Reluctance to provide standard KYC documentation

The customer pushes back on producing identity documents, ownership structure, proof of address, or source-of-funds evidence that any comparable customer routinely provides. Evasion is rarely accidental. Regulators have cited this specific pattern in FCA Final Notices and FinCEN enforcement actions.

Unusual concern about detection thresholds

The customer asks specifically about reporting thresholds — “What’s the limit before you file a report?” “At what size does this get escalated?” Legitimate customers almost never ask. Structuring-minded customers ask often.

Customer’s activity inconsistent with declared profile

The customer declared $200K annual household income at onboarding and now receives $1.5M across 14 inbound wires in two months. The gap between what was declared and what is happening is one of the most reliable red flags in KYC.

Third-party conducting business on customer’s behalf without clear justification

An undisclosed third party signs documents, attends meetings, or directs transactions without a documented commercial reason — not a disclosed authorised signatory, not a regulated trustee, not a named power of attorney. Frequently surfaces in shell-company and nominee arrangements.

Nervous or aggressive behaviour during KYC refresh

Emotional spikes around routine KYC requests — hostility, pressure through senior relationship managers, unusual urgency, complaints about “intrusion.” Genuine customers sometimes dislike paperwork but rarely escalate politically. Customers hiding something often do.

Structuring / smurfing

Multiple transactions deliberately kept below reporting thresholds — cash deposits of $9,800 on successive days, wires of £9,950 when the reporting trigger is £10,000. Structuring is a standalone offence under US BSA and a direct SAR trigger globally.

Rapid movement of funds in and out (“pass-through” accounts)

Funds arrive and leave within hours or days with no apparent commercial purpose for the account holder to have held them. The pattern is designed to distance funds from their source, not to use them productively.

Sudden surge in volume inconsistent with history

A customer’s monthly flow jumps 5x or 10x without a documented business-expansion rationale (new contract, funding round, inheritance, M&A). Not every surge is suspicious, but every surge needs an explanation in the file.

Round-number or repeated same-amount transactions

Genuine commercial payments rarely land at perfectly round numbers consistently. A pattern of identical or suspiciously round amounts suggests obfuscation, particularly when combined with foreign counterparties.

Funnel-account pattern

Many small geographically dispersed inbound transactions consolidated into a single account, followed by one or a few large outbound wires. Classic in trade-based and cross-border laundering; frequently called out in FinCEN advisories.

Third-party payments to / from unrelated parties

Payments flowing to or from parties with no apparent relationship to the customer’s declared business or personal activity. Commonly seen in layering schemes using nominee or professional-enabler intermediaries.

Multi-layer offshore ownership without commercial justification

Four-, five-, or seven-layer ownership chains running through secrecy jurisdictions without a documented reason (tax planning, family-office structure, genuine fund design). Complexity itself is not illegal, but complexity without explanation is a documented regulatory concern.

Shell company patterns

Corporate customers with no operating assets, no staff, no physical presence, and no observable commercial substance. Not every shell is illicit (holding companies are normal), but a shell with active transaction flow and no substance is a FinCEN-cited typology.

Circular or cross-entity ownership

Structures where ownership flows in a loop (A owns B, B owns C, C owns A). Almost always a layering artefact rather than genuine commercial design.

Nominee directors and service-provider-only representation

A corporate customer whose director-of-record is a professional corporate service provider, with no identifiable natural-person controller in the register. Always triggers UBO deep-trace; often reveals declaration-of-trust arrangements.

Trust or foundation with opaque beneficiaries

Trust deeds with unnamed beneficiaries, asset-protection trusts with settlor-as-excluded-beneficiary design, foundations with protectors who outrank the council. All warrant enhanced UBO analysis under FATF R25.

Significant activity with FATF grey-list or black-list jurisdictions

Customer flows, UBOs, or counterparties resident in or operating from FATF-flagged jurisdictions. Always triggers at minimum a documented rationale; frequently triggers EDD.

Transit through secrecy jurisdictions

Wire flows that route through jurisdictions with limited transparency (certain offshore financial centres) when the underlying parties have no operational presence there. Movement-for-obfuscation pattern.

Sanctions-adjacent exposure

Activity with counterparties not themselves sanctioned but connected to sanctioned regimes, sanctioned individuals’ family members, or entities that sit just outside the 50% ownership threshold under OFAC’s 50% Rule. Sanctions-adjacent exposure has been the subject of several major enforcement actions in the last five years.

Counterparty in high-corruption-perception jurisdictions (low CPI)

Business flows with counterparties in countries scoring poorly on Transparency International’s Corruption Perceptions Index, particularly where government contracts or natural-resource revenue are in scope. Elevated FCPA and UK Bribery Act risk.

Correspondent banking with under-regulated respondents

Cross-border correspondent relationships with respondent banks whose home-jurisdiction supervision is weak, whose own AML programme is thin, or whose downstream correspondent relationships (nested correspondent) include sanctions-adjacent banks. Always EDD under FATF R13.

Inconsistent or contradictory documentation

Customer’s declared residency doesn’t match their utility bills. NOB on the application doesn’t match the business type in incorporation documents. Declared revenue in KYC disagrees materially with filed tax returns. Inconsistencies are signals that someone is telling different stories for different audiences.

Implausible wealth story (SoW gap)

Customer declares $30M net worth backed by documentation supporting only $5M. The gap without a credible explanation is the exact SoW pattern regulators look for in HNW private-banking reviews.

Forged, altered, or low-quality documents

Tampered PDFs, mismatched fonts in official-looking documents, digitally altered photographs on identity documents, translations that don’t match the original, notarisations from jurisdictions the document doesn’t connect to. Any one of these is immediate escalation.

Unusual request to alter records or back-date documents

Customer asks the bank to “correct” a previous period’s record, backdate a document, or omit a particular counterparty from a statement. Often directly connected to concealing from regulators, auditors, or counterparties. This is always a SAR-triggering event.

Scenario 1 — Five flags stack at JPMorgan London

A corporate customer at JPMorgan London triggers a TM alert on sudden volume surge (Flag 8). On review, the AML investigator also notes: wires predominantly from a Luxembourg entity with shell characteristics (Flag 13), same-day outbound wires to a Jersey trust with opaque beneficiaries (Flag 16), the customer declared light cross-border activity at onboarding (Flag 3), and the customer’s director-of-record is a corporate service provider (Flag 15). Five flags in one file.

Outcome: Immediate AML escalation. SAR filed with UK NCA. Senior compliance review. Relationship terminated under the bank’s reputational-risk protocol.

Scenario 2 — Classic structuring at Barclays GCC Mumbai

A small-business customer at Barclays GCC Mumbai makes 34 cash deposits in 45 days, each between ₹49,000 and ₹49,800, totalling ₹16.8 lakh. Declared monthly cash expected: ₹3–5 lakh. Flags 6 (structuring) and 3 (profile inconsistency).

Outcome: TM alert; AML investigator reviews. STR filed with FIU-IND. Customer risk re-rated to high, EDD refresh triggered, cash-deposit thresholds restricted going forward.

Scenario 3 — Adverse media + sanctions-adjacent at HSBC London

During EDD refresh at HSBC London, Russian-language adverse media surfaces a civil court judgement against the customer’s spouse for misappropriation of funds at a state-owned enterprise. Subsequent wire analysis shows the customer has been receiving funds from a company 40% owned by a designated sanctioned individual — sanctions-adjacent exposure under OFAC’s 50% Rule (the direct sanctioned-party threshold is 50%, so 40% is just below sanctions but well within risk concern). Flags 19 and 20.

Outcome: MLRO review. Senior-management approval required for continued relationship. Quarterly review cycle, enhanced monitoring, sanctions-officer sign-off. Customer ultimately exited after a second adverse media finding three months later.

Scenario 4 — Documentation tampering at Emirates NBD DIFC

A KYC analyst at Emirates NBD DIFC reviewing a customer’s Source of Wealth file notices that two provided audited financial statements have inconsistent font rendering, and one signature page has telltale digital-alteration artefacts. Flag 24.

Outcome: Immediate escalation to MLRO. Forensic review confirms tampering. Relationship terminated. STR filed with UAE FIU. Customer is also referred to the DFSA’s enforcement team as a policy matter.