Anti-money laundering regulations

A KYC program typically has three components. A customer identification program (CIP), customer due diligence (CDD) checks and continuous monitoring (such as navigating sanctions compliance). Customer identification aims to stop money laundering at the first step, while CDD and continuous monitoring can go some way towards reducing the ongoing risks at steps two and three.

US anti-money laundering legislation

The Financial Crimes Enforcement Network (FinCEN) — a bureau of the United States Department of the Treasury — is responsible for safeguarding the US financial system and combating money laundering.

Bank Secrecy Act (BSA)

The history of US AML legislation dates back to the Bank Secrecy Act (BSA) of 1970. The aim of the BSA was to prevent criminals from using financial institutions to hide or launder illicit funds. It established the required recordkeeping and reporting practices for banks and other financial institutions.

Under the BSA, financial services companies are required to share documentation with regulators if customers conduct transactions over $10,000. Regulators do not need documentation for every transaction over $10,000, but businesses must file Internal Revenue Service (IRS) Form 8300 if they receive funds over this amount from one individual.

The BSA also established that financial institutions must identify customers conducting transactions and keep appropriate records of financial transactions.

While the BSA forms the basis of AML legislation in the US, it was written at a time when computers and online banking didn’t exist. Since then, Congress has passed additional legislation in an attempt to keep up with innovation and stay ahead of fraudsters. Below is a brief history of AML regulatory changes in the US.

Money Laundering Control Act (1986)

• Made money laundering a federal crime

Anti-Drug Abuse Act (1988)

• Expanded the definition of financial institution
• Required financial institutions to verify the identity of customers who purchased monetary instruments over $3,000

Annunzio-Wylie Anti-Money Laundering Act (1992)

• Introduced Suspicious Activity Reports (SARs) as well as verification and recordkeeping for wire transfer

Money Laundering Suppression Act (1994)

• Required banking agencies to review and enhance AML training and to develop anti-money laundering examination procedures

Money Laundering and Financial Crimes Strategy Act (1998)

• Required the Department of the Treasury and other agencies to develop a National Money Laundering Strategy

USA PATRIOT Act (2001)

• Criminalized terrorist financing
• Strengthened customer identification procedures
• Prohibited financial institutions from doing business with foreign shell banks
• Required financial institutions to have due diligence procedures and enhanced due diligence procedures for foreign correspondents and private banking accounts

Intelligence Reform & Terrorism Prevention Act (2004)

• Required certain financial institutions to report cross-border electronic transmittals of funds

Corporate Transparency Act (2020)

• Required reporting of certain companies’ beneficial ownership information to FinCEN to discourage the use of shell corporations as a tool to disguise and move illicit funds.

European Union (EU) anti-money laundering regulations

The EU Anti-Money Laundering and Financing of Terrorism Directives are designed to protect the financial system from criminals who would misuse them for money laundering and the financing of terrorism. They aim to create a universal approach to AML across all EU Member States in order to better protect against money-laundering in the EU Single Market.

The European Commission (EC) enacted its first AML Directive (1AMLD) to combat money laundering in 1991. This established key AML rules and measures to combat terrorist financing (CFT). They included customer identification, record-keeping, methods of reporting suspicious transactions, as well as other CDD measures that all EU Member States had to implement in their national law. 

The EC introduced the second Directive (2AMLD) in 2001, and the third Directive (3AMLD) in 2006, which made AML and CFT requirements applicable to lawyers, notaries, accountants, real estate agents, casinos and encompassing trust and company services for transactions. In 2017, the EC introduced the fourth Anti-Money Laundering Directive (4AMLD) which imposed CDD requirements on all gambling services, all credit and financial institutions as well as several other designated non-financial businesses and professions.

EU 5AMLD and 6AMLD/AMLR

More recently in 2020, the EC brought in 5AMLD, which introduced a legal definition of cryptocurrency. Under the Directive, both cryptocurrencies and cryptocurrency exchanges fall under existing AML and CFT regulations. 5AMLD also introduced new requirements for pre-paid cards, high-value goods, and made updates to the due diligence required for high-risk countries and PEPs.

In July 2021, the EC also set out some proposals to strengthen the EU’s collective AML and CFT rules including 6AMLD and the AML Regulation (AMLR), providing a cohesive definition of money laundering across all EU countries, closing loopholes in domestic legislation. It also added ‘aiding and abetting’ to the list of activities that are categorised as money laundering. Crucially, it also extends criminal liability for money laundering to legal persons (companies and partnerships) in situations where they fail to prevent illegal activity, and increases the sentence for money laundering crimes to a minimum of 4 years imprisonment. 

The EU Anti-Money Laundering Authority (AMLA) was also part of the July package, which would work to close further loopholes that criminals currently use to launder money. The package is currently in the legislative procedure. Assuming a compromise agreement Q4 2022 and a publication at the end of 2022 or beginning of 2023, we can expect new rules to start applying by 2026. The AMLA is expected to be operational by 2024.

UK anti-money laundering regulations

The Financial Conduct Authority (FCA) is the UK’s main financial services regulator and oversees institutions’ compliance with AML regulations. Her Majesty’s Revenue and Customs (HMRC) shares responsibilities with the FCA to investigate money laundering offenses. HMRC also issues guidance on AML in the UK, including requirements for CDD and transaction monitoring. 

UK AML regulation is outlined in the following legislation:

• Proceeds of Crime Act 2002 (POCA): This is the UK’s primary AML regulation. Under POCA, banks and financial institutions must take the necessary steps to detect money laundering activities. These steps include CDD, transaction monitoring and suspicious activity reporting. 

• The Terrorism Act 2000: Under this act, financial services must take steps to prevent terrorist financing, including CDD, transaction monitoring and reporting obligations.

• The Money Laundering, Terrorist Financing and Transfer of Funds 2017: This regulation implements the obligations set out in the EU’s 5AMLD. It also introduced the requirement that firms implement a written AML and CFT risk assessment. HM Treasury initiated a review on amendments to this act in July 2021. A call for evidence on the review of the UK’s AML/CTF regulatory and supervisory regime also ran in parallel to this consultation. HMT has committed to publishing its response by 26 June 2022.  

And while the UK might have left the EU on January 31, 2020, it is still committed to meeting the AML and CFT standards outlined in the EU’s 5AMLD.

International anti-money laundering regulations

The Financial Action Task Force (FATF) is an intergovernmental organization that aims to combat money laundering and terrorist financing. Created in 1989, it sets global standards for AML and CFT regulations and promotes their adoption.

At the time of writing, the FATF has 39 members, including the UK, the US, the European Commission, China and India. 

Complying with AML regulations

Meeting AML requirements doesn’t come down to one activity. And businesses should bear in mind the individual requirements of local regulatory bodies. 

But broadly speaking, to comply with the FATF’s guidelines and recommandations (which provide a good framework for global regulatory compliance) financial institutions should adhere to the following list:

• Implement KYC processes — AML compliance starts with customer identity verification. This includes validating a customer’s personal information with an ID Record check, as well as establishing proof of address and that funds are from a legal, legitimate source.

• Perform recommended customer due diligence measures. Any customers deemed as higher non-compliance risks require closer due diligence, such as enhanced due diligence (EDD). Find out more about the difference between CDD and EDD.

• Maintain up-to-date records for high-risk customers.

• Monitor accounts for suspicious activity via Watchlist checks and report suspicious activity to the relevant authority.

• Enforce sanctions against individuals or entities that fail to comply with regulations.

Failure to comply with anti-money laundering regulations can result in heavy AML sanctions and fines, so it’s in the interest of financial institutions to make AML regulations a top priority.