Anti-Money Laundering (AML) Compliance
Everything you need to know about anti-money laundering, including AML compliance, AML screening and AML solutions
On This Page
What is anti-money laundering compliance?
Money laundering is the process of making illegally obtained money or assets look like they came from a legal source. It is used to conceal funds obtained through various illegal activities, ranging from small-scale tax evasion and drug trafficking to public corruption and financing terrorist groups.
What does the AML mean for banks?
Banks are highly targeted by money launderers due to their capacity to absorb funds, the variety of services they offer and the convenience of the bank’s global network. As a result, chartered financial institutions (FIs), such as banks, are required to abide by anti-money laundering (AML) regulations, laws and procedures set by different governments and regulatory agencies.
Anti-money laundering compliance refers to the measures and procedures that financial institutions must implement to prevent and detect money laundering activities. While anti-money laundering laws and regulations will vary by region and country, in general, AML compliance involves a few key elements:
Know Your Customer (KYC)
FIs must gather information about potential customers to assess their suitability and determine the level of risk they pose. This involves customer due diligence (CDD), which requires performing thorough checks to verify a customer’s identity, understand the nature of their business relationships and monitor their activities.
Identify beneficial owners
A beneficial owner is anyone who controls a legal entity or has more than 25% ownership of it. Verifying the beneficial owners of the companies or legal entities that open an account is a key part of KYC compliance.
Monitor customers and watchlists
As part of CDD, financial institutions must monitor client transactions, as well as conduct watchlist screening to check identities against known politically exposed persons (PEPs), criminals, money launderers or suspected terrorists.
Maintain systems of control
Financial institutions must have appropriate training, processes and technology to monitor for and identify and report suspicious activity. All AML solutions are subject to regular audits and examinations by regulatory bodies to ensure their compliance.
How does money laundering work?
In money laundering, the first step is called placement, where the criminal introduces the illicit funds into the financial system by depositing them into bank accounts, buying bank checks or other financial instruments, exchanging currency or storing it within safety deposit boxes. This is the riskiest stage for the criminal where they are most prone to detection.
Next, the money goes through a layering stage where the proceeds of a crime are separated from their original illegal source by engaging in multiple complex financial transactions. This makes it more difficult to trace the money and conceal its origins from law enforcement. This is the most complex stage and can involve buying securities, transferring funds through offshore accounts, using online banking or assuming a false identity.
Finally, the illegally obtained money goes through an integration stage where it becomes fully integrated into the legitimate economy without arousing suspicion.
Which laws and regulations require AML compliance?
AML requirements can vary between countries and even within different sectors of the same country. However, because all interbank transfers are currently done in U.S. dollars, the U.S. Treasury has a large amount of influence and oversight. These are the major regulatory bodies, laws, directives and regulations that create and shape AML compliance:
- Financial Action Task Force (FATF) — This 39-member inter-governmental body leads global action to tackle money laundering, terrorist and proliferation financing. The FATF studies how money is laundered, promotes global standards to mitigate the risks and assesses whether countries are taking effective AML action. The FATF provides recommendations for guidance and best practices, which drive local AML requirements. According to the FATF, it has 40+9 standards that have been adopted by 180 jurisdictions, with specifics varying between jurisdictions.
- Bank Secrecy Act (BSA) —The common name for the series of U.S. laws and regulations created to combat money laundering and the financing of terrorism. The BSA requires national banks, federal savings associations, federal branches and agencies of foreign banks to establish a BSA/AML compliance program and have necessary controls in place to detect money laundering, terrorist financing and other criminal acts. The BSA prescribes regulations, conducts supervisory activities and can take enforcement actions against non-compliant banks.
- The European Union’s AML Directives — The EU’s Anti-Money Laundering Directives (AMLDs) are issued periodically by the European Parliament to strengthen anti-money laundering (AML) rules in the EU and place higher responsibility on regulated entities to fight financial crime. Each directive includes new additions or updates to regulatory obligations and is meant to be implemented by EU Member States as part of their domestic legislation.
- Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) — The Canadian law that aims to prevent money laundering and terrorist financing activities. The PCMLTFA provides the legal framework for AML and counter-terrorist financing efforts in Canada and is aligned with international standards and recommendations, such as those established by the Financial Action Task Force (FATF).
- Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) — The Australian legislation that provides a comprehensive framework to prevent money laundering and the financing of terrorism within the country. The AML/CTF act establishes legal requirements and obligations for entities in various sectors to implement robust AML and counter-terrorism financing measures.
- The U.S. Department of the Treasury — One bureau of the Department of the Treasury, the Financial Crimes Enforcement Network (FinCEN), is responsible for safeguarding the financial system from illicit use and promoting national security through the “collection, analysis and dissemination of financial intelligence and strategic use of financial authorities.” FinCEN establishes rules and regulations meant to fortify and clarify the due diligence requirements for banks, brokers, mutual funds and other financial entities.
Other major regional regulatory entities and AML laws include:
- The Office of Foreign Assets Control (OFAC) in the U.S.
- The USA PATRIOT Act
- The European Financial and Economic Crime Centre (EFECC)
- AUSTRAC in Australia
- The Money Laundering, Terrorist Financing and Transfer of Funds regulations in the U.K.
Why is anti-money laundering compliance important?
Anti-money laundering compliance is critically important due to the negative effects that money laundering has on all aspects of society. AML compliance helps to prevent some of the worst effects of illegal and criminal activity, including:
- Causing harm to legitimate businesses — Money laundering creates unfair competition in the business sector. Illegitimate funds infiltrated into legitimate businesses allow criminals to gain an unfair advantage over law-abiding competitors. AML compliance helps ensure a level playing field for businesses and promotes fair economic practices.
- Reducing government revenue — By disguising the origin of illicit funds, criminals avoid paying taxes on their illegal gains, undermining the collection of taxes and reducing government revenue. This deprives governments of essential funds needed for public services, infrastructure development and social welfare programs.
- Endangering public safety — Money laundering poses a threat to public safety, as it often accompanies illegal activities, including organized crime and terrorism. Criminals involved in money laundering engage in various illicit practices such as smuggling, illegal arms sales, human trafficking, embezzlement, insider trading and fraud schemes. By complying with AML regulations, financial institutions and other entities can help prevent these crimes and protect the safety of the public.
- Preventing the confiscation of proceeds — Money laundering makes it difficult for authorities to identify and confiscate the proceeds of criminal activities. By disguising the illicit origin of funds, criminals can enjoy the benefits of their illegal gains without facing consequences. AML compliance enhances the ability of law enforcement agencies to trace and seize these illicit funds, thereby disrupting criminal networks and reducing the profitability of illegal activities.
- Financing terrorism — Terrorist organizations rely on laundering illicit funds to carry out their activities and AML compliance plays a crucial role in the fight against terrorist financing. Financial institutions are expected to implement measures to detect and report suspicious transactions that may be linked to terrorist activities.
Aside from the public good, all financial institutions have a vested self interest in ensuring they are fully in compliance with AML regulations. There are massive fines from regulators and major reputational risks associated with being complicit in money laundering, for example:
- In 2012, HSBC bank agreed to forfeit $1.256 billion and enter into a deferred prosecution agreement with the Justice Department for HSBC’s violations of the Bank Secrecy Act (BSA).
- In 2018, Commonwealth Bank paid $700 million, plus legal costs for breaches of AML and counterterrorism financing laws, including failing to properly monitor transactions and failing to report suspicious activities.
- In 2023, Danske Bank paid $2.06 billion to the U.S. government after pleading guilty to a bank conspiracy charge for defrauding other banks about its AML controls.
An ongoing issue with AML compliance is that the volume of money laundering activity has continually increased with the growth of international commerce. According to the United Nations Office on Drugs and Crime, the estimated amount of money laundered globally in one year is 2% to 5% of global GDP. As of 2022, that would equal $2.077 trillion to $5.193 trillion in U.S. dollars.
Correspondingly, as the rate of money laundering has increased, so has the necessary amount of AML monitoring and detection. Unfortunately, many financial institutions lack the resources to upscale their AML screening or lack modern AML solutions and so risk failing audits and not being in compliance.
Which institutions are impacted by AML compliance?
This largely depends on region and country, though for the most part, any organization that is chartered and considered a financial institution is subject to AML laws and regulations. This includes:
- Commercial banks, retail banks, investment banks and other types of banking institutions, including credit unions
- Money service businesses (MSBs) engaged in money transmission, currency exchange, check cashing and other similar activities
- Securities and investment firms, including broker-dealers, securities exchanges, investment advisors and other entities operating in the securities and investment industry
- Insurance providers, particularly those offering life insurance, annuities and other investment-linked products
- Money transfer businesses or remittance providers, both traditional and digital
- Law firms, tax advisors, casinos and betting companies may also have to comply with AML regulations
Virtual asset providers, such as cryptocurrency exchanges, digital wallet providers and other virtual currency platforms that hold money/liquidity are not chartered and traditionally have not been required to have AML compliance. However, more jurisdictions are increasingly looking at how to regulate these entities and require AML compliance.
What are the key components of an AML compliance program?
While specific requirements will vary by jurisdiction and industry, there are several key components to an AML compliance program that are nearly universal.
Customer Identification / Know Your Customer (KYC) programs
Financial institutes are expected to perform good customer due diligence (CDD) to understand who their customers are and the possible risks they may pose. KYC programs involve gathering information about the customer’s identity, source of funds, business relationships and intended transactions to establish a clear understanding of their legitimate activities and detect any suspicious transactions. Elements of a KYC program can include:
Elements of a KYC program can include:
- Identity verification against source to determine if the customer is who they say they are
- Enhanced and ongoing due diligence where needed, especially for high-risk profiles
- Name scanning/name screening of individuals or entities against a global database of known people and sanction lists
Watchlist management programs
Effective CDD also requires AML compliance programs to include systems and processes that monitor major watchlists to identify high-risk persons or organizations.
Relevant lists for a good watchlist management (WLM) program include:
- Politically Exposed Person (PEP) lists
- The Office of Foreign Assets Control (OFAC) list
- FinCEN’s 314(a) Secure Information Sharing System (SISS) list
- Financial sanctions lists
- Law enforcement lists (The FBI, Interpol, US Secret Service, etc.)
Detection and monitoring programs
All AML compliance programs need to establish systems and processes to monitor customer transactions for suspicious activities. These may include unusual patterns, large cash transactions, high-risk countries or transactions inconsistent with the customer’s profile. These systems should make it easy to recognize and isolate suspicious activity and have an expedient process to report to the appropriate authorities.
Strong detection and monitoring systems should have:
- Large currency transaction reporting
- Suspicious transaction reporting
- A strong and precise rules engine to reduce false positives
- Supervised machine learning
- Enhanced behavioral profiling
- Robust case management support
- AML analytics and dashboards
- Support for audit tracking
Policies, procedures and internal controls
A robust AML program needs clear and comprehensive policies and procedures. A financial institution should establish its commitment to AML compliance and provide guidelines for employees to follow. AML compliance should have internal controls to ensure that all policies and procedures are effectively implemented and enforced.
Effective policies and procedures should include:
- Risk-based AML policies and procedures
- Internal controls and audits
- A designated compliance officer
- Ongoing personnel training program
- Independent/third-party testing and review
- Clearly defined risk and business segmentation
How can financial institutions create an effective AML compliance program?
Staying AML compliant requires that financial institutions have a thorough and documented program, with meticulous recordkeeping and regular audits and reviews. Any AML violation, even involuntary, will leave a financial institution liable. Therefore, creating an effective AML compliance program requires financial institutions to follow a systematic approach that addresses the specific risks they face. Here are some steps to help in creating such a program:
- Understand the Regulatory Framework
Start by establishing a comprehensive understanding of the AML regulations and guidelines applicable to your jurisdiction and industry. This includes familiarizing yourself with the laws, scenarios and guidelines issued by regulatory authorities such as the Financial Action Task Force (FATF) and local regulators.
- Conduct a Risk Assessment
Perform a thorough risk assessment to identify and evaluate the money laundering risks your institution may face. Consider factors such as customer profiles, products and services offered, geographic locations and delivery channels. This assessment will help determine the level of risk your institution faces and inform the design of appropriate control measures.
- Develop Written Policies and Procedures
Create written policies and procedures that outline your institution’s commitment to AML compliance and provide clear guidelines for employees to follow. These policies should address customer due diligence (CDD), know your customer (KYC) procedures, suspicious activity monitoring and reporting, record keeping, employee training and any other relevant areas.
- Implement CDD and KYC Procedures
Establish robust customer due diligence and know your customer procedures. This includes verifying customer identities, assessing their risk profiles and understanding the purpose and nature of the business relationship. Enhanced due diligence measures should always be applied to high-risk customers.
- Establish a Suspicious Activity Monitoring and Reporting System
Implement systems and processes to monitor customer transactions for suspicious activities. This may involve utilizing transaction monitoring tools, setting thresholds for reporting and establishing procedures for filing suspicious activity reports (SARs) with the appropriate regulatory authorities.
- Provide Training and Awareness
Conduct regular training programs to educate your employees about money laundering risks, the latest AML policies and procedures and their own responsibilities in preventing money laundering. Training should be tailored to different job roles and provide practical examples and case studies.
- Appoint a Compliance Officer
Designate an individual or team responsible for overseeing the institution’s AML compliance efforts. This person or team should have the necessary expertise and authority to implement and maintain the AML compliance program effectively.
- Conduct Internal Audits and Independent Reviews
You will need to regularly assess and evaluate the effectiveness of your AML compliance program through internal audits and independent reviews. These evaluations should identify any weaknesses or gaps in the program and provide recommendations for improvement.
- Maintain Clear and Accessible Records
Establish processes for proper record keeping, including the retention of customer identification information, transaction records and suspicious activity reports. Ensure that records are securely stored and readily accessible when required.
- Stay Updated and Adapt
Stay informed about changes or updates in AML regulations and industry best practices. Regularly review and update your AML compliance program — or have a third-party review and audit — to ensure it remains effective and aligned with the evolving risk landscape.
- Foster a Culture of Compliance
Promote a culture of compliance within your institution by establishing clear expectations, promoting ethical behavior and providing channels for reporting concerns or suspicious activities. Encourage employees to be vigilant and take AML compliance seriously.
How does ACI Worldwide support anti-money laundering compliance?
At ACI Worldwide, we excel at providing a strong AML framework for transaction monitoring, name screening, ongoing due diligence, KYC and WLM strategies. ACI Fraud Management is built on centralizing your control for better tracking, monitoring and reporting through a central hub that provides a 360 degree view of your customer.
Our Proactive Risk Manager tool is designed with AI and machine learning capabilities to help you properly monitor transfers, while reducing false positives for increasing detection rates.
This enterprise-wide, scalable, real-time transactional financial crime solution is designed with a highly efficient alert management capability to support you in adhering to AML compliance, with the limited resources you have available.
Contact us today to learn more about ACI Fraud Management and our Proactive Risk Manager tool.