Techniques

Launderers commonly exploit shell companies by employing opaque ownership structures, nominee directors, and secrecy-friendly registrations to obscure beneficial ownership and create convoluted transaction layers, thereby facilitating cross-border movement of illicit funds and hindering AML/CFT efforts.

Adversaries often purchase shelf companies to leverage their pre-existing corporate histories, allowing them to bypass time-consuming incorporation processes and obscure beneficial ownership. By rapidly replacing nominee management and exploiting established credit or bank accounts, they can more easily pass due diligence checks and layer illicit proceeds.

Launderers typically exploit these short-lived shell companies to conduct rapid, one-time transactions and dissolve them soon after, preventing meaningful due diligence and obscuring beneficial ownership. This rapid lifecycle leaves minimal records for investigators, significantly hindering asset tracing and evidentiary efforts.

Launderers typically exploit multi-jurisdiction corporate structures by layering shell entities, nominee shareholders, and trusts to obscure beneficial ownership and circumvent AML scrutiny. Such arrangements allow them to leverage regulatory disparities across different jurisdictions and hinder financial investigations.

Adversaries typically exploit intermediary-facilitated transfers by inserting complicit or unwitting third parties—known as straw men or nominee arrangements—to register accounts or manage shell entities on their behalf. This layering obscures beneficial ownership, distances the true controllers from suspicious transactions, and complicates investigators’ ability to identify ultimate beneficiaries.

Adversaries typically exploit cryptocurrency mixing services to pool and shuffle illicit funds among legitimate deposits, obfuscating transaction paths and hampering investigators’ ability to detect suspicious flows. By combining mixing with other layering tactics, launderers further complicate tracing efforts and exploit regulatory gaps to evade AML/CFT controls.

Launderers may deposit illicit proceeds into custodial mixers, commingling them in the operator's wallet before withdrawing funds that appear unlinked to the original source, thus obscuring ownership and provenance. Adversaries could further capitalize on minimal compliance oversight and the single operator control to repeatedly layer and conceal large sums, hindering effective AML/CFT tracking.

Adversaries typically exploit decentralized mixers to co-mingle illicit funds and obscure their origins, leveraging peer-to-peer protocols and self-executing smart contracts that reduce transparency and bypass centralized oversight. By eliminating a single custodian and minimizing or omitting compliance controls, these platforms complicate investigative efforts and impede fund seizure or intervention.

Launderers typically exploit structured cash deposits—splitting or staggering amounts below reporting thresholds and enlisting third parties—to place illicit proceeds into the banking system undetected. Once these funds are in, they often transition swiftly to layering, moving assets between multiple accounts or institutions to obscure their origin and flow.

Adversaries typically exploit cross-chain bridges, minimal-KYC services, and unhosted wallets to repeatedly move crypto assets between blockchains, introducing new tokens or stablecoins at each hop to obscure transaction histories. By layering these transactions with decentralized exchanges and mixers, they create complex transactional paths that significantly hinder investigators’ ability to trace illicit funds.

Adversaries may exploit Burn and Mint Transfers by irreversibly destroying tokens on one blockchain and creating new ones on another, thereby severing the transactional chain and obscuring asset origins. This gap in the audit trail complicates forensic analysis and is often combined with minimal-KYC bridging or wrapped token mechanisms to further impede investigators.

Launderers often exploit cross-chain bridges to seamlessly move illicit assets between multiple blockchains, obscuring transaction provenance through lock-and-mint bridging and integrating with minimal-KYC platforms or unhosted wallets to further complicate regulatory oversight.

Adversaries typically exploit bribery by offering undue advantages—such as kickbacks or covert payments—to decision makers or gatekeepers, prompting them to ignore or falsify AML checks. This manipulation suppresses red flags, deters investigations, and ultimately facilitates the undetected flow of illicit proceeds.

Launderers exploit minimal oversight and subjective pricing in high-value collectibles markets—such as artwork, and antiquities—to convert illicit assets into readily marketable items and evade formal financial scrutiny. Through repeated buy-sell cycles, falsified provenance records, and complicit dealers, they layer and integrate these proceeds into legitimate commerce, further obscuring their illegal origins.

Adversaries typically exploit the antiquities market’s opaque provenance and subjective valuations—employing falsified records, private cross-border transactions, and repeated resale of artifacts—to layer illicit funds and ultimately present criminal proceeds as legitimate gains. By manipulating artifact pricing and using discreet storage channels such as free ports or free trade zones, they obscure ownership trails and distance illegal capital from its criminal origins.

Adversaries typically exploit invoice manipulation to falsify or inflate trade documentation—often reusing shipment records, colluding with import–export parties, and leveraging opaque beneficial ownership structures—to disguise illicit funds as ordinary trade proceeds.

Adversaries may repeatedly submit identical or slightly altered invoices to different financial institutions, securing multiple payments or lines of credit for the same shipment and thereby layering illicit proceeds under seemingly normal trade transactions.

Adversaries typically exploit inflated transaction pricing by overstating invoice costs above fair market value, allowing them to divert excess funds as bribes, kickbacks, or other illicit payments under the pretense of routine billing or procurement processes. This tactic leverages legitimate invoicing structures to conceal suspicious outflows, making detection and scrutiny by financial institutions and regulators more challenging.

Launderers typically exploit trade misinvoicing by falsifying the declared value, quantity, or quality of goods in cross-border transactions, allowing illicit funds to masquerade as legitimate trade flows. This tactic leverages inconsistent data oversight and self-reported processes, complicating detection and enabling large-scale layering of unlawful proceeds.

Adversaries typically exploit Asset Cloaking by forming or leveraging opaque legal entities, nominee relationships, and offshore vehicles in secrecy-friendly jurisdictions, obscuring true beneficial ownership and hindering investigative efforts to trace or recover illicit proceeds.

Launderers often exploit real estate transactions by employing straw buyers or shell entities to obscure beneficial ownership, inflating or deflating property values through repeated flips, and leveraging complex cross-border or multi-layered structures to integrate illicit proceeds while frustrating AML/CFT detection efforts.

Launderers typically exploit construction and infrastructure projects by inflating costs, over-invoicing, and routing funds through shell entities or subcontractors to layer illegitimate capital among legitimate expenditures. Adversaries may further obfuscate beneficial ownership by splitting project stakes, misusing government contracts, or channeling funds via charitable infrastructure initiatives, ultimately integrating illicit proceeds into the formal economy as seemingly legitimate assets or revenue streams.

Adversaries typically exploit high-cash-flow real estate ventures—such as hotels or shopping centers—to commingle illicit proceeds with legitimate revenue streams, leveraging layered ownership structures and shell entities to obscure beneficial owners. By integrating unlawful funds into frequent, routine transactions, launderers reduce detection risks and seamlessly funnel illegal proceeds into the formal financial system.

Adversaries commonly exploit international real estate by using offshore accounts and complex ownership structures to obscure beneficial owners, shift illicit funds across borders, and evade jurisdictions with weak transparency measures, thereby hampering timely identification of suspicious transactions.

Adversaries typically exploit rental income schemes by injecting illicit funds disguised as legitimate rent payments—often facilitated through falsified tenancy agreements, shell companies, or complicit property managers—to commingle illegal proceeds with genuine real estate revenue and obscure their illicit origins.

Adversaries typically exploit all-cash real estate purchases to circumvent standard financial institution due diligence, often structuring payments below reporting thresholds or leveraging shell companies and third parties to obscure funding sources and beneficial ownership, thereby layering illicit proceeds and evading detection.

Launderers often utilize real estate escrow flips by purchasing property with illicit funds through an escrow account—thereby masking the source of the capital—and then rapidly reselling the asset at or near market value, recasting the proceeds as legitimate through a documented transaction. This tactic leverages the routine structure of property closings to layer and integrate criminal proceeds under the guise of standard real estate operations.

Launderers typically exploit money mules by channeling illicit proceeds through personal or business accounts to obscure their true beneficiaries, creating multiple layers of separation. Adversaries may scale these operations across jurisdictions and networks of “mule” accounts, complicating AML detection and reducing traceability for law enforcement.

Adversaries typically exploit regulated exchanges by employing multiple mules and falsified documentation to circumvent KYC controls, obscuring the ultimate beneficiary of illicit funds. Through these mule-driven transactions, they layer proceeds within normal trading flows, undermining transparency and evading AML detection.

Launderers typically exploit crypto ATM mules by directing them to convert illicit fiat currency into cryptocurrency while relying on weak or nonexistent KYC measures to swiftly obscure transaction chains. They then leverage minimal AML/CFT controls to conduct repeated cross-jurisdictional deposits and withdrawals, distancing proceeds from their illicit origins.

Launderers may deploy networks of mules to funnel illicit funds through casino chip purchases, minimal gaming activity, and structured redemptions across multiple patrons and accounts. This approach exploits casinos’ transactional flexibility—converting small denominations into larger chips or currency and issuing ostensibly legitimate checks—to obfuscate the funds’ illicit origin.

Launderers may forge or falsify documents to obscure beneficial ownership and the true source of funds, fabricate fictitious identities or inflated invoices, and thereby subvert due diligence controls while complicating efforts to trace illicit proceeds.

Launderers typically fabricate or alter settlement records under the guise of legitimate trade, leveraging fictitious suppliers or inflating invoice values to exploit cross-border or regional payment networks and obscure illicit proceeds. By exploiting multi-jurisdictional oversight gaps and presenting fraudulent documentation, they circumvent standard due diligence and evade regulators’ attempts to authenticate transactions or trace suspicious flows.

Launderers typically exploit digital vulnerabilities to forge or manipulate critical financial records—such as invoices, account statements, or transaction data—which obscures ultimate fund ownership, circumvents compliance checks, and effectively integrates illicit proceeds into legitimate-appearing financial flows.

Adversaries may forge or fabricate specialized permits or licenses to project compliance with stringent sector regulations, thereby concealing illicit ownership structures or sources of funds. By mimicking legitimate oversight processes, they undermine AML/CFT controls and divert attention from illegal transactions.

Launderers may exploit IVTS to transfer illicit proceeds beyond regulated banking oversight, relying on personal trust, offset arrangements, and minimal documentation to obscure transaction trails. By blending legitimate remittances with criminal funds, adversaries circumvent AML/KYC controls and effectively shield cross-border movements of value.

Adversaries typically exploit unlicensed MSBs to circumvent reporting thresholds and obscure beneficial ownership, enabling swift high-volume transfers of illicit proceeds under minimal oversight. By integrating criminally derived funds within seemingly legitimate remittances, these informal channels facilitate cross-border movement and compartmentalization of illicit assets.

Adversaries could exploit Hot Transfers by offsetting accounts and commodities like gold across multiple jurisdictions, thereby avoiding formal bank transfers and documentation. They typically rely on trade-based offsets and parallel businesses to rapidly move illicit funds beyond regulatory scrutiny.

Adversaries frequently exploit Node Exchange Provisioning by orchestrating off-the-record fiat-to-crypto conversions through informal, unregulated networks with minimal KYC, effectively bypassing standard AML controls. Their use of discreet brokers, cash couriers, and cross-border transactions further complicates detection and hinders authorities’ ability to trace illicit fund flows.

Launderers typically exploit hawala’s trust-based, off-ledger settlement networks—characterized by minimal documentation and opaque record-keeping—to move substantial volumes of illicit value across borders while evading regulated financial channels and AML controls [118] [346]. Adversaries may further obscure the funds’ criminal provenance by pairing hawala transfers with falsified trade invoices or other document-manipulation tactics, thereby frustrating conventional detection mechanisms [745].

Adversaries typically exploit the Black Market Peso Exchange by funneling U.S. dollars from illicit proceeds through peso brokers, who then settle foreign trade invoices on behalf of importers, thereby blending illicit funds with legitimate transactions and evading official currency controls.

Adversaries typically exploit Daigou networks by paying surrogate shoppers to buy high-value goods abroad with illicit funds, then reselling them domestically to launder proceeds as legitimate commercial income. This trade-based model circumvents capital controls, obscures beneficial ownership, and complicates AML detection efforts.

Launderers typically exploit front companies as seemingly legitimate entities to co-mingle illicit proceeds with genuine revenue, leveraging high-cash-flow operations and falsified documentation to reduce detection risk.

Adversaries typically establish or acquire ostensibly lawful enterprises, including farmland or agribusinesses, to disguise illegal proceeds as ordinary corporate revenue by manipulating purchase prices, falsifying financial records, and using layered corporate structures. This enables them to embed tainted funds within legitimate operations, obscure beneficial ownership, and diminish effective oversight.

Adversaries typically exploit fictitious call centers to channel illicit funds disguised as legitimate customer support revenues, leveraging minimal physical presence and sham corporate structures to obscure beneficial ownership. By orchestrating remote operations and cross-border transactions, they complicate financial institution oversight and facilitate layering and integration of illicit proceeds.

Adversaries often register or claim to operate fictitious consulting firms, issuing inflated invoices or fabricating project deliverables to disguise illicit funds as legitimate advisory fees. By colluding with complicit insiders and layering transactions across multiple jurisdictions, they effectively bypass conventional controls and obscure beneficial ownership under the guise of professional consultancy engagements.

Launderers may acquire or operate farmland and agribusinesses, exploiting factors like revaluation of land, seasonal revenue fluctuations, and reclassified property to obscure illicit capital sources and ultimate beneficial ownership, thereby intermingling illegal proceeds with legitimate agricultural operations.

Adversaries could establish fictitious jewelry or precious-metals ventures, fabricate invoices or shipping records, and blend illegal proceeds with purported sales revenues, thereby masking the true origin of funds. They typically exploit high-value commodities and falsify market values or product authenticity to obscure transactional legitimacy and hinder AML/CFT controls.

Adversaries may set up or control entertainment ventures—like production companies or concert promoters—to funnel illicit capital through artificially inflated budgets, sham sponsorships, or fabricated ticket sales, thereby disguising unlawful proceeds as normal industry revenues. By leveraging multi-jurisdictional structures and opaque ownership arrangements, they evade AML scrutiny and render typical financial oversight tools less effective.

Launderers typically exploit Deceptive Tax Filings by falsifying returns, underreporting income, and fabricating deductions to blend illicit proceeds into seemingly legitimate revenue streams. They may also route funds through low- or no-tax jurisdictions and shell entities to obscure ownership and avoid raising AML red flags.

Adversaries typically exploit anonymous networking tools—such as Tor, multi-hop VPNs, and proxy servers—to mask real IP addresses, obfuscate transaction origins, and thwart AML/CFT investigations, thereby complicating efforts to link illicit fund flows to specific individuals.

Adversaries typically exploit Virtual Private Networks (VPNs) for money laundering by masking their true IP addresses and locations, enabling them to bypass geographic restrictions and obscure the origin of illicit transactions.

Adversaries typically exploit proxy servers—often open or rotating—to mask their true IP and location, thereby evading geo-restrictions and degrading institution-level IP-based detection. By frequently switching endpoints, they hinder investigators’ ability to accurately attribute suspicious session activity, enabling stealthier fund movements and impeding AML/CFT traceability.

Adversaries typically exploit public WiFi hotspots’ weak security and minimal user verification to disguise physical location and identity, thereby evading IP-based AML controls and frustrating attribution efforts. By combining these networks with additional anonymization tools, they further degrade investigative leads and conceal illicit fund movements.

Launderers typically exploit multi-hop VPN to chain multiple connections in tandem and obscure their true origins, complicating law enforcement’s ability to correlate transaction data and identify ultimate beneficiaries. By introducing additional routing points and layered encryption, adversaries degrade tracing efforts and enhance the anonymity of illicit fund transfers.

Adversaries may route transactions through a VPN before using Tor, layering encryption in a way that obscures both the origin and destination of illicit funds, thereby significantly complicating AML/CFT investigations and degrading attribution efforts.

Adversaries typically exploit structuring by splitting illicit proceeds into smaller, below-threshold amounts deposited under multiple accounts or via different channels, thereby circumventing mandatory reporting and complicating suspicious transaction monitoring. By avoiding automated alerts and fragmenting the money flow, launderers undermine conventional controls and enable subsequent layering or integration.

Adversaries typically exploit micro-structuring by splitting larger amounts into numerous sub-threshold transactions—often under $1,000—and dispersing them across multiple accounts or channels to evade standard reporting triggers. This tactic overwhelms basic monitoring systems and obscures the movement of illicit funds, particularly when coordinated among multiple “smurfs” or facilitated via foreign withdrawal points.

Adversaries may hijack legitimate remittances by depositing illicit funds in their place, causing unsuspecting beneficiaries to perceive the transfer as a routine inbound payment. This exploitation of weak third-party deposit identification protocols allows illicit proceeds to blend seamlessly with legitimate transactions, thwarting standard AML/CFT scrutiny.

Remittance Splitting oc­curs when launderers exploit money remittance services by fragmenting illicit funds into multiple low-value transfers under various sender identities, thus avoiding formal reporting thresholds and complicating due diligence. This tactic enables rapid cash withdrawals and conceals true beneficiaries, significantly impeding effective AML/CFT monitoring.

Launderers may frequently deposit or withdraw sub-threshold sums at deposit-taking ATMs, often enlisting multiple “smurfs” and spreading out transactions to evade reporting requirements. By exploiting daily limits and circumventing in-person oversight, they swiftly move illicit funds into the financial system while avoiding enhanced scrutiny.

Adversaries typically exploit smurfing by deploying multiple “smurfs” or accounts to distribute illicit funds through numerous below-threshold transactions, obscuring the true value of the funds and defeating standard detection measures. They may execute consecutive small deposits or withdrawals, often across multiple locations or institutions, to avoid triggering monitoring alerts and complicate investigative efforts.

Launderers typically exploit online gambling platforms—especially unlicensed or lightly regulated ones—to layer illicit proceeds by funding multiple accounts in small increments, placing minimal or hedged bets, and then withdrawing or transferring balances disguised as legitimate winnings. This approach leverages inadequate KYC measures, cross-border operations, and alternative payment methods to obscure the illicit funds’ origin, complicating AML detection and enforcement.

Adversaries typically exploit online gaming platforms’ limited AML measures by purchasing in-game currencies or virtual assets with illicit proceeds and then reselling or converting them into real-world money or cryptocurrencies, allowing rapid layering and obscuring of funds across multiple jurisdictions.

Adversaries could establish or infiltrate charitable entities, exploiting their tax-exempt status and limited oversight to funnel illicit funds under the appearance of legitimate donations and grants, often using cross-border transactions and cryptocurrency to disguise true fund origins and disrupt traditional KYC processes.

Adversaries may acquire or set up nonprofit educational institutions to disguise illicit funds as tuition payments, charitable scholarships, or government grants, leveraging the sector’s minimal scrutiny and social respect. They then obscure the source of criminal proceeds through commingling, vendor impersonation, and large, high-value transactions, making detection and investigation more difficult for financial institutions and regulators.

Adversaries typically exploit crypto mining operations—either directly or through remote hosting/cloud-based services—to fund equipment and operational costs with illicit proceeds, producing newly minted coins devoid of prior transaction history. By masking these payments under “legitimate” mining expenses and leveraging minimal KYC or AML oversight, they effectively obscure the original source of the funds.

Launderers typically exploit remote or cloud-based mining by funneling illicit proceeds through hosted facilities that appear as legitimate operating costs, thereby severing on-chain links to the original dirty funds. The absence of robust KYC and AML controls at many hosting providers further enables adversaries to obscure beneficial ownership and evade sanctions.

Deprecated. This technique has been redefined as a standalone technique (now T0150) due to its distinct adversarial objective. Previously modeled as a subtechnique of Cryptocurrency Mining, Cryptojacking is now treated as an independent behavior.

Adversaries typically exploit Insider Facilitation by colluding with or bribing financial institution employees to manipulate or bypass AML checks, selectively disable transaction monitoring, and falsify records, thereby exploiting high-level access to conceal illicit transactions despite established controls.

Adversaries may establish fictitious vendor accounts and issue invoices for nonexistent goods or services, leveraging weak vetting and minimal documentation to funnel illicit funds under the guise of legitimate business expenses. By repeatedly relying on shell-company vendors and systematic misinvoicing, they obscure true payment flows and complicate AML/CFT detection.

Adversaries typically exploit identity manipulation by merging genuine and fabricated personal data to form synthetic profiles, thereby bypassing KYC controls, opening or taking over accounts, and concealing beneficial ownership. They may also alter identification documents, exploit remote onboarding procedures, and tamper with account data to maintain anonymity and evade vigilance measures.

Launderers often exploit forged, altered, or stolen identity documents—sometimes bundled in “KYC kits”—to obscure ultimate beneficial ownership and bypass standard due diligence controls. By employing shared personal data, addresses, and device fingerprints in coordinated account openings, they can move illicit funds while concealing the true source and controllers of the accounts.

Adversaries manipulate personal names—via legal changes, aliases, misspellings or transliteration variants—to slip past sanctions/KYC screening and mask prior bad history. By onboarding or transacting under an altered name, launderers gain access to financial channels while severing ties to watch-lists or earlier suspicious activity.

Adversaries may strategically acquire and exploit multiple citizenship identities to circumvent KYC processes, opening accounts under alternative nationalities and reducing the consistency of due diligence across different jurisdictions. By rotating between passports, they obscure beneficial ownership layers and evade detection triggers, thereby complicating law enforcement efforts and undermining AML/CFT controls.

Adversaries may “forum shop” for CBI/RBI schemes offering weak or inconsistent vetting in order to inject illicit proceeds and obtain legitimate residency or passports, thereby bypassing triggers for enhanced due diligence. This additional, legally sanctioned identity significantly reduces regulatory scrutiny and enables the freer movement of illicit funds across borders.

Launderers may acquire or fund sports clubs under the pretense of legitimate financing, then funnel criminal proceeds through official revenue channels and inflated valuations, leveraging opaque ownership structures and the clubs’ public prominence to deter deeper scrutiny.

Launderers use automated, high-volume transaction processes to rapidly move funds through multiple accounts and institutions, creating complex layers of transfers with minimal human intervention. This technique leverages scheduled or algorithmic transfers (often across online banking, fintech payment platforms, and even cryptocurrency networks) to obscure money trails by splitting, routing, and reassembling illicit funds in numerous small or rapid transactions. The result is a fast-moving web of “pass-through” accounts that exploits modern payment system speed to frustrate detection.

Adversaries could generate multiple virtual IBANs that disguise the true account destination and layer illicit funds, leveraging the legitimate IBAN-like format to confound transaction monitoring and obscure beneficial ownership. This tactic reduces direct oversight and complicates AML/CFT investigations by rapidly redirecting funds under a veneer of conventional banking identifiers.

Adversaries typically exploit e-commerce and marketplace ecosystems by creating sham storefronts or manipulating purchase and refund records, thereby blending illicit proceeds with legitimate transactions. They may further leverage digital assets and decentralized platforms, capitalizing on limited regulatory oversight to obscure fund origins and frustrate standard AML/CFT controls.

Launderers may exploit payroll deduction processes to obscure illicit proceeds as legitimate loan repayments, layering them within normal wage operations and minimizing red flags. By synchronizing payment schedules with genuine payroll cycles and employing fictitious or “loan-back” agreements, they conceal suspicious funding origins and effectively blend dirty money into routine financial flows.

Adversaries typically exploit the complexity of cross-border trade by re-routing shipments, falsifying documentation, and employing shell companies to obscure the true origin, value, or final recipients of illicit proceeds. This advanced form of layering leverages price manipulation, multiple jurisdictions, and high transaction volumes to evade detection by investigators and financial institutions.

Adversaries typically exploit fictitious sales by fabricating or staging bogus transactions—often supported by dummy invoices and sham documentation—to disguise illicit proceeds as legitimate commercial revenue. They may channel these funds through shell entities or cover companies, obscuring their true origin and complicating efforts by financial institutions and law enforcement to detect and trace the fraud.

Adversaries typically exploit instant exchange services to repeatedly and rapidly convert illicit funds across various currencies or blockchains, thwarting detection and regulatory oversight. By capitalizing on minimal or no-KYC requirements, launderers obscure transaction trails, rendering AML/CFT controls less effective.

Adversaries may route illicit funds through attorney or accountant trust accounts under the misconception that professional secrecy provides impenetrable protection, thereby obscuring beneficial ownership and frustrating ongoing due diligence. By leveraging confidentiality obligations and layering complex entity structures, they reduce the risk of exposure during the layering and integration stages.

Adversaries typically exploit privacy wallets’ enhanced anonymity features—like coinjoin protocols or stealth addresses—to obscure ownership, layer illicit proceeds across pseudonymous addresses, and evade AML/CFT detection. By commingling funds and severing the transaction trail, launderers can hamper regulatory oversight and frustrate investigative efforts.

Adversaries frequently exploit enhanced anonymity features in privacy wallets—such as coinjoin protocols, stealth addresses, or zero-knowledge proofs—to obfuscate beneficial ownership and transaction flows, thereby bypassing routine AML checks. By commingling multiple users' funds and layering proceeds across diverse currencies, they further fragment the transaction trail and complicate regulatory oversight.

Adversaries typically exploit this technique by sending small “test” payments to gauge financial institutions’ alert thresholds and refine their subsequent larger illicit flows to evade established AML controls.

Adversaries typically exploit business investments by channeling illicit funds into legitimate commercial ventures—either through operational budgets or equity stakes—thereby blending unlawful capital with legitimate revenue and obscuring beneficial ownership across multiple entities. They may further leverage lightly regulated or offshore investment vehicles and under-regulated advisers to circumvent scrutiny, making it difficult for authorities to distinguish criminal proceeds from genuine commercial flows.

Adversaries typically exploit self-managed or private pension schemes by funneling large sums disguised as legitimate contributions, layering and rapidly transferring these funds across multiple accounts—often internationally—to obscure illicit origins before eventually converting them into seemingly legitimate retirement payouts.

One individual or entity (the proxy) transacts or performs other actions on behalf of the true beneficial owner, obscuring the real source or decision-maker. Adversaries typically exploit proxy arrangements by appointing trusted associates or relatives, formally or informally, to mask the true beneficial owner and disrupt KYC processes. This tactic obscures ultimate control of assets and can remain undetected in jurisdictions with weak beneficial ownership checks, enabling high-risk actors such as PEPs to avoid scrutiny.

Adversaries typically exploit circular or “round-tripping” transactions by rapidly cycling funds and goods through shell companies and multiple jurisdictions, creating convoluted layers that obscure beneficial ownership and frustrate AML/CFT detection efforts. These repetitive transfers—often involving phantom shipments, re-invoicing, or multilevel entities—lack genuine economic rationale and mask the true source of illicit proceeds.

Launderers may misrepresent or falsify the stated purpose of transactions—presenting illicit proceeds as donations, family allowances, or other benign expenditures—to disguise the true origins or destinations of funds. By masking underlying criminal activities behind seemingly legitimate labels and documentation, they circumvent scrutiny and blend illegal assets into lawful financial channels.

Launderers may disguise illicit funds as personal gifts, familial support, or charitable donations through remittance services, often exceeding expected transaction volumes or lacking clear relational ties. They bolster this façade with fabricated documentation and implausible explanations, thereby evading AML triggers and appearing to comply with typical remittance norms.

Adversaries typically exploit free trade zones by forming shell entities and conducting over- or under-invoicing, repeated re-exports, and other trade-based schemes to obscure the flow of illicit funds. They leverage these zones’ lenient oversight, minimal reporting obligations, and unique legal frameworks to facilitate cross-border layering and conceal beneficial ownership.

Launderers typically exploit the anonymity of bearer instruments by physically transferring them across jurisdictions to conceal ultimate beneficial ownership, circumvent formal registration requirements, and obscure the origin of funds. This approach hinders regulatory oversight, making it challenging for financial institutions to validate sources of funds or accurately identify beneficiaries.

Adversaries typically exploit safe deposit boxes to conceal illicit assets beyond formal transaction records, using third-party signatories or false identities to obscure direct links and circumvent AML thresholds. They may also capitalize on cash-based rental fees and fragmented storage or retrieval practices to further impede detection and compliance measures.

Launderers may funnel illicit proceeds through crowdfunding drives by splitting funds into smaller contributions from multiple fake or co-opted donor accounts, commingling them with legitimate donations and leveraging weak KYC measures to obscure the original source and evade detection.

Adversaries typically exploit asset valuation manipulation by inflating or deflating asset prices—such as for art, real estate, or digital collectibles—and forging documentation or staging deceptive transactions to mask illicit proceeds within ostensibly legitimate market fluctuations. This tactic enables criminals to obscure true ownership, rationalize large sums of illegal cash, and blend unlawfully obtained funds into normal circulation.

Adversaries typically exploit the fluid valuation of jewelry by inflating or underreporting prices and repeatedly reselling these portable, high-value assets to layer illicit funds through manipulated appraisals and sales cycles. This method leverages subjective valuations, ease of transport, and cross-border movement to obscure financial trails and complicate oversight.