Case snapshot: fast money in strange places
Luc was reviewing a batch of flagged alerts when one caught his attention—a mid-tier business client in Italy, typically known for stable monthly payroll and supplier payments, had suddenly sent 24 high-value transfers in just one week.
That anomaly alone tripped the system’s velocity rule, designed to detect unusually rapid transaction activity.
But what escalated the case was who was receiving the money.
Half of the transfers went to shell companies registered in Latvia, Bulgaria, and the UAE—entities with no verifiable websites, no tax IDs, and no digital footprint beyond their registration details. One recipient had already been mentioned in a prior STR involving trade-based money laundering.
Marcus skimmed the case notes and nodded grimly.
“The speed is the smoke,” he said. “But these shell beneficiaries—that’s the fire.”
Ella dug deeper using open-source corporate registries. One of the recipient companies shared a director with a sanctioned entity listed by OFAC. Another had identical incorporation metadata—same agent, same address—as three others flagged in unrelated fraud investigations.
Luc didn’t hesitate. He filed an STR, citing a convergence of velocity and counterparty risk suggestive of layering, potential sanctions evasion, or trade-based laundering masked through shell activity.
Velocity + counterparty risk: a potent typology
When used together, velocity and counterparty monitoring rules offer a powerful lens for detecting laundering schemes that exploit speed and obscurity.
Velocity red flags
- Spikes in high-value transactions over a short period (days, not weeks)
- Activity that deviates sharply from a customer’s historical behavior
- Clustering of transfers outside business hours or on weekends/holidays
- Use of channels prone to rapid movement (e.g., wire, crypto, nested accounts)
Unusual counterparty red flags
- No economic footprint (no website, no industry trace, opaque business model)
- Located in high-risk jurisdictions or secrecy havens
- Previously associated with adverse media, STRs, or sanctions
- Use of naming conventions that suggest obfuscation (e.g., alphanumeric strings, use of proxies or incorporation agents)
Individually, these elements may raise suspicion. Together, they signal orchestration—an intentional attempt to mask origins, destinations, and beneficiaries of illicit funds.
Regulatory insight: what AMLR expects
Under the EU Anti-Money Laundering Regulation (Regulation (EU) 2024/1624), institutions are required to:
- Risk Assessment (Article 9): Carry out business-wide risk assessments to understand their exposure to money laundering and terrorist financing risks.
- Internal Controls (Article 10): Establish and maintain adequate, risk-based policies, controls, and procedures, including transaction monitoring systems that allow for detection of anomalies and suspicious behavior.
- Group-wide Alignment (Article 16): Implement group-level policies and procedures to ensure the effective application of these rules across all subsidiaries and branches.
These expectations align with FATF Recommendations 10, 11, and 20, which emphasize customer due diligence, retention of records, and the obligation to report suspicious transactions.
Final thought: fast + foreign = focus
Speed alone isn’t proof of laundering. But when rapid transactions intersect with opaque, high-risk counterparties, the signal becomes clear.
- Velocity shows urgency.
- Counterparty anomalies show intent.
Together, they form a signature pattern of layering or laundering, often linked to predicate offenses such as fraud, corruption, or sanctions evasion.
As Ella said while filing the STR, “The faster the money moves, the faster you need to ask why.”
