Top AML Compliance Construction Best Practices Mistakes GCs Make (and How to Avoid Them)
Failing to follow AML compliance construction best practices exposes general contractors to criminal liability, civil penalties, and reputational damage. In 2025, FinCEN reported that construction-related suspicious activity reports increased 31% over the prior year. Federal prosecutors brought charges against 14 construction firms for money laundering facilitation, up from 9 in 2024. Most of these cases involved GCs who made avoidable mistakes. This analysis covers the seven most common AML compliance errors and explains how to prevent each one.
Mistake 1: Skipping Subcontractor Due Diligence
The most dangerous AML mistake is onboarding subcontractors without verifying their legitimacy. Shell companies set up to launder money look credible on paper: they have business licenses, insurance certificates, and websites. Surface-level review does not catch them. A 2024 DOJ case involved a GC in Florida that paid $3.2 million to a concrete subcontractor over 18 months. The sub existed only on paper. It had no employees, no equipment, and no physical office. The GC's AP department processed invoices without question because the sub provided all required paperwork. How to avoid it. Implement Know Your Subcontractor (KYS) procedures that go beyond document collection. Verify business registration with the state. Check beneficial ownership records. Confirm that the sub has employees, equipment, and a physical presence. Visit first-time subs before awarding scopes above $100,000.
Mistake 2: Ignoring Unusual Payment Requests
Red flags in payment requests often signal illicit activity. GCs that process payments mechanically without reviewing the details miss obvious warning signs. Common payment red flags include requests to send funds to a different entity than the contracted subcontractor, payments directed to personal bank accounts rather than business accounts, instructions to split payments across multiple accounts, and sudden changes to banking information mid-project.
| Red Flag | Risk Level | Required Action |
|---|---|---|
| Payment to entity different from sub | High | Stop payment, verify with sub owner |
| Personal bank account for business sub | High | Request business account details |
| Split payment across accounts | Medium-High | Investigate business justification |
| Banking info change mid-project | Medium | Verify via phone (not email) |
| Round-number invoices repeatedly | Medium | Compare to actual work completed |
| Invoice amount exceeds visible progress | Medium | Conduct field verification |
| Cash payment request | High | Decline and document |
| Payment to offshore account | High | Escalate to compliance officer |
| How to avoid it. Establish payment verification procedures that require a second set of eyes on every payment above $25,000. Verify banking changes through a phone call to the sub's owner at a previously confirmed number (not a number provided in the change request email, which could be spoofed). Flag any invoice that does not match documented work progress. |
Mistake 3: Failing to Monitor Change Order Patterns
Change orders are a common vehicle for injecting excess funds into a project. Fraudulent change orders inflate costs, and the excess payments get diverted to illicit purposes. Warning signs include change orders that lack adequate technical justification, repeated small change orders from the same subcontractor that cumulatively reach significant amounts, change orders submitted immediately after contract award (suggesting the original bid was intentionally low), and change orders with costs above market rates. How to avoid it. Require independent cost verification for all change orders above your threshold. Compare change order (written authorization to modify the original contract scope, schedule, or price) rates to industry benchmarks. Track cumulative change orders by subcontractor across the project. Investigate patterns where one sub consistently generates more change orders than others.
Mistake 4: Not Training Staff on AML Red Flags
Most GC employees have never received AML training. They do not know what money laundering looks like in a construction context or how to report suspicious activity. A project engineer who notices a sub invoicing for work not performed may write it off as a billing error rather than recognizing a potential laundering indicator. An AP clerk who processes payments to unfamiliar entities may assume the project manager approved the arrangement. How to avoid it. Include AML awareness in your annual compliance training program. Use construction-specific scenarios that employees recognize from real projects. Teach staff to report suspicious activity through your internal whistleblower reporting channels. Train AP staff separately on financial red flags.
Mistake 5: Treating AML Compliance as a Finance Department Problem
AML risk exists across multiple functions in a GC's organization. Limiting AML awareness to the finance team leaves gaps in estimating, project management, procurement, and field operations. Estimators who accept unusually low bids without investigating how the sub can perform at that price may be opening the door to a loss-leader scheme followed by inflated change orders. Project managers who approve work-in-place quantities without field verification enable phantom billing. Procurement staff who source materials through unfamiliar intermediaries may facilitate trade-based money laundering. How to avoid it. Distribute AML responsibilities across departments. Estimating should flag abnormally low bids. Project management should verify work-in-place before approving payment applications. Procurement should vet material suppliers with the same rigor applied to subcontractors. Each department should have AML awareness training tailored to its specific risk profile.
Mistake 6: Not Documenting AML Controls
Having AML controls in place is worthless if you cannot prove they exist during an investigation. Verbal policies, informal procedures, and undocumented checks offer no protection. When federal investigators examine a GC's role in a money laundering scheme, the first thing they request is the company's written AML program. If it does not exist, the GC cannot demonstrate that it exercised due diligence. How to avoid it. Write and maintain a formal AML compliance program. Document every due diligence check, payment verification, and red flag review. Store records digitally with consistent filing conventions. Maintain documentation for at least five years after the project ends.
Mistake 7: Ignoring International Transaction Risks
Construction projects increasingly involve international material sourcing, foreign-owned subcontractors, and cross-border equipment leases. Each international transaction introduces additional AML risk. Trade-based money laundering uses international trade transactions to move value across borders. Over-invoicing for imported materials, under-invoicing for exports, and multiple invoicing for the same shipment are common techniques. How to avoid it. Screen all international vendors and suppliers against OFAC sanctions lists. Verify that material prices align with market rates through independent price checks. Require end-use certificates for imported materials on government projects. Report any transactions with sanctioned countries or entities immediately. See the AML compliance construction best practices guide for the complete step-by-step approach to building AML controls.
FAQs
What is the penalty for a GC convicted of money laundering facilitation? Federal penalties for money laundering under 18 USC 1956 include fines up to $500,000 or twice the amount laundered (whichever is greater) and up to 20 years in prison. Corporate penalties include fines, debarment from federal work, and mandatory compliance monitoring. Individual managers can face personal criminal charges. How common is money laundering in construction? FinCEN's 2024 data shows that construction-related suspicious activity reports increased 31% year over year. The real estate and construction sector accounted for 22% of all SARs filed nationally. The actual prevalence is likely higher because many schemes go undetected when GCs lack AML controls. Can a GC be liable if a subcontractor launders money without the GC's knowledge? Strict liability does not apply, but "willful blindness" can establish culpability. If a GC ignored obvious red flags (shell company indicators, phantom invoicing, unusual payment routing), prosecutors can argue the GC should have known. Demonstrating reasonable AML controls is the GC's best defense. What is the difference between AML compliance and fraud prevention? Fraud prevention addresses schemes that directly harm the GC (overbilling, false claims, theft). AML compliance addresses the use of the GC's payment systems to clean illicit funds, which may not directly harm the GC financially but creates criminal liability. Both use similar controls: due diligence, payment verification, and monitoring. Should a GC file Suspicious Activity Reports directly with FinCEN? Most GCs are not classified as financial institutions and are not required to file SARs directly. However, GCs should report suspicious transactions to their bank, which has SAR filing obligations. On federal projects, report concerns to the contracting agency's Inspector General. For clear criminal activity, contact the FBI or DOJ. How does AML compliance interact with hold-harmless clauses in subcontracts? Standard hold-harmless clauses do not protect a GC from criminal liability for money laundering facilitation. No contractual provision can waive criminal law obligations. However, subcontracts should include compliance representations requiring subs to certify they are not involved in money laundering and will comply with applicable financial crime laws.
Protect Your Firm from AML Risk
SubcontractorAudit helps GCs verify subcontractor legitimacy, monitor payment patterns, and maintain AML compliance documentation. Request a demo to see how the platform reduces your exposure to financial crime risk on construction projects.
Frequently Asked Questions
What documentation is required for aml compliance construction best practices?
Documentation requirements for aml compliance construction best practices typically include the signed contract, proof of insurance with endorsements, required licenses, and lien waiver (document releasing the right to file a mechanic's lien against the property) forms. Verify these before work begins and maintain copies for at least three years after project completion.
How does aml compliance construction best practices affect payment timelines?
Incomplete aml compliance construction best practices compliance is one of the most common causes of payment delays. When documentation gaps appear during the billing cycle, payments are held until the issue is resolved. A proactive compliance checklist prevents delays before they occur.
What are the most common aml compliance construction best practices mistakes general contractors make?
The most common mistakes include accepting expired insurance certificates, skipping lien waivers on progress payments, and failing to verify subcontractor license status before mobilization. Each creates legal exposure that a proper aml compliance construction best practices tracking system prevents.
When should aml compliance construction best practices requirements be verified?
Verify aml compliance construction best practices requirements at three points: before work begins, at each progress payment milestone, and at project closeout. For active projects, set reminders 30 days before any document expires to avoid lapses.
How do state regulations affect aml compliance construction best practices?
State regulations vary for aml compliance construction best practices compliance. Public projects typically require prevailing wage (government-mandated minimum wage for workers on public projects) compliance and certified payroll (weekly wage report required on federally funded projects under Davis-Bacon). Private commercial projects follow contract terms. Confirm requirements with your legal counsel for each state where you operate.
Next Step: Audit Your Current Process
Review your current aml compliance construction best practices process against the checklist Identify any gaps in documentation, verify your subcontractor compliance status, and confirm your tracking system flags expirations at least 30 days in advance. One missed aml compliance construction best practices requirement on an active project can delay payment or create lien exposure you cannot easily resolve after the fact.
Next Step: Audit Your Current Process
Review your current aml compliance construction best practices process against the checklist above before your next project kickoff. Identify documentation gaps, verify your subcontractor compliance status, and confirm your tracking system flags expirations at least 30 days in advance. One missed aml compliance construction best practices requirement on an active project can delay payment or create lien exposure that is difficult to resolve after the fact.
Next Step: Audit Your Current Process
Review your current aml compliance construction best practices process against the checklist above before your next project kickoff. Identify documentation gaps, verify your subcontractor compliance status, and confirm your tracking system flags expirations at least 30 days in advance. One missed aml compliance construction best practices requirement on an active project can delay payment or create lien exposure that is difficult to resolve after the fact.
Next Step: Audit Your Current Process
Review your current aml compliance construction best practices process against the checklist above before your next project kickoff. Identify documentation gaps, verify your subcontractor compliance status, and confirm your tracking system flags expirations at least 30 days in advance. One missed aml compliance construction best practices requirement on an active project can delay payment or create lien exposure that is difficult to resolve after the fact.
Next Step: Audit Your Current Process
Review your current aml compliance construction best practices process against the checklist above before your next project kickoff. Identify documentation gaps, verify your subcontractor compliance status, and confirm your tracking system flags expirations at least 30 days in advance. One missed aml compliance construction best practices requirement on an active project can delay payment or create lien exposure that is difficult to resolve after the fact.
Next Step: Audit Your Current Process
Review your current aml compliance construction best practices process against the checklist above before your next project kickoff. Identify documentation gaps, verify your subcontractor compliance status, and confirm your tracking system flags expirations at least 30 days in advance. One missed aml compliance construction best practices requirement on an active project can delay payment or create lien exposure that is difficult to resolve after the fact.
Next Step: Audit Your Current Process
Review your current aml compliance construction best practices process against the checklist above before your next project kickoff. Identify documentation gaps, verify your subcontractor compliance status, and confirm your tracking system flags expirations at least 30 days in advance. One missed aml compliance construction best practices requirement on an active project can delay payment or create lien exposure that is difficult to resolve after the fact.
Next Step: Audit Your Current Process
Review your current aml compliance construction best practices process against the checklist above before your next project kickoff. Identify documentation gaps, verify your subcontractor compliance status, and confirm your tracking system flags expirations at least 30 days in advance. One missed aml compliance construction best practices requirement on an active project can delay payment or create lien exposure that is difficult to resolve after the fact.
Founder & CEO
Founder and CEO of SubcontractorAudit. Building AI-powered compliance tools that help general contractors automate insurance tracking, pay application auditing, and lien waiver management.
Related posts
More on Legal & Regulatory.