AML Compliance

Effective Anti-Money Laundering (AML) programs — to ensure AML compliance — are a fundamental requirement for obliged entities. Ensuring effective policies, procedures, human resources and technologies helps protect the organization and instills confidence in its operations.



How do you measure success in regard to AML (Anti-Money Laundering) compliance? The obvious answer is that you don’t get fined for non-compliance and manage to prevent laundered money from entering into your financial system.

But is it enough to simply meet the minimum requirements? Don’t you want more from your compliance program and implement systems that are resilient, efficient and cost-effective? The good news is that there’s a new era of capabilities that can evolve your current AML compliance processes without creating inter-departmental wars or breaking the bank (pardon the pun).

Before digging deep into specific steps you can take to improve your AML operations, let’s consider the big picture. The reason for AML regulations in the first place is to make it harder for criminals to get away with ill-gotten gains. Since most crimes have a financial incentive at their core, hindering proceeds is a powerful method to dampen corruption, tax evasion, theft, fraud and numerous other crimes. That is money that should be spent on more productive things, improving society and individual lives.

That core tenet —AML is a critical component of a fair and functioning society— is at the center of an effective program. AML compliance is not a nice to have, or a necessary evil, it’s a fundamental requirement. Ensure that any decision-maker who has an impact on your budgets or operations understands and respects the true value of compliance.

AML fundamentals

As each jurisdiction has specific requirements, this post won’t include prescriptive rules for each jurisdiction; rather, let’s examine best practices that will serve you well, no matter what country you’re doing business in.

Written Policies

Don’t try to wing it. AML compliance is not something you want to improvise. Think policies through carefully, state them clearly and have it written out for all (executives, staff, and regulators) to see. What are your identification policies? What reports are you creating? What is your record retention policy? What regulations are you complying with and how? What are your communications procedures?

Compliance Officer

Who is the person responsible for the program? Designate one individual to “own” the system and ensure that processes are followed and updated, reports are filed, training is correct and that the system is running smoothly. Consider a senior-level individual who has the power to influence the company on these matters; after all, there’s a lot riding on the success of the program both from a reputational and financial point of view.


Every employee who deals with customers or transactions in any way needs to understand your company’s policies and procedures. They need to understand the legal requirements, techniques used by money launderers, checks they should make, and how to report suspicious activities.

Training isn’t a one-time thing. Look at refresher programs to keep staff vigilant and informed to ensure the program is up-to-date.


It’s easy to become complacent; if everything is running smooth, why change? Unfortunately, by the time you notice a problem it might be too late. Have an independent expert, such as a third-party, or at least someone not associated with the day-to-day compliance operations, review your program on a periodic basis.

AML red-flags

What are some activities or situations to watch for? Remember, money laundering is about trying to legitimize illegal funds, so there are patterns that indicate that money might not come from legal means. You are looking for unusual activities, such as:

  • Large cash transactions
  • Large amount of transactions, which could indicate layering of transactions (splitting up of deposits to fall below reporting thresholds)
  • Spikes in activity or amounts
  • Transactions connected with cash-heavy businesses, such as gambling
  • Transactions connected with jurisdictions that have a history of money laundering
  • Transactions connected with individuals or businesses that are potential money launderers

These activities are noticeable in the initial due diligence process or through ongoing monitoring procedures. During onboarding, a baseline for normal activities should become apparent. Whether it’s classifying by account type, source of funds, expected transactions or some other criteria, set up a process to determine when something needs looking at, and how. Whether it’s an internal examination, or an external report to regulators, it’s not enough to note a red flag.

For example, just filing a report to file a report, is not really solving the problem. As compliance lawyer Michael Volkov states, “The government has been complaining that financial institutions are now submitting too many SARs (Suspicious Activity Reports), and that the SARs often fail to contain adequate information to warrant the filing of the notice.” Clear processes to handle events are crucial to successful AML compliance.

AML screening

The best way to mitigate risk is to detect and manage problematic accounts before they become a risk. Performing a comprehensive identity verification check reduces risk from fraud, risk of breaking compliance rules, and risk from dealing with dirty money. Once a bad customer passes the initial checks, they are past the gate and can start testing your fraud prevention systems.

Fraudsters are becoming more and more sophisticated. Money launderers and terrorists are identifying weak links in your AML/KYC (Anti-Money Laundering/Know Your Customer) processes to help them hide the true source of funds, and their connection to it. By blocking access to those that want to bypass your safeguards in the first place, your prevention systems will be more robust and secure.

This includes an exhaustive AML screening program needs to gather data from diverse government sources, international regulators and law enforcement agencies. These watchlist checks scan for known or suspected entities and individuals who are associated with money laundering, terrorism, financial fraud, arms proliferation, drug trafficking or PEPs (Politically Exposed Persons).

AML monitoring

After the initial onboarding process, compliance is not complete. There’s a necessity for monitoring on an ongoing basis. Monitoring refers to the analysis of continual, ongoing activities to ensure activities remain in compliance.

There are various activities to keep track of, such as exceeding thresholds, suspicious activities, change of status, recording of communications, surveillance of employees, watchlists, market trends, new regulations, trade data and various other market and transaction monitoring needs.

For financial institutions (FIs), even after AML/KYC regulations are met when signing up new customers, continued monitoring is critical long after initial sign up. FIs must monitor activity to ensure fraud is not committed, or that money laundering or terrorist financing funds enter their system.

Risk management

With the rate of technological and regulatory change, determining modern-day risk assessments are not an exact science. Rather, it’s about creating policies and procedures that are dynamic, defendable and adaptable. According to an EY report, AML model risk management and validation “With the vast amounts of information available to decision makers, “gut feel” business decisions are not sufficient to satisfy internal auditors, or examiners. Decisions must be supported with well-documented rationale and evidence, and tracked to evaluate whether assumptions hold true initially and over time.”

Regulators themselves are trending toward a more risk-based approach. As ACAMS points out, “institutions and organizations will be required to become more risk-focused in the way they manage their CDD programs. That applies not only to the question as to whether simplified or Enhanced Due Diligence (EDD) should apply, but also to which methods, sources and monitoring approaches are appropriate.”

AML compliance technology

Dedicating staff to perform costly, manual compliance process isn’t the best use of resources. Allocating 90 percent of an employee’s time on data collection, entry and organization — when it’s better to use automation — is inefficient and negatively impacts the bottom line.

Technologies that add to, or improve existing processes are gaining the most traction:

  • Look for proven technologies; just having potential is not enough (we’re looking at you, Blockchain).
  • What is the utility? What pain-point does the solution solve and how quickly will it bring results?
  • How easy is it? While compliance technology does involve complex ideas and technology, good solutions are adaptable and can integrate quickly into existing workflows. Having to fundamentally change processes is prone to resistance from staff, customers and regulators.

Automation won’t eliminate the need for human evaluation and judgment, especially in investigations, but by assigning the data and rule processing to computers, automation streamlines the process, reduces regulatory risk and avoids unnecessary charges for people handling repetitive tasks that computers do better.

However, as Trulioo’s VP of Product, Rob Hartley, states:

AML/KYC requirements are continually growing the demands on compliance. AML automation ensures that compliance can perform its due diligence, fraud prevention measures remain strong, and, at the same time, increase capacity, productivity and operational efficiencies.

Originally published December 14, 2017, updated to reflect the latest industry news, trends and insights.

AML resources

APIs for AMl-KYC compliance

API-driven solutions for AML/KYC compliance
APIs are already having a substantial impact is in Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance.

Enhanced Due Diligence

Enhanced Due Diligence procedures for high-risk customers
Expanding EDD requirements is becoming more and more the norm. While the scope and details for these due diligence procedures are expanding, the technologies to handle them are becoming more capable.

AML, KYC, OMG - How to manage-compliance smaller team better UX

AML, KYC, OMG: How to manage compliance with a smaller team and a better UX
How can a regulated startup manage AML (Anti-Money Laundering), KYC (Know Your Customer), and KYB (Know Your Business) compliance without breaking the bank – or the team?

Automation Driving AML Compliance Costs Down

Automation driving AML compliance costs down
Compliance failures can be costly — $13.4 billion in 2014 according to Booz Allen Hamilton. In its report on automation in anti-money laundering (AML) investigations, the consultancy notes that financial firms have been hiring rapidly, some increasing head count in their AML operations by 500 percent over a few years.  Clearly AML is ripe for automation — to reduce costs and to develop, retain and disperse consistent information to internal users and regulators.

New AML Compliance to Require Transaction Monitoring, Filtering Program

New AML compliance to require transaction monitoring, filtering program
New York-regulated financial institutions are starting to re-evaluate their approach to anti-money laundering (AML) compliance to meet the new rule adopted by The New York Department of Financial Services (NYDFS), which will require transaction monitoring and filtering. While NYDFS rules apply specifically to New York State, many compliance programs operate at the enterprise level, thus requiring those financial institutions to make changes.

5AMLD considerations – factors for implementing a robust EU compliance program

5AMLD considerations – factors for implementing a robust EU compliance program
5AMLD doesn’t exist in isolation; there are many other regulations that need consideration and coordination, and there are factors that contradict each other. GDPR upholds strict privacy and data protection measures. PSD2 requires careful handling of payment information.

Checklist for Global AML Watchlists: Are Your Systems Proficient?

Checklist for global AML Watchlists: are your systems proficient?
Is your financial institution (FI) set when it comes to operating a successful AML watchlist? Is your watchlist screening efficient, comprehensive, cost-effective and reliable? According to the Financial Crime Survey 2016 done by Operational Risk magazine and BAE systems there is an “increasing development and focus of sanctions regimes introduced by governments around the world to target organized crime and stem the funding of terrorism.”

AML Compliance Building Compliance-Respect Through Innovation

AML compliance building compliance-respect through innovation
Existing procedures are not cutting it. Manual processes are time intensive, expensive and prone to errors. To help grow their role and create effective change, compliance needs to embrace the process and tools of change, innovation and technology

AML/KYC Compliance for Legitimate Businesses

AML/KYC compliance for legitimate businesses
Beneficial ownership laws now extend to all business relationships. Learn how companies can protect themselves with an effective AML (anti-money laundering) and KYC (know your customer) compliance program.

New technologies and AML compliance

New technologies and AML compliance
To help provide clarity, the Financial Conduct Authority in the UK (FCA) published a report New Technologies and Anti-Money Laundering Compliance. The research offers insight about various emerging AML technologies, implementation by regulated firms, and the role of the FCA.

AML Compliance: The Uncomfortable Reality

AML compliance: the uncomfortable reality
All over the world, anti-money laundering (AML) compliance regimes are undergoing sweeping changes. Currently, in the U.S., AML regimes are experiencing a radical transformation as a result of shifting economic sanctions, new Ultimate Beneficial Owner (UBO) data-reporting demands, and cybercrime.


AML compliance news