARs have now been filed for almost 20 years and year-on-year the number filed is growing. On 24 January 2023, the NCA published its annual report on SARs for the 2021/2022 reporting period. This covers the 12 months from April 2021 to March 2022. During this period, 901,255 SARs were filed with the NCA. This is an increase on the previous year of 21%.

AML training and compliance

Employee training and awareness-raising have long been recognised as key AML defences against money launderers and criminal financers. The money laundering legislation calls for all relevant employees to receive AML training, stating that employees should be “…provided with ongoing training on identifying a transaction or other activity that may be related to money laundering or terrorist financing, and on how to proceed once such a transaction or activity is identified”.

A relevant employee can be any individual employed in the organisation, either as a permanent member of staff or as a subcontractor who is engaged in providing accounting services to clients, from bookkeeping and payroll through to tax returns and audit work. Agents the organisation uses for AML compliance such as auditors, or for the matters identified in AML regulation 24(2)(b), now also fall within the training requirements.

As financial crime is becoming more sophisticated and widespread, regular training and education will ensure that employees are well-informed about AML risks, policies, procedures and regulatory requirements, enabling them to perform their roles in detection and compliance effectively. AML training must equip employees with sufficient knowledge to effectively recognise red flags and suspicious activity and to know how to alert the relevant authorities about any suspicious activities or suspicions that they may have about a transaction or client.

AML training should be mandatory and included in the induction of appropriate employees. Records of attendance should be kept as these may be asked for by regulators and they act as a reminder for updates, which should take place at a minimum every 2 years or sooner should AML legislation or regulations change.

Money laundering example

Money laundering example

Money laundering is a complex and multifaceted crime, with criminals employing a myriad of techniques to conceal the illicit origins of their funds. Some of the most common examples of money laundering schemes include:

  • Smurfing – This is also known as structuring. It is a money laundering technique whereby illegal funds are divided into smaller amounts and deposited into multiple bank accounts or financial institutions. This is done to circumvent financial regulations that require banks to report large transactions, typically exceeding a certain threshold, for example £10,000 in the UK. Criminals employ Smurfs, or individuals acting on their behalf, to make numerous small deposits or purchases, often using multiple accounts or institutions. By keeping transactions under the reporting threshold, they avoid triggering any red flags or attracting the attention of authorities. Once the funds have been successfully deposited, they are often transferred to other accounts or mingled with legitimate funds, further obscuring their origins. This process, called layering, helps integrate illicit proceeds into the legal financial system, making them appear as legitimate earnings. Despite its relatively simple nature, smurfing can be an effective money laundering method, particularly when a large number of Smurfs are involved. However, financial institutions and law enforcement agencies have developed tools and techniques to detect and combat smurfing, such as monitoring patterns of transactions and utilising advanced algorithms to identify suspicious activity.
  • Real estate or property laundering – This is a common example of money laundering where criminals invest illicit funds into the property market, disguising the true origin of their wealth. In this method, ill-gotten gains are channelled into buying, selling or renting properties to create the appearance of legitimate financial transactions. The United Kingdom has been an attractive destination for property money laundering due to its stable property market and the perception of a secure investment environment. Criminals often exploit loopholes in property transactions, using shell companies, offshore accounts, or third-party intermediaries to obscure their identity and the source of their funds. Red flags may include:
    – Rapid succession of transactions relating to the same property.
    – Use of cash or third-party intermediaries without adequate commercial explanation.
    – Use of overseas trusts or companies to conceal property ownership.
    – Unexpected early repayments, for example of a mortgage.
  • Casinos and gambling establishments – These present an alluring opportunity for money laundering, providing a colourful landscape for camouflaging illicit funds. The thrill of games of chance often masks the motives of criminals, who exploit the fluidity and excitement of wagering to transform their ill-gotten gains into seemingly legitimate earnings. As a favoured money laundering technique, those betting wager large sums of money on games with relatively low risk, such as blackjack or roulette. These gamblers may intentionally lose a portion of their bets, creating the impression of genuine gambling activities. Subsequently, they exchange their chips for crisp banknotes, absolving them of any dubious associations. The UK Government, well aware of this elaborate facade, has established stringent anti-money laundering regulations to counteract such practices. Red flags include unusual betting patterns with players placing large bets on low-risk games or frequently changing betting patterns, rapid deposit and withdrawal cycles with criminals depositing large sums to their accounts and withdrawing them quickly or for online betting, and multiple accounts and IP addresses for conducting transactions.
  • Cyber laundering – This takes advantage of the digital world to hide the origin of illegal funds. The dark web adds another layer of anonymity for criminals, allowing them to make transactions without being easily detected. Digital currencies and cryptocurrencies are key tools in cyber laundering. Criminals use mixing services, or ‘tumblers’ to blend their illegal money with legal funds. This makes it challenging for authorities to trace where the money initially came from. Irregular patterns relating to the size, frequency, or type of crypto transactions may be red flags pointing to money laundering activity.

The role of technology

The development of technology has led to the development of money laundering activities, and the rise of digital currencies and blockchain technology has created new opportunities for criminals and challenges for AML. 

In digital banking, when the customer connects to the bank’s web server with their personal ID code and then enters their personal password, the system will automatically verify the person. With this system, financial criminals can make transactions without going to banks and physically filling out many forms, making their job much easier. It can be more difficult to determine the activities carried out with e-cash or electronic cash than real-money laundering activities. That is why financial criminals now prefer to carry out e-money activities rather than using physical money.

Technological advances in e-commerce have made it easy to build online businesses and hide them behind legitimate store websites; money launders have begun to use e-commerce websites to take advantage of this vulnerability and continue their activities.

Criminals are also using digital currency or cryptocurrency for money laundering; although more complicated than traditional money laundering methods, the lack of AML regulations in this sector makes it attractive. 

Many online gambling and online video games sites are not legally registered and, since sites are not registered, they cannot be controlled by regulators, and their activities cannot be monitored, making them a prime target for money laundering activities.

Traditionally, AML compliance has relied heavily on manual processes. This includes customer due diligence (CDD), where organisations collect and analyse information about customers to assess their risk profiles. However, recognising the limitations of traditional methods, organisations have started to adopt technology-driven approaches to AML compliance. 

Technologies such as data analytics, artificial intelligence (AI), and machine learning are now integrated into AML processes. These technologies allow for the automation of routine tasks, for more sophisticated analysis of transaction data, and the analysis of large volumes of data at unprecedented speed and accuracy, and provide the ability to identify patterns indicative of money laundering that would be difficult, if not impossible, for humans to detect. Algorithms can identify complex patterns and anomalies in transaction data which can reveal potential money laundering activities.

Anti-money laundering (AML) transaction monitoring is the process of monitoring a customer’s transactions such as transfers, deposits and withdrawals. Automated transaction monitoring systems will seek to identify suspicious behaviour which could indicate money laundering or other financial crime occurring. Automated transaction monitoring systems have to have the ability to constantly evolve with increasingly complex money laundering tactics. A data mining algorithm is put in place with the intention of screening and analysing large data sets. The algorithm crawls transaction monitoring data quickly and efficiently to find connections that could indicate suspicious activity. Once this is complete, the system highlights any outstanding transactions to be checked manually.

Electronic Identification and Verification (EID&V) is widely considered one of the most mature and instantly useful elements of technology in AML, with many organisations using various mechanisms to meet their compliance obligations, including usage of third-party data providers.

New and emerging technologies have the potential to deliver both significant cost reductions in operational areas as well as significant enhancement of money laundering, terrorist financing and fraud prevention. However, for smaller organisations, many have limited budgets for AML technology improvements and may lack internal capability to implement the systems.

Traditionally, technology has played a limited role in reporting to both the regulator and other bodies. For most regulated institutions, the production and filing of Suspicious Activity Reports (SARs) in the UK has been an entirely manual and administrative function, with little in the way of automation or technology. However, new and existing technologies now offer considerable advantages and operational improvements to organisations in this area. In particular, data analytics and machine learning technology have rapidly reduced the number of potential SARs needing human review or intervention, significantly reducing operational costs.

Final thoughts

Money laundering is on the rise, and whilst combating financial crime may seem challenging, simply understanding and recognising the red flags, improving risk assessment and implementing processes to identify and combat money laundering can be the best defence to protect the organisation from the threat of financial crime.

Anti Money Laundering

Anti-Money Laundering

Just £20

Study online and gain a full CPD certificate posted out to you the very next working day.

Take a look at this course

About the author

Photo of author

Luke Bell

Luke joined the team in February 2024 and helps with content production, working closely with freelance writers and voice artists, along with managing SEO. Originally from Winchester, he graduated with a degree in Film Production in 2018 and has spent the years since working in various job roles in retail before finding his place in our team. Outside of work Luke is passionate about gaming, music, and football. He also enjoys watching films, with a particular love of the fantasy and horror genres.