Anti-Money Laundering Document Checks: The 7-Field Minimum

FinCEN does not tell you which fields actually matter in AML document checks. The CFR has the high-level rules. The exam manual has examples. Neither tells you "if you capture these seven fields per document, you will pass audit." After three audits and a year of operations, I have a working answer.

This guide is the seven-field minimum that has survived review, the patterns that fail, and how to operationalize AML document workflows without overengineering.

What "AML Document Checks" Actually Cover

AML (Anti-Money Laundering) regulations require financial institutions to detect and report suspicious activity. Document checks are the part of AML where you extract structured data from documents — transaction records, wire transfer instructions, source-of-funds attestations, beneficial ownership documents — and use that data for monitoring, reporting, and audit.

The work splits in two:

• At onboarding: Verify identity (KYC) and gather source-of-funds documentation.
• Ongoing: Monitor transactions and patterns. File reports when thresholds trigger.

Document checks feed both. The OCR and extraction layer turns paperwork into structured data your AML monitoring system can act on. (Our companion piece on KYC document verification covers the identity side.)

The 7-Field Minimum

For each AML-relevant document, capture these seven fields. Auditors look for them. Examiners check that they exist. Downstream monitoring uses them. Skip any of the seven and you have either an audit finding or a monitoring blind spot.

1. Document Type

What is this document? Wire instruction. Source-of-funds statement. Beneficial ownership form. Tax document. The type drives every downstream rule.

2. Date

Both the document date and the date of receipt. Auditors compare against transaction timestamps to confirm timing.

3. Customer Identifier

Internal customer ID linked to your KYC record. Auditors verify documents are tied to the right customer.

4. Counterparty Information

For documents involving a counterparty (sender, receiver, beneficiary): name, address, identifier (account number, tax ID). The counterparty is half the AML picture.

5. Transaction Amount

Where applicable. Original amount plus currency code. Always store as a decimal number plus currency code, never as a formatted string. (See our data normalization piece.)

6. Source-of-Funds Justification

For documents accompanying large or unusual transactions: what is the stated source of funds? Salary, investment proceeds, gift, business operations? This field is small but critical for SAR (Suspicious Activity Report) decisions.

7. Risk Indicators

Flags or markers that triggered enhanced review. Cross-border transaction? High-risk jurisdiction? Politically Exposed Person (PEP) match? Document each indicator so the audit trail shows why the document got special handling.

The Five Failures Auditors Find First

1. Missing Counterparty Information

The customer's side is documented; the counterparty is not. Wire transfers without receiving party details. Outgoing payments to unnamed beneficiaries. Auditor flags every time.

2. Currency Stored as String

"$1,000.00" stored as text. Downstream monitoring needs numeric amounts. The data team has to re-parse. Mistakes accumulate. Auditor finds discrepancies between the document and the monitoring system.

3. No Source-of-Funds Justification

Customer transfers $50,000. Documents collected. No record of why. Auditor wants to see the customer's stated source and any verification of that source.

4. Risk Indicators Not Surfaced

A transaction touched a high-risk jurisdiction. The document was reviewed. No record that the high-risk flag was raised. Auditor cannot tell whether the reviewer noticed.

5. Audit Trail Gaps

Document collected. Document referenced in a SAR. The chain between collection and SAR has missing steps. Auditor cannot reconstruct the decision path.

The Document Categories That Need Special Attention

Wire Transfer Instructions

SWIFT messages, ACH instructions, internal transfer documents. Extract sender, receiver, amount, currency, purpose, and any intermediaries. Watch for stripped or obscured information — that itself is a flag.

Beneficial Ownership Forms

FinCEN's CDD rule requires beneficial owner documentation. Capture the BO's name, DOB, address, ownership percentage. Verify against the source documents (driver's license, passport).

Source-of-Funds Statements

For high-value or unusual transactions, customers attest to the source. Capture the attestation verbatim plus the customer's signature and date.

Cross-Border Documentation

Tax forms (W-8BEN, W-9), correspondent bank documentation, FATCA/CRS attestations. Each has specific required fields. Extraction must respect the form's structure.

Sanctions and PEP Screening Records

Document each screening run — who was screened, against what list, at what date, with what result. Audits routinely sample screening records.

The Pipeline That Passes Audits

The AML document pipeline I have seen pass audits:

1. Ingest: Document arrives via portal, email, or API. Store original immutably.
2. Classify: Determine document type. Route to the right extraction template.
3. Extract: Run OCR with layout-aware engine. Pull the seven minimum fields plus any document-type-specific fields.
4. Validate: Are required fields populated? Are amounts numeric? Are dates parseable? If not, route for review.
5. Screen: Check counterparty against sanctions and PEP lists. Document result.
6. Enrich: Tag with risk indicators (cross-border, high-risk jurisdiction, threshold-triggering amount).
7. Log: Store every step's input, output, timestamp, and operator. Immutable audit trail.
8. Notify: Push to monitoring system. Trigger SAR workflow if applicable.

How AML Document Checks Differ From KYC

KYC verifies who the customer is (one-time plus periodic). AML monitors what they do (continuous). KYC documents are mostly photo IDs and proof of address. AML documents include all of that plus transaction records, attestations, source-of-funds documentation, and beneficial ownership forms.

AML document volumes are typically 10-100x higher than KYC for the same customer base, because every flagged transaction generates documents while KYC happens once.

The OCR Step Inside AML

AML documents include forms, wire instructions, free-text attestations, and transaction records. The OCR has to handle structured forms (where field extraction matters) and unstructured text (where semantic understanding matters). Most teams use layout-aware OCR plus an LLM for the unstructured pieces.

The accuracy bar is higher than general OCR because AML mistakes can mean missed SARs, regulatory fines, and reputational damage. Validate everything. (See our honest guide.)

The Way I Explain AML Document Work to Non-Tech People

Imagine you run a small bank. Every time a customer moves a lot of money, you have to write down where it came from and where it is going. If the same customer moves a lot of money repeatedly to the same place, you have to write down that pattern too. If the pattern looks suspicious, you have to call the police.

To do all of that you need records. Lots of records. Every transaction, every reason, every check, every decision. AML document checks are how you build those records from the paperwork customers and counterparties give you.

If the records are good, the bank passes inspection. If the records are bad — missing fields, inconsistent dates, unclear amounts — the inspector finds gaps. Bad records cause fines. Good records are boring and quiet.

What I'd Do Today

If you are building an AML system from scratch: nail the seven-field extraction first. Everything else (monitoring rules, SAR workflows, dashboards) builds on top of clean extracted data. Garbage in, garbage out.

If you have an existing AML system that "works": pick 100 documents at random and check whether all seven fields were captured cleanly. Most teams find gaps in field 4 (counterparty) or field 6 (source-of-funds). Fix those first.

If you are preparing for an exam: do a mock audit on a sample of files. Reconstruct every check from the audit trail. Gaps you find are gaps the examiner will find. (I write about audit-readiness more here.)

Frequently Asked Questions

What is AML document verification?

The process of extracting structured data from AML-relevant documents (transactions, wire instructions, source-of-funds attestations, beneficial ownership forms) and using that data for monitoring, reporting, and audit.

How does AML differ from KYC?

KYC is one-time-plus-periodic identity verification. AML is continuous transaction monitoring. KYC documents are mostly IDs; AML documents include transaction records, attestations, and ownership forms. AML feeds on KYC data plus ongoing activity.

What documents are most commonly checked in AML?

Wire transfer instructions, source-of-funds statements, beneficial ownership forms, cross-border tax documentation (W-8BEN, W-9, FATCA), and sanctions/PEP screening records.

How often should AML documents be reviewed?

Triggered by transaction patterns (large amounts, unusual frequencies, high-risk jurisdictions) and by periodic schedules for high-risk customers. The exact triggers depend on your AML program design.

Can I automate AML document extraction with OCR?

Yes, for the extraction step. The decision-making (does this trigger a SAR?) still requires human judgment plus documented rules. OCR plus rules engines handle 80-90% of the work; humans handle the rest.

What happens if AML documents are missing fields?

For automated processing: route to manual review. For audit: it depends on which field. Missing date or amount fields are findings. Missing risk-indicator flags are findings. Examiners want every documented decision to be supported by the file.