CRF ¦ Update of the goAML Indicators

New collaborative approach serving the national AML/CFT Framework

The new goAML Indicators handbook offers a structured, pragmatic step forward for improving the quality and usefulness of Suspicious Activity Reports (SARs) and Suspicious Transaction Reports (STRs). By grouping factual elements of suspicion into clearly defined categories and selectable indicators, the handbook helps reporting entities provide the Financial Intelligence Unit (FIU) with more precise, consistent and actionable information. That in turn speeds prioritization, reduces follow‑up queries, and strengthens the FIU’s ability to detect typologies and emerging risks. The approach is voluntary but strongly encouraged – it is most valuable when reporting entities choose indicators that accurately reflect the factual elements described in their narratives.

The indicator framework – what it does and how to use it

At its core, the framework organises suspicion into thematic categories such as Trigger of Suspicion, ML/TF Typology, ML/TF Affected Sector, Product Used for ML/TF, Suspected Person/Entity, Suspected Predicate Offence, Suspicious Amount, Time Elapsed, Relationship Status, Crypto, E‑commerce and others. Early goAML deployments implemented five categories; the handbook documents a broader set that ultimately delivers 12 of 13 planned categories, each with multiple discrete indicators and short guidance on intended use.

Reporting teams should select every indicator that materially contributed to their decision to report, not only the initial trigger. Indicators are chosen on the basis of factual elements and context contained in the report – for example, mismatches between declared business activity and transaction flows, offshore routing, or open‑source adverse media. When an indicator does not fully capture a specific nuance, the “Other” option with a brief explanatory text field is available. The handbook emphasises avoiding double counting when selecting suspicious amounts and clarifies that the Suspicious Amount should reflect only the funds that give rise to the suspicion.

Bastian Schwind-Wagner _Follow

"The goAML Indicators handbook provides reporting entities with a clear, structured way to tag the factual elements that give rise to suspicion, improving clarity and reducing follow‑up queries. By selecting indicators grounded in documented facts, reporters help the FIU prioritise, aggregate typologies, and act faster on high‑risk cases.

Widespread, consistent use of these indicators strengthens the national AML/CFT framework by making reports more actionable and comparable across sectors. This collaboration benefits both reporting entities and investigators, enhancing prevention and detection of money laundering and terrorist financing."

Trigger of suspicion – capture the factual spark

The “Trigger of Suspicion” category records the concrete element or circumstance that first prompted concern. Examples include unusual transfer amounts, cash transactions, frequent high‑value or numerous small transactions (smurfing), geolocation anomalies, impersonation fraud, beneficial ownership issues, inconsistencies in KYC/KYT documentation, involvement of minors, non‑response from a client, links to high‑risk jurisdictions, use of offshore entities, open‑source adverse media, phishing attacks and PEP involvement. The handbook clarifies borderline cases: phishing indicators apply to attempts and successful attacks; third‑party involvement covers account takeover scenarios (often selected alongside Impersonation Fraud); and non‑transactional links to high‑risk countries can be flagged without direct payments to those jurisdictions.

ML/TF typologies – describe the method, not just the products

The ML/TF Typology category lets reporters identify methods used to disguise or move illicit funds. Typical entries include beneficial ownership concealment, circular transactions, complex multi‑layered schemes, cyber‑enabled fraud, trade‑based laundering (TBML), misuse of legal entities or crowdfunding, suspicious loans, money mule networks and misuse of virtual assets or AI. The handbook defines “complex” as purposeful multi‑jurisdictional layering with opaque ownership and repeated transfers designed to frustrate traceability. Selecting a typology grounds the FIU’s further analysis and helps build cross‑case pattern detection.

Sector and product – where and with what

The ML/TF Affected Sector and Product Used for ML/TF categories distinguish between the sector where suspicious activity occurs and the instruments employed. A single case can implicate multiple sectors – real estate and banking are a common paired example – and reporters are asked to choose the sector(s) to which the suspicious activity relates, not merely the sector of the reporting entity. Product indicators include bank accounts, cards, e‑money, crypto‑assets, virtual IBANs, loans, investment funds, precious metals, real estate, high‑value goods, gift cards and more. Clear tagging of sector and product enables the FIU to issue targeted feedback to relevant supervisors and to refine sectoral typologies.

Suspected persons and predicate offences – identifying roles and underlying crimes

The suspected person/entity category distinguishes account holders, proxies, investors, shareholders, third‑party individuals or entities, underlying clients and ultimate beneficial owners. Accurately tagging the role helps investigators focus on control and beneficial ownership pathways. The Suspected Predicate Offence category asks reporters to indicate the crime believed to underlie the suspicious flows – examples in the handbook include corruption and bribery, fraud variants, drug trafficking, tax offences, smuggling, organised crime, terrorism financing, sexual exploitation, weapon trafficking and sanctions evasion. The handbook reiterates that reporters are not required to legally qualify offences but should select predicate offence(s) reasonably linked to the facts presented.

Amounts and timelines – consistent and non‑duplicative reporting

Guidance on Suspicious Amount stresses that reporters should include only the value related to the suspicious activity, do not double count linked incoming and outgoing legs of the same operation and, where a transfer was only attempted, report the intended amount. A clear set of bucketed ranges simplifies categorisation. The Time Elapsed field captures how long since the most recent suspicious transaction and helps the FIU prioritise urgent cases – reporters should select the interval since the last suspicious movement.

Relationship status and case handling decisions

The Relationship Status category provides context on whether the report concerns onboarding (accepted, ongoing or refused), an on‑going relationship, an account that has been blocked, or an offboarded client. This information helps the FIU understand what immediate risk‑mitigation measures the reporting entity has taken and whether further action may be required.

Crypto and e‑commerce specific indicators

Recognising technology‑enabled risks, the handbook introduces crypto and e‑commerce indicators. Crypto items include darknet market links, transactions to obfuscation platforms (mixers, CoinJoin or DeFi privacy tools), instant withdrawals after deposits, links to fraudulent smart contracts and suspicious flows from gaming, NFT or gambling platforms. E‑commerce indicators cover buyer complaints, dissolved entities, gift card misuse, non‑delivery, rights owner complaints and unauthorised access. These targeted indicators reflect the distinct behaviours seen in digital ecosystems and improve the FIU’s ability to triage crypto‑related and platform‑based cases.

Case studies – how the indicators should be applied

The handbook supplies several fictionalised case studies to illustrate practical selection of indicators. Examples include a bank reporting a high‑value real estate laundering case using offshore entities and adverse media – where reporting choices included Beneficial Ownership Issues, Offshore Based Companies, Open‑Source Information and Real Estate as the product; an alternative investment fund flagging a €6 million subscription routed via an offshore vehicle and suspicious downstream loan to a related construction company – here key indicators included Offshore Based Companies, Third‑Party Involvement, Suspicious Loans and Investment Fund as product; an e‑money provider detecting a rapidly drained newly opened account used as a transit account consistent with money mule activity – selected indicators were Frequent Small Transfers, Transit Account, Cards, Phishing and Smurfing; and a TCSP describing a multi‑jurisdictional structure with backdated loan agreements, sanctions‑listed director and opaque intercompany flows – indicators included Beneficial Ownership Concealment, Inconsistencies in KYC, Sanctions Lists, Loans and Real Estate.

FAQ highlights – common practical clarifications

The handbook’s FAQ addresses frequent operational questions. It confirms that “Amount of transfer” may be applied across debits, credits and cash movements when the amount itself raises concern; that “Use of forged documents” should be selected when any document appears falsified or partially altered; that “Third‑party involvement” appropriately covers account takeover scenarios (often combined with Impersonation Fraud); and that reporter should include every indicator that contributed to the decision to file, not solely the initial trigger. It also clarifies that suspected predicate offences should be those reasonably connected to facts in the report, regardless of whether the offence exploited the reporter’s product.

Practical benefits and implementation considerations

For reporting entities, consistent use of indicators reduces ambiguity in submissions, lowers the need for FIU follow‑up requests, and supports a more targeted articulation of suspicion. For the FIU, structured indicators improve automated triage, enable cross‑case aggregation, reveal sectoral trends, and accelerate prioritisation for urgent or complex investigations. The handbook stresses careful selection – indicators should be grounded in documented facts and not used as guesswork – and recommends using the “Other” field with brief explanation when necessary.

Conclusion – better reporting, better outcomes

The goAML Indicators handbook is a collaborative tool designed to strengthen the national AML/CFT framework by promoting clearer, more consistent reporting. When reporting entities adopt it on a best‑effort basis and embed indicator selection into their SAR/STR workflows, the quality and analytic value of reports will improve. That improvement benefits all stakeholders: reporting entities gain clarity in their compliance decision‑making, the FIU receives more actionable intelligence, and authorities are better positioned to detect and disrupt money laundering, terrorist financing and associated predicate offences. For questions or feedback, reporting entities are invited to contact the FIU using the details provided in the handbook.

Dive deeper

• Cellule de Renseignement Financier (CRF) ¦ Update of the goAML Indicators ¦ Link