AML compliance construction best practices protect general contractors from unknowingly participating in money laundering schemes. The Financial Crimes Enforcement Network (FinCEN) identified construction as a high-risk industry for money laundering in its 2024 National Risk Assessment. Real estate and construction accounted for 22% of suspicious activity reports filed in the United States that year.

GCs process millions of dollars through complex subcontractor payment chains. Without proper controls, these payment flows can be exploited. This guide covers seven actionable steps for building AML compliance into your construction operations.

Step 1: Understand Why Construction Attracts Money Laundering

Construction projects involve large cash flows, multiple layers of subcontractors, and international material sourcing. These characteristics create opportunities for laundering illicit funds.

Common laundering methods in construction include inflating invoices and diverting excess payments, creating shell subcontractor companies that perform no real work, overpaying for materials through related-party suppliers, and using change orders to inject additional funds into a project.

GCs are not typically the laundering party, but they can become unwitting facilitators. When a sub submits inflated invoices and the GC pays without scrutiny, the GC has participated in moving illicit funds through the financial system.

Understanding these risks is the first step toward building effective controls.

Step 2: Implement Know Your Subcontractor (KYS) Procedures

Before onboarding any subcontractor, verify their identity and legitimacy. KYS procedures mirror the "Know Your Customer" (KYC) practices used in banking.

Verify business registration. Confirm the sub is registered with the state Secretary of State. Check that the registration is active and the registered agent is a real person.

Check ownership. Identify the sub's beneficial owners (anyone who owns 25% or more of the company). FinCEN's Corporate Transparency Act now requires most companies to report beneficial ownership information.

Review financial history. Request three years of financial statements or tax returns. Look for revenue patterns that match the sub's stated capacity. A company claiming $10 million in annual revenue that has only two employees raises questions.

Search enforcement databases. Check the sub against the OFAC Specially Designated Nationals (SDN) list, the System for Award Management (SAM.gov) exclusion list, and state debarment lists.

Due Diligence Check	Source	Cost	Frequency
Business registration	State Secretary of State	Free	At onboarding
Beneficial ownership	FinCEN BOI database	Free	At onboarding
OFAC SDN list	Treasury Department	Free	At onboarding + annually
SAM.gov exclusion	GSA	Free	At onboarding + per project
State debarment list	State procurement office	Free	At onboarding + per project
Financial statements	Sub provides	N/A	At onboarding
Credit report	Commercial provider	$50-$200	At onboarding
Reference checks	Prior clients/GCs	N/A	At onboarding

Step 3: Establish Payment Controls

Payment controls prevent your AP system from becoming a laundering conduit.

Verify banking information. Confirm that payment account details match the sub's registered business name. Flag payments directed to personal accounts, offshore accounts, or accounts in names that do not match the subcontractor entity.

Match payments to work. Every payment must correspond to documented work performed. Require signed daily reports, progress photos, and inspector verifications before processing invoices. This prevents payments for phantom work.

Monitor payment patterns. Watch for unusual patterns: invoices consistently at round numbers, rapid escalation of billing amounts, requests to split payments across multiple accounts, or sudden changes in banking details.

Limit cash transactions. Avoid cash payments to subcontractors. If a sub requests cash payment, this is a red flag that warrants additional scrutiny. Federal regulations require reporting cash transactions over $10,000.

Segregate change order payments. Change orders create opportunities for inflated costs. Require independent cost verification for all change orders above a threshold (commonly $25,000 or 5% of original subcontract value).

Step 4: Train Your Team on Red Flags

AML red flags in construction are specific and recognizable. Train your project managers, estimators, and accounting staff to identify them.

Subcontractor red flags. Newly formed companies with no track record bidding on large scopes. Subs that cannot provide verifiable references. Companies registered in states far from the project location without a clear business reason. Subs that pressure for immediate payment outside normal terms.

Financial red flags. Invoices that do not include supporting documentation. Billing amounts that exceed the work visibly completed. Requests to route payments through intermediary companies. Sudden changes to banking information mid-project.

Transaction red flags. Structured payments designed to stay below reporting thresholds ($10,000). Cash-intensive transactions without clear business justification. Payments to countries with weak AML enforcement. Round-number invoicing patterns.

Include AML awareness in your government contractor whistleblower compliance training program so employees know how and where to report suspicious activity.

Step 5: Document Your AML Compliance Program

A written AML compliance program demonstrates your firm's commitment to preventing financial crimes. The program should include four elements.

Policy statement. A clear declaration that your firm prohibits involvement in money laundering and will report suspicious activity to authorities.

Risk assessment. An analysis of where your operations face the highest AML risk. For most GCs, this centers on subcontractor payments, materials procurement, and international transactions.

Procedures. Detailed steps for KYS due diligence, payment verification, red flag monitoring, and suspicious activity reporting.

Training requirements. A schedule for AML training covering who must complete it, how often, and what content is included.

Step 6: Report Suspicious Activity

When your monitoring identifies potential money laundering, you have reporting obligations.

Internal escalation. Report concerns to your compliance officer or legal counsel. They will evaluate whether the activity warrants a formal report.

Suspicious Activity Reports (SARs). If you are a financial institution or are required to file under the Bank Secrecy Act, submit a SAR to FinCEN within 30 days of detecting suspicious activity. While most GCs are not directly required to file SARs, your bank will file one if you report suspicious transactions through them.

Law enforcement. For clear evidence of criminal activity, contact your local FBI field office or the DOJ fraud section. On federal projects, report to the Office of Inspector General for the contracting agency.

Whistleblower channels. Your internal whistleblower hotline should accept AML-related reports. Train employees to use it when they observe suspicious financial activity.

Step 7: Review and Update Your Program Annually

AML regulations and money laundering techniques change continuously. Your program must keep pace.

Review your risk assessment annually. Consider whether new project types, geographic markets, or subcontractor relationships introduce new AML risks.

Update training content to reflect current enforcement trends and new red flag indicators. FinCEN publishes advisories on emerging money laundering methods that affect the construction industry.

Test your controls by reviewing a sample of recent subcontractor onboarding files and payment transactions. Check whether your team followed KYS procedures and flagged any anomalies.

Review the connected article on AML compliance construction mistakes for common failures GCs should watch for.

FAQs

Are construction companies required to have AML compliance programs? Construction companies are not directly regulated under the Bank Secrecy Act in the same way as financial institutions. However, GCs on federal projects must comply with FAR ethics requirements, and all businesses must avoid participating in money laundering. Having a formal AML program demonstrates due diligence and reduces liability.

What is the biggest AML risk for general contractors? The biggest risk is unknowingly paying shell subcontractors that exist only to launder money. These companies submit invoices for work they did not perform, and the GC's payment moves illicit funds through the legitimate financial system. KYS due diligence is the primary defense.

How much does an AML compliance program cost to implement? Basic AML programs cost $5,000 to $15,000 to set up, including policy drafting, risk assessment, and initial training. Ongoing costs include annual training ($2,000 to $5,000), due diligence checks ($50 to $200 per subcontractor), and compliance software ($200 to $500 per month). These costs are minimal compared to the liability of an AML violation.

Can a GC be criminally liable for money laundering by a subcontractor? Yes, if the GC knew or should have known about the laundering activity. Willful blindness (ignoring obvious red flags) can establish criminal intent. GCs that implement reasonable AML controls and act on red flags are protected. Those that ignore warning signs face potential criminal prosecution.

What should a project manager do if they suspect a sub is laundering money? Report the concern to the company compliance officer immediately. Do not confront the sub directly. Continue normal operations while the compliance team and legal counsel evaluate the situation. Do not process additional payments to the suspect sub until the review is complete.

How does AML compliance relate to Davis-Bacon requirements? Both address different aspects of federal project compliance. Davis-Bacon covers prevailing wage requirements. AML compliance covers financial crime prevention. However, payroll fraud (paying workers less than prevailing wages and pocketing the difference) can constitute both a Davis-Bacon violation and a form of financial fraud. Training programs should address both topics.

Strengthen Your AML Controls Today

SubcontractorAudit helps GCs verify subcontractor legitimacy, track payment patterns, and maintain compliance documentation across all projects. Request a demo to see how the platform supports your AML compliance construction program.