Case Study

The Silent Drain: Detecting a Slow-Burn Money Laundering Network

How RemitSo's Continuous Transaction Monitoring Uncovered a 90-Day Layering Scheme That Manual Reviews Would Have Missed Entirely

Industry: Money Services Business
Region: United Kingdom / UAE / Nigeria
Classification: Confidential
23
Linked Accounts Identified
£187K
Laundered Funds Intercepted
90 Days
Monitoring Window
340+
Transactions Analyzed
Zero
Manual Alerts — Initially

Executive Summary

A UK-based FCA-registered payment institution deployed RemitSo's white-label remittance platform to serve diaspora communities across 25+ corridors. Over a 90-day period, RemitSo's continuous transaction monitoring system tracked subtle, evolving patterns across 23 seemingly unrelated accounts — gradually building a risk profile that revealed a sophisticated layering operation routing £187,000 through the UAE to Nigeria-based shell entities. No single transaction exceeded reporting thresholds. No single alert was conclusive. Only persistent, intelligent monitoring connected the dots.

The Critical Insight

No single transaction exceeded reporting thresholds. No single alert was conclusive. Only persistent, intelligent continuous monitoring connected the dots — something no manual review process could achieve.

The Challenge
When Nothing Looks Wrong

Unlike the dramatic red flags of sanctions evasion or identity fraud, this case presented the most dangerous form of financial crime — transactions that individually appeared entirely legitimate. The operator's compliance team conducted regular manual reviews and found nothing unusual. Every customer had passed eKYC, every transaction had a plausible purpose, and no single amount triggered reporting thresholds.

What made this scheme invisible to traditional monitoring:

💸
Low-Value Consistency

Individual transactions ranged between £200 and £800 — well below the £1,000 threshold that typically triggers enhanced scrutiny.

🕐
Varied Timing

Transactions were spaced 5–12 days apart per account, deliberately mimicking genuine family remittance patterns.

👥
Diverse Profiles

Senders included healthcare workers, students, and small business owners — a natural demographic mix for diaspora remittances.

🌍
Multiple Corridors

Transactions initially appeared to target different receiving countries before converging on common intermediary accounts in the UAE.

The Core Problem

Manual compliance reviews operate on snapshots — reviewing individual transactions or periodic reports. Sophisticated launderers exploit this by designing patterns that only become visible when monitored continuously over weeks and months.

How RemitSo's Monitoring Engine Detected It

The Risk Rule Engine's 55+ automated factors accumulated micro-indicators across four escalating phases — from baseline profiling to critical escalation over 13 weeks.

Risk-O-Meter Progression — 90 Days
Weeks 1–2  ·  0 of 23 flagged 18/100 — LOW
Weeks 3–5  ·  8 of 23 flagged 42/100 — MEDIUM
Weeks 6–9  ·  19 of 23 flagged 67/100 — HIGH
Weeks 10–13  ·  23 of 23 flagged 91/100 — CRITICAL
TimelineFlaggedClassification
Weeks 1–20 of 23LOW
Weeks 3–58 of 23MEDIUM
Weeks 6–919 of 23HIGH
Weeks 10–1323 of 23CRITICAL

Detection Phases

Weeks 1–2 — Baseline Behavior Profiling
RemitSo's Risk Rule Engine began building behavioral baselines. All 23 accounts showed normal activity — small, periodic transfers to Nigeria, Ghana, and UAE. Risk scores: 10–25. No alerts generated.
Weeks 3–5 — Subtle Pattern Divergence
8 accounts began routing to a common UAE intermediary. Average transaction values rose £280 → £620. Intervals shortened 10–12 days → 5–7 days across 11 accounts. 6 accounts changed declared purpose from "Family Support" to "Business Investment" without profile updates.
Weeks 6–9 — Network Mapping & Sanctions Screening
Risk Radar surfaced all 23 accounts as a connected cluster. All funds routing through 3 UAE intermediaries into 7 Nigerian beneficiaries. Sanctions engine found one Nigerian beneficiary as partial OFAC SDN match. Document verification revealed 5 senders had KYC documents with sequential serial numbers. Device fingerprinting: 14 of 23 accounts accessed from just 4 unique devices, IPs concentrated in East London.
Weeks 10–13 — Automated Escalation & Account Suspension
All 23 accounts breached Critical threshold (85/100). System automatically triggered suspension, froze £12,400 in pending transactions, and escalated all accounts to the CCO's queue. 360-degree Customer Profiles compiled a complete evidentiary package.

Deep Investigation: Unmasking the Network

Money Laundering Flow — UK → UAE → Nigeria
🇬🇧 UK 23 Senders 🇦🇪 UAE 3 Intermediaries 🇳🇬 Nigeria 7 Shell Cos PLACEMENT LAYERING INTEGRATION
Transaction Flow Analysis
StageDetailsVolume
Placement 23 UK senders → individual small transfers £187,340
Layering Consolidated into 3 UAE intermediary accounts £182,100
Integration Disbursed to 7 Nigerian shell company accounts £176,800
Device Fingerprint Finding

14 of 23 accounts accessed from just 4 unique devices. IP addresses concentrated in East London — confirming coordinated, centralised operation.

Immediate Containment
Response & Regulatory Action
  • All 23 sender accounts suspended and reclassified via RemitSo's Customer Segments to "Blocked — AML Investigation."
  • 3 UAE intermediary recipient accounts permanently blacklisted across the entire platform.
  • £12,400 in pending transactions frozen; £174,940 in completed transactions flagged for tracing.
  • RemitSo's High-Risk Country Management module updated to apply enhanced monitoring to all UAE–Nigeria corridor transfers.

Regulatory Reporting

AuthorityAction Taken
UK NCA (National Crime Agency)Suspicious Activity Reports filed for all 23 accounts with full transaction histories, device fingerprints, and behavioral timeline
FCA Compliance TeamProactive notification to the firm's FCA supervisor demonstrating the effectiveness of automated monitoring controls
UAE Financial Intelligence UnitIntermediary account details shared for downstream investigation
NFIU NigeriaBeneficiary account information and transaction flow analysis shared via international cooperation channels
Post-Incident Policy Enhancement

Five enhanced rules implemented via RemitSo's AML engine: (1) Recipient convergence alerts when 3+ senders target the same beneficiary within 30 days. (2) Behavioral drift detection comparing current patterns against 60-day baselines. (3) Mandatory EDD for cumulative transfers exceeding £3,000 per corridor per rolling 30 days. (4) Device-to-account ratio limits of max 3 accounts per device. (5) Automated cross-corridor flow analysis for intermediary jurisdiction patterns.

Why Continuous Monitoring Wins

Sophisticated money laundering operations are designed to evade point-in-time compliance checks. Only continuous, behavioral monitoring revealed the full scope of this network.

1

Behavioral Baselines

Continuous profiling catches drift that point-in-time snapshots completely miss — no matter how thorough the manual review.

2

Risk Score Evolution

Dynamic scoring escalated 23 accounts from Low to Critical over 90 days, automatically — with no analyst required to trigger the alert.

3

Network Detection

Risk Radar connected 23 isolated accounts into one visible cluster. No single account was suspicious — the pattern was.

4

Cross-Corridor Analysis

Intermediary jurisdiction patterns exposed the layering structure across multiple corridors, connecting UK senders to Nigerian shell entities.

5

Automated Escalation

System-driven suspension and freeze prevented further fund movement without any human delay in the decision chain.

6

Audit Trail

Complete evidence package enabled coordinated reporting to four regulatory bodies across three jurisdictions — all from one platform.

"The most dangerous financial crimes are not the ones that trigger alarms — they are the ones designed to avoid them entirely."

RemitSo's continuous transaction monitoring engine — combining behavioral baselines, dynamic risk scoring, cross-corridor analysis, and unified Risk Radar intelligence — ensures that even the most patient, carefully constructed laundering networks are detected, traced, and reported.

Compliance is not a moment — it is a continuous commitment to vigilance. With RemitSo, that vigilance never sleeps.

Download the Full Case Study

Get the complete analysis including detailed forensic findings, regulatory references, and implementation recommendations.

Download PDF — Free

Build compliance that never sleeps

RemitSo's continuous transaction monitoring detects what manual reviews miss — across every corridor, every account, every day.

Schedule a Demo
WhatsApp Icon