Failing to follow AML compliance construction best practices exposes general contractors to criminal liability, civil penalties, and reputational damage. In 2025, FinCEN reported that construction-related suspicious activity reports increased 31% over the prior year. Federal prosecutors brought charges against 14 construction firms for money laundering facilitation, up from 9 in 2024.

Most of these cases involved GCs who made avoidable mistakes. This analysis covers the seven most common AML compliance errors and explains how to prevent each one.

Mistake 1: Skipping Subcontractor Due Diligence

The most dangerous AML mistake is onboarding subcontractors without verifying their legitimacy. Shell companies set up to launder money look credible on paper: they have business licenses, insurance certificates, and websites. Surface-level review does not catch them.

A 2024 DOJ case involved a GC in Florida that paid $3.2 million to a concrete subcontractor over 18 months. The sub existed only on paper. It had no employees, no equipment, and no physical office. The GC's AP department processed invoices without question because the sub provided all required paperwork.

How to avoid it. Implement Know Your Subcontractor (KYS) procedures that go beyond document collection. Verify business registration with the state. Check beneficial ownership records. Confirm that the sub has employees, equipment, and a physical presence. Visit first-time subs before awarding scopes above $100,000.

Mistake 2: Ignoring Unusual Payment Requests

Red flags in payment requests often signal illicit activity. GCs that process payments mechanically without reviewing the details miss obvious warning signs.

Common payment red flags include requests to send funds to a different entity than the contracted subcontractor, payments directed to personal bank accounts rather than business accounts, instructions to split payments across multiple accounts, and sudden changes to banking information mid-project.

Red Flag	Risk Level	Required Action
Payment to entity different from sub	High	Stop payment, verify with sub owner
Personal bank account for business sub	High	Request business account details
Split payment across accounts	Medium-High	Investigate business justification
Banking info change mid-project	Medium	Verify via phone (not email)
Round-number invoices repeatedly	Medium	Compare to actual work completed
Invoice amount exceeds visible progress	Medium	Conduct field verification
Cash payment request	High	Decline and document
Payment to offshore account	High	Escalate to compliance officer

How to avoid it. Establish payment verification procedures that require a second set of eyes on every payment above $25,000. Verify banking changes through a phone call to the sub's owner at a previously confirmed number (not a number provided in the change request email, which could be spoofed). Flag any invoice that does not match documented work progress.

Mistake 3: Failing to Monitor Change Order Patterns

Change orders are a common vehicle for injecting excess funds into a project. Fraudulent change orders inflate costs, and the excess payments get diverted to illicit purposes.

Warning signs include change orders that lack adequate technical justification, repeated small change orders from the same subcontractor that cumulatively reach significant amounts, change orders submitted immediately after contract award (suggesting the original bid was intentionally low), and change orders with costs significantly above market rates.

How to avoid it. Require independent cost verification for all change orders above your threshold. Compare change order rates to industry benchmarks. Track cumulative change orders by subcontractor across the project. Investigate patterns where one sub consistently generates more change orders than others.

Mistake 4: Not Training Staff on AML Red Flags

Most GC employees have never received AML training. They do not know what money laundering looks like in a construction context or how to report suspicious activity.

A project engineer who notices a sub invoicing for work not performed may write it off as a billing error rather than recognizing a potential laundering indicator. An AP clerk who processes payments to unfamiliar entities may assume the project manager approved the arrangement.

How to avoid it. Include AML awareness in your annual compliance training program. Use construction-specific scenarios that employees recognize from real projects. Teach staff to report suspicious activity through your internal whistleblower reporting channels. Train AP staff separately on financial red flags.

Mistake 5: Treating AML Compliance as a Finance Department Problem

AML risk exists across multiple functions in a GC's organization. Limiting AML awareness to the finance team leaves gaps in estimating, project management, procurement, and field operations.

Estimators who accept unusually low bids without investigating how the sub can perform at that price may be opening the door to a loss-leader scheme followed by inflated change orders. Project managers who approve work-in-place quantities without field verification enable phantom billing. Procurement staff who source materials through unfamiliar intermediaries may facilitate trade-based money laundering.

How to avoid it. Distribute AML responsibilities across departments. Estimating should flag abnormally low bids. Project management should verify work-in-place before approving payment applications. Procurement should vet material suppliers with the same rigor applied to subcontractors. Each department should have AML awareness training tailored to its specific risk profile.

Mistake 6: Not Documenting AML Controls

Having AML controls in place is worthless if you cannot prove they exist during an investigation. Verbal policies, informal procedures, and undocumented checks offer no protection.

When federal investigators examine a GC's role in a money laundering scheme, the first thing they request is the company's written AML program. If it does not exist, the GC cannot demonstrate that it exercised due diligence.

How to avoid it. Write and maintain a formal AML compliance program. Document every due diligence check, payment verification, and red flag review. Store records digitally with consistent filing conventions. Maintain documentation for at least five years after the project ends.

Mistake 7: Ignoring International Transaction Risks

Construction projects increasingly involve international material sourcing, foreign-owned subcontractors, and cross-border equipment leases. Each international transaction introduces additional AML risk.

Trade-based money laundering uses international trade transactions to move value across borders. Over-invoicing for imported materials, under-invoicing for exports, and multiple invoicing for the same shipment are common techniques.

How to avoid it. Screen all international vendors and suppliers against OFAC sanctions lists. Verify that material prices align with market rates through independent price checks. Require end-use certificates for imported materials on government projects. Report any transactions with sanctioned countries or entities immediately.

See the AML compliance construction best practices guide for the complete step-by-step approach to building AML controls.

FAQs

What is the penalty for a GC convicted of money laundering facilitation? Federal penalties for money laundering under 18 USC 1956 include fines up to $500,000 or twice the amount laundered (whichever is greater) and up to 20 years in prison. Corporate penalties include fines, debarment from federal work, and mandatory compliance monitoring. Individual managers can face personal criminal charges.

How common is money laundering in construction? FinCEN's 2024 data shows that construction-related suspicious activity reports increased 31% year over year. The real estate and construction sector accounted for 22% of all SARs filed nationally. The actual prevalence is likely higher because many schemes go undetected when GCs lack AML controls.

Can a GC be liable if a subcontractor launders money without the GC's knowledge? Strict liability does not apply, but "willful blindness" can establish culpability. If a GC ignored obvious red flags (shell company indicators, phantom invoicing, unusual payment routing), prosecutors can argue the GC should have known. Demonstrating reasonable AML controls is the GC's best defense.

What is the difference between AML compliance and fraud prevention? Fraud prevention addresses schemes that directly harm the GC (overbilling, false claims, theft). AML compliance addresses the use of the GC's payment systems to clean illicit funds, which may not directly harm the GC financially but creates criminal liability. Both use similar controls: due diligence, payment verification, and monitoring.

Should a GC file Suspicious Activity Reports directly with FinCEN? Most GCs are not classified as financial institutions and are not required to file SARs directly. However, GCs should report suspicious transactions to their bank, which has SAR filing obligations. On federal projects, report concerns to the contracting agency's Inspector General. For clear criminal activity, contact the FBI or DOJ.

How does AML compliance interact with hold-harmless clauses in subcontracts? Standard hold-harmless clauses do not protect a GC from criminal liability for money laundering facilitation. No contractual provision can waive criminal law obligations. However, subcontracts should include compliance representations requiring subs to certify they are not involved in money laundering and will comply with applicable financial crime laws.

Protect Your Firm from AML Risk

SubcontractorAudit helps GCs verify subcontractor legitimacy, monitor payment patterns, and maintain AML compliance documentation. Request a demo to see how the platform reduces your exposure to financial crime risk on construction projects.