Money laundering (ML) is a process of depositing earnings from criminal activity into the financial system with the sole purpose of concealing the source of funds while avoiding law enforcement. Its impact on the U.S. economy and global financial stability is enormous.
Money laundering comprises approximately 2% of the U.S. GDP. Globally, between $500 billion and $1 trillion is laundered annually through international formal banking systems and informal money transmitting networks.
Criminal organizations can target any of the 11,000 depository institutions and 29,000 money service businesses registered in the U.S., placing the entire financial ecosystem at significant AML/CFT exposure risk.
Financial crime is not just a U.S. issue — trillions of dollars are lost in tax revenue, the war on drugs, and combating terrorist finance. These resources could otherwise be utilized in fighting world hunger and illiteracy.
"The problem to be addressed by this study is to determine the effectiveness of current Anti-Money Laundering (AML) compliance strategies in detecting and reporting Money Laundering (ML) schemes by the financial institutions and to what extent AML controls could be strengthened to reduce ML exposure."
The purpose of this qualitative case study was to explore the effectiveness of current AML controls in detecting and reporting ML/TF schemes and to identify additional controls to further strengthen banking compliance strategies.
What are the compliance officers' perceptions on current AML/CFT controls in a U.S. financial institution that has been used to deter, detect, and report money laundering & terrorist financing schemes/transactions?
What is the compliance officers' opinion on developing and implementing additional AML/CFT controls needed to reduce money laundering & terrorist financing exposure?
How do compliance officers experience the role of senior management in influencing compliance culture in a financial institution?
The theoretical framework utilized in this study was Barry M. Mitnick and Stephen Ross's Theory of Agency (1973). Agency theory explains the relationship between the principal — the party that grants authority — and the agent who is to enact that authority and perform the action.
Agency theory was applied to understand the financial relationship of a corporation and the decision-making governance process between a principal (customer) and an agent (bank). The issue arises when the agent bank fails or ignores to recognize the criminal activities of the customer, which forms the foundation of the ML scheme.
AML regulations add further complexity to the agency relationship: the agent bank must manage two agency roles simultaneously — serving customers and complying with banking regulators. This dual role caused a significant increase in compliance costs for banks and, in return, hurt profit margins.
The theory creates a dual role for the bank: comply with regulatory requirements and create income for shareholders, while maintaining lower expenses and budgets — a fundamental tension at the heart of AML compliance culture.
Principal → Customer
Agent → Bank
Regulator → Third Principal
The literature review synthesized 2,702,363 scholarly and peer-reviewed articles — with 668,858 published between 2019–2022 — covering AML controls, transaction monitoring, KYC, and financial crime risk across global jurisdictions.
Deposits are made in financial institutions to open accounts or purchase securities. This is the most critical stage, as money is still connected to its source activity. Criminals use financial institutions with weak AML controls and a network of money mules to deposit small amounts below the reporting threshold.
The aim is to conceal the source of funds through a series of complex transactions. Launderers move illicit funds across several accounts and wire to shell companies, creating complex layers hard to trace. International remittances, real estate investments, and high-value goods are common layering tactics.
Illicit funds are returned to the launderers appearing clean. Money is inserted back into the economy to finance criminal or terrorist activities. Criminal organizations use the funds to buy casinos, hotels, restaurants, real estate, and other businesses to appear legitimate.
A qualitative multiple case study research design was selected to explore inefficiencies from participants' viewpoints by applying real-world scenarios and capturing the lived experiences of compliance professionals.
Qualitative case study methodology using Creswell's (2018) framework. Case study design was chosen over ethnography, grounded theory, phenomenology, and narrative approaches to best address the effectiveness of AML controls and gain in-depth knowledge of compliance failures.
Contacted 26 participants; 14 compliance officers were interviewed via teleconferencing. Participants were recruited through personal networking within the AML investigator community. Eligibility required a minimum of 5 years of experience managing AML/CFT controls in U.S. financial institutions.
Semi-structured, open-ended interviews lasting 40–60 minutes each. Sessions were audio/video recorded and transcribed. Transcriptions were sent back to participants for member checking — a verification process that enhances the trustworthiness and narrative accuracy of qualitative findings.
Transcribed interviews were uploaded into NVivo, a qualitative & statistical analysis tool by QSR International. NVivo was used to structure and code interview responses, identify emerging trends, and synthesize common themes across the 14 participant narratives.
IRB approval was received on February 10, 2023 from Northcentral University. Compliance professionals from U.S. financial institutions, advisory firms, and FinTech companies were contacted via email. Participants were screened for background, experience, conflict of interest, and confidentiality.
Alphanumeric IDs were created for each participant to distance them from their responses and employment status. All files, mapping logic, interview transcripts, and recordings were password-protected and secured on an encrypted USB drive in a safe deposit box. Data retained for 3 years.
Key limitations included: (1) participants' reluctance to openly discuss AML/CFT efforts within their institutions; (2) personal bias against law enforcement agencies such as FinCEN, OCC, OFAC, and state regulators; and (3) sensitivity around government regulations including the BSA, USA PATRIOT Act, and AMLA potentially limiting scope.
Data was analyzed using NVivo coding and thematic analysis. Fourteen compliance officers from major U.S. financial institutions contributed their lived experiences, producing nine distinct themes across the three research questions.
Five participants noted that past events — including 9/11, the financial crisis, and the 1MDB case — triggered regulatory change. Participant CO22 coined the term "Regulatory LAG," noting that by the time a program is built and running, the next crisis has already occurred and the focus must shift again.
All 14 participants unanimously agreed on the critical role of technology in managing AML/CFT controls. Five noted that having the technology is important, but having the resources and skills to properly manage it is more critical. Participant CO2: "Technology coupled with human resource management is an ideal goal, but we are not there yet."
40% of participants commented on the lack of regulatory guidance and conflicting statutory information from enforcement agencies. Participant CO29: "Regulatory changes and guidance from regulators require custom changes. It's not one-fit-for-all scenarios for banks — it's scenario-driven."
5 of 14 participants identified an industry-wide trend of lacking a central data repository, human capital to manage programs/models, and financial capital to deploy efficient processes. Participant CO2: "Managing resources efficiently only becomes important if there is regulatory enforcement on the horizon."
60% of participants indicated a need to develop additional controls tailored to their institution's client types, services, and jurisdictions. Participant CO2: "Controls must be agile enough to be customized to fit the risk appetite of the institutions. Retail and commercial banking controls have to be different per business segment."
The majority of participants had worked on developing, implementing, and maintaining rule-based screening solutions. Participant CO22 was one of the first people in the industry to create a Financial Intelligence Unit (FIU): "Back in 2004, I testified before Congress — we were the first bank to create fraud teams and expertise. Bringing fraud and ML together created a better program."
All participants agreed that senior management plays a critical role in instilling a compliance culture. Participant CO31: "The primary role of senior management is to set the tone and define what combating FinCrime means for the firm, what risk they don't want to take, and communicate it top to bottom."
Participants emphasized that the compliance message must come from the top down. Participant CO1 noted that a former CCO had a great marketing framework: "We are all compliance officers" — alluding to the fact that everyone in the institution is responsible for compliance culture.
50% of participants expressed concerns over the effectiveness of the three-lines-of-defense model. Terms used included "concept from consulting firms," "conflict of interest," "highly effective, highly inefficient," and "my job vs. your job" — signaling significant structural gaps in compliance accountability.
The implications of this research span regulatory design, institutional compliance strategy, and senior leadership culture — each tied directly to the Agency Theory framework applied in the study.
This research provides actionable recommendations for the financial industry, regulatory bodies, and future scholars — and establishes a foundation for expanding AML/CFT knowledge internationally.
Explore ways to consistently implement AML/CFT measures enacted by regulatory change — clearly understood by all stakeholders, including the financial sector, FinTech companies, and advisors — creating a comprehensive and consistent BSA program that leaves no room for misinterpretation.
Key professionals from the private sector — accountants, lawyers, business registered agents, and investment bankers — are key stakeholders in detecting ML schemes and must be integrated into a comprehensive AML strategy across all 11,000 depository institutions and 29,000 MSBs in the U.S.
Financial institutions should not wait for enforcement action to strengthen compliance strategies. Proactive investment in compliance infrastructure, training, and technology is essential to stay ahead of evolving criminal methodologies.
Future studies can expand the scope of BSA/AML to international jurisdictions — examining how AML/CFT measures function across different legal systems, banking frameworks, and geopolitical environments.
The non-banking sector — including casinos, art dealers, real estate brokers, and insurance companies — remains underexplored and represents a significant gap in the AML literature.
The digital world of cryptocurrency and decentralized finance (DeFi) presents the most urgent frontier for future AML/CFT research, given its rapid growth and unique challenges for transaction monitoring and beneficial ownership identification.
The industry of money laundering and terrorist financing is estimated to be between 2% and 5% of global GDP — between US$800 billion and US$2 trillion — making it one of the largest criminal enterprises in the world. A qualitative case study of 14 compliance professionals revealed that current AML controls are largely reactive, resource-constrained, and in need of proactive, technology-driven, and risk-appetite-specific enhancements. A common theme: the lack of resources for the compliance function, and ambiguous guidance from regulatory agencies, pose the greatest threats to developing and maintaining an effective compliance program.
Download the full dissertation manuscript to explore the complete literature review, methodology, findings, and references in detail.