Regulatory Compliance blog image

What is anti-money laundering? Anti-money laundering (AML) is a collection of laws, regulations and processes that aim to prevent criminals from disguising illegal funds as legitimate funds. The UN estimates that every year the amount of money laundered is equivalent to between 2% and 5% of global GDP. That’s roughly $2 trillion — a number that only serves to underscore the importance of anti-money laundering efforts. 

A fast growing financial services industry with increasing overlap between different national economies, and more complex chains of economic transactions, has fueled the need for comprehensive AML regulations. This increase in regulations has also been impacted by the fact that criminals are finding new ways to circumvent AML checks, such as via micro laundering. 

Broadly speaking, money laundering involves three steps:

  • Depositing: Getting illegal funds into the legitimate financial system;
  • Layering: Using transactions to conceal the illicit origin of funds; 
  • Integrating: Making laundered funds available for spending by reinvesting them into real estate, financial instruments, or commercial investments.

To meet AML requirements, financial institutions must conduct sophisticated assessments of money laundering risks and detect suspicious transactions of customers. They do this through developing an exhaustive anti-money laundering compliance checklist of five pillars as well as conducting know your customer (KYC) processes. Keep reading to find out more about some of the major AML regulations globally as well as what your AML and KYC programs should include — and how Onfido can help.

What are the anti-money laundering guidelines and regulations that exist globally?

Depending upon where your institution is located and in what jurisdictions you do business, there are several different anti-money laundering regulations you may need to comply with. It’s critical to follow these guidelines, and failure to do so may result in AML fines or sanctions.

Below you’ll find some of the most pressing AML regulations for the United States, European Union, and the United Kingdom — as well as the basics of the global guidelines released by the Financial Action Task Force.

US anti-money laundering legislation

The Financial Crimes Enforcement Network (FinCEN) — a bureau of the United States Department of the Treasury — is responsible for safeguarding the US financial system and combating money laundering.

Bank Secrecy Act (1970)

The history of US AML legislation dates back to the Bank Secrecy Act (BSA) of 1970. The aim of the BSA was to prevent criminals from using financial institutions to hide or launder illicit funds. It established the required recordkeeping and reporting practices for banks and other financial institutions.

Under the BSA, financial services companies are required to share documentation with regulators if customers conduct transactions over $10,000. Regulators do not need documentation for every transaction over $10,000, but businesses must file Internal Revenue Service (IRS) Form 8300 if they receive funds over this amount from one individual.

The BSA also established that financial institutions must identify customers conducting transactions and keep appropriate records of financial transactions.

While the BSA forms the basis of AML legislation in the US, it was written at a time when computers and online banking didn’t exist. Since then, Congress has passed additional legislation in an attempt to keep up with innovation and stay ahead of fraudsters. Keep reading for a brief history of AML regulatory changes in the US.

Money Laundering Control Act (1986)

This act officially made money laundering a federal crime.

Anti-Drug Abuse Act (1988)

The Anti-Drug Abuse Act did two primary things. First, it expanded the definition of a financial institution. Second, it required financial institutions to verify the identity of customers who purchased monetary instruments over $3,000.

Annunzio-Wylie Anti-Money Laundering Act (1992)

This act introduced Suspicious Activity Reports (SARs) as well as verification and recordkeeping for wire transfers.

Money Laundering Suppression Act (1994)

The Money Laundering Suppression Act required banking agencies to review and enhance AML training and to develop anti-money laundering examination procedures.

Money Laundering and Financial Crimes Strategy Act (1998)

This act required the Department of the Treasury and other key agencies to develop a National Money Laundering Strategy.

USA PATRIOT Act (2001)

The USA PATRIOT Act was one of the most important AML moves in the US since the Bank Secrecy Act of 1970. It laid out four primary guidelines, including:

  • Criminalizing terrorist financing
  • Strengthening customer identification procedures
  • Prohibiting financial institutions from doing business with foreign shell banks
  • Requiring financial institutions to have due diligence procedures and enhanced due diligence procedures for foreign correspondents and private banking accounts

Intelligence Reform & Terrorism Prevention Act (2004)

This act required certain financial institutions to report cross-border electronic transmittals of funds.

Corporate Transparency Act (2020)

This act required reporting of certain companies’ beneficial ownership information to FinCEN to discourage the use of shell corporations as a tool to disguise and move illicit funds.

Anti-Money Laundering Act (2020)

Perhaps the largest AML legislation passed in the United States since the USA PATRIOT Act in 2001, the AMLA laid out several key points, including:

  • Expanding both whistleblower rewards and protections
  • Establishing a beneficial ownership registration network database to be implemented by FinCEN
  • Defining new BSA violations and enhanced penalties for both repeat and egregious offenders
  • Broadening BSA definitions to cover virtual currencies, art and, artifacts
  • Expanding subpoena power for foreign bank accounts

European Union (EU) anti-money laundering regulations

The EU Anti-Money Laundering and Financing of Terrorism Directives are designed to protect the financial system from criminals who would misuse them for money laundering and the financing of terrorism. They aim to create a universal approach to AML across all EU Member States in order to better protect against money-laundering in the EU Single Market.

The European Commission (EC) enacted its first AML Directive (1AMLD) to combat money laundering in 1991. This established key AML rules and measures to combat terrorist financing (CFT). They included customer identification, record-keeping, methods of reporting suspicious transactions, as well as other CDD measures that all EU Member States had to implement in their national law. 

The EC introduced the second Directive (2AMLD) in 2001, and the third Directive (3AMLD) in 2006, which made AML and CFT requirements applicable to lawyers, notaries, accountants, real estate agents, casinos and encompassing trust and company services for transactions. In 2017, the EC introduced the fourth Anti-Money Laundering Directive (4AMLD) which imposed CDD requirements on all gambling services, all credit and financial institutions as well as several other designated non-financial businesses and professions.


More recently in 2020, the EC brought in 5AMLD, which introduced a legal definition of cryptocurrency. Under the Directive, both cryptocurrencies and cryptocurrency exchanges fall under existing AML and CFT regulations. 5AMLD also introduced new requirements for pre-paid cards, high-value goods, and made updates to the due diligence required for high-risk countries and PEPs.

In July 2021, the EC also set out some proposals to strengthen the EU’s collective AML and CFT rules including 6AMLD and the AML Regulation (AMLR), providing a cohesive definition of money laundering across all EU countries, closing loopholes in domestic legislation. It also added ‘aiding and abetting’ to the list of activities that are categorized as money laundering. Crucially, it also extends criminal liability for money laundering to legal persons (companies and partnerships) in situations where they fail to prevent illegal activity, and increases the sentence for money laundering crimes to a minimum of 4 years imprisonment. 

The EU Anti-Money Laundering Authority (AMLA) was also part of the July package, which would work to close further loopholes that criminals currently use to launder money. The package is currently in the legislative procedure. Assuming a compromise agreement Q4 2022 and a publication at the end of 2022 or beginning of 2023, we can expect new rules to start applying by 2026. The AMLA is expected to be operational by 2024.

UK anti-money laundering regulations

The Financial Conduct Authority (FCA) is the UK’s main financial services regulator and oversees institutions’ compliance with AML regulations. Her Majesty’s Revenue and Customs (HMRC) shares responsibilities with the FCA to investigate money laundering offenses. HMRC also issues guidance on AML in the UK, including requirements for CDD and transaction monitoring. 

UK AML regulation is outlined in the following legislation:

Proceeds of Crime Act 2002 (POCA)

This is the UK’s primary AML regulation. Under POCA, banks and financial institutions must take the necessary steps to detect money laundering activities. These steps include CDD, transaction monitoring and suspicious activity reporting. 

The Terrorism Act 2000

Under this act, financial services must take steps to prevent terrorist financing, including CDD, transaction monitoring and reporting obligations.

The Money Laundering, Terrorist Financing and Transfer of Funds 2017

This regulation implements the obligations set out in the EU’s 5AMLD. It also introduced the requirement that firms implement a written AML and CFT risk assessment. HM Treasury initiated a review on amendments to this act in July 2021. A call for evidence on the review of the UK’s AML/CTF regulatory and supervisory regime also ran in parallel to this consultation. HMT has committed to publishing its response by 26 June 2022. 

And while the UK might have left the EU on January 31, 2020, it is still committed to meeting the AML and CFT standards outlined in the EU’s 5AMLD.

International anti-money laundering regulations

The Financial Action Task Force (FATF) is an intergovernmental organization that aims to combat money laundering and terrorist financing. Created in 1989, it sets global standards for AML and CFT regulations and promotes their adoption.

As of 2023, the FATF has 40 recommendations divided into seven sections:

  • AML/CFT Policies and coordination
  • Money laundering and confiscation
  • Terrorist financing and financing of proliferation
  • Preventive measures
  • Transparency and beneficial ownership of legal persons and arrangements
  • Powers and responsibilities of competent authorities and other institutional measures
  • International cooperation

At the time of writing, the FATF has 39 members, including the UK, the US, the European Commission, China and India. 

What Are the 5 Pillars of AML Compliance?

When it comes to complying with AML regulations, it doesn’t come down to just one activity. And businesses should bear in mind the individual requirements of local regulatory bodies. But broadly speaking, to comply with the FATF’s guidelines and recommendations (which provide a good framework for global regulatory compliance) financial institutions should adhere to the following list:

  1. Appoint compliance leadership: Before anything else, it’s critical to appoint a strong and knowledgeable leadership team to develop, monitor, and update your AML policies and procedures on a regular basis. Ideally, these stakeholders will not only have experience in anti-money laundering, but also display a track record of staying up to date with industry developments and legal requirements. This can help ensure your organization maintains compliance in face of constantly evolving regulatory requirements.
  2. Complete risk assessments: What risks does your organization face when it comes to money laundering? Running full funnel risk assessments not only helps you identify your greatest potential risks, but also helps you determine where to spend the most time, money, or resources to guard against said risks. For example, you may develop an AML internal audit checklist to be performed to help minimize risk associated with certain types of accounts or transactions.
  3. Prepare an AML policies and procedures manual: Anti-money laundering efforts don’t occur in a vacuum, so creating intentional policies ensures everyone is on the same page when it comes to your organization’s processes. Within your manual, it may be helpful to include the Financial Industry Regulatory Authority’s (FINRA) template to assist in the creation of a regular AML compliance report.
  4. Monitor and maintain your program: Of course, it’s not enough to get a program up and running — it has to be maintained. This includes ensuring that all personnel are trained on AML policies and processes, including any new updates or changes, as well as regularly auditing your AML program for any potential areas of improvement.
  5. Do your due diligence: Finally, formal AML processes also consider essential KYC processes. A KYC program typically has three components. 
    1. A customer identification program (CIP) verifies that customers are who they say they are. Identity verification tools can help support onboarding cases. This includes validating a customer’s personal information with an ID Record check, as well as establishing proof of address and that funds are from a legal, legitimate source. 
    2.  Customer due diligence (CDD), then, evaluates the risk associated with a customer. Any customers deemed as higher non-compliance risks require closer due diligence, such as enhanced due diligence (EDD). Find out more about the difference between CDD and EDD.
    3. Continuous monitoring, such as navigating sanctions compliance, helps to monitor accounts for suspicious activity via Watchlist checks. This step also includes reporting suspicious activity to the relevant authority.

Failure to comply with anti-money laundering regulations can result in heavy AML sanctions and fines, so it’s in the interest of financial institutions to make AML regulations a top priority.

Navigate anti-money laundering regulations and compliance with Onfido

Fortunately, you don’t have to navigate the wealth of AML regulatory requirements by yourself. With Onfido’s AI-powered verification solution, you can perform:

  • Document Verification: Use identity documents to really know your customer. This automated tool supports over 2,500 documents in 195 countries.
  • Biometric Verification: Use biometric tools to verify facial biometrics. Simply have users snap a selfie or video and our next-generation tool runs liveness checks to identify photos of screens, 2D and 3D masks, and image manipulation.
  • Data Verification: Fulfill the necessary compliance regulations such as AML with a suite of financial crime and compliance signals, ideal for identifying PEPs, sanctions, adverse media, and proof of address.

Fraud Detection: Create and identify a 360-degree view of customer identity and fraud potential. With device intelligence, geolocation, and repeat fraud detection, you can identify and evaluate potential signals without impacting turnaround times.

Looking for an end-to-end identity verification platform?

Make meeting AML and KYC regulations and guidelines quicker and easier with Onfido. Take our interactive tour to learn more about the Real Identity Platform, and learn how to build no-code workflows in Onfido Studio.

Take the tour

This document is provided for informational purposes only, it does not create any warranty, representation, contractual commitment, condition or assurance from Onfido. It describes parts of Onfido’s current services, projects, experience, understanding of the market and regulations, as of the date of issue of this document, and is subject to change without notice. This paper is not intended to be relied upon, including as legal advice, by any customer. Each customer is responsible for making its own independent assessment of the information provided in this document and applicable regulations and is recommended to take its own legal advice. This document is not an agreement and is not part of, nor does it modify, any agreement between Onfido and its customers.