Skip to main content
Image coming soon

AML Investigation Skills for Complex Bank Accounts

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

AML Investigation Skills for Complex Bank Accounts

Build the end-to-end investigative method: alert triage, transaction pattern analysis, SAR narrative writing, and regulator-ready file construction.

The alert fired twice. The transaction pattern is real, but the file is not yet ready to support a SAR narrative a regulator will accept. You have the data. The gap is the method to connect it.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

AML investigators at large financial institutions carry caseloads where the straightforward alerts resolve quickly and the complex ones accumulate. The accumulation problem is methodological: layering patterns across correspondent accounts, beneficiary jurisdictions with inconsistent documentation standards, and customer structures that evolved over years require a disciplined reconstruction process before any SAR narrative can be written with confidence. The regulator does not want to see uncertainty in the filing. They want to see a clean chain from the observed transaction behaviour to the suspicion conclusion, with supporting artefacts that could survive a BSA/AML examination. Most investigation training covers the regulatory framework. Very little of it covers the case construction method that gets a complex file from open to closed.

What you walk away with

  • Triage an alert queue using a structured risk-tier framework so complex cases are separated from routine ones at the point of assignment.
  • Reconstruct a multi-hop layering pattern across correspondent and beneficiary accounts using a documented entity-mapping method.
  • Apply jurisdiction risk layering to a transaction chain and produce a written risk assessment that meets FATF guidance standards.
  • Write a SAR narrative that explains the suspicion conclusion to a non-specialist reviewer without overstating or understating the evidence.
  • Build a case file structure that satisfies both internal quality review and external examination requirements.
  • Identify the common documentation gaps that cause a file to be sent back for rework and prevent them before the first review.

The 12 modules

Module 1. Alert Triage: Separating Complex Cases from Routine Ones
Most investigators process alerts in arrival order. This module builds a structured triage framework that separates layering indicators, dormant account reactivations, and jurisdiction-flag combinations from straightforward name-match and structuring alerts. You leave with a written triage rubric you can apply to an incoming queue the same day, including the threshold criteria that trigger immediate escalation versus standard investigation tracks.
Module 2. Reading a Transaction Pattern: What the Alert Actually Tells You
Transaction monitoring alerts describe a symptom, not a finding. This module teaches the analytical reading of alert data: how to identify the primary account, trace the downstream counterparties, and recognise the three most common pattern types in complex layering cases. You work through a reconstructed case example with correspondent account records and beneficiary jurisdictions, and produce a pattern summary document that becomes the spine of the investigation file.
Module 3. Entity Mapping: Building the Account Cluster Diagram
Complex investigations involve account clusters that are not visible in a single alert record. This module covers entity mapping methodology: how to identify related accounts through shared beneficiaries, correspondent relationships, and timing clusters; how to document those relationships in a diagram format that works for both internal review and regulator examination; and how to scope the cluster so the investigation does not expand indefinitely. You produce a template entity map structured for a tier-1 correspondent banking environment.
Module 4. Jurisdiction Risk Layering: Using FATF and OFAC Context in the Case File
Jurisdiction risk is referenced in almost every complex SAR but often poorly documented. This module covers how to apply FATF mutual evaluation findings, OFAC jurisdiction designations, and correspondent bank risk ratings to the transaction chain in a way that is auditable. You build a jurisdiction risk layering worksheet that connects each transaction hop to a documented risk rating, and learn the difference between using jurisdiction risk as context versus using it as a suspicion conclusion.
Module 5. Customer Risk Profile Review: Reading the Relationship History
Most complex investigations involve a customer the bank has held for years. This module covers how to read the relationship history as investigative data: KYC refresh records, prior alert dispositions, documented customer explanations, and account activity trend lines. You learn to identify the moment in the relationship history where the current transaction pattern first diverged from the established baseline, which is often the single most important sentence in the SAR narrative.
Module 6. Correspondent Banking Records: How to Request and Interpret Them
Many layering patterns run through correspondent accounts where the investigator does not have direct visibility into the underlying transaction detail. This module covers the formal and informal channels for obtaining correspondent bank records, what information can reasonably be requested within a correspondent relationship, how to document the request and response in the case file, and how to handle non-response without stalling the investigation. You produce a correspondent inquiry template aligned with Wolfsberg Group standards.
Module 7. Documenting the Investigation: File Structure That Survives Examination
The investigation methodology only matters if it is documented in a way a BSA examiner can follow. This module covers the required file structure for a complex AML investigation: the opening memo, the evidence log, the analytical narrative, the disposition decision, and the SAR attachment if applicable. You build a file structure template that matches examiner expectations, with guidance on what belongs in each section and what common errors trigger requests for additional information.
Module 8. Writing the Analytical Narrative: Connecting Evidence to Suspicion
The analytical narrative is the section most investigators find hardest to write. This module teaches the logical structure: begin with the observed transaction behaviour, connect it to the account cluster context, apply the jurisdiction and customer risk factors, and arrive at a defensible suspicion conclusion. You work through two annotated narrative examples and identify the precise differences between one that holds up to examination and one that does not. You leave with a narrative outline template for your next case.
Module 9. SAR Narrative Writing: The 14-Field FinCEN Structure
The SAR filing has a specific structure that differs from the internal investigation narrative. This module covers the FinCEN SAR form architecture, how to write the narrative section for a complex layering case without vague language that draws a follow-up inquiry, and how to handle an ongoing investigation at the time of filing. You produce a SAR narrative draft for a sample layering case using the module template, characterising suspicious activity without making legal conclusions.
Module 10. No-SAR Dispositions: Documenting the Decision Not to File
A large proportion of complex investigations close without a SAR. This module covers the documentation requirements for a no-SAR disposition: what the file must contain to demonstrate the investigation was thorough, how to document the customer explanation if one was provided, and how to write the disposition memo in a way that would satisfy a regulator reviewing the decision. You learn the threshold questions that distinguish a well-documented no-SAR from an inadequately supported one.
Module 11. Quality Review: How Your File Will Be Read
Internal quality review and external examination read case files differently from the investigator who built them. This module teaches you to read your own file as a reviewer would: checking for unsupported analytical leaps, missing decision documentation, and conclusions that outrun the evidence. You apply a structured self-review checklist to a sample file and identify the five most common rework triggers. This is the module that most directly reduces turnaround time on complex cases.
Module 12. Building Your Investigation Method: From Case to Repeatable Process
The final module draws together the tools from modules 1 through 11 into a documented personal investigation method. You build a case opening checklist, a midpoint review trigger list, and a closing documentation standard that you can apply consistently across a full caseload. The accompanying implementation playbook is hand-built for your role and contains worked examples calibrated to correspondent banking and large retail bank investigation contexts, ready to use on your next complex case.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Alert arrives with layering indicators. Modules 1-2 give you the triage decision and the pattern reading before you open a full investigation.
Investigation is open and the account cluster is larger than one record. Modules 3-6 give you the entity mapping, jurisdiction layering, customer history review, and correspondent record process.
File is built and you need to write it up. Modules 7-9 give you the internal narrative structure and the SAR form architecture.
Investigation closes without a filing, or your file goes to quality review. Modules 10-11 give you the no-SAR documentation standard and the self-review process that prevents rework.

What you get with this course

  • 12 written modules covering the full AML investigation lifecycle from alert triage to SAR filing or documented no-SAR disposition
  • Downloadable templates for every stage: triage rubric, entity map, jurisdiction risk worksheet, correspondent inquiry, case file structure, analytical narrative outline, SAR narrative draft, no-SAR disposition memo, self-review checklist
  • Two annotated SAR narrative examples showing the specific language differences between a filing that satisfies examination and one that does not
  • Hand-built implementation playbook calibrated to correspondent banking and large retail bank investigation contexts, delivered alongside course access

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

Before and after

Before

Complex cases accumulate because the reconstruction work does not have a documented method behind it. The SAR narrative takes longer than it should because the connection between the transaction pattern and the suspicion conclusion is not written into the file structure as you go.

After

Each investigation opens with a triage decision, runs through a documented reconstruction process, and closes with a file structured for examination. The SAR narrative is the last step of a method, not a summary written from memory after the investigation is complete.

What happens if you do not address this

Complex cases that lack a documented investigation method are the ones most likely to be returned by quality review, flagged in examination, or misclassified at disposition. The investigative knowledge is already there. The gap is a structured process that makes the method visible to reviewers who were not in the case from the start.

Who it is for

AML investigators and financial crime analysts at tier-1 and tier-2 banks who handle complex transaction monitoring alerts. You understand the regulatory landscape. What you are building is the investigative discipline to move cases with layered patterns from alert to closed SAR or closed no-SAR faster, with documentation that holds up to examination.

Who this is NOT for. Entry-level transaction monitoring analysts running simple name-match alerts. Compliance officers whose primary work is policy-writing rather than case investigation. Anyone whose institution uses a third-party investigations team and does not conduct the analysis in-house.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. 12 modules at your own pace. Each module takes 30-45 minutes to read and complete the accompanying template. Most investigators work through the course over two to three weeks alongside an active caseload.

Why $199 is the right number

Generic AML certification programs cover the regulatory framework well and the investigation method very little. Internal training at most institutions covers the specific system workflow, not the analytical discipline. This course fills the gap between knowing the rules and building the case file that holds up.

FAQ

Does this apply to the investigation process at a large international bank, or is it written for smaller institutions?
The course is written for complex correspondent banking and large retail bank environments. The entity mapping, jurisdiction risk layering, and correspondent record modules are specifically built for cases where the investigator does not have direct visibility into all accounts in the chain.
My institution uses a specific case management system. Will the templates work with that?
The templates are format-agnostic and designed to be adapted into any case management system. The underlying structure follows standard BSA/AML examination expectations, so the content transfers regardless of the system used to hold it.
Is this relevant outside the US regulatory context?
The SAR filing module is US-focused (FinCEN structure). The investigation methodology, entity mapping, jurisdiction risk layering, and case file structure modules apply across FATF-member jurisdictions. The correspondent banking and correspondent record modules are globally applicable.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!