Typology (AML Typology)

What is an AML typology?

An AML typology is a documented pattern, technique, or behavioural signature used by criminals to launder money, finance terrorism, or evade sanctions. Typologies are distilled from real cases — enforcement actions, FIU disclosures, mutual-evaluation findings, intelligence sharing between institutions and law enforcement — and codified into structured descriptions that include the underlying predicate offence, the laundering technique, the financial channels involved, the typical red flags, and the controls that detect them. They are the link between criminal behaviour in the real world and detection logic inside a compliance programme.

For financial institutions, typologies are the practical raw material of AML detection. Risk assessments use them to map exposure; transaction-monitoring teams use them to design and calibrate scenarios; training programmes use them to teach frontline staff what to look for; and analysts use them to write defensible Suspicious Activity Report (SAR) narratives. A compliance programme without a current typology library is, in effect, monitoring against yesterday's threats.

Why AML typologies matter

Money laundering is adaptive. As regulators close one channel, criminals shift to the next — from cash deposits to mule networks, from offshore wires to crypto on-ramps, from shell companies to nominee directors, from trade misinvoicing to embedded-finance corridors. A typology library that is updated annually captures these shifts and feeds them directly into scenario design and analyst training. Programmes that treat typologies as static — built once at programme inception and rarely refreshed — consistently surface as outliers in regulatory inspections. The correlation between typology hygiene and overall AML programme effectiveness is one of the most reliable predictors of supervisory outcomes.

Where AML typologies come from

Typologies are produced by several authoritative sources. The Financial Action Task Force (FATF) publishes typology reports covering everything from terrorist financing through professional money-laundering networks, virtual asset abuse, environmental crime, and trade-based laundering. FATF-Style Regional Bodies (MENAFATF, APG, GAFILAT, MONEYVAL, ESAAMLG, GIABA, EAG, GAFISUD, and others) publish region-specific typology work that captures local channels and predicate offences. National FIUs — FinCEN in the US, NCA UKFIU, AUSTRAC, the UAE FIU, and others — publish strategic intelligence reports and red-flag advisories drawn from the SARs and STRs they receive. Sectoral bodies such as the Wolfsberg Group and the Basel Committee contribute bank-focused typology work. Finally, financial institutions themselves generate proprietary typology insight from their own case work, which is increasingly shared through industry consortia and 314(b)-style information-sharing arrangements.

Common AML typologies

The typology library used by most financial institutions covers a recurring set of techniques. The most operationally important include:

• Structuring / smurfing — splitting cash transactions to stay below CTR thresholds.
• Trade-based money laundering (TBML) — over- or under-invoicing of imports and exports, phantom shipments, multi-leg invoicing.
• Shell and front companies — interposing legal entities with limited beneficial-ownership transparency between the launderer and the funds.
• Money mules — recruiting individuals to move funds through their personal or business accounts.
• Cash-intensive businesses — commingling illicit cash with legitimate revenue at restaurants, car washes, retail, gaming venues.
• Casino / gaming layering — converting cash into chips, playing minimally, and cashing out as gambling proceeds.
• Real-estate laundering — high-value property purchases, often via shell companies or nominee buyers.
• Crypto-asset laundering — fiat-to-crypto-to-fiat conversion through multiple wallets, mixers, privacy coins, and chain hops.
• Correspondent-banking abuse — using correspondent relationships to disguise originator information.
• Round-tripping — funds returning to the originator via intermediate accounts to legitimise origin.
• Insurance product abuse — single-premium policies surrendered for clean funds.
• Securities-trade layering — buying and selling securities to move value with minimal market exposure.
• Sanctions evasion typologies — front-company networks, deceptive shipping practices, payment stripping.

Most real-world cases combine two or more of these patterns rather than presenting cleanly as a single typology.

How institutions use typologies

Typologies translate into compliance practice through four channels. First, transaction-monitoring scenario design — each typology that is in-scope for the institution's risk profile should map to one or more monitoring scenarios with defined parameters, thresholds, and clearance criteria. Underused or absent scenarios for a known typology are a common regulatory finding. Second, risk assessment — the institution's enterprise and customer-segment risk assessments should reference the typologies most relevant to the institution's products, geographies, and customer base. Third, training — frontline staff (branch, agent, merchant acquirer, relationship management) and second-line analysts should be trained on the typologies they are most likely to encounter, with refresh cycles tied to typology library updates. Fourth, SAR / STR narrative quality — analysts should write SAR narratives that explicitly reference the typology being reported, allowing FIUs and law enforcement to pattern-match across filings. A unified transaction monitoring platform that surfaces typology-tagged scenarios materially raises the quality of all four downstream uses.

Typologies and the three-stage AML cycle

Typologies operate at every stage of the laundering cycle. Placement-stage typologies include structuring, cash-intensive business commingling, mule deposits, casino conversion, and prepaid-card loading — patterns that move illicit cash into the regulated financial system. Layering-stage typologies include rapid cross-border wires, shell-company chains, trade misinvoicing, crypto conversion sequences, and securities-trade layering — patterns that obscure the origin of funds already inside the system. Integration-stage typologies include real-estate purchases, business acquisitions, and luxury-asset purchases — patterns that re-introduce cleaned funds into the legitimate economy as apparent business income or investment returns. A complete typology library covers all three stages and recognises that single cases frequently chain typologies across stages.

Keeping typologies current

The pace of typology change varies by sector. Cash-based typologies have been stable for decades; trade-based typologies evolve slowly; crypto and embedded-finance typologies evolve in months. Mature programmes review their typology library at least annually, with interim updates triggered by major FATF or FIU publications, significant enforcement actions in the institution's sector, new product launches, or material changes in the institution's geographic or customer footprint. Each typology update should flow through to risk assessment, monitoring scenario design, training material, and analyst playbooks — not just into a static document. Linking typology updates directly to scenario tuning and counterparty AML screening is one of the strongest indicators of an evidence-based, defensible AML programme.