Smurfing in Money Laundering
Understanding smurfing techniques and AML responses across regulated sectors.
Published June 12, 2025
TL;DR
Smurfing is a money laundering method where large sums are split into smaller transactions to avoid detection. It affects sectors like banking, insurance, and gambling. Criminals use patterns like frequent low-value deposits or multiple accounts to bypass reporting thresholds.
Anti-Money Laundering (AML) systems and Suspicious Activity Reports (SARs) help identify such structuring. Institutions must monitor unusual behavior, aggregate transactions, and apply Enhanced Due Diligence (EDD) to prevent smurfing and comply with regulatory obligations, protecting financial systems from illicit activity.
Introduction
According to the Financial Action Task Force1 (FATF), smurfing is a term for deliberately splitting large financial transactions into many smaller ones to evade money laundering controls. It constitutes a form of structuring characterized by the implementation of numerous transactions, accounts, or individuals (referred to as "smurfs") for the purpose of depositing or acquiring financial instruments. The objective of smurfing is to maintain a low level of reporting, thus evading regulatory detection. By spreading out deposits or transfers below the amounts that would prompt an automatic report, smurfing allows illicit funds to enter the financial system in a covert manner.
AML controls and Suspicious Activity Reporting (SAR)
Anti-money laundering controls are designed to detect and deter smurfing. Banks employ transaction monitoring systems and train staff to recognize smurfing. For example, a client deliberately using different branches for each small deposit. The structuring of financial transactions has been revealed to have the potential to conceal illegal activity. In certain jurisdictions, such as the United States2, the structuring of financial transactions is considered a criminal act. In the European Union3, national regulations are harmonized through the implementation of necessary measures and the criminalization of the concealment or disguise of the nature, source, and disposition with respect to ownership of property. Moreover, the European Banking Authority4 (EBA) delineates the utilization of smurfing techniques in the context of crypto-asset transactions as a method of amplifying risk, entailing the fragmentation of crypto assets into numerous transactions and the dissemination of these transactions to multiple accounts. A key mechanism that can be employed to combat smurfing techniques is the Suspicious Activity Reporting5 (SAR) system. Financial institutions are obligated to submit a SAR or a comparable document to the Financial Intelligence Unit (FIU) in instances where transactions are designed to circumvent reporting requirements. For instance, U.S. regulations mandate that banks file a SAR if they suspect a customer is breaking up deposits to avoid Bank Secrecy Act requirements, even if each deposit is under the $10,000 Currency Transaction Report (CTR) threshold. In practice, banks’ AML systems aggregate transactions and look for red flags like multiple cash deposits just under $10k on the same or consecutive days, or numerous fund transfers slightly below record-keeping limits6. If such patterns are detected, the institution investigates and, if warranted, reports them as suspicious structuring. An effective AML program will flag possible structuring, prompt internal review, and lead to timely SAR filings.
Smurfing and prevention techniques
In order to effectively prevent this form of structuring, Anti-Money Laundering (AML) frameworks must include targeted controls capable of identifying, investigating, and reporting suspicious patterns. Firms should implement transaction monitoring systems capable of detecting cumulative or structured transactions7 across accounts and counterparties. This includes identifying multiple low-value transactions that may be part of a coordinated attempt to move funds to or from a sanctioned entity.
One of the most effective defenses8 is a robust monitoring system that aggregates transactions by customer, account, and entity across time and channels. This enables the detection of patterns where multiple small transactions, individually below the reporting threshold, collectively exceed thresholds or form suspicious activity. Furthermore, it is imperative that undertakings configure alerts for scenarios that have been identified as being associated with smurfing:
- Frequent cash deposits just below reporting thresholds
- Use of multiple individuals’ deposits to a single account
- Unusual frequency of low-value transactions
- Use of different branches, ATMs, or payment channels for similar-size transactions
- Rapid layering of funds through unrelated entities
- Consistent cash flow into deposits over time
- Customer reluctance to provide information or explanations for fragmented deposits
Smurfing often involves activity that is inconsistent with a customer's profile. For example, a low-risk retail customer suddenly initiates high-frequency cash transactions. Institutions must regularly update and calibrate customer risk profiles and trigger Enhanced Due Diligence9 (EDD) when behaviour deviates from expectations.
Banking sector: Examples and implications
In banking, smurfing usually involves multiple small deposits, withdrawals, or transfers structured to avoid triggering reports. A common scenario that illustrates this phenomenon is that of a client who wishes to deposit $50,000 in cash but opts to divide it into six deposits of $8,300, dispersed over several days or across different branches, in order to remain below the reporting limit of $10,000. This behavior is indicative of a red flag. Banks that fail to detect such structuring risk regulatory penalties and reputational harm.
In order to mitigate this risk, financial institutions employ automated monitoring systems that aggregate transaction data by customer and identify patterns that may indicate structuring. In instances where an account's activity exhibits a discrepancy with the customer's profile10, such as a low-income account receiving a significant influx of cash, enhanced due diligence procedures are implemented. Regulators have penalized banks in the past for not catching obvious structuring, underscoring the importance of these controls.
How does SAR reporting help detect smurfing?
Suspicious Activity Reports (SARs) are a key control in AML compliance. When are they used to combat smurfing?
A)
Only when a transaction exceeds the $10,000 reporting limit.
B)
When a single transaction appears to have no legitimate source.
C)
When a pattern of smaller transactions suggests structuring to avoid detection.
D)
Only after a criminal investigation has begun.
Insurance sector: Examples and implications
Money launderers have also applied smurfing in the insurance industry, particularly with life insurance or investment-linked policies. The technique involves paying insurance premiums or contributions in structured increments to avoid raising flags. For instance, life insurance policies2 may be utilized by individuals engaged in illicit activities, such as the sale of illegal drugs, to conceal the profits from these activities. These individuals may arrange for a substantial sum of money to be disbursed across multiple policy accounts or allocate additional funds through a series of smaller third-party checks and money orders, each falling below the reporting threshold. In other cases, the brokers could receive remuneration for policies from the commission account. In such instances, the brokers could accept cash from clients and credit the client's policy with funds from their business operating account. Over time, the criminals could cash in or borrow against those policies, turning illicit cash into apparently legitimate payouts.
In order to mitigate the risk of such exploitation, insurance companies are obligated to implement Anti-Money Laundering (AML) controls analogous to those required of banking institutions. In many jurisdictions, insurers are obligated to file suspicious transaction reports for any activity that appears to be money laundering through insurance products. Common red flags in the insurance industry include
- payments from multiple third parties into a single policy,
- early policy cancellations or surrenders that incur a loss just to retrieve funds,
- and customers who demonstrate an unusual level of concern with the financial transaction over the insurance benefit.
In the event that these indications of potential structuring emerge, insurers are obligated to conduct an investigation and issue a report. By taking this action, they contribute to the prevention of insurance policies being utilized as a clandestine conduit for the transfer of illicit funds.
Which of the following is a common red flag for smurfing?
AML systems use behavioral patterns to detect structuring. What would typically trigger a smurfing alert?
A)
One-time deposit of $50,000 from a business account.
B)
Regular deposits slightly below the reporting threshold across multiple branches.
C)
Client refusal to provide phone number at onboarding.
D)
Purchasing a life insurance policy in a single lump sum.
Gambling and gaming industry: Examples and implications
Casinos and gaming establishments are also vulnerable to smurfing. These venues often have legal reporting thresholds for cash transactions, and criminals try to structure their buy-ins and cash-outs to avoid triggering those reports.
FATF has noted cases where a group of accomplices each buy chips just under the limit and then combine their chips for one person to cash out, effectively laundering their cash as gambling wins11. In order to mitigate the risks associated with such activities Casinos employ AML procedures that include monitoring the cumulative value of chip purchases and redemptions to detect suspicious behavior. Particular attention is paid to frequent transactions just below reporting thresholds, a red flag for structuring activities. Casinos also monitor the use of multiple patrons contributing to a single bankroll, a technique used to obscure the origin and ownership of funds. When such conduct is observed, institutions are required to file SARs under applicable national AML frameworks.
Online gambling platforms apply similar surveillance by tracking repeated low-value deposits and withdrawals, as well as coordinated account activity that may indicate smurfing. These controls are critical to protecting the integrity of the gaming sector and preventing its exploitation as a vehicle for laundering illicit funds.
Stop smurfing before it escalates
Smurfing breaks down large illicit transactions to avoid detection, but with accurate AML and sanctions data from dilisense, institutions can enhance their internal monitoring and detection processes. Our APIs deliver high-quality, real-time data to help financial crime teams enrich transaction intelligence, flag suspicious behavior, and support SAR filings. Whether identifying structured deposits or recognizing fragmented fund flows, dilisense provides the critical data backbone for more effective compliance. Power your systems with our risk data and stay ahead of regulatory expectations.
Try for freeReferences
1 Financial Action Task Force (FATF) - Money laundering & terrorist financing typologies 2004-2005. https://www.fatf-gafi.org/content/dam/fatf-gafi/annual-reports/2004_2005_ML_Typologies_ENG.pdf. Accessed June 6, 2025.
2 United States Code - Section 5324 of Title 31. https://www.govinfo.gov/content/pkg/USCODE-2023-title31/pdf/USCODE-2023-title31-subtitleIV-chap53-subchapII-sec5324.pdf. Accessed June 6, 2025.
3 European Union - Directive (EU) 2018/1673 Directive (EU) 2018/1673. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32018L1673. Accessed June 6, 2025.
4 European Banking Authority (EBA) - Guidelines amending Guidelines EBA/2021/02 on customer due diligence. https://www.eba.europa.eu/sites/default/files/2024-01/a3e89f4f-fbf3-4bd6-9e07-35f3243555b3/Final%20Amending%20%20Guidelines%20on%20MLTF%20Risk%20Factors.pdf. Accessed June 6, 2025.
5 dilisense GmbH - What is a Suspicious Activity Report (SAR). https://dilisense.com/en/insights/what-is-a-suspicious-activity-report. Accessed June 6, 2025.
6 Financial Crimes Enforcement Network (FinCEN) - Suspicious Activity Reporting (Structuring). https://www.fincen.gov/resources/statutes-regulations/administrative-rulings/suspicious-activity-reporting-structuring. Accessed June 6, 2025.
7 Financial Action Task Force (FATF) - Guidance for a Risk-Based Approach: The banking sector. https://www.fatf-gafi.org/content/dam/fatf-gafi/guidance/Risk-Based-Approach-Banking-Sector.pdf. Accessed June 6, 2025.
8 Financial Crimes Enforcement Network (FinCEN) - Ruling 2005-06. https://www.fincen.gov/sites/default/files/administrative_ruling/fincenruling2005-6.pdf. Accessed June 6, 2025.
9 dilisense GmbH - What is Enhanced Due Diligence. https://dilisense.com/en/insights/what-is-enhanced-due-diligence. Accessed June 6, 2025.
10 Financial Action Task Force (FATF) - Correspondent banking services. https://www.fatf-gafi.org/content/dam/fatf-gafi/guidance/Guidance-Correspondent-Banking-Services.pdf. Accessed June 6, 2025.
11 Financial Action Task Force (FATF) - Vulnerabilities of casinos and gaming sector. https://www.fatf-gafi.org/content/dam/fatf-gafi/reports/Vulnerabilities%20of%20Casinos%20and%20Gaming%20Sector.pdf. Accessed June 6, 2025.
