Anti-money laundering compliance programs

An anti-money laundering (AML) compliance program consists of all the regulations and procedures a bank or other financial institution must follow to prevent money laundering and mitigate risks.

All financial institutions—banks, credit unions, etc.—must adhere to the regulations around money laundering and other types of financial crime to be compliant and avoid fines—and to effectively fight money laundering.

In the US, the main anti-money laundering legislation is the Bank Secrecy Act or BSA. Banks and financial institutions operating in Europe must comply with the EU’s anti-money laundering directives. The most recent, 6AMLD, was adopted in 2020.

It’s up to an AML compliance officer within each financial institution to determine a set of policies, procedures, and processes to be sure they meet the anti-money laundering legal requirements wherever they do business. 

AML compliance programs need to be ongoing: laws and policies change, and policies and processes need to evolve to meet regulatory requirements. Beyond regulations, given the ever changing nature of money laundering, financial institutions also need to make sure their own policies meet the reality of the kind of criminal behavior they are confronted with.

Risk assessment helps financial institutions evaluate and document where the most AML compliance risks lay for their business based on data.

Risk assessment involves a scoring methodology, a requirement in most jurisdictions. Through customer due diligence procedures, new customer is assigned a risk score based on many factors including country of residence, citizenship, occupation, product type, external risk factors, etc. - elements gathered during the Know Your Customer (KYC) process.

By establishing a data-based understanding of potential threats, banks can efficiently allocate resources to focus on areas of their business more at risk for money laundering schemes.

Risk assessment also helps financial institutions establish a risk appetite. In understanding the areas of high risk, an organization can make informed decisions about where to do enhanced screening and who they can do business with.

There is no one size fits all for risk assessment. Risk depends on the type of business the bank is working with, the organization’s size, the geographic location, and more. And like all areas of AML compliance, risk assessment also needs to be ongoing rather than a one-time exercise. Businesses change and so do risks. Regular revaluation is therefore key to staying one step ahead of new and evolving risk factors.

AML only begins with customer onboarding at account opening. Another major piece of the puzzle is ongoing monitoring. Banks need to be on the lookout for transactions that are out of the ordinary. “Out of the ordinary” can mean different things for different customers, based on their profile, income, and typical behavior. It could also mean transactions that are above a certain threshold, or that have no clear economic purpose. Any of these things are red flags that could signal potential money laundering or other crimes.

As part of AML customer due diligence, financial institutions must do regular screening of customers and transactions to make sure they avoid doing business with or opening accounts for entities that appear on sanctions lists. Failing to do so carries major risks: some record-breaking fines on banks have been linked to sanctions violations.

If a bank uncovers suspicious activity that may be related to money laundering, they are required by law to report it. Once the bank investigates, they compile all evidence into a suspicious activity report (SAR). SARs are filed with the financial intelligence unit (FIU) in the jurisdiction where they operate. In the United States, the FIU is called FinCEN.

AML is increasingly a legislative priority around the world, and regulations will continue to change. To be ready for regulatory evolutions, organizations should consider adopting more powerful technology that can readily adapt as needed. A graph technology-based solution like Linkurious can help get deeper and more precise information from your data, react more quickly to suspicious activity, and manage rising AML compliance costs.