Regulatory Compliance blog image

Anti-money laundering (AML) is a collection of laws, regulations and processes that aim to prevent criminals from disguising illegal funds. The UN estimates that every year the amount of money laundered is equivalent to between 2% and 5% of global GDP. That’s roughly $2 trillion. 

A growing financial services industry with increasing overlap between different national economies, and more complex chains of economic transactions, has fuelled the need for comprehensive AML regulations. This increase in regulations has also been impacted by the fact that criminals are finding new ways to circumvent AML checks, such as via micro laundering. 

To meet AML requirements, financial institutions must conduct sophisticated assessments of money laundering risks and detect suspicious transactions of customers. They do this through conducting know your customer (KYC) processes.

Broadly speaking, money laundering involves three steps:

  • Depositing: Getting illegal funds into the legitimate financial system;

  • Layering: Using transactions to conceal the illicit origin of funds; 

  • Integrating: Making laundered funds available for spending by re-investing them into real estate, financial instruments, or commercial investments.

A KYC program typically has three components. A customer identification program (CIP), customer due diligence (CDD) checks and continuous monitoring (such as navigating sanctions compliance). Customer identification aims to stop money laundering at the first step, while CDD and continuous monitoring can go some way towards reducing the ongoing risks at steps two and three.

US anti-money laundering legislation

The Financial Crimes Enforcement Network (FinCEN) — a bureau of the United States Department of the Treasury — is responsible for safeguarding the US financial system and combating money laundering.

Bank Secrecy Act (BSA)

The history of US AML legislation dates back to the Bank Secrecy Act (BSA) of 1970. The aim of the BSA was to prevent criminals from using financial institutions to hide or launder illicit funds. It established the required recordkeeping and reporting practices for banks and other financial institutions.

Under the BSA, financial services companies are required to share documentation with regulators if customers conduct transactions over $10,000. Regulators do not need documentation for every transaction over $10,000, but businesses must file Internal Revenue Service (IRS) Form 8300 if they receive funds over this amount from one individual.

The BSA also established that financial institutions must identify customers conducting transactions and keep appropriate records of financial transactions.

While the BSA forms the basis of AML legislation in the US, it was written at a time when computers and online banking didn’t exist. Since then, Congress has passed additional legislation in an attempt to keep up with innovation and stay ahead of fraudsters. Below is a brief history of AML regulatory changes in the US.

Money Laundering Control Act (1986)

  • Made money laundering a federal crime

Anti-Drug Abuse Act (1988)

  • Expanded the definition of financial institution
  • Required financial institutions to verify the identity of customers who purchased monetary instruments over $3,000

Annunzio-Wylie Anti-Money Laundering Act (1992)

  • Introduced Suspicious Activity Reports (SARs) as well as verification and recordkeeping for wire transfer

Money Laundering Suppression Act (1994)

  • Required banking agencies to review and enhance AML training and to develop anti-money laundering examination procedures

Money Laundering and Financial Crimes Strategy Act (1998)

  • Required the Department of the Treasury and other agencies to develop a National Money Laundering Strategy

USA PATRIOT Act (2001)

  • Criminalized terrorist financing
  • Strengthened customer identification procedures
  • Prohibited financial institutions from doing business with foreign shell banks
  • Required financial institutions to have due diligence procedures and enhanced due diligence procedures for foreign correspondents and private banking accounts

Intelligence Reform & Terrorism Prevention Act (2004)

  • Required certain financial institutions to report cross-border electronic transmittals of funds

Corporate Transparency Act (2020)

  • Required reporting of certain companies’ beneficial ownership information to FinCEN to discourage the use of shell corporations as a tool to disguise and move illicit funds.

European Union (EU) anti-money laundering regulations

The EU Anti-Money Laundering and Financing of Terrorism Directives are designed to protect the financial system from criminals who would misuse them for money laundering and the financing of terrorism. They aim to create a universal approach to AML across all EU Member States in order to better protect against money-laundering in the EU Single Market.

The European Commission (EC) enacted its first AML Directive (1AMLD) to combat money laundering in 1991. This established key AML rules and measures to combat terrorist financing (CFT). They included customer identification, record-keeping, methods of reporting suspicious transactions, as well as other CDD measures that all EU Member States had to implement in their national law. 

The EC introduced the second Directive (2AMLD) in 2001, and the third Directive (3AMLD) in 2006, which made AML and CFT requirements applicable to lawyers, notaries, accountants, real estate agents, casinos and encompassing trust and company services for transactions. In 2017, the EC introduced the fourth Anti-Money Laundering Directive (4AMLD) which imposed CDD requirements on all gambling services, all credit and financial institutions as well as several other designated non-financial businesses and professions.


More recently in 2020, the EC brought in 5AMLD, which introduced a legal definition of cryptocurrency. Under the Directive, both cryptocurrencies and cryptocurrency exchanges fall under existing AML and CFT regulations. 5AMLD also introduced new requirements for pre-paid cards, high-value goods, and made updates to the due diligence required for high-risk countries and PEPs.

In July 2021, the EC also set out some proposals to strengthen the EU’s collective AML and CFT rules including 6AMLD and the AML Regulation (AMLR), providing a cohesive definition of money laundering across all EU countries, closing loopholes in domestic legislation. It also added ‘aiding and abetting’ to the list of activities that are categorised as money laundering. Crucially, it also extends criminal liability for money laundering to legal persons (companies and partnerships) in situations where they fail to prevent illegal activity, and increases the sentence for money laundering crimes to a minimum of 4 years imprisonment. 

The EU Anti-Money Laundering Authority (AMLA) was also part of the July package, which would work to close further loopholes that criminals currently use to launder money. The package is currently in the legislative procedure. Assuming a compromise agreement Q4 2022 and a publication at the end of 2022 or beginning of 2023, we can expect new rules to start applying by 2026. The AMLA is expected to be operational by 2024.

UK anti-money laundering regulations

The Financial Conduct Authority (FCA) is the UK’s main financial services regulator and oversees institutions’ compliance with AML regulations. Her Majesty’s Revenue and Customs (HMRC) shares responsibilities with the FCA to investigate money laundering offenses. HMRC also issues guidance on AML in the UK, including requirements for CDD and transaction monitoring. 

UK AML regulation is outlined in the following legislation:

  • Proceeds of Crime Act 2002 (POCA): This is the UK’s primary AML regulation. Under POCA, banks and financial institutions must take the necessary steps to detect money laundering activities. These steps include CDD, transaction monitoring and suspicious activity reporting. 

  • The Terrorism Act 2000: Under this act, financial services must take steps to prevent terrorist financing, including CDD, transaction monitoring and reporting obligations.

  • The Money Laundering, Terrorist Financing and Transfer of Funds 2017: This regulation implements the obligations set out in the EU’s 5AMLD. It also introduced the requirement that firms implement a written AML and CFT risk assessment. HM Treasury initiated a review on amendments to this act in July 2021. A call for evidence on the review of the UK’s AML/CTF regulatory and supervisory regime also ran in parallel to this consultation. HMT has committed to publishing its response by 26 June 2022.  

And while the UK might have left the EU on January 31, 2020, it is still committed to meeting the AML and CFT standards outlined in the EU’s 5AMLD.

International anti-money laundering regulations

The Financial Action Task Force (FATF) is an intergovernmental organization that aims to combat money laundering and terrorist financing. Created in 1989, it sets global standards for AML and CFT regulations and promotes their adoption.

At the time of writing, the FATF has 39 members, including the UK, the US, the European Commission, China and India. 

Complying with AML regulations

Meeting AML requirements doesn’t come down to one activity. And businesses should bear in mind the individual requirements of local regulatory bodies. 

But broadly speaking, to comply with the FATF’s guidelines and recommandations (which provide a good framework for global regulatory compliance) financial institutions should adhere to the following list:

  • Implement KYC processes — AML compliance starts with customer identity verification. This includes validating a customer’s personal information with an ID Record check, as well as establishing proof of address and that funds are from a legal, legitimate source.

  • Perform recommended customer due diligence measures. Any customers deemed as higher non-compliance risks require closer due diligence, such as enhanced due diligence (EDD). Find out more about the difference between CDD and EDD.

  • Maintain up-to-date records for high-risk customers.

  • Monitor accounts for suspicious activity via Watchlist checks and report suspicious activity to the relevant authority.

  • Enforce sanctions against individuals or entities that fail to comply with regulations.

Failure to comply with anti-money laundering regulations can result in heavy AML sanctions and fines, so it’s in the interest of financial institutions to make AML regulations a top priority.

Learn about identity solutions

To find out more about how an identity solution can help banks and other financial institutions meet AML regulations, take a look at our products dedicated to satisfying compliance needs: ID RecordProof of Address and Watchlist.

This document is provided for informational purposes only, it does not create any warranty, representation, contractual commitment, condition or assurance from Onfido. It describes parts of Onfido’s current services, projects, experience, understanding of the market and regulations, as of the date of issue of this document, and is subject to change without notice. This paper is not intended to be relied upon, including as legal advice, by any customer. Each customer is responsible for making its own independent assessment of the information provided in this document and applicable regulations and is recommended to take its own legal advice. This document is not an agreement and is not part of, nor does it modify, any agreement between Onfido and its customers.