Introduction
A Guide to AML Typologies: Identifying Money Laundering patterns, Understanding transaction monitoring typologies is not an academic exercise. It is a regulatory requirement.
In 2026, the NFIU, FIC, and FRC all evaluate the quality of a financial institution's typology library as part of their AML program examinations. Institutions that monitor for generic thresholds without a documented link to specific typologies fail regulatory effectiveness tests and face real enforcement consequences.
A transaction monitoring typology is a documented pattern of financial behavior associated with money laundering, terrorist financing, or other financial crime. Each typology represents a method criminals use to place, layer, or integrate illicit funds, and each one can be translated into specific monitoring rules, red flags, and detection logic within your AML transaction monitoring system.
This guide covers the most significant money laundering typologies for African and global financial institutions in 2026, with specific red flags, transaction patterns, and the monitoring rules that detect them.
The Three Stages of Money Laundering
Every money laundering typology fits within one of three stages of the laundering process. Understanding which stage a typology targets determines which monitoring rules will detect it.
1. Placement is the introduction of criminal proceeds into the financial system. This is typically the highest-risk stage for detection; cash deposits, crypto purchases, and trade invoicing are common placement vectors.
2. Layering involves creating complex transaction chains to obscure the criminal origin of funds. Multiple account transfers, currency conversion, international wire sequences, and corporate structure manipulation are core layering techniques.
3. Integration is the reintroduction of laundered funds into the legitimate economy as apparently clean assets, property purchases, business investments, and luxury goods.
Effective transaction monitoring must cover all three stages, with different rule sets targeting each phase of the laundering cycle.
Interesting read: What are the 3 Stages of Money Laundering?
Core Transaction Monitoring Typologies for 2026
1. Structuring and Smurfing
What it is: Structuring is the deliberate breaking up of a large sum into multiple smaller transactions, each kept below the reporting threshold to avoid triggering Currency Transaction Reports (CTRs). Smurfing is a variant that uses multiple individuals to make deposits across different branches or financial institutions.
Why it matters in Africa: Nigeria's NGN 5,000,000 cash threshold, Kenya's KES 1,000,000 threshold, and Ghana's GHS 10,000 threshold are well-known to sophisticated criminals. In 2026, structuring across mobile money, agent banking, and formal bank branches simultaneously represents a significant evolution of this typology.
Red flags:
1. Multiple cash deposits of a similar amount on the same day or consecutive days, where no single deposit exceeds the reporting threshold
2. Deposits made at multiple branches or through multiple agents on the same day
3. Round-number transactions consistently just below the reporting threshold (e.g., NGN 4,900,000 repeatedly)
5. The customer explains split deposits as "avoiding paperwork" or references awareness of reporting thresholds
Monitoring rules:
1. Flag any customer with 3 or more cash deposits within 7 days where the cumulative amount exceeds the reporting threshold but no individual transaction does
2. Flag cumulative mobile money plus cash deposits combined exceeding threshold in a rolling 14-day window
3. Flag transactions within 10% below the reporting threshold with a frequency greater than 2 per week
2. Layering Through Multiple Account Transfers
What it is: Funds are moved through a rapid sequence of accounts, often at different banks or across borders, to create a complex trail that obscures the original source. Each transfer appears legitimate in isolation.
Red flags:
1. Large credits immediately followed by equivalent outgoing transfers within 24 to 72 hours: classic "pass-through" account behaviour
2. Accounts receiving funds from multiple different source accounts and consolidating into a single outgoing transfer
3. Frequent international wire transfers to multiple beneficiaries in high-risk jurisdictions following a domestic credit
4. Accounts with minimal opening balances that suddenly begin processing large-value transfers
Monitoring rules:
1. Flag accounts where outgoing transfers exceed 90% of credits received within any 48-hour window
2. Flag accounts receiving credits from 5 or more different source accounts within 30 days and then transferring to a single beneficiary
3. Flag international wire transfers to FATF grey-list or high-risk jurisdictions following a domestic credit within 72 hours
3. Mobile Money Layering (Africa-Specific)
What it is: The unique structure of African mobile money ecosystems with high transaction limits, broad agent networks, and cross-border corridors creates a distinct layering typology. Funds are converted from bank to mobile money, transferred through multiple wallets, reconverted to bank deposits, and then wired internationally.
This typology is specific to markets including Nigeria (MTN MoMo, PalmPay, OPay), Kenya (M-Pesa), Ghana (MTN MoMo, Vodafone Cash), and Côte d'Ivoire (Orange Money).
Real-world scenario: A compliance analyst at a Kenyan bank flagged an account that received KES 800,000 via bank transfer on a Tuesday morning, immediately converted the balance to M-Pesa, distributed it across 14 mobile wallets within 40 minutes, and had all 14 wallets reconsolidate back to a single bank account by end of day. No individual transfer exceeded KES 100,000. Without a bank-to-mobile-to-bank cycling rule, every transaction in that chain would have passed without alert.
Red flags:
1. A bank account receives a large credit and immediately transfers to a mobile money wallet
2. Mobile wallet transfers to multiple different recipients in rapid succession (10 or more within 1 hour)
3. Mobile money received from multiple sources and immediately consolidated into a single bank account transfer
4. Cross-border mobile money transfers to high-risk corridors (e.g., Nigeria to Ghana, Kenya to Uganda)
Monitoring rules:
1. Flag bank-to-mobile-to-bank cycling within 24 hours where total value exceeds NGN 500,000
2. Flag mobile money wallets linked to a bank account receiving from 10 or more different mobile sources within 7 days
3. Flag cross-border MoMo transfers exceeding daily equivalents of USD 2,000 without trade documentation
4. Trade-Based Money Laundering (TBML)
What it is: TBML exploits international trade transactions, import/export invoicing, letters of credit, and shipping documentation to move value across borders under the guise of legitimate commerce. Over/under-invoicing, multiple invoicing, and phantom shipments are the primary techniques.
Why it matters: FATF's 2023 Trade Finance guidance, adopted into CBN and SARB supervisory frameworks, identifies TBML as one of the highest-value money laundering methods globally. For Nigerian banks with significant trade finance portfolios, particularly in petroleum, agricultural commodities, and electronics, TBML represents a material risk.
Red flags:
1. Invoice value significantly above or below market price for the commodity (greater than 25% deviation from published commodity prices)
2. The same goods invoiced multiple times across multiple letters of credit
3. Trade finance transactions with counterparties in jurisdictions with no apparent trade relationship with the exporter's market
4. Unusually short payment terms, same-day or next-day settlement for goods that typically have 30 to 90 day payment cycles
5. Shipping documents showing implausible cargo values or weights
Monitoring rules:
1. Flag trade finance transactions where invoice value deviates more than 25% from published commodity price indexes (Reuters, World Bank Commodity Markets Outlook)
2. Flag instances where the same invoice reference appears more than once in different LC transactions
3. Flag transactions with counterparties in FATF-listed high-risk jurisdictions without a prior correspondent relationship
4. Review all trade finance transactions above USD 100,000 against the company's historical trade patterns
5. Real Estate Money Laundering
What it is: Illicit funds are used to purchase real estate assets, particularly high-value properties, creating apparently legitimate wealth. The integration stage is complete once the property is sold and proceeds are received as clean capital gains.
Why it matters in Africa: Rapid urbanization and real estate booms in Lagos, Nairobi, Accra, Cape Town, and Abidjan create significant integration opportunities. Cash-heavy property transactions remain common in informal real estate markets.
Red flags:
1. Cash purchases of high-value real estate with no apparent income source to support the transaction
2. Third-party payments for property purchases: funds coming from an account not linked to the buyer
3. Multiple property purchases by the same individual within a short period
4. Property flipped within 6 to 12 months for a significantly higher price without apparent improvements
Monitoring rules:
1. Flag real estate-linked transactions above threshold where the funding source is cash or a third-party wire
2. Flag customers with property-sector SIC codes receiving multiple large credits within 90 days
3. Flag individuals with no declared income making property-linked transactions above USD 50,000
6. Cryptocurrency and Virtual Asset Layering
What it is: Fiat currency is converted to cryptocurrency at placement, moved through multiple wallets and possibly exchanged across different cryptocurrencies during layering, and then converted back to fiat at a Virtual Asset Service Provider (VASP), potentially in a different jurisdiction at integration.
The African regulatory context: Nigeria's CBN has relaxed its prohibition on bank-VASP relationships and launched an AML/CFT supervision pilot for VASPs. South Africa's FSCA has declared crypto a financial product and requires VASPs to register and comply with FIC AML obligations. Kenya's Capital Markets Authority is developing a VASP licensing framework. All three jurisdictions now expect financial institutions with VASP-linked accounts to apply enhanced monitoring.
Red flags:
1. Customer account receives frequent credits from known crypto exchange accounts
2. Large cash deposits immediately followed by transfers to VASP platforms
3. Peer-to-peer cryptocurrency transfer patterns inconsistent with declared income
4. The account receives multiple small transfers from different sources consistent with crypto mining or P2P selling, then consolidates into a large outgoing wire
Monitoring rules:
1. Enhanced monitoring flag on all accounts with documented VASP relationships
2. Flag bank accounts receiving more than 10 transfers from crypto exchange accounts within 30 days
3. Flag cash-to-VASP transfer patterns exceeding USD 1,000 monthly (FATF's updated virtual asset threshold)
4. Flag VASP-linked accounts with cross-border wire transfers to high-risk jurisdictions within 72 hours of a crypto-linked credit
7. Loan-Back Schemes
What it is: Criminal proceeds are deposited with a financial institution, sometimes offshore, and then drawn back as a "loan." The borrower repays the loan with further criminal proceeds, generating an apparently legitimate audit trail for the original funds.
Red flags:
1. Customer takes out a secured loan against a deposit placed by a connected third party
2. Loan repayments made in cash rather than by bank transfer
3. "Loan" from a related-party offshore entity with no arms-length commercial terms
4. Back-to-back loans where the collateral and the loan proceeds move in a circular pattern
8. Shell Company and Beneficial Ownership Concealment
What it is: Illicit funds are routed through multiple corporate entities, often in different jurisdictions, to obscure the ultimate beneficial owner. Nominee directors, bearer shares, and layered ownership structures are the characteristic features of this typology.
Red flags:
1. Corporate account where beneficial ownership documentation is incomplete or provided by nominees
2. Company with no apparent business activity receiving large credits and making immediate distributions
3. Complex ownership chains spanning 4 or more corporate entities in multiple jurisdictions
4. Company incorporated in a jurisdiction known for beneficial ownership secrecy BVI, Cayman, Panama with no apparent business rationale
Monitoring rules:
1. Flag corporate accounts with no verified UBO documentation after 90 days
2. Enhanced monitoring for all accounts linked to high-secrecy jurisdictions
3. Flag companies with SIC codes showing no revenue-generating business that receive large-value incoming wires
How to Build a Transaction Monitoring Typology Library
A typology library is a living document that maps each of your institution's monitoring rules to a specific money laundering typology. Regulators examine it during AML program assessments. Each entry should include:
Element | What to Document |
| Typology name and description | Clear, plain-language summary |
| Applicable FATF Recommendations | Linked to specific recommendation numbers |
| Regional typology sources | GIABA, ESAAMLG, FATF thematic reports |
| Institution-specific red flags | Tailored to your customer and product profile |
| Monitoring rule(s) in your AML system | Specific rule logic and thresholds |
| Last review date and reviewer | For audit trail purposes |
The CBN's 2026 Baseline Standards require this documentation to be available for regulatory examination. FATF mutual evaluation teams specifically assess whether monitoring rules are grounded in documented typology analysis, not just calibrated to arbitrary thresholds.
Bottom Line
Effective transaction monitoring is not about having the most rules; it is about having the right rules, mapped to documented typologies, calibrated for your customer base, and reviewed often enough to stay current with how criminals actually operate.
In 2026, African regulators are specifically assessing whether your monitoring rules connect to documented typology analysis. Generic thresholds without that link are no longer sufficient.
Youverify's AML Transaction Monitoring Solution covers monitoring rules calibrated for Nigerian, Ghanaian, Kenyan, and South African regulatory environments. Every rule is mapped to its typology source, FATF, GIABA, CBN, or FIC, and the documentation is built for regulatory examination.
Explore how ongoing monitoring for AML compliance works in practice, to get started. Book a demo with Youverify today
About The Author
Victoria Okere is an SEO content strategist at Youverify specialising in financial crime compliance across Sub-Saharan Africa. She writes on transaction monitoring typologies, KYC software, and AML programme design for banks and financial institutions in Nigeria, South Africa, Kenya, and Ghana.