What are the 5 pillars of an AML program blog image

Anti-money laundering (AML) is a crucial process for financial institutions, and it’s only becoming more important. A 2011 study by the United Nations Office on Drugs and Crime estimated that ninety-nine percent of illicit cash passes undetected; that number is likely similar today, as digital transactions and cryptocurrencies make it even more difficult to detect money laundering. Standards like the Money Laundering Regulations (MLRS) in the UK and the Anti-Money Laundering Act of 2020 in the US lay out a clear compliance program to help financial institutions protect themselves (and their customers) from illicit activities.

When developing an AML compliance program, institutions must ensure that they are able to properly categorize, assess, and deal with potential risks. This starts with knowing what kinds of money laundering they are susceptible to and what customers carry a higher risk factor. Then, they must lay out means to monitor transactions and verify the identity of new customers. Despite different AML guidelines and regulations globally, most AML program elements generally possess five core pillars of operation.

What are the pillars of an AML compliance program? 

The five AML program pillars are typically:

  1. Appoint a compliance officer
  2. Complete risk assessments
  3. Prepare anti-money laundering policies and a procedure manual
  4. Monitor and maintain your AML program
  5. Implement Customer Due Diligence

Pillar #1: appoint a compliance officer

Someone in your institution must take charge of the AML program — not only to ensure compliance, but to oversee communications regarding the compliance program.

A compliance officer will be responsible for duties such as:

  • Staying up-to-date on AML regulations
  • Relaying important changes to stakeholders and management
  • Recommending changes based on audits
  • Overseeing proper training and updates for staff on compliance

In order to successfully fulfill this role, the person must have a deep understanding of AML laws — as well as extensive industry expertise — to see all angles where AML compliance will come into play.

Pillar #2: complete risk assessments

The core of a successful AML program, institutions must develop clear protocol, controls, and procedures for detecting financial crime. Good policies and procedures for compliance require a risk-based approach, meaning that mitigation measures are matched according to the level of risk. Because every organization operates differently, policies must include customized solutions.

Upper management must work with the compliance department to determine what specific risks they face and how to protect against them. Many resources exist to help institutions develop their policies and procedures, including templates that act as a starting point. There are many tools available that help institutions maintain AML compliance, as well as a means to stay updated on what is changing, and how. For example, Onfido’s Real Identity Platform augments AML compliance with an end-to-end identity solution for customer identification. Some of its features include:

  • Verification Suite. Including document and biometric verification, trusted data validation (including watchlist monitoring), and passive fraud detection signals. 
  • Onfido Studio. A drag-and-drop orchestration platform that enables businesses to tailor workflows to their needs without code.
  • Smart Capture SDKs. These experiences allow businesses to offer best-in-class capture UX out of the box.

Pillar #3: prepare anti-money laundering policies and a procedure manual

It is vital to have a compliance department with well-established procedures. Every employee needs to understand how compliance affects their job, including customer-facing roles or positions responsible for fraud detection. They also must be trained on the tools and applications used for fraud detection, and understand the protocols for escalating fraudulent activity. Numerous organizations offer training programs, so these do not need to be entirely in-house. That said, training on the institution’s specific compliance requirements should occur as a part of onboarding, as well as annually to keep employees updated on any changes.

Pillar #4: monitor and maintain your AML program

True assessment of an institution’s compliance cannot be done by those working in the organization. Periodic third-party audits are crucial to maintaining integrity of operations. This is distinctly different from a financial audit. Instead, compliance audits are strictly focused on AML regulations and how the institution protects itself against illicit activity. Annual audits are a good starting point, though institutions with higher risks for money laundering should consider a higher frequency.

Pillar #5: implement customer due diligence

The newest addition to the five pillars, the customer due diligence (CDD) rule amends the requirements of AML to include proper follow-up on customers. As money laundering tactics evolved, this step became increasingly important for AML globally. Generally, the CDD rule has four main components:

  • Proper verification of each customer’s identity and risk level
  • Identifying the true owners of legal entities (namely, to detect shell corporations)
  • Understanding the nature of customer relationships and how they affect risk
  • Continuous monitoring of transactions for suspicious patterns, amounts, or behaviors

Background checks, flagging suspicious transactions, and properly investigating beneficiaries are just a few of the actions taken to uphold the CDD rule.

Questions about AML compliance?

Compliance programs are important because they protect institutions and their customers. Staying up to date on AML regulations will ensure you never miss a step in maintaining that protection. If you are looking for advice in building robust identity verification programs, please get in touch — or check out our guide.

Want to learn more about customer identification programs?

Our compliance manager’s guide to identity verification for KYC and AML runs through the regulatory landscape, best practices for building identity processes, and what to look out for in identity partners.

Read the guide