Anti-money laundering (AML)

Anti-money laundering refers to laws, regulations, tools and processes that make it harder for criminals to hide the origin of illegally obtained funds acquired through crimes ranging from drug trafficking, tax evasion, fraud, terrorist financing or major corruption schemes. Since the criminals need to move the money through financial institutions or legitimate businesses to hide the illegal origin, those businesses must monitor and report suspicious transactions. Regulated businesses face steep fines and other consequences for not complying with AML regulations. To meet AML requirements, financial institutions must undergo sophisticated monitoring and money laundering risk assessment to detect suspicious transactions of customers. They do this through conducting KYC and AML processes.

According to the United Nation Office on Drugs and Crime, money is typically laundered in three stages before finally being released into the legal financial system: placement (moving the funds away from direct association with the crime), layering (transactions meant to conceal the trail to avoid detection), and integration (making the money available to the criminal from what seem to be legitimate sources, like luxury purchases or investments).

To understand the importance of AML, start by asking yourself this question — can your business afford to lose a large sum of money, like $160 million?

That’s what happened to Wachovia Bank (now a part of Wells Fargo) around 2007. They had to pay federal authorities $110 million in forfeitures — plus another $50 million in fines — for failing to catch funds used to smuggle massive amounts of narcotics into the U.S. 

Let’s back up to what sparked this scheme — the mutual benefits to both Mexican drug traffickers and currency exchange houses. The currency exchange houses have a “significant need” for U.S. dollars to trade for pesos in their ordinary course of business. They are also not banks, meaning they cannot hold deposits or maintain accounts. Their central purpose is to exchange the value of one currency for another.

Drug traffickers have serious quantities of dirty cash to clean. They would bring large amounts of U.S. dollars to these currency exchange houses, which the houses happily accepted and then exchanged or wired internationally. These nefarious activities did not go unnoticed, and prominent AML stakeholders and regulators began pointing out the potential for money laundering through currency exchange houses in the early 90s. Unfortunately, Wachovia Bank did not properly heed these warnings.

From 2005 to 2007, Wachovia had 22 Mexican currency exchange houses as clients. These clients received the same services as everyone else—international wiring, bulk cash collection and transportation to the U.S., and remote check deposits. Due to numerous failures in Wachovia’s AML program, they missed $110 million in illegally acquired proceeds. Not only that, but they also didn’t conduct proper surveillance of over $40 billion for a two-year period.

What are the AML requirements that Wachovia missed?

Investigators noted several areas of negligence in Wachovia’s AML program, including:

• Lacking procedures and policies to monitor the return of U.S. dollars to the U.S. economy from high-risk currency exchange houses.
• Failing to monitor over $40 billion in remote deposits alone from international correspondents.
• Not conducting sufficient due diligence with high-risk currency exchange houses.
• Failing to fulfill suspicious activity reporting obligations due to a lack of adequate monitoring.
• Not having limits for consecutively ordered traveler’s checks for high-risk currency exchange houses.
• Failing to catch and report $373 billion that currency exchange houses wired through Wachovia.
• Not implementing functional coverage for AML auditing.

This occurrence is sadly only one of the many real-life examples of money laundering out there. The federal prosecutor, Jeffrey Sloman, summed up the whole mess: "Wachovia's blatant disregard for our banking laws gave international cocaine cartels a virtual carte blanche to finance their operations. Corporate citizens, no matter how big or powerful, must be held accountable for their actions.”

Failure to comply with anti-money laundering regulations can result in heavy AML sanctions and fines, so it’s in the interest of financial institutions to make AML regulations a top priority. The UNODC estimates that the amount of money laundered globally in one year is 2% to 5% of global GDP, or between $800 billion to $2 trillion. Money laundering is by definition associated with criminal activities, which can range from illegal arms sales, terrorist financing, smuggling, corruption, insider trading, fraud, and cybercrimes. There are many reasons that AML is important, ranging from business protections to moral responsibility.

Follow KYC measures. AML compliance starts with knowing who your customer is by performing identity verification. This includes verifying the personal information details the user provides with an ID Record check, or proof of address. KYC also checks that funds are from a legal and legitimate source. Undertake the necessary customer due diligence processes. Customers who are considered higher risk require more thorough due diligence, such as enhanced due diligence (EDD). Find out more about the difference between CDD and EDD. Maintain up-to-date records for higher-risk customers. Monitor customer accounts for suspicious activity via Watchlist checks and report any flagged transactions in accordance with relevant regulations. Enforce sanctions against individuals or entities that fail to comply with regulation or are found to be on blocked lists.

Global awareness of common money laundering schemes will bring society one step closer to stamping them out. Keep in mind that these money laundering examples will usually act as one cog in a much larger wheel, as criminals need to clean their illicit funds through a variety of channels to avoid raising suspicion. Here are five common types of money laundering to look out for:

1. Cash business money laundering

You may have heard popular lore about Al Capone and the mafia running laundromats to disguise their money laundering. Some say this is a myth, but it still serves as an enlightening illustration for cash business money laundering. 

When a business primarily deals in cash, tracking the origins of all that cash is nearly impossible. The general chaos of cash books makes it easy for criminals to slip in dirty money on a regular basis, claiming fake business deals and transactions. They then deposit illegally earned cash with legal funds, cleaning the dirty money by getting it into their business bank account.

Law enforcement might pick up on this crime by detecting a significant difference between a money laundering business’s profits and a comparable business’s profits, but it’s still hard to prove. Financial institutions are the biggest line of defense against cash business money laundering, as they are required to report suspicious activity. For example, lots of large cash business deposits just under the national reporting limit could indicate that the business is laundering money.

2. Real estate money laundering

Residential and commercial real estate has become a popular vehicle for storing, laundering, and benefiting from ill-gotten funds. A large part of this was originally due to the lack of anti-money laundering regulations surrounding cash purchases, and numerous countries have suffered as a result.

One review of real estate money laundering cases found that $2.3 billion had been laundered through U.S. real estate alone from 2015 to 2020—and that’s just the discovered and documented cases. The Financial Action Task Force (FATF) reported more than 650 organized criminal groups in Canada involved in mortgage fraud in 2016. Australia has even been called a “destination of choice” for real estate money laundering.

The prevalence of real estate money laundering is likely due to the many ways fraudsters can use real estate as financial detergent. A couple of these methods include:

• Using Third Parties to Buy Real Estate - Establishing a third party, like a friend or family member, as the legal owner of a property gives criminals an extra layer of security. If the buyer mentions someone else is funding their real estate purchase, that should be a red flag.
• Purchasing Real Estate with Shell Companies - Shell companies don’t have significant assets or active business operations. Criminals create shell companies to exist on paper purely for laundering money. Because many countries do not require the identification of the business owner in real estate transactions, it’s easier to slide under the radar with a shell company.

In recent years, various governments have updated their AML regulations to combat these loopholes in real estate purchases. For example, Britain enacted the Unexplained Wealth Order (UWO) in 2018. The National Crime Agency (NCA) can now appeal to the High Court for a UWO to order a target to prove how they got their unexplained wealth. 

Zamira Hajiyeva, the spouse of the jailed state banker Jahangir Hajiyev, was the first person to be on the receiving end of one of these orders. Her case is a prime example of money laundering cases in real estate. She allegedly used dirty funds from her husband’s illegal dealings to purchase a £15 million home in London and many other expensive items (like a £31 million Gulfstream G550 jet and a £10 million golf club). If she fails to prove the origin of these funds, the NCA can legally freeze and seize these assets.

3. Gambling money laundering

Criminals have used casinos for years to launder money. Now, with the fast rise of the online gambling market, new forms of gambling money laundering have come into play. Large amounts of money constantly flow in and out of these businesses, making it easy for fraudsters to go undetected. 

This type of money laundering is simple in theory. People will exchange illicit cash for chips or credit, gamble enough to lose and win some money, and then cash out with their earnings. If anyone asks where the money came from, money launderers can claim they bought in with a lower amount and won big.

Canada’s financial intelligence unit, FINTRAC, published indicators to watch out for in an effort to decrease casino money laundering. These are highly applicable to all countries, not just Canada. Some examples of red flags include:

• Attempts to mislead identification efforts, such as not providing ID or using different aliases across transactions.
• Approaching different staff members and physical locations to exchange chips for cash.
• Refusal to identify the origin of funds.
• Opening an account with a non-local address without a reasonable explanation.

4. Cryptocurrency laundering

Cryptocurrency, a decentralized and somewhat anonymous form of payment, is quite appealing to money launderers. Many criminals use cryptocurrency to muddle the origins and paths of their illicit cash, and crypto laundering techniques continue to become more advanced. A Europol study also notes that many criminals are now using crypto instead of cash to pay for illegal activities. 

How bad is it getting? Recent academic research estimates that $76 billion of illegal activity per year involve bitcoin, a popular form of cryptocurrency. Some of the typical methods of cryptocurrency laundering include:

• Mixing/tumbling services. Money launderers send cryptocurrency through a third-party service that mixes it with other users' funds, making it difficult to trace the original source of the funds.
• Smurfing money laundering. Breaking up a large sum of money into smaller transactions to avoid triggering reporting requirements or exceeding limits on single transactions is referred to as “smurfing.” This is a common technique in non-crypto money laundering as well.
• Converting to fiat currency - Criminals can also convert their funds to fiat currency (aka government-backed currency, like the euro or U.S. dollars). Crypto exchanges are held to the same standards as all financial institutions, so criminals instead go through unlicensed exchanges or direct trade with other buyers/sellers.

Although cryptocurrency is relatively new, many countries have already introduced stringent AML measures surrounding the use of crypto. Service providers and AML software platforms are now obligated to gather more information about users and their transactions. These increased regulations have helped law enforcement agencies better respond to criminal activities committed using cryptocurrencies.

5. Art money laundering

According to a recent Art Basel and UBS Global Art Market Report, the international art market sees billions of dollars in art transfer ownership annually. Art sales are tricky to regulate, as the value of art is so subjective. One person may adore the iconic melting clocks of Spanish surrealist artist Salvador Dalí and happily pay millions for his work; someone else may observe Dalí surrealism, think it’s absurd, and not be willing to pay a dime for it.

Money launderers also take advantage of the art market’s historically anonymous nature, making it easy to buy art with dirty money. One method of art money laundering involves purchasing numerous pieces of art with illicit funds and then reselling them at auction for clean cash. Other criminals use their purchased artwork as collateral for a bank loan, thereby having a clean money source from the bank.

Globally, legislators are working to close the regulatory loopholes that facilitate money laundering through art. The European Union (EU), for example, recently implemented regulations requiring art businesses to enhance their client verification efforts and determine the intent behind large, complex, or secretive transactions.

Businesses and individuals in various industries (but mostly finance) must comply with numerous AML regulations around the globe. Other affected sectors include insurance companies, gambling institutions, art dealers, virtual assets service providers, and credit providers.

Some examples of AML regulations around the world that these industries must follow include:

• The EU’s AML Directives from 1991 to 2020 - In 1991, the European Commission enacted 1AMLD, the first anti-money laundering directive in the EU. Its primary focus at the time was combating the financing of terrorism (CFT). This directive was updated multiple times, with the latest being the fifth AML directive (5AMLD) in 2020. 5AMLD provided clarity on arising issues, like holding cryptocurrency to the same AML standards as standard currency and introducing new prepaid card requirements. A sixth AML directive is in the works to improve Europe’s defense against money laundering.  
  
• The U.S. Bank Secrecy Act of 1970 and Anti-Money Laundering Act of 2020 - The Bank Secrecy Act (BSA) was the first anti-money laundering act passed in the U.S. The BSA instructs financial institutions to keep records of all transactions over $10,000 and to file reports with the government for transactions that are deemed suspicious or unusual. The act also established the Financial Crimes Enforcement Network (FinCEN), the primary organization responsible for enforcing the BSA's provisions and collecting, analyzing, and sharing financial intelligence. The latest AML act in the U.S. is the Anti-Money Laundering Act (AMLA) of 2020, which expands the responsibilities of financial institutions, money service businesses, and virtual asset service providers. The AMLA also provides for greater collaboration between financial institutions and law enforcement agencies, and it enhances the penalties for AML violations.
• The UK’s Money Laundering, Terrorist Financing and Transfer of Funds Regulations of 2017 - This act, also known as MLR 2017, works to prevent money laundering and terrorism financing by imposing standard AML obligations on financial institutions in the UK. The MLR 2017 also requires entities to have robust AML/CTF policies, procedures, and controls, and to appoint a designated person or officer to take responsibility for these activities. The regulations also set out the requirements for record-keeping and reporting suspicious activities to the National Crime Agency (NCA).

To keep up with AML regulations and ever-evolving money laundering tactics, businesses should rely on the following three main lines of defense.

1st Line of Defense: Daily Business Operations

The people on the customer-facing side of a business act as the first line of defense against money laundering. Businesses must have clear AML policies in place and regular AML training to strengthen efforts on this front. The scope and frequency of training should be tailored to the levels of risk each employee will encounter. You can further sophisticate your AML operation procedures by using a real identity platform — like Onfido — to automate digital AML verification and enhance fraud detection.

2nd Line of Defense: Compliance and Risk Management

The second line of defense is any person or process involved with managing a business’s AML compliance and risk. One of their primary focuses is supervising and directing those dealing with the first line of defense, including handling escalated risk alerts. They are also responsible for monitoring the effectiveness of current procedures and whether or not a business is sufficiently compliant with regulatory measures. Senior management and board members will expect regular status reports from this level of defense.

3rd Line of Defense: Internal Auditing

An internal audit will help businesses find any weak links within their AML system. To prevent bias, an independent party not associated with the first or third line of defense should conduct these audits. A comprehensive AML audit will consider the following:

• How well employees are following internal policies.
• If policies are adequate for identifying and managing risk.
• The quality of a business’s AML training.
• How effective compliance and risk management are.

Only a professional who regularly conducts AML audits should be trusted to oversee this third line of defense. 

Compliance leadership appointments, staff training, risk assessments, independent audits, and customer due diligence (CDD) are all crucial parts of an AML compliance program. Different countries have variations on these requirements, but each core concept remains the same. In the initial stages of mapping out a compliance program, consider making an anti-money laundering compliance checklist that covers each of these areas as follows:  

Appoint compliance leadership

Successful AML compliance starts with a strong leader or leadership team. What skills are needed to be an AML compliance officer? You want someone with a deep understanding of AML laws and prior experience developing and implementing effective compliance programs. They will also need superior communication skills, as they must effectively discuss AML matters with stakeholders like the board of directors, senior management, and employees. High-quality AML leadership will demonstrate a track record of staying current on industry developments and implementing changes to stay ahead of evolving threats and regulatory requirements.

Complete risk assessments

This stage is where you determine what risks your organization faces through your products and services, customers, transactions, and geographic location. The information gathered from risk assessments can then be used to prioritize AML efforts and allocate resources to areas of highest risk. It is essential to regularly update your risk assessment procedures to ensure that they remain relevant and practical.

Prepare an anti-money laundering policies and procedures manual

An AML policies and procedures manual is critical for a company to demonstrate its commitment to compliance and prevent illegal financial activities. The manual should thoroughly detail the company's AML program, including all the actions outlined in this checklist. Instead of creating one from scratch, see if your national financial regulatory authority has an anti-money laundering manual sample or template. For example, the Financial Industry Regulatory Authority (FINRA) offers a free AML template to assist with fulfilling U.S. compliance requirements.

Monitor and maintain your AML program

Emerging money laundering risks and changing regulatory requirements mean that AML monitoring is a necessity. Program maintenance includes regularly training employees on AML policies and systems for detecting and reporting suspicious activities. Companies should also engage independent auditors to review their AML programs and provide recommendations for improvement.

Do your due diligence

Due diligence involves thoroughly evaluating potential business partners, customers, and transactions to ensure they are not connected to illegal financial activities. Actions like reviewing customer identification and documentation, running background checks, and monitoring transaction patterns for unusual activity are all part of due diligence. Companies should also maintain accurate and up-to-date records of their due diligence efforts.

Onfido offers an end-to-end identity verification solution through the Real Identity Platform, giving businesses fast results they can trust without compromising on the user experience. Our document and biometric verifications give assurance that a real user is present and that they are using a genuine government-issued ID that belongs to them, keeping fraud down and helping you meet compliance requirements. We enable businesses to build identity verification workflows that meet their unique AML and KYC requirements by combining:

• Document Verification - Verify document authenticity based on a user-captured image, from passports to national identity cards.
• Data Verification - Validate personal information provided by customers and tailor searches with sanctions lists, politically exposed person (PEP) lists, and adverse media categories.
• Biometric Verification - Users snap a selfie to verify facial biometrics, and our next-generation head turn capture experience detects a real user to prevent more sophisticated fraud.
• Fraud Detection - Evaluate the risk level associated with a user's device by analyzing device intelligence, geolocation, and repeat fraud detection. You can also validate submitted personal information, and identify anomalies that may signal fraudulent activity.

Our flexible platform integrates seamlessly with a variety of systems and processes, making it easy for companies to integrate identity verification into their existing workflows. Plus, Onfido’s global coverage and fast verification times make it an ideal solution for businesses operating in a fast-paced, highly-regulated environment.

Take our interactive product tour to learn more. 

The KYC process is a part of AML and aims to stop such schemes in the early stage. KYC regulations require a business to identify their customers and assess their risk profile upon onboarding. This is done via customer due diligence (CDD) processes.  CDD processes typically comprise of a series of checks to help businesses verify their customers’ identities and assess their risk profiles, and can also refer to ongoing monitoring post onboarding to catch money laundering in subsequent stages beyond the initial deposit. CDD involves analyzing information from different sources, including what the customer provides, and checking information against public and private data sources and sanctions lists. The information you collect depends on the risk profile of your customer, but basic CDD requires the information about the identity of your customers, such as their name, address and a photograph of an official identity document. An overview of your customer’s activities and the markets they operate in, and an overview of any other entities that your customer does business with.