How Money Laundering Works
Money laundering is not a single act — it is a deliberate multi-step process designed to put distance between criminals and their illicit proceeds. Understanding the mechanics is a prerequisite for building detection systems that actually work. The Financial Action Task Force (FATF) defines the process in three canonical stages, though in practice the boundaries between them blur as laundering schemes grow more sophisticated.
Criminal Proceeds Enter the System (Placement)
Illicit cash — from drug trafficking, corruption, human trafficking, or fraud — is introduced into the financial system for the first time. Common placement methods include cash deposits at banks or money service businesses, purchase of monetary instruments like cashier's checks, blending criminal funds with legitimate business revenue at cash-intensive businesses such as restaurants or car washes, and channeling payments through anti-money-laundering-deficient payment providers. Placement is the riskiest stage for the launderer because cash is most traceable before it enters formal financial channels.
The Paper Trail Is Destroyed (Layering)
Funds are moved through a complex web of transactions specifically designed to make tracing their origin nearly impossible. Layering tactics include multiple wire transfers across jurisdictions, currency conversions, use of shell companies, correspondent banking chains, trade invoice manipulation, and cryptocurrency mixing services. The full placement, layering, and integration framework identifies this middle stage as the most technically sophisticated and the hardest for compliance teams to detect in real time.
Funds Re-Enter the Economy (Integration)
Once sufficiently obscured, the money is reintroduced as apparently legitimate income — through property purchases, business investments, luxury goods acquisition, or loan-back schemes where the criminal borrows their own laundered money. At this stage, distinguishing criminal funds from clean money is extremely difficult without records capturing activity from earlier stages. Integrated funds may generate further taxable income, making them even harder to challenge.
Criminal Infrastructure Is Reinforced
Integrated funds finance further criminal activity, corrupt officials, or fund legitimate business fronts used to launder the next cycle of proceeds. Payment businesses exploited during any stage — even unknowingly — face regulatory and legal exposure proportional to the adequacy of their controls, not their actual intent.
Why Money Laundering Matters
Money laundering is not a victimless crime. It sustains organized crime, terrorism financing, human trafficking, and political corruption — directly distorting markets and undermining the integrity of financial systems that legitimate businesses depend on. For payment businesses specifically, being used as a laundering channel carries consequences that can be existential.
The scale is staggering. The United Nations Office on Drugs and Crime estimates that 2–5% of global GDP — between $800 billion and $2 trillion — is laundered each year, though the true figure is inherently unknowable given the concealment involved. In the United States alone, FinCEN received over 3.6 million suspicious activity reports in 2022, reflecting the volume of potentially illicit activity moving through financial channels. Globally, AML-related fines against financial institutions exceeded $5 billion in 2023 according to Fenergo's annual AML fines report, with payment processors and banks among the heaviest penalized.
Liability does not require intent
A payment business can be held liable for facilitating money laundering even if it had no knowledge of the underlying criminal activity. Regulators assess whether adequate controls — KYC, transaction monitoring, SAR filing — were in place. The absence of controls is itself the violation, regardless of whether management intended to assist criminals.
Money Laundering vs. Fraud
These two terms appear together constantly in compliance contexts, but they describe distinct criminal acts with different regulatory implications, detection methods, and legal exposure for payment businesses.
| Dimension | Money Laundering | Fraud |
|---|---|---|
| Definition | Concealing the origin of illegally obtained funds | Deceiving a victim to obtain money or assets unlawfully |
| Starting point | Illicit proceeds already exist | Illicit proceeds are created through the deception |
| Primary victim | Financial system, society, regulatory integrity | Specific individuals, businesses, or institutions |
| Key US statute | Bank Secrecy Act; 18 U.S.C. § 1956 | Wire fraud, 18 U.S.C. § 1343 |
| Primary regulator | FinCEN, OCC, FCA, national AML authorities | FTC, state AGs, card network rules |
| Business risk | AML fines, license suspension, criminal exposure | Chargebacks, liability for direct losses |
| Detection method | Transaction monitoring, SAR analysis, KYC | Fraud scoring, velocity rules, chargeback ratios |
| Overlap | Fraud proceeds are frequently laundered afterward | Laundering may use fraudulent business fronts |
Both offenses routinely co-occur — fraud generates the illicit funds; laundering makes them spendable. Payment businesses need independent, specialized controls for each risk because the detection signals, legal obligations, and response workflows differ substantially.
Types of Money Laundering
Money laundering adapts to whichever financial channel offers the weakest controls at any given time. Recognizing the major typologies is essential for calibrating monitoring systems appropriately.
Smurfing (Structuring) — Splitting large cash amounts into many smaller deposits or transactions to stay below automatic reporting thresholds. In the US, this means keeping individual transactions under $10,000. Structuring is itself a criminal offense independent of whether the underlying funds can be proven illegal, and it produces detectable velocity patterns when viewed across accounts.
Shell Company Layering — Creating legal entities with opaque or nominee ownership to hold, transfer, or receive funds, making beneficial ownership nearly impossible to trace without deep investigation. FATF's 2023 typologies report identified shell companies as the most frequently exploited laundering vehicle globally.
Trade-Based Money Laundering (TBML) — Manipulating invoices, quantities, or goods descriptions on import and export documentation to transfer value across borders disguised as legitimate trade. TBML is notoriously difficult to detect because it exploits the volume and complexity of international trade finance.
Real Estate — Purchasing property with illicit funds, often through anonymous LLCs, then selling it to produce clean proceeds. FinCEN's Geographic Targeting Orders specifically target high-risk real estate markets because this method has proven consistently popular with high-net-worth criminals.
Cryptocurrency Mixing — Using mixing or tumbling services, privacy coins, or chain-hopping across multiple blockchains to sever the on-chain trail between illicit source wallets and destination addresses. As digital asset volumes grow, this typology is attracting increased FATF guidance and exchange-level monitoring requirements.
Payment Platform Abuse — Using legitimate PSPs, marketplaces, or peer-to-peer networks to layer funds through high-velocity micro-transactions, fake merchant accounts, or excessive refund cycling. This typology directly implicates merchants and payment infrastructure providers in the laundering chain.
Best Practices
Every participant in the payments stack shares responsibility for detecting and reporting money laundering. The obligations and practical actions differ depending on position in the chain.
For Merchants
Understand your PSP's AML requirements before onboarding — your own obligations may be limited, but you can still face consequences if your business is used as a front or conduit. Maintain detailed, queryable records of every transaction, refund, and dispute. Monitor for customer behaviors that suggest structuring: multiple transactions just below round numbers, unusual refund rates, or volume spikes inconsistent with a customer's stated business. If you notice these patterns, report them to your payment provider immediately rather than waiting for certainty. Cooperate promptly and completely with information requests from your PSP or acquirer; delayed responses are often treated as a red flag by compliance teams.
For Developers
Build know your customer and transaction monitoring into payment flows from day one — retrofitting AML controls onto a live system is expensive and error-prone. Implement velocity checks that detect structuring patterns across time windows, not just per-transaction limits. Design a clear workflow connecting flagged transactions to your compliance team's suspicious activity report filing process, with documented timelines that satisfy the 30-day SAR filing requirement. Ensure KYC data collection covers beneficial ownership where regulations require it — not just the nominal account holder. Store all transaction metadata in an immutable, queryable format with sufficient retention periods; regulators will request it. Apply risk scoring based on transaction geography, payment method, merchant category, and counterparty profile to tier monitoring intensity and reduce alert fatigue.
Common Mistakes
Treating AML as a one-time onboarding check. KYC at account creation catches known bad actors on existing watchlists, but laundering often begins well after a customer passes initial screening. Ongoing behavioral monitoring and periodic customer risk reviews are regulatory expectations in most jurisdictions, not optional enhancements.
Setting alert thresholds that miss structuring. Many compliance teams configure monitoring rules around absolute transaction size, which systematically misses smurfing. A customer making thirty $9,800 deposits over three weeks is more suspicious than a single $250,000 wire. Tune rules to catch velocity-based patterns and cumulative totals, not only individual transaction amounts.
Filing SARs late — or not at all. In the US, SARs must be filed within 30 days of detecting a suspicious transaction, or 60 days if no suspect has been identified. Missing this window is itself a regulatory violation. Many businesses also under-file, incorrectly assuming they need proof of a crime before reporting is required — a SAR is a suspicion report, not a conviction filing.
Failing to monitor third-party and sub-merchant payment flows. Money laundering increasingly exploits marketplace and aggregator structures. Businesses that aggregate payments for other merchants inherit AML monitoring obligations for those underlying transaction flows and cannot disclaim responsibility by pointing to a downstream party.
Conflating AML and fraud prevention functions. Fraud prevention focuses on protecting the business from direct financial loss. AML compliance focuses on detecting criminal use of the platform regardless of who bears the financial loss. They share data sources but serve different legal mandates, and organizational structures that merge them entirely tend to produce systematic gaps in both.
Money Laundering and Tagada
Payment orchestration platforms sit at the intersection of all a merchant's payment routes — PSPs, acquirers, alternative methods — making them a structurally important layer in any AML architecture.
Tagada consolidates transaction data across every payment route into a single authoritative layer. For compliance teams, this eliminates the most common blind spot in laundering detection: structuring patterns that are invisible when transaction data is siloed across multiple PSPs but obvious when viewed in aggregate. Centralizing payment data through orchestration is one of the most practical steps a merchant can take toward coherent transaction monitoring coverage.
When merchants route payments independently through multiple providers, compliance monitoring is fragmented by design — a structuring pattern split across PSP A, PSP B, and a buy-now-pay-later provider may trigger no alert in any individual system. Orchestration collapses that view. Compliance teams evaluating their AML data infrastructure should treat data consolidation at the orchestration layer as a prerequisite, not an optimization.