Anti-Money Laundering (AML) Compliance

Trade-based money laundering (TBML) is the use of international trade transactions as a mechanism to move and launder illicit funds. Rather than moving money directly through the financial system, TBML exploits the complexity of cross-border trade to disguise the origins and value of criminal proceeds. Common techniques include over- and under-invoicing of goods, multiple invoicing for the same shipment, falsely described goods or services, and phantom shipments where payment is made for goods that are never actually delivered.

Regulators increasingly expect banks engaged in trade finance to have trade-specific AML controls in place, including scrutiny of trade documentation, awareness of red flags such as transactions inconsistent with a customer’s business profile, and enhanced due diligence for trade finance transactions involving high-risk jurisdictions or counterparties. 

The AML Act of 2020 is the most significant overhaul of U.S. anti-money laundering law since the USA PATRIOT Act of 2001, and it changed a wide range of requirements with direct implications for how banks design and operate their AML compliance programs.

The Act introduced several major changes, including:

The consequences of AML non-compliance for banks can be severe and wide-ranging, affecting institutions financially, operationally, and reputationally.

On the regulatory and legal side, consequences can include:

The biggest AML compliance challenges banks face today include:

The difference between AML and KYC is that AML refers to the full set of laws, regulations, policies, and procedures that financial institutions must implement to detect, prevent, and report money laundering and related financial crimes. KYC is a specific component of an AML compliance program focused on verifying the identity of customers, understanding the nature of their business relationships, and assessing the risk they pose before and during the banking relationship.

In other words, KYC is one of the tools through which AML compliance is achieved. A bank’s AML program will encompass KYC, but it also includes transaction monitoring, suspicious activity reporting, sanctions screening, employee training, internal controls, and a range of other obligations that go well beyond identity verification alone.

The difference between AML and counter-terrorist financing (CTF) is that AML addresses the threat of money laundering, while CTF is concerned with detecting and disrupting the flow of funds to terrorist organizations, regardless of whether those funds originated from illegal or legal sources.

Money laundering always involves proceeds of crime, whereas terrorist financing can involve funds derived from entirely legitimate sources — for example, charitable donations that are subsequently diverted to fund terrorist activity. Despite this difference, the tools used to detect and disrupt both — transaction monitoring, sanctions screening, suspicious activity reporting, and customer due diligence — are broadly the same, which is why the two policies are routinely combined into a single AML/CTF or AML/CFT compliance framework.

A Suspicious Activity Report (SAR) is a mandatory filing that banks must submit to FinCEN when they detect a transaction or pattern of activity that:

SARs are a cornerstone of the BSA/AML reporting regime and serve as a critical intelligence resource for law enforcement agencies investigating financial crimes.

Banks must file SARs electronically through FinCEN’s BSA E-Filing System and must document the identity of the individuals involved, the details of the transaction, and the basis for their suspicion. Critically, banks are prohibited from disclosing to any person involved in the transaction that they’ve filed an SAR.

A risk-based approach to AML compliance means that a financial institution allocates its compliance resources — staffing, technology, monitoring intensity, and due diligence procedures — in proportion to the actual money laundering and terrorist financing risks it faces, rather than applying a uniform level of scrutiny to every customer and transaction.

Enhanced due diligence (EDD) refers to a more rigorous set of customer verification and ongoing monitoring measures that financial institutions must apply to customers or relationships that present a higher risk of money laundering or terrorist financing, and it is required in a number of specific circumstances under U.S. regulations and FATF guidance.

EDD goes beyond the standard customer due diligence (CDD) procedures applied during onboarding and requires a deeper understanding of the customer’s background, source of funds, business activities, and the purpose of the banking relationship. The appropriate scope of EDD is not fixed — it is calibrated to the level of risk presented, meaning the most high-risk relationships demand the most thorough investigation and the most frequent ongoing review.

Sanctions screening is the process of checking customers, transactions, and counterparties against lists of individuals, entities, and jurisdictions that are subject to economic or trade sanctions imposed by government authorities. While sanctions screening is technically a distinct compliance obligation from AML and is governed by different legal authorities, it’s closely related and almost always integrated into a bank’s broader AML compliance infrastructure.

In the United States, sanctions compliance obligations are administered primarily by OFAC, a bureau of the U.S. Department of the Treasury, which maintains a range of sanctions programs. The Federal Financial Institutions Examination Council (FFIEC)’s BSA/AML Examination Manual addresses OFAC compliance as a companion obligation to BSA/AML requirements, noting that while the two programs have separate legal bases and distinct consequences for non-compliance, they share many of the same underlying data sources and customer information gathered during KYC.