The four financial crime trends you need to know about
ComplyAdvantage’s State of Financial Crime 2024 report has given 1000s of organizations the knowledge they need. Get your copy now for industry-leading data and insights.
Download your copyAn AML compliance program is a set of regulations and procedures that FIs follow to detect and prevent money laundering and associated crimes, including fraud, tax evasion, and terrorist financing.
Financial institutions (FIs), such as banks, credit unions, and capital market firms, are required to develop and implement anti-money laundering (AML) compliance programs to protect themselves from money launderers targeting their channels.
Firms must implement compliance programs to combat financial crime and meet regulatory expectations. Failure to comply with regulations does not just mean that potential money laundering activity may go unnoticed, but it can also lead to significant financial consequences. For example, in 2023, a multinational bank in the US was fined $186 million due to failures in transaction monitoring and compliance with sanctions. As AML regulations are regularly updated, programs need to be kept up to date with these changes.
Regulations governing AML program requirements vary between jurisdictions. These are some examples of critical pieces of legislation.
United States: The Bank Secrecy Act (BSA), also known as the Currency and Foreign Transactions Reporting Act, is the fundamental piece of regulation in the US. The BSA has been amended by a range of subsequent legislation, including the USA Patriot Act, which covers measures for countering the financing of terrorism (CFT).
United Kingdom: The Proceeds of Crime Act (POCA) is the centerpiece of the UK’s AML regulatory framework, although it has been updated by further legislation such as the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations (MLRs).
European Union: In 2020, the EU introduced the Sixth Anti-Money Laundering Directive (6AMLD) and has since issued proposals for a ‘new’ version of 6AMLD to clarify the scope of AML measures across member states.
Australia: The Anti-Money Laundering/Counter-Terrorism Financing (AML/CFT) Act was introduced in 2006 and has since been updated several times. The most recent example is the Tranche 2 reforms slated for introduction in 2024/2025.
An AML compliance program should be reinforced by strong regulatory knowledge and overseen by personnel who understand how to ensure compliance at every level of the organization. At their core, every AML program should be upheld by three pillars: paper, people, and platforms.
Auditors and regulators expect to see documentation explaining what firms say they are doing. Written commitments will be used as a benchmark against which they’ll assess what an FI does in practice. This will set out core policies, processes, and procedures.
For example, an enhanced due diligence (EDD) policy should outline the need to identify high-risk clients to ensure controls commensurate with the risk. Related processes would explain the risk-based approach (RBA), the range of considerations and tools used during EDD, and the potential outcomes.
People
From the AML/CFT Officer onwards, all compliance team members should have defined responsibilities. Relying solely on a compliance officer or team should be avoided to minimize risk; for example, customer service teams often form the first line of defense in AML. Firms should evaluate the team they need to manage their AML program, including size, skill set, and readiness for growth. Firms should also bring in individuals with AML/CFT experience, alongside training on new regulations and emerging threats.
With the availability of digital platforms, institutions no longer have to rely on manual teams for compliance. Examples of these platforms include customer relationship management (CRM) systems for managing customer data or screening tools to check customers against sanctions lists, adverse media, and politically exposed person (PEP) lists.
While various factors affect the nature of a compliance program, it should be built around a set of key steps.
An AML compliance program should focus on the internal controls and systems the institution uses to detect and report financial crime and should involve regular reviews of those controls to measure their effectiveness. AML controls extend to an institution’s employees, who should be aware of their responsibilities within the system, how to conduct due diligence on business interests, and how to navigate compliance procedures.
AML compliance programs should involve appointing a designated AML compliance officer responsible for overseeing the implementation of AML policy. Compliance officers should have sufficient experience and authority to ensure they can effectively communicate with authorities, advise senior company management, and make AML policy recommendations based on audits and reports.
AML compliance officers should be experts in local legislative requirements. In the United States, AML compliance programs focus heavily on the BSA, so programs are overseen by a BSA Officer. In the UK, oversight of AML activities falls to the Money Laundering Reporting Officer (MLRO), who reports to the National Crime Agency (NCA). In any context, an AML compliance officer’s expertise should extend beyond regulatory procedures to the methods of the financial crimes they are charged with detecting and reporting.
Risk assessment represents a crucial step in building an effective program. An AML compliance program should avoid both the administrative burden of over-compliance and the legal jeopardy of under-compliance, but no two institutions face the same set of AML risks. A risk-based approach to AML should take factors like your products and services, your customers and clients, and your location into account.
All AML compliance programs should include independent testing and auditing by third-party organizations. Testing should take place every 12–18 months, although institutions working in high-risk areas might consider a more frequent schedule. The third party chosen to test the program must be qualified to conduct a risk-based audit appropriate to your institution. In large institutions, this audit may be performed by an independent internal team.
ComplyAdvantage’s State of Financial Crime 2024 report has given 1000s of organizations the knowledge they need. Get your copy now for industry-leading data and insights. The four financial crime trends you need to know about
Firms must understand precisely who their clients are with specific know your customer (KYC) measures. KYC involves collecting data on new customers, such as their name, address, and the nature of their relationship with the institution, and verifying that data with appropriate documentation. If a company or individual is or appears to be acting on behalf of someone else, then institutions should establish ultimate beneficial ownership (UBO).
Customer due diligence (CDD) is a closely related set of measures that involves using the data collected during the KYC process to assess a customer’s risk level. CDD can involve establishing a prospective customer’s source of wealth (SOW) and source of funds (SOF), as well as screening them against sanction lists, PEP lists, and lists of high-risk jurisdictions such as the black and grey lists of the Financial Action Task Force (FATF).
Even after initial KYC processes have taken place, firms must work continually to monitor their customers’ activity. This allows them to understand customers’ typical financial behavior, including the frequency, value, and destination of transactions, and flag any significant deviations from this pattern. Monitoring also alerts institutions to transactions involving one or more risk factors, such as the presence of sanctions targets, PEPs, or watchlisted jurisdictions.
Institutions are legally obliged to report any suspicious activities relating to money laundering, such as transactions over a certain value or unusual account activity. Reporting takes the form of suspicious activity reports (SARs), typically due 30 days after the activity in question (although this deadline may be extended to 60 days if more evidence is required), and must be confidential.
Thankfully for FIs, the days of relying on slow and labor-intensive manual AML processes are over, and a wealth of sophisticated software options exist to enhance AML compliance programs.
In the same way that an institution’s approach to AML compliance should be based on its risk profile, its choice of AML software should be based on its specific requirements, considering factors such as its customer base, areas of operation, and internal capabilities. The software should fulfill essential AML compliance elements, including CDD, transaction monitoring, PEP screening, sanctions screening, and adverse media monitoring. Further areas of consideration include update frequency (to ensure the software can keep pace with changing sanctions or PEP lists), usability, and ease of implementation.
While all employees should have a working knowledge of AML procedures, specific employees will bear greater responsibility for implementing AML compliance programs. Institutions might therefore consider a base level of training for all employees, supplemented by further training for those with more AML-specific responsibilities.
As essential as AML compliance programs are, their implementation can be far from straightforward. In today’s complex financial landscape, a few critical AML compliance challenges arise for institutions.
The speed and anonymity of digital payment platforms have made it easier for money launderers to avoid detection. Methods such as structuring (sending transactions just below designated limits to avoid being flagged) or money mules (using third parties to move money) make financial crime networks harder to trace. Meanwhile, new technologies, such as the metaverse and the Internet of Things (IoT), have opened up new possibilities for money laundering methods.
The growing sophistication of money laundering methods has necessitated increased governance to counter them. 2024 alone has seen major regulatory updates impacting AML across several jurisdictions, from Australia’s Tranche 2 reforms to the Corporate Transparency Act (CTA) in the United States, and the fast-paced nature of global AML laws presents a consistent compliance challenge.
Essential AML compliance processes, from CDD to transaction monitoring, require the collection and analysis of exponentially increasing amounts of data. Specialist knowledge, training, and tools are generally needed to handle this data effectively. Data quality can also be an issue – even highly capable compliance tools and teams will be held back by data that is incomplete, unreliable, or out-of-date. Effective data management should include as much detail as possible, and cover a wide range of jurisdictions and regularly updated sources to ensure no critical information is missed.
FIs looking to grow their business need an AML compliance solution that can scale with them. A compliance program not designed according to an institution’s specific needs and risk profile will significantly hold back attempts to scale, with too much time and resources spent on essential processes.
To deal with these challenges, institutions can implement specific best practices, allowing them to devise, execute, and maintain the most effective AML compliance program possible. These include:
Find out how our solutions use real-time financial crime insights to help 1000s of firms manage their risk effectively.
Get started nowOriginally published 14 May 2018, updated 15 August 2024
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).