(A legal article in Philippine AML/CFT context)

1) Why dormant accounts matter in anti-money laundering (AML)

Dormant (inactive) deposit accounts are a recurring risk point in money laundering and terrorism financing because they can be exploited as “clean-looking” pass-through channels—especially when they suddenly become active after long inactivity, are taken over by impostors, or are used as temporary parking accounts for rapid in-and-out fund movement.

Philippine law does not treat dormancy as a safe harbor. A bank’s legal obligations to monitor and report suspicious activity apply across all accounts, including those tagged as dormant, inactive, restricted, frozen by internal controls, or pending reactivation.

2) The governing framework (Philippine context)

A. Core statute: Anti-Money Laundering Act (AMLA), as amended

Banks are “covered persons” under Republic Act No. 9160 (AMLA), as amended. AMLA requires covered persons to:

maintain customer identification and records,
conduct ongoing monitoring and risk management, and
file required reports with the Anti-Money Laundering Council (AMLC).

AMLA distinguishes two major reporting buckets:

Covered Transaction Reports (CTRs) – triggered by a monetary threshold (classically ₱500,000 and above in one banking day for covered transactions).
Suspicious Transaction Reports (STRs) – triggered by suspicion, regardless of amount.

B. Regulators and rule-makers

AMLC: issues AML/CFT implementing rules, reporting formats, and guidance.
Bangko Sentral ng Pilipinas (BSP): supervises banks for AML/CFT compliance and imposes supervisory/administrative consequences for failures.

C. Related laws often implicated by “dormant account” abuse

Bank secrecy laws (e.g., R.A. 1405, R.A. 6426) generally protect deposits, but AMLA creates explicit reporting exceptions for AMLC reporting and authorized inquiries.
Terrorism Financing Prevention and Suppression Act (R.A. 10168), as amended: banks must also consider terrorism financing (TF) risks and targeted financial sanctions; suspicious activity linked to TF can require heightened response.

3) What is a “dormant account” legally?

AMLA does not set a single statutory definition of “dormant account.” In practice:

A dormant/inactive account is typically a deposit account with no customer-initiated financial activity for a bank-defined period (often 1–2 years depending on product), placed under restricted status (e.g., no withdrawals until reactivation steps are completed).
An unclaimed balance is a separate concept under the Unclaimed Balances Act (Act No. 3936)—generally referring to dormant deposits left untouched for many years, potentially subject to escheat-type handling and reporting to the government after statutory processes.

For AMLA purposes, the label “dormant” is not determinative. What matters is whether there is:

a transaction or attempted transaction, or
suspicious circumstances connected to the account, its owner, or the movement (or attempted movement) of funds.

4) The bank’s legal duty to file an STR: the basic rule

A. STR obligation is suspicion-based, not threshold-based

An STR must be filed when a bank knows, suspects, or has reason to suspect that a transaction (or attempted transaction) is suspicious under AMLA and implementing rules—even if the amount is small, and even if the account is dormant.

B. Dormancy does not remove reporting duties

Banks remain obligated to:

conduct ongoing monitoring,
apply risk-based controls, and
file STRs when suspicion is triggered.

Dormant accounts can heighten suspicion because the account’s “normal” activity baseline is often zero, making deviations easier to detect.

5) What makes a transaction “suspicious” under AMLA—applied to dormant accounts

AMLA and AMLC rules recognize multiple indicators/grounds that can make a transaction suspicious. The exact phrasing in regulations may vary by update, but the core ideas include:

A. No apparent lawful purpose / not supported by legitimate obligation

Dormant account angle: A long-inactive personal savings account suddenly receives large third-party deposits without an intelligible reason, then funds are rapidly withdrawn or transferred.

B. Not commensurate with the customer’s profile or known business/financial capacity

Dormant account angle: A dormant account tied to a student, pensioner, low-income worker, or previously low-balance user suddenly processes high-value inflows/outflows inconsistent with known source of funds.

C. Structured or designed to avoid reporting, scrutiny, or documentation

Dormant account angle: After reactivation, the account receives repeated deposits or transfers just under internal monitoring thresholds, or uses rapid fragmentation (many small credits) followed by consolidation and withdrawal.

D. Use of false identity, impersonation, or suspicious reactivation circumstances

Dormant account angle: Reactivation request involves questionable IDs, mismatched selfies/biometrics, altered signatures, sudden change of contact details, or third parties insisting on controlling access.

E. Links to unlawful activity, predicate crimes, or proceeds of crime

Dormant account angle: Inflows traceable to scam patterns, mule-account networks, illicit online gambling, fraud rings, or suspicious counterparties; funds move in “layering” patterns right after long dormancy.

F. Attempted transactions can be reportable

If AMLC rules treat attempted suspicious transactions as reportable (a common approach in AML regimes), then a blocked reactivation or rejected transfer may still require an STR when suspicion exists.

6) Dormant-account red flags that commonly trigger STR analysis

Banks typically treat the following as high-risk indicators (often in combination):

Reactivation & identity risk

Reactivation request made remotely with weak authentication, or by a person not matching prior KYC records
Sudden change in registered mobile number/email/address immediately before/after reactivation
Customer cannot credibly explain why the account was dormant and why it is suddenly needed for large flows
Multiple failed login attempts, SIM-swap indicators, device changes, or unusual IP/geolocation patterns (where monitored)

Transaction pattern risk

First transaction after dormancy is a large cash deposit or large incoming transfer
Multiple inbound transfers from unrelated individuals, followed by quick outbound transfers (“pass-through” behavior)
Rapid withdrawal after credit, especially in full amounts or rounded figures
Funds routed to/from high-risk channels, high-risk jurisdictions, or suspicious VASPs/crypto gateways (where applicable)
Back-to-back transfers among accounts with shared identifiers (same phone, device, address, employer, etc.)

Third-party control or beneficiary risks

Account appears controlled by another person (credentials shared, instructions from third party, multiple “handlers”)
Funds arrive from entities/persons with negative information (internal watchlists, law enforcement requests, fraud reports)
Counterparties show mule-network behavior (many accounts receiving and forwarding similar amounts)

7) KYC and reactivation: why dormant accounts often require “CDD refresh”

Banks are expected to apply customer due diligence (CDD) throughout the relationship, not only at onboarding. For dormant accounts, many banks implement a reactivation process that functions as a KYC refresh, typically requiring updated:

identity documents and verification,
contact information,
source of funds (and sometimes source of wealth for higher-risk customers),
beneficial owner information (where applicable), and
risk rating reassessment.

If CDD cannot be completed

When the bank cannot satisfactorily complete CDD (e.g., identity cannot be verified; beneficial owner unclear; customer refuses documentation; explanations are implausible), common compliance outcomes include:

refusing or limiting the transaction/reactivation,
restricting account access,
closing the account under policy (subject to applicable rules), and/or
filing an STR if circumstances support suspicion.

8) STR vs CTR: how they interact on dormant accounts

A dormant account can trigger:

CTR if the activity meets the covered transaction threshold; and
STR if the activity is suspicious.

These reports are not mutually exclusive. A single large reactivation deposit can require both:

CTR because of amount, and
STR because of suspicious context (e.g., inconsistent profile, third-party funding, rapid pass-through).

Key point: STR does not require a minimum amount.

9) Timing and process: how STR filing works in practice

A. Reporting timeline

AMLA requires reporting within the period set by law and AMLC rules (commonly described in practice as a short window counted in working days from occurrence/knowledge/determination, depending on the implementing rule). Banks therefore treat STR evaluation as time-sensitive.

B. Internal escalation before AMLC filing

Banks usually require:

detection (automated monitoring or frontline observation),
internal investigation/documentation,
escalation to the compliance function/MLRO,
decision to file STR (or document why not), and
electronic submission to AMLC with narrative and attachments.

C. What an STR generally contains

While formats are AMLC-defined, STRs commonly include:

customer/account identifiers,
transaction details (amount, date/time, channel),
counterparties and instrument type,
the suspicious indicators triggered,
a clear narrative explaining why it is suspicious, and
supporting documents/screenshots/logs where relevant.

10) Confidentiality and “no tipping off”

A central feature of AML reporting is confidentiality. Banks and their staff are generally prohibited from:

disclosing that an STR was filed or will be filed, or
giving the customer information that compromises AMLC analysis.

Operationally, banks may still request documents or clarifications from the customer, but must do so in a way that does not “tip off” the existence of a report.

11) Bank secrecy and data privacy: can the bank report a dormant account without violating secrecy?

Yes. AMLA reporting is a recognized legal exception to bank secrecy restrictions for the act of filing CTRs/STRs and cooperating with AMLC within legal bounds.

However:

the exception is not a license to disclose information broadly; disclosures must stay within permitted channels (AMLC, lawful orders, authorized processes).
data privacy principles still inform internal handling (access controls, purpose limitation, security of STR data).

12) What banks may do operationally when dormant accounts become suspicious

A. Restriction vs freeze

Internal restriction/hold: Banks may temporarily restrict account activity under policy for fraud/AML risk management and pending verification.
Freeze order: A formal legal freeze is generally tied to AMLC processes and court authority under applicable provisions. Banks must comply with lawful freeze/hold directives where issued.

B. Risk-based actions

Depending on risk and rules, banks may:

require in-person verification for reactivation,
require enhanced due diligence (EDD),
limit channels (e.g., no online transfers until verification),
reject transactions that cannot be reasonably explained/verified,
exit the relationship (close account) consistent with policy and regulation,
file STR and preserve records for audit and possible investigation.

13) Consequences for failure to file STRs (why banks take dormant accounts seriously)

Failure to report suspicious transactions can expose banks and responsible officers to:

administrative sanctions (AMLC/BSP enforcement, monetary penalties, supervisory directives, compliance ratings impact),
regulatory action affecting authority/operations,
and in serious cases, criminal liability under AMLA provisions addressing noncompliance or willful failures.

The practical impact can include heightened supervisory scrutiny, mandated remediation programs, and reputational risk.

14) Typical scenarios: when a dormant account STR is likely vs not

Scenario 1: Likely STR

A dormant personal account is reactivated online, contact details changed, then receives multiple third-party transfers over several days, followed by same-day outbound transfers to unrelated accounts with minimal balance retention. Customer explanations are vague or inconsistent with profile.

Why suspicious: sudden activation + third-party funneling + pass-through pattern + profile mismatch.

Scenario 2: Could be legitimate, but still monitored

An OFW returns home, reactivates a dormant savings account, deposits accumulated savings, and uses it to pay bills and support family. Documentation and explanation align, and activity is consistent afterward.

Why possibly not suspicious: plausible story + consistent documentation + stable pattern post-reactivation. (Still subject to normal monitoring.)

Scenario 3: Suspicious reactivation attempt even if blocked

A person attempts to reactivate a dormant account but fails biometric checks and presents inconsistent IDs; immediately after, there are attempts to initiate transfers to new beneficiaries.

Why suspicious: impersonation/account takeover indicators; an attempted suspicious transaction may still warrant STR analysis.

15) Bottom line

Philippine banks have an AMLA-based obligation to file Suspicious Transaction Reports whenever a transaction (or attempted transaction) linked to a dormant account is suspicious—regardless of amount and regardless of the account’s inactive status. Dormancy often increases AML risk because abnormal activity is easier to spot, account takeover is more likely, and dormant accounts can be repurposed as laundering conduits. Banks are therefore expected to combine CDD refresh on reactivation, ongoing monitoring, confidential STR filing when warranted, and risk-based account controls to meet AMLC/BSP expectations and statutory requirements.