A classic case of layering: When money movement masks money origin

Jul 16 / Leonard Nwogu-Ikojo
In this fictional case study, Luc and his team uncover a sophisticated layering scheme disguised as routine business activity—structured payments, third-party wires, and crypto conversions all designed to erase financial footprints. As the team connects the dots, they highlight a key compliance challenge: detecting the middle stage of money laundering before integration occurs. This article explores how contextual monitoring, behavioral analytics, and a risk-based mindset are essential tools in uncovering financial crime hidden in plain sight.

This article is intended for educational and informational purposes only and does not constitute legal, regulatory, or professional compliance advice. The scenario and recommendations provided are illustrative and may not capture all applicable requirements or risks in specific cases. Readers should follow their organization’s internal policies, data protection requirements, and seek professional advice tailored to their circumstances.

Case study: The disappearing trail

Luc leaned back in his chair, scanning the transaction map for a client flagged in a recent review. At first glance, the activity appeared disjointed: incoming wires from unrelated third-party companies, followed by structured payments to personal accounts across multiple EU countries, crypto exchanges, and prepaid card vendors. No pattern—at least, not an obvious one.

But the sums? Almost identical. The timing? Too precise.

Ella walked in and took one look at the dashboard. “That’s layering. Textbook.”

The client, a mid-tier importer of electronics, had disclosed a single supplier and a local warehousing setup. Yet the transactions showed funds being routed through shell entities in the Baltics, a consultancy in Spain, and ultimately into hard-to-trace wallets.

Marcus added, “It’s not just about hiding the money—it’s about disconnecting it from the crime. This kind of structuring is what makes investigations stall.”

Luc’s team froze the account, issued a SAR, and flagged the related parties for enhanced due diligence across the institution’s network.

Regulatory insight: Understanding the layering stage

In the classic three-stage money laundering model—placement, layering, and integration—layering is often the most complex and deliberate phase.

This stage involves separating illicit funds from their origin through a series of transactions intended to obscure the audit trail and confuse the investigative process. Techniques include:


  • Transferring funds between multiple accounts and jurisdictions
  • Using shell companies, trusts, and opaque ownership structures
  • Converting funds to digital assets or high-value goods
  • Making deposits and withdrawals in a pattern that mimics legitimate commerce


The EU’s AML Regulation (Regulation (EU) 2024/1624) and the revised Directive (EU) 2024/1640 (AMLD6) emphasize the risk-based approach and require firms to implement controls that not only catch suspicious activity at the point of entry (placement) but also through its movement (layering).

The European Banking Authority (EBA) guidance calls for ongoing monitoring, not just of high-risk clients, but also of transaction typologies and behavioral anomalies—a key requirement to detect layering attempts.

AML Controls: Spotting and Stopping Layering

Red flags of layering


  • Multiple rapid transactions with no clear business rationale
  • Transfers between accounts in different names with no stated relationships
  • Use of shell companies with limited public records or tax filings
  • Funds moving in round amounts across borders with vague payment references
  • Payments routed through jurisdictions known for weak AML enforcement


Best practices


  • Deploy behavioral transaction monitoring that looks at patterns over time, not just individual triggers
  • Implement jurisdiction risk scoring to identify suspicious fund flows through high-risk regions
  • Use network analysis tools to uncover hidden relationships between counterparties
  • Combine KYC refresh cycles with transaction analytics to ensure declared business activities match actual financial behavior
  • Ensure robust cross-border information sharing within group structures or correspondent networks


Lessons learned: Don’t chase transactions, follow the behavior

Too many AML systems focus on transaction anomalies in isolation. But laundering thrives on fragmentation. The solution? Contextual monitoring—evaluating what a client should be doing versus what’s actually happening.

As Marcus puts it:

“Layering isn’t a magic trick. It’s a maze. Your job is to collapse the walls until the path becomes visible.”

In this case, Luc’s team didn’t catch the crime at placement—but they caught it before integration. That window is narrow, but powerful.

Conclusion

A classic case of layering is not just a test of your transaction monitoring system. It’s a test of your team’s curiosity, your program’s depth, and your institution’s risk awareness.

Every movement of illicit funds is a step away from justice. By tracking those steps closely—and connecting them back to their source—compliance teams hold the line between financial complexity and criminal obfuscation.


Created with