Reporting isn’t stopping laundering—and criminals know it
A man walked into a Chase Bank branch in Southern California carrying a backpack stuffed with $100,000 in cash. He wasn’t trying to hide. He wasn’t sneaking around. He calmly deposited the money with a teller, then moved on to other banks in the area to do it again. The bank flagged the transaction as required. But the in-plain-sight laundering network the depositor worked for would go on operating for years.
This scene, surveiled by a multi-year DEA investigation and reported this summer by The Wall Street Journal, is not just a compelling case study—it’s a clarion call. It forces us to ask a troubling question: What does it say about our AML Compliance system when American banks can follow AML rules and yet help move vast sums—untold millions of dollars—of drug money in and out the front door?
A case study in laundering without concealment
The network in question was allegedly run by a Chinese broker named Sai Zhang, who helped Mexico’s Sinaloa cartel launder tens of millions of dollars in drug proceeds. This particular operation—one of many, according to U.S. authorities—ran across at least four years, exploiting major U.S. banks, including Citibank, Chase, Bank of America, and Wells Fargo. Zhang and his associates made hundreds of large cash deposits at branches and ATMs, often using counterfeit IDs, shell companies, and a cadre of cash couriers.
Some of the deposits were structured to avoid detection. Many were not. One courier reportedly made 24 deposits at an ATM in 80 minutes. Another dropped off six figures in cash at a teller window. These were not sophisticated concealment efforts—they were acts of laundering conducted in broad daylight over and over and over.
Five gaps that let laundering thrive
1.Volume overload: Too many alerts, too little follow-up
American banks file tens of millions of CTRs and SARs every year. These filings are central to their AML Compliance efforts, but they are not sufficient. The generation of alerts has far outpaced the investigative capacity of U.S. authorities, as evidenced by the initially minimal follow-up of CTRs related to massive cash deposits in the Zhang investigation. Further, compliance teams often face enormous queues of alerts, many of which are low-priority or repetitive. In this environment, high-risk activity can blend into the noise. When money can be laundered openly and flagged as suspicious without meaningful consequence for the depositor, the reporting regime begins to look more symbolic than functional. This is not a failure of individual diligence—it is likely a failure of system design.
2.Fragmented intelligence: Data lives in silos
While institutions file alerts as required, many of those alerts are often processed in isolation. Transaction data is separated from customer risk profiles, which are separated from watchlist screening, which are separated from investigative context. In this environment, no one sees the full picture—except the criminals. Without integration and shared context, even strong data becomes functionally blind.
3.Speed mismatch: Criminals move faster than institutions
Couriers described in the WSJ feature deposited millions of dollars in hours, and they moved that money out of the banks very soon afterward. It can take weeks for an institution to escalate a single suspicious transaction internally. That time gap is the window that helps enable effective laundering. Sophisticated networks exploit institutional delays, knowing that velocity itself is a laundering tactic. When systems are slow, even accurate detection can arrive too late.
4.Compliance without orchestration
Many banks have robust systems for filing reports. But most still lack orchestration—the ability to connect disparate data points, workflows, and tools in real time. Without orchestration, there is no institutional memory and no cumulative risk intelligence. Alerts are handled one at a time, without the benefit of prior insight or predictive linkage. Risk becomes a flat data point rather than a developing story.
5. Incentive misalignment: Meeting the letter of the law, not the spirit
Perhaps the most sobering lesson is this: For many institutions, AML is viewed primarily through the lens of regulatory liability. If a bank meets its reporting obligations, closes risky accounts, and documents the steps taken, there may be little incentive to go further. In this model, compliance becomes a legal shield—not a risk strategy. The system encourages minimal sufficiency, not maximal efficacy.
What institutions can do differently
The takeaway isn’t that banks are doing something wrong. In fact, none of the banks used in the reported laundering operations are facing any accusations of AML failures. But still, the laundering of millions in drug proceeds occurred brazenly and without fear. So what might institutions do differently?
•Prioritize actionable intelligence: To address this era of high-volume, high-velocity cash laundering, financial institutions can leverage today’s RegTech to elevate the effectiveness of their AML Compliance. That means moving from a filing mindset, i.e. checkbox compliance, to an actionable-intelligence model.
•Orchestrate data and workflows: Connect KYC profiles, transaction monitoring, alerts, case management, sanctions screening, and external watchlists in a unified risk framework.
Adapt in real time: Use tools that support dynamic, risk-based workflows tailored to your institution’s risk appetite, regulatory obligations, and goals regarding the prevention of financial crime via your institution.
•Strengthen contextual visibility: Go beyond transaction alerts. Understand the customer in context–their behaviors, their networks, and their anomalies.
RegTechONE: A platform for orchestration and actionable intelligence
At AML Partners, we believe the future of AML is orchestrated. RegTechONE® is built to unify and accelerate AML Compliance work by enabling institutions to achieve the following:
•Automate and customize risk-based workflows through no-code workflows that are fully orchestrated
•Integrate siloed data and systems in real time through rich data orchestration
•Connect alerts to full risk context and resolution pathways
•Operate in alignment with regulatory obligations and internal policies for preventing financial crime
•Support audit-ready documentation for defensible decisions
What sets RegTechONE apart? Rich orchestration and automation
Because it was engineered as an API-ready Risk-centric orchestration platform, RegTechONE changes the paradigm for AML Compliance and preventing financial crime. For example, RegTechONE prioritizes orchestration:
•Data orchestration: Seamlessly unify internal and external data sources across departments, systems, and third-party feeds.
•Workflow orchestration: Build and adapt compliance workflows that reflect your institution’s risk appetite and governance models.
•AI/ML orchestration: Integrate AI tools, models, and third-party analytics into compliance operations—tailored to your data and calibrated to your needs.
Compliance must not become camouflage for financial crime
In a world where financial crime moves fast and in plain sight, institutions need tools that do more than react—instead, they need tools that help them anticipate, integrate, and act.
These horrifying examples of laundering cartel cash through the front door reminds us that reporting is only the beginning. Today’s AML leadership means connecting dots, accelerating decisions, and closing the gaps criminals rely on.
To stop laundering at scale, we have to go beyond compliance. We have to orchestrate for action.
