GFN Compliance Tools
GFN Risk Taxonomy — Version History
Structured updates to typology definitions, signals, control mappings, and ontology fields.
The GFN Risk Taxonomy follows a version-controlled update process.
Structural changes are documented here to support institutional transparency, model alignment, and programme governance.
Versioning Model
Structural change to core pattern or typology architecture.
Addition or revision of signals, variants, controls, or detection logic.
Clarifications, wording refinements, or formatting improvements.
Filter by
v1.0.0
Sections Affected
What Changed
- Initial publication of the Casinos & Gaming dossier (GFN-T-017).
Why It Matters
Establishes GFN's canonical reference for gaming-sector risk, anchored to FATF R.22's USD/EUR 3,000 casino threshold, the 2009 FATF/APG vulnerabilities study, and the modern enforcement record (AUSTRAC/Crown, SkyCity, Suncity/Chau, Cullen Commission, FinCEN casino actions) — with explicit separation of laundering from recreational play, problem gambling, and fraud against the casino.
v1.0.0
Sections Affected
What Changed
- Initial publication of the Gatekeepers (Lawyers, Accountants & TCSPs) dossier (GFN-T-016).
Why It Matters
Establishes GFN's canonical reference for professional-enabler risk, anchored to FATF R.22/R.23, the 2013 legal-sector vulnerabilities report, the 2019 RBA guidance trilogy, and the FATF-Egmont beneficial ownership study — with the abuse-versus-legitimate-service distinction and the privilege-versus-reporting tension treated as first-class analytical objects.
v1.0.0
Sections Affected
What Changed
- Initial publication of the Terrorist Financing dossier (GFN-T-015).
- Primary-source verification of all regulatory anchors: 1999 TF Convention, FATF R.5-8 and Special Recommendations history, UNSCR 1267/1989/2253 and 1373 mechanics, US material-support and SDGT/FTO framework, UK and EU statutes.
- Case economics verified against primary documents: 7/7 London bombings under £8,000 (UK Home Office HC 1087, 2006, para. 63); 9/11 at US$400,000-500,000 and pre-9/11 al-Qaida budget ~US$30M/year (9/11 Commission staff monograph, 2004).
- Latest developments anchored to FATF Comprehensive Update on TF Risks (July 2025) and FATF SMSP report (June 2026).
Why It Matters
TF is the typology most often mis-modelled as small-scale money laundering; this dossier establishes the purpose-based framing, honest signal-strength calibration, and the ethical false-positive discipline (diaspora remittances, humanitarian NPOs) that defensible CFT coverage requires.
v1.0.0
Sections Affected
What Changed
- Initial publication of structured dossier (GFN-T-014).
- Added five-stage structural flow model covering Access Acquisition through Delivery & Integration, framing the correspondent channel as transit infrastructure rather than an endpoint.
- Added six variants: Undisclosed Nested (Downstream) Correspondence, Payable-Through Account (PTA) Abuse, Wire Stripping & Cover-Payment Abuse, Shell Bank & Fictitious Institution Access, Complicit or Captured Respondent Institution, and MSB/PSP Aggregation Exploitation.
- Introduced Behavioral Quant Framing with correspondent-specific metrics: respondent traffic-profile drift index, nesting opacity ratio, payment transparency completeness rate, and repair-and-resubmission signature.
- Added Comparative Clarity layer differentiating from direct customer laundering, hawala/IVTS, and payment processor abuse.
- Signals table covers Behavioral, Network, Transaction, Counterparty, and Velocity anomaly categories across 13 detection signals with per-signal strength calibration.
- Regulatory Anchoring section covers FATF Recommendation 13 and the October 2016 FATF Correspondent Banking Guidance, FATF Recommendation 16 (wire transfers), Wolfsberg Correspondent Banking Due Diligence Questionnaire (CBDDQ), Basel Committee guidance, USA PATRIOT Act Sections 312/313/319(b), and shell bank prohibitions.
- Introduced Institutional Failure Patterns addressing nested relationship blindness, KYCC over-reach versus under-reach, de-risking displacement effects, and repair-desk normalisation of stripped payments.
Why It Matters
Correspondent banking is the transit infrastructure through which most cross-border laundering, sanctions evasion, and stripped payments actually move; a typology-level treatment of nested correspondence, payable-through accounts, and wire stripping closes the gap between customer-level monitoring and channel-level exposure, and anchors correspondent banking due diligence expectations (FATF R.13, Wolfsberg CBDDQ) in operational detection terms.
v1.0.0
Sections Affected
What Changed
- Initial publication of the Corruption & PEP Laundering dossier (GFN-T-012).
Why It Matters
Establishes GFN's canonical reference for corruption-proceeds and PEP laundering, anchored to FATF R.12, the 2013 PEP Guidance, UNCAC, and the 2011/2012 FATF corruption typology reports.
v1.0.0
Sections Affected
What Changed
- Initial publication of the Hawala & Informal Value Transfer Systems dossier (GFN-T-013).
Why It Matters
Establishes GFN's canonical reference for informal value transfer risk, anchored to FATF R.14, the 2013 FATF HOSSP report, and FinCEN's IVTS guidance, with explicit separation of legitimate remittance use from abuse.
v1.1.0
Sections Affected
What Changed
- Added Variant E: Short-Shipping & Over-Shipping — quantity-based value transfer techniques in which fewer or more goods are shipped than declared, transferring value through the payment-to-goods gap while unit prices remain at market levels.
- Added Variant F: Letter of Credit (L/C) Fraud — abuse of the documentary credit’s autonomy principle, in which fabricated or manipulated document sets trigger bank-guaranteed payment for non-existent, short-shipped, or mispriced shipments, including related-party L/Cs, repeated post-issuance amendments, and routinely waived discrepancies.
- Added signal GFN-T-007-S-11 (Document anomaly, Moderate): quantity or weight discrepancies between shipping documents and the commercial invoice or customs declaration for the same consignment.
- Added signal GFN-T-007-S-12 (Document anomaly, Moderate): letters of credit subject to repeated amendments, or documentary discrepancies consistently waived, without documented commercial justification.
Why It Matters
Closes coverage gaps against trade-based value transfer techniques documented in FATF trade-based money laundering typology work and FinCEN TBML advisories: quantity misrepresentation (short- and over-shipping) and abuse of documentary trade finance instruments. Prior variants covered price manipulation, phantom shipments, multiple invoicing, and broker-mediated systems, but not value transfer through shipped-quantity manipulation at market prices — which defeats price-benchmarking analytics by design — nor the letter of credit as a laundering instrument, where bank payment against facially conforming documents lends institutional legitimacy to fictitious trade. Extends the Signals table so both techniques are detectable through document-level reconciliation rather than price deviation alone.
v1.0
Initial PublicationSections Affected
What Changed
- Initial publication of structured dossier.
- Introduced Behavioral Quant Framing in Core Pattern section with real estate-specific metrics: beneficial ownership opacity index, purchase price-to-market deviation, transaction velocity index, and source of funds documentation quality.
- Added Comparative Clarity layer differentiating from Shell Company Concealment, Trade-Based Money Laundering, and Structuring.
- Added five-stage structural flow model covering Illicit Proceeds & Placement Need through Integration & Proceeds Extraction.
- Added four variants: All-Cash Shell Company Acquisition, Loan-Back / Mortgage Leverage Scheme, Property Flipping & Value Manipulation, and Kleptocratic & PEP Real Estate Investment.
- Added Detection Category column to Signals table with real estate-specific categories: Ownership anomaly, Transaction anomaly, Valuation anomaly, Behavioral anomaly, and Network anomaly.
- Regulatory Anchoring section covers FinCEN Geographic Targeting Orders (2016–present), FinCEN Residential Real Estate Rule (effective March 1, 2026), FinCEN Advisory FIN-2017-A003, U.S. Corporate Transparency Act / BOI Registry, FATF 2007 Real Estate Report, FATF 2022 RBA Guidance for Real Estate Sector, UK Economic Crime (Transparency and Enforcement) Act 2022, UK Unexplained Wealth Orders, EU 6th AML Directive / AMLA, and Treasury 2024 National Money Laundering Risk Assessment.
- Introduced Institutional Failure Patterns section addressing beneficial ownership resolution gaps, absence of source of funds verification for non-financed transactions, siloed treatment of real estate outside AML programme scope, and reliance on voluntary reporting by real estate professionals.
- Added Structured Ontology Fields for detection model alignment.
- Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches with NLP-based entity resolution across corporate records and property registries.
Why It Matters
Establishes the institutional framework for real estate-based money laundering detection — estimated at $1.6 trillion annually and one of the highest-value integration channels in the financial crime landscape. Published to coincide with the FinCEN Residential Real Estate Rule taking effect on March 1, 2026, the first nationwide mandatory AML reporting requirement for non-financed residential real estate transfers in the United States. Anchored to verified enforcement actions (1MDB $1B+ asset recovery, Manafort $46M forfeitures, Task Force KleptoCapture $500M+ seizures, Prevezon/Magnitsky) and the current regulatory landscape including FinCEN GTOs (30–42% SAR-subject hit rate), UK UWOs, EU AMLD6/AMLA, and the Transparency International OREO Index. Addresses the critical structural gap between property transaction processing and beneficial ownership resolution that anonymous shell company purchases exploit by design.
v1.0.1
Sections Affected
What Changed
- Corrected FinCEN advisory reference: FIN-2022-A001 (April 14, 2022, kleptocracy advisory) replaced with FIN-2022-Alert001 (March 7, 2022, Russian sanctions evasion alert) to accurately describe the document that identified CVC as a sanctions evasion channel.
- Fixed MiCA regulation number: corrected typographical error from (EU) 2023/1214 to (EU) 2023/1114.
- Corrected Garantex seizure date from February 2025 to March 2025 (seized March 6–7, 2025 by U.S. Secret Service and German BKA).
- Updated IEEPA civil penalty amount from $356,579 to $377,700 to reflect the 2025 inflation-adjusted figure.
- Corrected attribution of 86% illicit crypto flows statistic from Chainalysis to TRM Labs.
- Corrected Russia hash rate claim: replaced "tripled its global hash rate" with accurate characterisation (equipment demand tripled; hash rate share grew from ~11% to ~16%).
Why It Matters
Ensures regulatory citations, enforcement dates, and statistical attributions are verifiably accurate — critical for a sanctions-focused dossier where precise regulatory references inform compliance programme design.
v1.0.1
Sections Affected
What Changed
- Corrected FinCEN Guidance FIN-2008-G008 description to accurately reflect its subject (money transmitter definition for brokers/dealers in currency and commodities).
- Corrected FinCEN Advisory FIN-2014-A009 description and date: November 2014 advisory on FATF-identified jurisdictions with AML/CFT deficiencies (was incorrectly described as August 2014 advisory on consumer fraud).
- Updated Visa programme references: GBPP replaced with VIRP (Visa Integrity Risk Program, effective May 2023); VDMP replaced with VAMP (Visa Acquirer Monitoring Program, effective April 2025).
- Updated PSD3 reference from "Proposal" to reflect provisional political agreement reached November 2025.
- Corrected G2 Web Services corporate attribution from "now Verifi/Visa" to "now G2 Risk Solutions" (separate companies).
- Updated Visa chargeback threshold references to reflect VAMP programme replacing legacy VDMP thresholds.
Why It Matters
Ensures regulatory citations, card network programme references, and corporate attributions are accurate and current — critical for compliance teams using dossier references to calibrate merchant monitoring programmes.
v1.0.1
Sections Affected
What Changed
- Corrected $312 billion CMLN figure: clarified that this represents total suspected CMLN-related suspicious activity across all methodologies (not exclusively TBML), with TBML identified as one of three principal laundering channels.
- Revised FATF February 2026 plenary characterisation: replaced unverifiable claim about TBML being specifically "reaffirmed as a priority risk area" with accurate description of the plenary’s strategic priorities focus, noting TBML’s standing as a recognised FATF concern.
Why It Matters
Ensures the FinCEN CMLN advisory’s $312 billion figure is not misattributed to TBML specifically, and that FATF plenary characterisations are limited to verifiable official outcomes.
v1.0.1
Sections Affected
What Changed
- Corrected CDD Exceptive Relief characterisation: the February 2026 order removed the requirement to re-collect BO information at each subsequent account opening, not "suspended BO identification at new account opening." First-account BO identification remains required. Updated in all affected locations.
- Corrected EU AMLD6 beneficial ownership threshold: replaced incorrect "5% for high-risk sectors" with accurate description (threshold adjusted from "more than 25%" to "25% or more", with Commission empowered to lower to 15% for higher-risk sectors via delegated act).
Why It Matters
The CDD Exceptive Relief correction prevents institutions from incorrectly concluding that first-account BO identification is no longer required. The EU threshold correction ensures accurate compliance programme calibration.
v1.0.1
Sections Affected
What Changed
- Corrected Bybit hack laundering path: replaced Ronin Bridge laundering chain (ETH→BNB Chain→USDD→BitTorrent Chain) with verified Bybit laundering method (approximately 72% of stolen ETH converted to Bitcoin via THORChain cross-chain swaps).
- Corrected OKX enforcement action date from March 2025 to February 2025 and amount to $504 million.
- Updated cumulative DPRK Lazarus Group crypto theft figure from $3 billion to $6.75 billion to reflect current Chainalysis data.
- Updated FATF Travel Rule non-compliance statistic from 75% to approximately 70% to reflect the June 2025 targeted update (improved from 75% in the 2024 update).
Why It Matters
Ensures the highest-profile case study (Bybit, $1.5B) accurately describes the laundering methodology used, and that enforcement and compliance statistics reflect current data.
v1.0.1
Sections Affected
What Changed
- Updated FedNow transaction limit from $500,000 to $10 million to reflect the November 2025 increase.
- Corrected AMLA supervisory powers timeline: AMLA became operational July 2025, but direct supervisory powers over selected high-risk obliged entities commence in 2028 (was implied as already active).
Why It Matters
The FedNow limit correction is material — the 20x increase from $500,000 to $10 million significantly expands the velocity abuse risk surface for instant payment channels and affects risk assessment calibration.
v1.0.1
Sections Affected
What Changed
- Corrected legal standard terminology: replaced "willful structuring" and "willful intent to evade" with "structuring for the purpose of evading reporting requirements" throughout, reflecting the post-1994 Ratzlaf fix (Money Laundering Suppression Act of 1994) which removed the willfulness requirement from 31 USC § 5324.
Why It Matters
The distinction between "willful" and "for the purpose of evading" is substantive for compliance professionals: the current standard requires proof of intent to evade reporting requirements, not proof that the defendant knew structuring was a crime (the pre-Ratzlaf standard).
v1.0
Initial PublicationSections Affected
What Changed
- Initial publication of structured dossier.
- Introduced Behavioral Quant Framing in Core Pattern section with velocity-specific metrics: transaction velocity index, round-trip compression ratio, cross-channel dispersion score, and network fan-out/fan-in ratio.
- Added Comparative Clarity layer differentiating from Classical Structuring, Traditional Layering, and Mule Network Activity.
- Added five-stage structural flow model covering Fund Injection through Extraction & Integration.
- Added four variants: P2P Payment Platform Churning, Prepaid Card Load-Drain Cycling, Instant Payment Rail Exploitation, and Cross-Platform Micro-Structuring.
- Added Detection Category column to Signals table with velocity-specific categories: Velocity anomaly, Behavioral anomaly, Network anomaly, Temporal anomaly, and Channel anomaly.
- Regulatory Anchoring section covers OFAC Sanctions Compliance Guidance for Instant Payment Systems (September 2022), FedNow Operating Circular 8, EU Regulation (EU) 2024/886 (Instant Payments Regulation), EU AMLA, UK FCA FG24/6, UK Payment Services (Amendment) Regulations 2024, FATF R.15/R.16 (revised June 2025), FATF Professional Money Laundering Report (2018), FinCEN Funnel Account Advisories (FIN-2011-A009, FIN-2012-A006, FIN-2014-A005), FinCEN Advisory on Chinese Money Laundering Networks (August 2025), and EBA Guidelines on ML/TF Risk Factors.
- Introduced Institutional Failure Patterns section addressing batch-cycle monitoring applied to real-time channels, siloed channel monitoring, recycled velocity thresholds from traditional banking scenarios, absence of real-time screening capability, and missing aggregate value reconstruction in investigation workflows.
- Added Structured Ontology Fields for detection model alignment.
- Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches with streaming real-time scoring for instant payment channels.
Why It Matters
Establishes the institutional framework for rapid transaction velocity abuse detection — the defining AML challenge of the instant payment era. As real-time payment infrastructure becomes mandatory across major jurisdictions (SEPA Instant from October 2025, FedNow expanding across US institutions since July 2023, UK Faster Payments), the gap between payment speed and monitoring speed becomes the primary vulnerability that micro-layering operators exploit. Anchored to verified enforcement actions (TD Bank $3.1B resolution citing P2P velocity monitoring as "not fit for purpose," Starling Bank £29M for financial crime control failures during rapid growth) and the current regulatory landscape including OFAC instant payment guidance, EU IPR mandatory screening requirements, and FCA payment delay powers. Addresses the critical structural gap between batch-cycle transaction monitoring architecture and the real-time, cross-channel, velocity-aware monitoring required to detect micro-layering at the speed at which it operates.
v1.0
Initial PublicationSections Affected
What Changed
- Initial publication of structured dossier.
- Introduced Behavioral Quant Framing in Core Pattern section with sanctions-specific metrics: sanctions exposure score, jurisdictional risk index, attribution confidence level, and designated-entity proximity hops.
- Added Comparative Clarity layer differentiating from Crypto Layering, Traditional Sanctions Evasion, and General AML Non-Compliance.
- Added five-stage structural flow model covering Sanctions Trigger & Crypto Migration through Integration & Fiat Extraction.
- Added four variants: State-Sponsored Crypto Theft & Laundering (DPRK Model), Sanctions-Circumventing VASP Operations, DeFi & Peer-to-Peer Sanctions Bypass, and Mining-Based Sanctions Evasion.
- Added Detection Category column to Signals table with sanctions-specific categories: Sanctions screening anomaly, Behavioral anomaly, Network anomaly, Jurisdictional anomaly, and Velocity anomaly.
- Regulatory Anchoring section covers OFAC Sanctions Compliance Guidance for the Virtual Currency Industry (October 2021), OFAC SDN List crypto address designations (from November 2018), IEEPA/TWEA, EO 14067, FinCEN Advisory FIN-2022-A001, FATF R.15/R.16, EU MiCA, EU TFR, EU 20th Sanctions Package, UK OFSI Cryptoassets Threat Assessment, GENIUS Act, and UN Security Council DPRK Resolutions.
- Introduced Institutional Failure Patterns section addressing no blockchain analytics sanctions screening, batch vs real-time screening, single-regime screening, no indirect exposure assessment, and DeFi/cross-chain screening gaps.
- Added Structured Ontology Fields for detection model alignment.
- Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches with sanctions-specific attribution analysis.
Why It Matters
Establishes the institutional framework for sanctions evasion detection in the digital asset context — the highest-consequence compliance risk in the crypto industry, carrying strict liability under OFAC and criminal prosecution risk under IEEPA. Anchored to verified enforcement actions (Binance $968M OFAC settlement, Bittrex $24.28M, Garantex designation and seizure, Suex/Chatex designations) and state-sponsored programmes (DPRK $6.75B cumulative crypto theft, Russia's A7A5 stablecoin infrastructure processing $93.3B in 2025, Iran's IRGC-linked exchange network). Addresses the critical gap between traditional name-based sanctions screening and the blockchain-level, multi-regime, real-time screening required to detect crypto-enabled sanctions evasion at the speed and scale at which it operates.
v1.0
Initial PublicationSections Affected
What Changed
- Initial publication of structured dossier.
- Introduced Behavioral Quant Framing in Core Pattern section with processing-specific metrics: underwriting deviation index, chargeback trajectory scoring, settlement velocity ratio, and network concentration score.
- Added Comparative Clarity layer differentiating from Traditional Money Laundering (Wire/ACH), Shell Company Concealment, and Merchant Fraud.
- Added five-stage structural flow model covering Infrastructure Establishment through Layering & Integration.
- Added four variants: Transaction Laundering (Factoring), Shell Merchant Processing, MCC Misrepresentation & High-Risk Concealment, and Payment Facilitator & Aggregator Abuse.
- Added Detection Category column to Signals table with processing-specific categories: Volume anomaly, Behavioral anomaly, Underwriting anomaly, Network anomaly, and Chargeback anomaly.
- Regulatory Anchoring section covers FinCEN BSA/AML MSB requirements (31 CFR 1022), FinCEN Guidance FIN-2008-G008, FinCEN Advisory FIN-2012-A010, FinCEN Advisory FIN-2014-A009, FFIEC BSA/AML Examination Manual (Third-Party Payment Processors), Visa Core Rules / GBPP / VIRP, Mastercard Standards / BRAM / MATCH, FATF Guidance on New Payment Methods, EU PSD2/PSD3, and NACHA Operating Rules.
- Introduced Institutional Failure Patterns section addressing underwriting-and-forget model, chargeback-only detection paradigm, PayFac/ISO opacity, cross-merchant linkage gaps, and AML/merchant risk management silos.
- Added Structured Ontology Fields for detection model alignment.
- Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches with NLP-based website content analysis.
Why It Matters
Establishes the institutional framework for third-party payment processor abuse detection — a high-prevalence typology estimated to facilitate over $200 billion annually in transaction laundering in the United States alone. Anchored to verified enforcement actions (Allied Wallet $150M+ processing scheme, Wirecard EUR 1.9B fraud, Europol Operation Chargeback EUR 300M damages) and the current regulatory landscape including FinCEN third-party processor advisories, FFIEC examination guidance, and Visa/Mastercard compliance programmes (GBPP/VIRP, BRAM/MATCH). Addresses the critical structural gap between merchant onboarding compliance and continuous merchant monitoring — the gap that transaction laundering exploits by design.
v1.0
Initial PublicationSections Affected
What Changed
- Initial publication of structured dossier.
- Introduced Behavioral Quant Framing in Core Pattern section with trade-specific metrics: invoice-to-market deviation index, counterparty commercial substance score, trade corridor rationality index, and document consistency ratio.
- Added Comparative Clarity layer differentiating from Traditional Financial Layering, Customs/Trade Fraud, and Shell Company Concealment.
- Added five-stage structural flow model covering Predicate Proceeds through Integration / Proceeds Extraction.
- Added four variants: Over- and Under-Invoicing, Phantom Shipments (Ghost Trade), Multiple Invoicing, and Black Market Peso Exchange (BMPE) & Broker-Mediated Systems.
- Added Detection Category column to Signals table with trade-specific categories: Price anomaly, Document anomaly, Counterparty anomaly, Behavioral anomaly, and Network anomaly.
- Regulatory Anchoring section covers FATF 2006 TBML Report, FATF/Egmont 2020 Trends and Developments, FATF 2008 Best Practices, FinCEN FIN-2010-A001, FinCEN FIN-2014-A005, FinCEN August 2025 CMLN Advisory, EU AMLDs, Wolfsberg Trade Finance Principles, APG Typology Report, and GAO-20-333.
- Introduced Institutional Failure Patterns section addressing payment-only monitoring gaps, commodity price benchmarking absence, trade finance/AML separation, open-account trade visibility, and customs data cross-referencing deficiencies.
- Added Structured Ontology Fields for detection model alignment.
- Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches with trade-specific NLP document analysis.
Why It Matters
Establishes the institutional framework for trade-based money laundering detection — the highest-volume laundering channel globally, estimated at $1.6 trillion or more annually. Anchored to verified enforcement actions (HSBC $1.92B, Wachovia $160M, Lebanese Canadian Bank $150M seizure, Khanani MLO $12B+/year network) and the current FinCEN advisory landscape including the August 2025 Chinese Money Laundering Networks advisory. Addresses the critical structural gap between financial institution payment monitoring and customs goods-flow monitoring that TBML exploits by design.
v1.0
Initial PublicationSections Affected
What Changed
- Initial publication of structured dossier.
- Introduced Behavioral Quant Framing in Core Pattern section with entity-level metrics: ownership chain depth, commercial substance index, entity network density, and jurisdictional risk weighting.
- Added Comparative Clarity layer differentiating from Trade-Based Money Laundering, Structuring, and Mule Network Activity.
- Added five-stage structural flow model covering Entity Formation through Integration / Extraction.
- Added four variants: Multi-Jurisdictional Corporate Layering, Nominee Director & Shareholder Arrangements, Trust & Legal Arrangement Abuse, and Real Estate & High-Value Asset Concealment.
- Added Detection Category column to Signals table.
- Regulatory Anchoring section covers FATF R.24 (March 2022 revision), FATF R.25 (February 2023 revision), U.S. CTA/FinCEN BOI Rule (including March 2025 interim rule narrowing scope), EU AMLD6/AMLA, UK ECCTA 2023, and Panama/Pandora Papers impact.
- Introduced Institutional Failure Patterns section addressing beneficial ownership resolution gaps, cross-entity linkage deficiencies, and self-certification over-reliance.
- Added Structured Ontology Fields for detection model alignment.
- Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches.
Why It Matters
Establishes the institutional framework for shell company and beneficial ownership concealment detection — the enabling infrastructure for virtually every major financial crime typology. Anchored to verified enforcement actions (TD Bank $3.1B, Danske Bank $2B+, HSBC $1.92B) and the current divergent global regulatory landscape: EU/UK expanding beneficial ownership requirements while U.S. domestic BOI reporting has been effectively suspended. Addresses the critical gap between CDD checkbox compliance and genuine beneficial ownership resolution capability.
v1.0
Initial PublicationSections Affected
What Changed
- Initial publication of structured dossier.
- Introduced Behavioral Quant Framing in Core Pattern section with crypto-specific metrics: mixer exposure scoring, cross-chain hop count, traceability gap index, and deposit-to-withdrawal velocity.
- Added Comparative Clarity layer differentiating from Crypto-to-Fiat Off-Ramp Abuse, Traditional Financial Layering, and Structuring.
- Added five-stage structural flow model covering Acquisition through Off-Ramp / Integration.
- Added four variants: Mixer/Tumbler Layering, Cross-Chain Bridge Hopping, Privacy Coin Conversion, and DeFi Protocol Exploitation.
- Added Detection Category column to Signals table with blockchain-specific signal categories.
- Regulatory Anchoring section covers FATF R.15/R.16, FinCEN FIN-2019-A003, Section 311 NPRM, EU MiCA, EU TFR, and OFAC mixer designations.
- Introduced Institutional Failure Patterns section addressing blockchain analytics integration gaps, single-chain monitoring limitations, and Travel Rule compliance.
- Added Structured Ontology Fields for detection model alignment.
- Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches.
Why It Matters
Establishes the institutional framework for crypto layering detection — the defining AML challenge for digital asset service providers. Addresses the critical gap between traditional transaction monitoring and the on-chain, cross-chain, multi-technique obfuscation methods used by sophisticated actors including state-sponsored groups. Anchored to verified enforcement actions (Blender.io, Tornado Cash, Sinbad.io, ChipMixer, Operation Olympia) and current regulatory frameworks (MiCA, FATF Travel Rule, FinCEN Section 311).
v1.0
Initial PublicationSections Affected
What Changed
- Initial publication of structured dossier.
- Introduced Behavioral Quant Framing in Core Pattern section with structuring-specific threshold-proximity and aggregate deposit metrics.
- Added Comparative Clarity layer differentiating from Layering, Mule Networks, and Legitimate Third-Party Deposits.
- Added five-stage structural flow model covering Accumulation through Integration / Exit.
- Added Detection Category column to Signals table.
- Introduced Institutional Failure Patterns section specific to structuring detection architecture gaps.
- Added Structured Ontology Fields for detection model alignment.
- Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches.
Why It Matters
Establishes the baseline institutional framework for structuring and smurfing detection — the most foundational AML typology and the most frequently cited in BSA/AML enforcement actions. Addresses the critical gap between single-transaction CTR monitoring and the aggregate, multi-channel, multi-actor detection required for modern placement activity.
v1.0
Initial PublicationSections Affected
What Changed
- Initial publication of structured dossier.
- Introduced Behavioral Quant Framing in Core Pattern section with ATO-specific session and recovery metrics.
- Added Comparative Clarity layer differentiating from APP Fraud, Identity Theft (new account), and standalone Payment Fraud.
- Added five-stage structural flow model covering Access Acquisition through Exit / Cover.
- Added Detection Category column to Signals table.
- Introduced Institutional Failure Patterns section specific to ATO control-point and detection gaps.
- Added Structured Ontology Fields for detection model alignment.
- Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches.
Why It Matters
Establishes the baseline institutional framework for account takeover detection, addressing the control-point escalation dimension that differentiates ATO from credential attacks and distinguishes it from APP fraud and payment fraud typologies.
v1.0
Initial PublicationSections Affected
What Changed
- Initial publication of structured dossier.
- Introduced Behavioral Quant Framing in Core Pattern section with identity-specific metrics.
- Added Comparative Clarity layer differentiating from Traditional Identity Theft, First-Party Fraud, and ATO.
- Added lifecycle stage model covering Identity Construction through Bust-Out / Exit.
- Added Detection Category column to Signals table.
- Introduced Institutional Failure Patterns section specific to synthetic identity lifecycle dynamics.
- Added Structured Ontology Fields for detection model alignment.
- Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches.
Why It Matters
Establishes the baseline institutional framework for synthetic identity fraud detection, addressing the lifecycle dimension that differentiates this typology from classic identity theft and first-party fraud.
v1.0
Initial PublicationSections Affected
What Changed
- Initial publication of structured dossier.
- Introduced Behavioral Quant Framing in Core Pattern section.
- Added Comparative Clarity layer differentiating from adjacent risk categories.
- Replaced absolute pass-through thresholds with peer-baseline-relative logic.
- Added Detection Category column to Signals table.
- Introduced Institutional Failure Patterns section.
- Added Structured Ontology Fields for detection model alignment.
- Added Model Integration Readiness section.
Why It Matters
Establishes the baseline institutional framework for mule network detection, improving cross-segment consistency and reducing false precision risk in rule calibration.