Assessment

AML Program Data-Coverage Scorecard

Published May 10, 2026

An AML examiner asks two questions. First: for each typology you say you monitor, do you have the data signals required to fire the rule? Second: when the rule fires, can you produce the evidence trail? This scorecard reads the firm's posture across the FinCEN typology catalog and routes each gap to the synthetic-transaction patterns that close it.

What you walk away with

~10 min · 5 categories · 15 items

A typology-by-typology defensibility band across structuring, layering, source-of-funds, PEP-adjacent, and sanctions-evasion patterns.
A radar chart showing where data signals are thinnest.
A ranked remediation list — every gap maps to the AML/BSA Monitoring Data Checklist field that closes it.
Calibration anchored against published FinCEN advisories and consent orders.

0 / 15 answered0%· ~10 min

Score (live)

/ 100

Answer every item (0 of 15 so far) to lock in a banded score and unlock the remediation roadmap. Live category scores update as you go.

Category profile

Structuring detection—

Layering detection—

Source-of-funds anomalies—

PEP-adjacent and sanctions screening—

Evidence and documentation—

Structuring detection

0 / 3 answered

Whether the firm captures the data signals required to detect transactions structured to evade reporting thresholds (the most common AML enforcement focus).

Sub-threshold transactions are aggregated across days and accounts
The monitoring system aggregates currency transactions across calendar windows (24h, 7d, 30d) and across linked accounts. Signal quality reflects current FinCEN guidance on structuring.
Linked-account relationships are captured
Beneficial ownership, common signers, common addresses, and common phone/IP relationships are captured and used to detect distributed structuring.
CTR-relevant events have a complete evidence trail
When a transaction triggers a Currency Transaction Report, all supporting fields (timestamps, channel, counter-party, geography) are captured and reconcilable.

Layering detection

0 / 3 answered

Whether the firm detects rapid in-and-out flows, round-tripping, and cross-account transfers designed to obscure source-of-funds.

Rapid in-and-out movement triggers a signal
Funds entering and exiting an account within 24-72 hours, especially across multiple accounts, fire a layering signal.
Round-tripping patterns are detectable
When funds move from A → B → C → A within a tight window, the round-trip is reconstructable from the transaction graph.
Cross-channel transfers are covered
Wire, ACH, internal transfer, debit/credit, and crypto on/off-ramps are all in scope. No channel is structurally invisible.

Source-of-funds anomalies

0 / 3 answered

Whether the firm can detect when account activity is inconsistent with the documented source of funds and customer profile.

Expected activity is baselined per relationship
Each relationship has a documented expected activity profile (transaction count, dollar volume, channels, counter-parties).
Material deviations from baseline trigger review
When activity deviates materially (e.g. >3 sigma) from baseline, the deviation triggers a documented review event.
Occupation and income source are linked to expected activity
Occupation, employer, and income source captured at onboarding feed expected-activity baselining and source-of-funds plausibility checks.

PEP-adjacent and sanctions screening

0 / 3 answered

Whether screening covers Politically Exposed Persons, sanctions lists, and adjacency relationships, with appropriate refresh cadence.

PEP screening runs at onboarding and on cadence
Every relationship is screened against PEP lists at onboarding and refreshed on a documented cadence (quarterly minimum).
OFAC sanctions screening runs real-time on transactions
Every funds movement is screened in real time against OFAC SDN and consolidated lists. List updates propagate within stated SLA.
Adjacency relationships (PEP family, controlled entities) are screened
Beneficial owners, family members of PEPs, and entities they control are within the screening scope.

Evidence and documentation

0 / 3 answered

Whether monitoring outputs survive examiner scrutiny — alert volume, false-positive rates, SAR narratives, and case-management hygiene.

Alert volume and disposition are tracked over time
Monthly alert volume, escalation rate, SAR conversion rate, and false-positive rate are tracked and reviewed.
SAR narratives include the structured evidence trail
Each SAR narrative cites the specific transactions, the typology, the supporting baseline deviation, and the chronology.
Rule-tuning decisions are documented with synthetic-corpus evidence
When a threshold or rule is tuned, the firm documents the impact on detection (typically using a synthetic corpus to model false-positive vs. false-negative trade-offs).

Calibration source: FinCEN advisories + recent BSA consent orders (2022-2024)Bands calibrated against published FinCEN advisories on structuring, layering, and source-of-funds, plus enforcement patterns from 2022-2024 BSA consent orders. 'Audit-Ready' aligns with firms that closed BSA exams without enforcement action.

Banded score reference

Major Findings Likely

0–30%

Multiple FinCEN typologies have structural data gaps. An exam would surface findings the firm cannot remediate quickly.

Next step: Stand up the AML monitoring data schema; bundle with the AML/BSA monitoring data checklist.

Findings Possible

30–55%

Core typologies are covered but evidence is uneven. An exam would likely produce findings on at least one typology.

Next step: Close the lowest-scoring typology first; the remediation list ranks them by score gap.

Defensible

55–80%

All major typologies have data coverage and evidence trails. Most exam questions can be answered structurally.

Next step: Tighten alert-tuning evidence and rehearse a SAR walkthrough.

Audit-Ready

80–100%

The AML program is operationalized end-to-end with structured evidence at every layer.

Next step: Operate steady-state; re-run after every FinCEN advisory or rule update.

Key takeaways

Structuring remains the highest-frequency enforcement focus. If sub-threshold aggregation is weak, nothing else holds.
Layering detection requires a transaction graph, not just account-level signals.
Source-of-funds anomalies are nearly always missed by firms without expected-activity baselining at onboarding.
PEP and sanctions screening cadence is the most common 'easy finding' — list refreshes lag and the gap is visible from the data.

FAQ

Does this apply to RIAs?

AML/BSA obligations primarily apply to broker-dealers, banks, and money services businesses. RIAs face proposed rulemaking expanding AML obligations; firms preparing for that should run the scorecard structurally even before the rule is final.

How does synthetic data help with AML rule tuning?

Synthetic transaction corpora let the firm model the impact of a threshold change (e.g. structuring window from 7d to 14d) on false-positive volume before deploying it to production. The CRA / Underserved Lending Pack and AML-targeted typology archetypes provide the seed data.

What if we use a third-party AML platform?

The firm is responsible regardless of vendor. Score the firm's signals and evidence; if the vendor can't produce them, the gap is the firm's to close.