Service Restriction

If new risk emerges, the FI can freeze or restrict services.

A direct follow-up if the alert’s risk is unacceptable.

The FI may limit certain products if the initial risk is high.

Restrict or condition services—such as account opening or cross-border payment processing—if a customer’s multi-jurisdictional structure lacks transparent ownership details or exhibits unexplained layers. By curtailing higher-risk services until ownership clarity is achieved, institutions deter the exploitation of complex corporate arrangements for illicit purposes.

Restrict or freeze high-risk transactions when intermediaries cannot validate their role or produce valid mandates. Limit access to services where unexplained or suspicious third-party involvement continues, pending further verification.

Restrict or block transactions to and from addresses identified as operating or heavily engaged with unlicensed mixing services. Require elevated approval for inbound and outbound flows linked to mixers, ensuring customers justify their usage of anonymity-focused protocols. By actively limiting these high-risk movements, institutions disrupt layering attempts through non-compliant mixers.

Restrict or block transactions linked to custodial mixers known to operate without AML controls or located in jurisdictions with minimal oversight. This measure prevents direct engagement with high-risk mixers, limiting opportunities for criminals to layer funds undetected.

Restrict or block transactions to and from wallet addresses associated with high-risk decentralized mixer services, or require manual compliance approval for such transactions. By limiting direct access to known mixer pools, institutions can deter attempts to launder funds and prompt further review for potentially illicit activity.

Restrict or block bridging to and from cross-chain platforms known to have minimal or no KYC requirements, and set transaction limits for bridging that lacks transparent business justification. These controls help prevent criminals from exploiting decentralized or lightly regulated bridging services to launder funds across multiple networks.

Restrict or freeze customers' ability to transfer or burn tokens when burn-and-mint patterns lack a credible business rationale. Impose additional compliance checkpoints before allowing bridging or re-minting if the user has recently engaged in large or repeated burns, especially through minimal-KYC cross-chain platforms. These measures help prevent criminals from exploiting burn-and-mint layering techniques to obscure the origin of funds.

Limit or block access to bridging platforms known for minimal KYC or repeated misuse in laundering schemes. Impose transactional caps or additional step-up verification for bridging-related transfers when a customer's activity shows red flags, such as routing through multiple chains in a short period.

Limit or refuse payment and trading services for high-value transactions that lack verifiable documentation of authenticity or reasonable justification of funds. If appraisals or provenance records are inconsistent with market norms, suspend activity and require enhanced scrutiny. Blocking or restricting such services prevents ongoing laundering through illicitly obtained or mispriced luxury items.

Restrict or refuse transactions involving antiquities lacking verifiable provenance or sourced from high-risk jurisdictions when authenticity cannot be established. This may include delaying or blocking wire transfers, limiting cross-border payment methods, or imposing conditional approvals until the client provides acceptable documentation or third-party verification of the artifact's origin.

Restrict or subject trade finance services (e.g., letters of credit, open accounts) to senior-level approval for shipments to or from locations flagged for rampant misinvoicing. Require additional contract terms, third-party inspections, or documented proof of the goods’ true market value before processing transactions.

Restrict specific products, freeze accounts, or block high-risk transactions if evidence suggests complex entity layering is solely intended to camouflage beneficial ownership. Require clients to clarify any obscure legal arrangements or unwind unnecessarily elaborate structures as a condition for continuing service. This prevents the ongoing misuse of financial channels for asset cloaking.

Restrict or deny financial services for foreign real estate purchases when a client fails to document legitimate beneficial ownership or if the jurisdiction is known for minimal regulatory controls. This directly prevents criminals from converting illicit funds into offshore properties that obscure the true origin of the money.

Restrict the acceptance of large physical cash payments for property acquisitions by imposing maximum cash thresholds or requiring partial payments through traceable means, such as wire transfers. Suspend the transaction if documentation regarding the lawful source of funds is not provided or remains unverifiable.

Temporarily restrict or freeze accounts suspected of money mule activity once red flags, such as repeated incoming transfers from unrelated sources, are identified. Limit or block high-risk services (e.g., international transfers, crypto transactions) until the account holder provides legitimate proof of transaction purpose, preventing continued misuse for illicit fund flows.

Restrict or freeze functionalities for accounts exhibiting multiple red flags, such as rapid KYC detail changes, inconsistent personal information, or high-volume fund movements. Limit transaction capabilities, enforce secondary approvals, or terminate high-risk features until deeper verification is completed. This approach curbs criminals' ability to launder funds under multiple mule accounts.

Impose daily or monthly limits on crypto ATM cash transactions, requiring enhanced identity verification or managerial approval for amounts above set thresholds. These controls can substantially curtail the typical high-volume layering used by ATM mules, forcing greater scrutiny on suspicious activity.

If repeated inconsistencies or apparent forgeries in specialized permits are detected, freeze or limit access to financial services until the documentation can be officially validated. By halting transactions pending verification, institutions can stem the flow of illicit funds reliant on fraudulent sector credentials.

Restrict or discontinue services when customers appear to operate as unlicensed IVTS providers. Require verifiable licensing or documentation for money transfer activities, and limit account features if trust-based or cross-border offset transactions are identified without legitimate business justification, thus preventing further IVTS misuse.

Deny or restrict account services for entities found to be operating unlicensed MSBs, including freezing or closing relevant accounts until official licensing is obtained or confirmed. This prevents illicit actors from exploiting institutional channels for unregistered fund transfers.

Block or restrict services to unregulated exchanges or brokers, and apply strict controls to cross-currency transactions that bypass formal KYC processes. By disallowing relationships with unlicensed intermediaries, NEP's ability to operate off-the-record is curtailed.

Restrict or deny high-risk remittance or wire services to unlicensed or suspicious hawala operators. Suspend account features if transactional patterns suggest the account is acting as a de facto hawaladar hub. This counters hawala's informal settlement logic by cutting off institutional service channels where no formal license or oversight exists.

Throttle or temporarily suspend high-risk services (e.g., night-drop cash, bulk trade-finance lines) for customers whose activity profile diverges sharply from their operational capacity, limiting the front’s ability to launder funds while investigations proceed.

Restrict high-value transactions or suspend specific services when a call center entity fails to substantiate legitimate commercial activities or shows a pattern of receiving money from vulnerable individuals. Impose lower daily transfer limits or require secondary approvals for wire transfers until operational legitimacy is confirmed.

Limit or suspend high-risk cross-border money transfers labeled as consulting fees if ongoing monitoring suggests the firm lacks legitimate operational substance (e.g., repeated inability to provide proof of actual services). Require proof of client deliverables or real staffing before permitting large advisory payments to mitigate layering risks.

Geoblocking or Traffic Filtering: Some financial institutions block or flag Tor exit nodes and well-known VPN or proxy IP addresses. Strict geolocation policies can be enforced for account registration and subsequent online service usage. Real-time blocking or additional friction (e.g., captchas, additional identification steps) can be applied for connections from known anonymizing IP ranges.

Temporarily suspend or limit certain high-risk services (e.g., large outgoing wires) if activity is identified from known VPN endpoints without legitimate justification. Require the customer to confirm their true location or business purpose before reactivating full privileges. By restricting potentially high-impact transactions initiated through concealed IP addresses, the institution disrupts adversaries' layering and anonymization strategies.

Restrict or block account access originating from identified anonymizing proxies or flagged VPNs unless the customer provides a legitimate business explanation for such connections. If unexplained proxy usage is detected, temporarily limit account functionality or suspend transactions until the risk is sufficiently mitigated or resolved.

Impose conditional service limits or blocks on larger-value or high-risk transactions initiated from unverified public WiFi connections. For instance, require additional live identity verification or disallow certain transfers above a set threshold from open hotspots, thwarting criminals who rely on public networks to hide transaction origins.

Limit or deny high-risk products and services, such as large wire transfers or cryptocurrency transactions, from sessions identified as routing through multiple VPN hops. Dynamically block or challenge logins originating from known multi-hop VPN IP ranges unless customers complete further verification. This reduces the likelihood of ongoing illicit layering through advanced anonymity routes.

Restrict or require immediate additional checks for logins from recognized Tor exit nodes or VPN addresses. Impose enhanced measures, such as real-time re-authentication or temporary transaction caps, on users who frequently use anonymous networks until they validate a legitimate business case for such usage.

Impose limits or hold periods on the frequency, volume, or cumulative totals of transactions that consistently appear below reporting thresholds. If repeated under-threshold operations or related accounts emerge, suspend those services or mandate additional verification to thwart further structuring attempts.

Set daily or periodic transaction frequency and volume limits to disrupt micro-structuring patterns. When unusual sub-threshold activity is detected, restrict or temporarily freeze accounts to prevent further layering of illicit funds through multiple small transactions.

Impose controls or require further verification on third-party deposits that do not align with the beneficiary’s documented incoming remittance data. For instance, hold inbound funds from unfamiliar senders until the beneficiary confirms their legitimacy, thereby blocking attempts to insert illicit proceeds in place of a legitimate inbound transfer.

Limit or suspend remittance services for individuals or entities exhibiting repeated sub-threshold transactions that suggest deliberate structuring, such as multiple or conflicting IDs, identical contact details, or immediate cash pickups. Require escalated approval or additional ID verification before processing further low-value remittances that appear designed to evade reporting thresholds.

Restrict or suspend ATM deposit privileges for accounts that repeatedly engage in sub-threshold deposit patterns indicative of structuring. Require in-branch interaction or additional documentation to verify the source of funds, preventing the easy concealment of illicit cash via ATMs.

Limit or temporarily block repetitive small-value deposits when there is no valid business justification. By enforcing tighter frequency and volume controls, financial institutions can directly disrupt the continuous sub-threshold transactions typical of smurfing. Mandate in-person identification or enhanced verification for suspicious deposit patterns to deter misuse.

Block or limit transactions to unlicensed or lightly regulated gambling sites known for lax KYC practices. Impose usage thresholds or account restrictions when unusual patterns are detected, such as repeated minimal bets with large deposit or withdrawal volumes. Block suspicious accounts from continuing illicit funds layering.

Restrict or block transactions originating from unregulated or high-risk gaming platforms that lack robust AML checks. Before allowing large-volume conversions of game currency to fiat or cryptocurrency, enforce mandatory identity verification and conduct additional scrutiny of unusual gaming activity or prior account usage. Deny or freeze such services if red flags remain unresolved.

Restrict or deny services to charitable organizations that fail to provide clear governance structures or adequate documentation for large or cross-border donations. If infiltration or suspicious activity is suspected, freeze accounts or impose transaction limits to curtail ongoing illicit behavior. This measure specifically addresses infiltration by deterring the misuse of nonprofit status.

Restrict or require pre-approval for transactions linked to unregulated or anonymous remote mining operators, particularly those lacking clear ownership or AML/KYC practices. Impose additional validation steps, such as proof of legitimate service agreements and sanction screening, on payments directed to mining providers in high-risk jurisdictions, blocking services if risk indicators remain unresolved.

Restrict or prohibit transactions involving high-risk or sanctioned remote mining providers, or those lacking verifiable AML controls. By denying these services to suspicious operators, institutions reduce opportunities for criminals to layer illicit proceeds using cross-border hosting or hash-rate contracts.

Immediately suspend or restrict system access for employees suspected of insider collusion to prevent further overrides of AML controls. Coordinate with HR, compliance, and risk management to investigate. If wrongdoing is confirmed, pursue termination or legal action to discourage future insider abuse.

Once a fake identity is suspected, freeze the account, gather evidence, and escalate the issue to relevant internal or external parties, such as the compliance team or law enforcement.

Require in-person or enhanced video verification for account openings that fail initial document authenticity checks or exhibit repeated anomalies. Temporarily freeze or limit high-risk services, such as remote onboarding and high-limit transfers, until the legitimacy of submitted identities can be definitively confirmed. This reduces criminals' ability to exploit fake identification undetected.

Throttle or suspend high-risk features (bulk file uploads, instant cross-border payments, high API rate limits) for customers exhibiting scripted transfer behaviour until investigations conclude.

Limit or require internal approval for multiple virtual IBANs tied to the same underlying account. Institutions may cap the number of virtual IBAN references a single client can open and demand documented business justifications for each request. By controlling the proliferation of virtual IBAN references, financial institutions reduce the risk of layering and fragmentation of fund flows.

Limit or block fund transfers directly involving unregulated instant exchange services, or impose hold periods and additional verification steps when conversions originate from or move to no-KYC swap platforms. This reduces the ability to rapidly layer illicit proceeds.

Restrict or block transfers to wallet addresses flagged for CoinJoin usage or other anonymizing protocols. Require additional justification if a customer consistently routes funds through unhosted wallets with no clear economic purpose. By constraining or halting interactions with high-risk privacy services, institutions limit the layering of illicit proceeds.

Restrict or block high-risk transactions to and from known privacy wallet addresses unless the customer provides a legitimate rationale for such usage. Temporarily suspend or hold funds originating from advanced anonymization methods until further due diligence is completed, preventing continued layering and protecting the institution from facilitating illicit flows.

Set velocity or frequency caps on low-value transactions for new or high-risk accounts, and require additional screening for repeated micro-transfers. This limits adversaries' ability to probe thresholds by enforcing extra verification when numerous small payments are attempted in quick succession.

Restrict or require pre-approval for large cross-border equity injections and business investments originating from jurisdictions with minimal ownership disclosures. Deny or closely monitor services that enable high-value capital infusions through unregulated advisers to reduce the risk of layering illicit funds.

Restrict or suspend remittance services when customers cannot substantiate large "gift" or "charity" transactions with satisfactory documentation, or repeatedly alter transaction details to avoid scrutiny. Impose transaction limits, withhold approvals, or require pre-approval for higher-risk remittances to deter the continued exploitation of disguised transfer channels.

Temporarily suspend suspicious crowdfunding campaigns and withhold disbursements when donor patterns or campaign details appear illicit or fabricated, such as large inflows from newly created donor accounts. This prevents criminals from rapidly extracting illicit proceeds during investigations.

• Restrict or delay high-value jewelry transactions if the customer cannot provide credible appraisals or documentation supporting declared valuations.
• Deny or freeze services when repeated resale patterns show drastically changed values or when there is evidence of deliberate misrepresentation.
• Ensure that unresolved issues are investigated before allowing transaction completion.

Restrict or deny high-risk services for unregulated auction platforms, suspicious third-party sellers, or recurrent price manipulation schemes linked to collectible trading. Limiting access to questionable channels reduces the likelihood of further layering activities under the guise of legitimate auctions.

• Restrict or deny services for high-value art transactions when beneficial owners cannot be verified, or when parties refuse to provide transparent provenance and source-of-funds documentation.
• Limit acceptance of large cash payments without thorough scrutiny to mitigate the risk of untraceable illicit funds.

Restrict or temporarily freeze incoming court-ordered settlement funds when the legitimacy of the underlying legal process is unclear or originates from a high-risk judicial environment. Require verifiable court documentation or external validation prior to releasing funds to prevent criminals from swiftly legitimizing illicit proceeds through potentially corrupt rulings.

• Limit or deny trade finance, letters of credit, or other banking products for diamond shipments that lack reliable provenance or valid certificates.
• Restrict services to entities operating in high-risk diamond-exporting regions unless detailed documentation and background checks confirm legitimacy.

Restrict or refuse services if tobacco-trading customers repeatedly fail to provide valid excise or import documentation or show patterns of rerouting shipments to hide true destinations. Prohibiting high-risk transactions or freezing accounts where credible documentation is lacking prevents ongoing contraband-financed activity within the institution.

Temporarily freeze, block, or limit access to accounts exhibiting repeated extortion-linked transactions or abrupt influxes of coerced funds. This measure halts the laundering process while investigations assess whether continued account usage poses legal or reputational risks.

Restrict or apply heightened scrutiny to transactions involving unregulated or foreign-based cryptocurrency exchanges, newly generated wallets with no verifiable history, and known ransomware addresses. By limiting direct access to high-risk exit points, institutions reduce the likelihood of facilitating ransomware cash-outs.

Swiftly freeze or limit accounts tied to recurring transfers of suspected extortion proceeds, especially when linked to organized crime or extremist groups. Restrict access to high-risk products and channels until the legitimacy of funds is confirmed, preventing the ongoing laundering of forced protection fees and mitigating institutional exposure.

Implement specific controls that require management approval and documented justification for large withdrawals or transfers from government accounts to personal or third-party accounts when public officials are signatories. Require official budgetary or procurement references before releasing funds. By limiting direct fund movements that lack sufficient documentation, institutions can reduce opportunities for diverting public resources into private channels.

If recurring concerns arise, such as unexplained or unverified cash payroll outlays, restrict the client’s access to high-volume cash withdrawals or require the use of traceable wage payment platforms. If requests for transparency are unmet, suspend or limit applicable services until the business demonstrates legitimate, documented payroll processes.

Blacklist or bar individuals identified for TITO-based laundering attempts from using electronic gaming machines or entering gambling venues. Apply cross-venue bans to prevent repeated exploitation of rapid cash insertion and ticket redemption, thereby disrupting known offenders' access to TITO transactions.

Limit or prohibit non-face-to-face gold purchases above a certain threshold, requiring in-person verification or enhanced KYC. This measure curtails criminals' ability to exploit anonymous or minimal-diligence channels when acquiring high-value gold.

Require management approval or hold periods for high-value political donations, especially those linked to foreign entities or newly formed nonprofits. Enforce stricter documentation requirements, such as proof of compliance with campaign finance regulations, prior to releasing funds. This reduces the risk of inadvertently processing corrupt payments disguised as lawful contributions.

Suspend or limit accounts when credible indicators of forced prostitution or child sexual exploitation arise. Block high-risk transfers and freeze assets linked to victims' exploitation. Require verifiable proof that the customer's activities do not violate laws before restoring full service.

Restrict or condition inbound foreign capital injections when adequate investment documentation, beneficial ownership details, or evidence of economic substance is missing. Suspend or freeze funds until all required proofs are provided to prevent criminals from funneling illegal assets into local entities under the guise of legitimate foreign investment.

Limit or deny certain high-risk transactions, such as large remote subscriptions or rapid redemption requests, when due diligence reveals insufficient transparency regarding beneficial owners or unexplained funding sources. Freeze or restrict account activities if the investment entity displays red flags consistent with cross-border layering or inflated share valuations. This prevents criminals from exploiting easier channels to launder illicit capital through lightly regulated private funds.

Restrict or prohibit certain account features, such as unlimited international withdrawals or reloads, for prepaid or e-wallet accounts linked to high-risk offshore issuers. For example, impose lower transaction limits or require additional approvals for cross-border usage to prevent the unchecked reloading of illicit funds.

Refuse or restrict high-risk transactions involving offshore gambling entities that lack transparent beneficial ownership or valid licensing. Impose account limits or heightened scrutiny for payouts to personal or shell accounts, especially when operators cannot substantiate legitimate gaming business activity.

Require management approval or impose strict thresholds on offshore wire transfers to high-risk secrecy hubs. When a legitimate business purpose is not documented or justified, temporarily limit or block these transactions to prevent layered funds from moving undisclosed across borders.

Restrict or suspend services for unlicensed or noncompliant crypto ATM operators by setting firm daily or per-transaction caps and blocking transactions that lack sufficient customer identity data. By imposing direct limitations on usage, institutions can curtail excessive anonymity and the structured movement of illicit funds through crypto ATMs.

Implement tighter controls or restrict services for accounts that repeatedly engage in cross-wallet flips, bridge assets to unregulated NFT platforms, or display inflated NFT pricing activity. By limiting high-risk or opaque NFT transactions, institutions reduce the likelihood of facilitating layered proceeds disguised as legitimate digital collectibles.

Set strict transaction limits or deny large-volume cash services for customers who cannot provide valid cross-border cash documentation. Require manager-level approvals for any single cash deposit or withdrawal exceeding a designated threshold, particularly for high-risk routes or repeat international travelers. This prevents the easy placement of undeclared or illicitly transported currency into the banking system.

Deny or limit the distribution of high-value banknotes (e.g., €500 or similar) to customers or money service businesses unless they provide legitimate, documented business rationales. By restricting access to large-denomination bills, institutions directly disrupt criminals' ability to acquire compact, high-value currency for stealth cross-border transport.

Temporarily limit or freeze in-game asset transfers or withdrawals for accounts exhibiting multi-account layering patterns, such as rapidly shifting funds back and forth with minimal actual gameplay. By restricting services or access, institutions can halt suspicious flows until customers provide additional information or pass further due diligence checks.

Restrict or suspend services when an account engages in repeated wash trading, code exploits, or unusual NFT flipping patterns that strongly indicate layering. Temporarily freeze assets or block further conversions until the customer can provide credible documentation and clarification, preventing further misuse of metaverse channels.

Restrict or suspend transactions linked to known unregulated RMT platforms, brokers, or cross-chain bridging services lacking adequate AML protocols. By limiting these higher-risk channels, financial institutions disrupt criminals' ability to transfer illicit value between unrelated gaming or external environments.

Implement rules to suspend or limit access to in-game currency transactions when indicators of exploitation are detected, such as abnormal microtransaction volumes, cross-border item trades, or inflated asset values. Require additional documentation or proof of legitimate activity before restoring services to mitigate laundering efforts mid-flight.

Limit or block high-risk decentralized bridging channels and token transactions associated with minimal KYC platforms. Freeze or deny transfers involving wallets flagged for repeated obfuscation or layering activities. These controls deter criminals from exploiting unregulated token swaps and cross-chain mechanisms at scale.

Restrict or disable payment token services originating from or targeting jurisdictions with inconsistent AML regulations. Impose volume or frequency caps for payment token transactions when KYC processes are insufficient, and block customers who refuse to provide credible information on funding sources.

Restrict bridging transactions with platforms lacking robust AML controls, or impose enhanced vetting on them. Enforce additional approval or documentation requirements for cross-chain transfers that exceed defined risk thresholds. This will limit criminals' ability to exploit unregulated services for layering.

Limit or block governance token transfers to or from opaque decentralized platforms and unregulated jurisdictions, especially when transaction sizes or frequencies are misaligned with known customer profiles. By restricting high-risk cross-chain activities, institutions can interrupt the layering chains that exploit governance token obfuscation.

Restrict or suspend high-risk DeFi services if customers engage in repeated chain-hopping or large-volume aggregator bridging without legitimate purposes. Impose additional verification steps, such as proof of wallet ownership or documentation of the origin of crypto assets, before permitting further DeFi-related transfers.

Deny or limit access to high-risk DeFi protocols or unregulated cross-chain bridging platforms that lack robust AML/KYC controls. For utility tokens primarily traded for anonymous layering, impose transaction limits, require additional approvals, or enforce usage bans to obstruct illicit fund movements.

Implement strict transaction velocity or frequency controls to cap repeated micro-transfers, block transactions from known high-risk addresses or jurisdictions, and introduce time delays for higher-risk transactions. These measures directly inhibit typical peel chain practices by limiting a criminal’s ability to rapidly disperse a large balance into numerous small amounts.

Restrict or suspend services when multiple unexplained third-party payments emerge, particularly if depositors evade identification. Institutions can limit account features or freeze payments until the external payer’s legitimacy is proven, blocking further exploitation of anonymous payment avenues.

Impose stricter controls or caps on red and green clause letters of credit for high-risk or new trade finance clients. Withhold partial or early disbursements until supporting documentation, such as bills of lading or customs filings, has been validated. This prevents offenders from exploiting advanced payment clauses through inflated invoices or phantom shipments.

Deny or suspend bill of exchange financing services if documentation anomalies cannot be resolved or if the institution detects repeated attempts at over-invoicing or phantom shipping. Require robust escalation protocols where service restoration occurs only upon satisfactory verification of legitimate trade flows and beneficial ownership.

Suspend or limit account functions when indicators of identity impersonation emerge, such as tampered ID documents or suspicious login anomalies. Require in-person verification or additional biometrics before restoring functionality. This directly curtails further fraudulent use under a compromised identity.

Restrict or suspend account openings when the same IP address or device repeatedly attempts to onboard using different identities. Limit risky features, such as high-value transfers, until additional identity checks are completed, especially when remote desktop or anonymizing tools are detected during onboarding.

Temporarily disable or limit digital banking features when multiple failed logins, flagged IP addresses, or other high-risk indicators suggest an account may be compromised. Require re-authentication or additional verification steps before allowing high-value transfers or profile changes. This intervention impedes the immediate criminal misuse of compromised accounts.

Restrict or require heightened approval for high-risk FX transaction types, especially when partial or advanced payments deviate substantially from normal trade practices or when hedging tools appear misaligned with legitimate business needs. Enforce the refusal of services if a customer cannot adequately justify complex multi-jurisdictional FX flows.

Restrict or deny the MSB’s access to high-risk services, such as large-sum foreign currency exchanges or multiple consecutive cross-border transactions, if it fails to demonstrate adequate AML controls or shows indicators of complicit ownership. Limiting high-risk channels prevents the continuous flow of illicit proceeds through compromised MSBs.

Restrict or suspend high-risk services, such as frequent cross-border wires or large currency exchanges, for accounts showing repeated signs of funneling. Allow further usage of these services only after the customer provides documented business needs and passes additional scrutiny.

Temporarily restrict or deny high-risk services or transactions, such as frequent large cash movements or opaque cross-border transfers, when diplomatic or state-owned entity accounts cannot or refuse to provide sufficient justification or relevant documentation. Lift restrictions only upon receipt of a credible explanation, preventing indefinite misuse of immunity from standard due diligence.

Restrict or prohibit high-value single-premium insurance policies originating from offshore or lightly regulated insurers that fail to provide transparent beneficial ownership details or credible source-of-funds evidence. Suspend or delay claim payouts until policyholders substantiate an insurable interest and legitimate financial transactions. This reduces opportunities to launder funds through fabricated or rapid redemption claims in offshore insurance channels.

Restrict or require pre-approval for large or frequent third-party deposits, cap early redemption amounts, and limit the frequency of refunds. By curbing flexible payment features, institutions reduce the opportunity for criminals to convert overfunded balances into ostensibly legitimate payouts.

Restrict or require additional approvals for annuity activities where policy ownership or beneficiary changes lack a clear business or familial reason. Impose holding periods or freeze suspicious partial surrenders and policy transfers until further due diligence is completed.

Enforce temporary suspensions or controls on account functionality when repeated or unexplained changes in trading authority occur. Require documented justifications for each modification and limit access to sensitive features until due diligence confirms the authenticity and legitimacy of new account holders.

Temporarily halt or require elevated approval for policyholder or beneficiary substitutions once a pattern of frequent, unexplained changes is identified. This includes resolving discrepancies regarding the source of funds or verifying the legitimacy of new parties before allowing further alterations, thereby preventing additional layering or concealment of beneficial owners.

Limit or require preapproval for large or repeated overfunding of insurance products beyond standard coverage amounts. Impose temporary holds on refunds or surrenders exceeding established thresholds until additional documentation substantiating the transaction's legitimacy is provided and reviewed.

Temporarily limit or block payment processing capabilities for merchants or customers whose chargeback levels exceed acceptable thresholds or exhibit collusive dispute patterns. Actions may include reducing daily transaction limits, suspending specific credit card usage, or placing account holds while investigations proceed, directly curtailing further misuse of chargebacks to launder funds.

Temporarily restrict or freeze accounts engaging in confirmed or ongoing manipulative activities (e.g., repeated wash trades, spoofing strategies). This pause enables thorough investigative steps, collection of additional documentation, and timely disruption of market manipulation attempts before significant harm occurs.

Restrict direct market access or advanced trading capabilities for accounts linked to repetitive suspicious trades in low-liquidity equities. Impose additional verifications or withhold margin trading privileges until legitimate business purposes are confirmed. These targeted controls prevent repeated manipulative behavior and safeguard the integrity of capital markets.

Restrict or suspend specific trading functionalities (e.g., high-frequency or offsetting orders) for customers exhibiting suspicious wash trading patterns. Require documented justification for high-volume or repetitive trades before allowing continued access to advanced trading features.

Restrict or discontinue services for any customer or transaction that refuses or fails to provide recognized legal documents for high-value asset transfers. This tactic directly disrupts off-the-record deals by preventing account holders from using institutional channels without clear and verifiable proof of ownership.

Limit or condition account services if a customer relies on unregistered, opaque microfinance groups that cannot demonstrate legitimate contributions and transparent recordkeeping. Institutions can impose deposit thresholds, require documented proof of group legitimacy, or suspend services if the group’s structure remains unclear and high-risk.

Require heightened approvals or impose limits on substantial outgoing payments labeled as consultancy or management fees to recently established or high-risk entities. Demand additional justification or documentation for unusually high invoices, withholding or rejecting transactions lacking verifiable service proofs.

Restrict or block transactions involving addresses or platforms known for darknet market activity. Impose velocity limits on high-risk cryptocurrency movements, deny services to unverified peer-to-peer exchanges, and suspend accounts that repeatedly route funds through mixing services or illicit marketplaces without legitimate justification.

Restrict or suspend high-risk trading services when repeated offset transactions lacking economic justification are identified. Freeze accounts or impose trading limits until the customer provides valid explanations and supporting documentation. This action halts ongoing mirror trading, ensuring that those exploiting offset positions cannot continue transferring funds undetected.

If customers are repeatedly executing offsetting trades without a legitimate rationale, suspend or limit their ability to trade securities. Impose tighter controls on suspicious accounts, such as limiting transaction frequency or requiring pre-trade approvals, to halt ongoing wash-trade strategies.

Enforce daily or session-level withdrawal limits and require managerial approval for rapid or high-value cash-outs. By limiting frequent small increments of cash withdrawals or disallowing large one-time withdrawals without approval, institutions inhibit the immediate conversion of illicit funds into untraceable currency.

Impose limits on point loading and require verification for large or frequent loyalty point transfers. Block or restrict suspicious account activity, such as multi-account pooling, excessive accumulations, or swift cross-platform conversions, to curb unregulated value transfers through loyalty programs.

Impose limits on large buy-ins, frequent voucher redemptions, or rapid cross-border credit transfers without enhanced identity checks to restrict criminals' ability to exploit gambling channels for layering.

Restrict high-stakes betting or freeze accounts if suspicious chip transfers emerge, such as repeated large losses to a single beneficiary, until thorough investigations are completed. For newly opened or unverified player accounts, impose tighter bet limits or require additional verification when abrupt, high-value chip losses occur.

Deny or revoke junket operator licenses when consistent AML breaches or ties to criminal enterprises are identified. Freeze or block accounts of promoters suspected of facilitating bulk cash movements or cross-border layering to prevent the continued exploitation of junket privileges for laundering illicit funds.

Blacklist or freeze accounts identified as participating in or benefiting from match-fixing arrangements. Collaborate with sports governing bodies and integrity units to ban or suspend corrupt athletes, officials, or intermediaries from placing bets or receiving payouts. By imposing direct service restrictions, institutions disrupt ongoing match manipulation schemes and block attempts to launder illicit proceeds via fraudulent gambling wins.

Limit or block transactions for customers repeatedly linked to illegal gambling activities, and impose strict controls on large cash deposits without proof of legitimate wagers. If a customer fails to present evidence of licensing or verifiable gambling receipts, suspend related services to curtail the inflow of illicit funds from underground gambling channels.

Refuse or restrict auction-related transactions if participants cannot provide adequate identification or beneficial ownership credentials. Impose strict limits on accepted cash bids for high-value auctions to ensure traceable payment channels and enhance transparency in ownership structures.

Use temporary holds, partial payouts, or additional verification steps when early withdrawal requests present suspicious or incomplete documentation. This measure disrupts fraudulent attempts, allows for deeper investigation, and delays fund release until the claimant’s supporting evidence is validated.

Set daily or monthly limits on negotiable instrument purchases unless credible business needs are documented. If customers request multiple instruments in short intervals without legitimate rationale, restrict or delay additional purchases pending further review.

Limit or suspend sub-agents from handling high-value or high-risk cross-border transfers without explicit principal authorization. Enforce transaction velocity controls to prevent structuring or bulk deposits below reporting thresholds, preventing sub-agents from evading detection by segmenting funds into smaller transactions.

Restrict or deny services to unlicensed or high-risk currency exchange operators. Require verifiable evidence of regulatory compliance and AML controls before approving large-scale cross-currency transactions. This measure prevents criminals from exploiting weak or complicit exchange facilities.

Restrict or block the use of unlicensed or high-risk currency exchange services and set tighter transaction limits for customers exhibiting repeated multi-currency flows with no clear commercial basis. By controlling access to suspicious exchange channels, institutions limit opportunities for structured currency layering below detection thresholds.

Restrict or prohibit ongoing multi-currency conversions involving unlicensed money service businesses or high-risk corridors until thorough checks are completed. Immediately limit large or frequent cross-border FX swaps if there are red flags, such as no clear business rationale or repeated structuring below thresholds. Only reinstate services once due diligence confirms a legitimate basis for the activity.

• Restrict or temporarily block transactions involving unlicensed or poorly regulated platforms offering privacy coin trading.
• Require customers engaging with privacy coins to provide evidence of the platform’s regulatory compliance or documented business justification.
• If inconsistencies appear, suspend related transactions until compliance checks are satisfied.

Impose daily or per-transaction limits on remote deposit capture for new or higher-risk accounts. Enforce extended hold periods on deposited checks flagged for potential anomalies, such as sequentially numbered checks or mismatched endorsements, to allow for a more thorough review before funds are made available.

Restrict or suspend carbon credit trading services when clients fail to provide valid VAT documentation, show no legitimate commercial justification for repetitive high-value trades, or engage solely through opaque special-purpose vehicles. Limit or freeze suspicious carbon credit transactions pending in-depth investigation to prevent ongoing illicit layering.

Restrict or require elevated approval for cross-border transactions routed through high-risk or minimal oversight regions known for incomplete AML data requirements. Apply corridor-level transaction caps or manual intervention where LEI or ownership data is systematically omitted, preventing criminals from repeatedly exploiting weak control points along multi-country transfers.

Restrict or deny certain cross-border services when intermediaries cannot present verifiable ownership or licensing credentials. Impose transaction caps or mandate secondary approvals for agents operating in high-risk zones, thereby limiting their ability to layer funds unseen across multiple jurisdictions.

Restrict or suspend additional sub-account openings or large incoming deposits when customers fail to justify sudden asset inflows or provide transparent ownership information. Limit high-risk services for clients unwilling to clarify cross-border transactions or demonstrate a legitimate investment rationale, thereby reducing opportunities for layering and concealment.

Refuse or limit critical banking services for entities unable to provide verifiable proof of legitimate commercial activity, genuine beneficial ownership, or stable jurisdictional registration. Immediately freeze abusive or evasive accounts if intangible businesses fail to comply with additional documentation requests demonstrating bona fide operations.

Limit or block access to products and channels that facilitate undisclosed cross-wallet transfers, anonymous deposits, or unregulated exchanges when repeated reinvestment or chain-peeling patterns appear. Temporarily freeze account activity for further review if necessary, curbing ongoing layering attempts within crypto-related services.

Restrict or pause M&A-related services when promised transaction documents lack credible validation, beneficial ownership records are incomplete, or valuations deviate significantly from independent benchmarks. Block large-scale payments if the customer fails to resolve anomalies or provide transparent financial statements supporting a legitimate merger or acquisition.

Restrict or refuse services related to freeport storage if a client fails to provide credible information on an asset’s origin, ownership, or valuation. This may include suspending payments to the facility or freezing accounts until thorough verification is completed. By withholding services under opaque conditions, institutions minimize exposure to hidden, high-value assets of questionable legitimacy.

Restrict or deny financial services for real estate transactions where no valid broker licensing information is provided. Require proof of registration or affiliation with recognized real estate regulatory bodies before processing payments to ensure that unlicensed brokerage channels are cut off.

Limit access to alternative payment channels under anonymous or incomplete KYC conditions by capping transaction volumes or frequency. Freeze or terminate services if patterns indicate unverified layering, such as continual high-value top-ups and scattered withdrawals lacking credible justification.

Restrict or deny financial services to unregistered or suspicious P2P exchange operators, implementing transaction limits or account freezes for recurring layering patterns. This measure curbs the ability of criminals to move large sums across informal P2P channels that lack adequate oversight.

Limit or temporarily block high-risk features, such as cross-border transfers, for newly onboarded or unverified mobile payment users until robust KYC is completed. Impose volume or time-based transaction caps to disrupt rapid layering cycles and prompt further review of questionable activity.

Automatically restrict or temporarily block access when the system detects multiple incongruent identity documents submitted from the same IP or device. Prompt additional verification steps, such as live video calls, as a condition for continued service.

• Deny or curtail payment processing services when aggregators or TPPPs fail to provide full sub-merchant details or substantiate legitimate transaction commingling.
• Freeze or block accounts immediately upon evidence of unauthorized merchant identity usage, halting additional undisclosed funding flows.

Restrict or suspend high-risk features (e.g., large or cross-border transfers) for customers unable to substantiate the legitimacy of their social media-based employment claims. This step prevents further exploitation of personal accounts by organized mule recruiters while compliance teams investigate.

Implement immediate restrictions or suspensions on accounts exhibiting signs of phishing-based mule activity. These signs include newly established personal accounts receiving multiple deposits from unrelated third parties and transferring them onward under vague 'employer' instructions. These actions should be taken pending a thorough review.

Restrict or freeze rapid outgoing wire options, impose daily transfer limits, or deny further third-party deposits when an account exhibits hallmarks of fake job pass-through activity. Require additional evidence of legitimate employment before resuming normal services.

• Limit or block product offerings, such as cross-border wire transfers or complex corporate accounts, for jurisdictions and customers flagged as high risk for sanctions evasion.
• Require additional documentation or approvals before permitting services that could be misused to circumvent sanctions, effectively constraining illicit financial flows.

Temporarily or permanently limit high-risk products and cross-border transactions for customers with credible indications of involvement in drug trade. For instance, suspend trade finance services or large-value transfer capabilities until thorough investigations confirm the legitimacy of the customer’s operations.

Restrict or suspend trade-related financing or cross-border wire services for customers flagged for questionable commodity dealings until the legitimacy of their transactions is verified. By limiting access to high-risk channels, financial institutions reduce the opportunities for rapid layering or integration of illicit proceeds from contraband goods.

Deny or limit access to banking services for clients unable to produce valid pharmaceutical licenses or who repeatedly fail authenticity checks. This restricts illicit operators from freely trafficking counterfeit medicines by curtailing their use of financial channels.

Require out-of-band confirmation or dual authorization for high-value or urgent transactions initiated by phone or video. This measure ensures that no single voice or video call can approve a wire transfer without additional scrutiny or authentication through an alternate, secured channel.

Restrict or freeze accounts identified as repeatedly facilitating advance fee scams by imposing transaction limits or blocking outgoing transfers until the suspicious activity is validated. This prevents continued victimization and disrupts the flow of illicitly obtained funds from 419-type frauds.

Restrict or deny listing and fundraising services for cryptocurrency projects that lack transparent ownership structures or fail to meet basic disclosure criteria. By requiring evidence of team credentials and legitimate organizational details, institutions reduce the likelihood of facilitating a rug pull scam.

Implement temporary holds or account access limits when customers receive atypical or repeated unemployment benefit deposits from multiple sources without clear justification. This measure prevents the rapid movement of potentially fraudulent funds and provides time to verify legitimate eligibility before releasing them.

Restrict or temporarily pause high-value transfers to crypto addresses or platforms flagged by negative media, scam reports, or suspicious clustering analytics. When romantic or personal relationship-based investments are identified, enforce additional verification steps for large or repeated transactions to recently established exchanges. This prevents the quick dissipation of victim funds and disrupts funneling or layering attempts emblematic of Pig Butchering schemes.

Impose extended holds on fund availability for new or high-risk customers depositing checks. Restrict or delay access to specially flagged checks, such as those from unfamiliar payors or with suspicious alterations, and deny check-cashing services if documents appear invalid. Freeze or block transactions pending further inquiry when deposits show signs of check fraud.

If an account shows recurring suspicious inflows related to timeshare fees with no real transaction evidence, temporarily restrict services or freeze funds pending documentation of a legitimate closing process. This measure prevents fraudulent operators from continually collecting illicit funds.

Restrict or suspend high-risk accounts receiving multiple 'lottery fee' payments from disparate sources lacking credible justification. Prevent further outgoing transfers or layering until the account holder provides satisfactory explanations or proof of legitimate lottery activity.

Initiate account service restrictions, such as temporary holds or blocking withdrawals, if the legitimacy of the employer cannot be corroborated or if contradictory evidence suggests fraudulent claims. Require credible proof of valid employment relationships before restoring normal account functions. This directly disrupts criminal attempts to rapidly disburse illicit funds derived from fabricated employer-employee schemes.

Limit or suspend high-risk services, such as instant cross-border wires or large-volume cryptocurrency conversions, for newly established or unverified investment offerings. This restricts a fraudster’s ability to rapidly move or launder victim funds, thereby forcing greater transparency and reducing illicit outflows.

Limit or refuse trade financing, letters of credit, or payment services when timber transactions are linked to invalid permits, incomplete documentation, or suspicious third parties. Enforce service denial for any repeated patterns indicating illegal deforestation or ongoing environmental violations.

Limit or deny account services to mining clients or traders who cannot demonstrate valid permits, transparent sourcing, or adherence to production thresholds. Suspend or freeze accounts if forged permits, repeated shipment discrepancies, or conflicts with regulatory data are uncovered, blocking further laundering of illegally mined assets.