Who is required to have an AML program?

Whether or not an organization is required to have an anti-money laundering (AML) program depends on where they do business and the regulations in those jurisdictions.

Typically, financial institutions like banks and investment firms need to follow strict laws to reduce instances of money laundering. National and international governments may also regulate other high-risk industries, such as:

• Insurance companies
• Gambling institutions
• Art dealers
• Virtual assets service providers
• Credit providers
• Real estate

For example, brokerage firms in the US must follow regulations set by the Financial Industry Regulatory Authority and the Bank Secrecy Act. To meet compliance mandates, firms must report cash payments over $10,000, train employees to develop customer risk profiles, and much more.

In the European Union, law enforcement agencies have access to a centralized registry of bank-account holders, which financial institutions must keep up-to-date under Directive (EU) 2019/1153.  

But what exactly do AML programs require businesses to do, and how can you ensure that your organization achieves compliance without placing an extra burden on honest customers? Keep reading to find out.

What is AML in banking?

AML in banking is a set of practices with the goal of preventing money laundering to help reduce tax evasion, the financing of terrorism, drug trafficking, and other criminal activities. The primary causes of money laundering are that criminal organizations need to legitimize ill-gotten cash, and they need to hide their identities while doing so. 

In an attempt to move money while remaining undetected, money laundering operations go through three stages:

• Placement: Criminals introduce their “dirty” money into the financial system by depositing it into bank accounts. Typically, these deposits are smaller chunks of the total amount to make them less suspicious.
• Layering: Criminals move their “dirty” money through multiple transactions to separate their identity from those deposits. Layering transactions can include a series of bank transfers or using funds to buy cryptocurrency.
• Integration/Extraction: Criminals attempt to “clean” their money by using it in the economy. This step often involves cash purchases to buy real estate or other assets, such as equipment for a business. 

There are several types of AML in banking that institutions can use to deter or catch this criminal activity:

• Know Your Customer (KYC): Conducting high-assurance identity verification (such as document and biometric verification) at onboarding and beyond, make it much more difficult for criminals to detach their identity from illegal funds or use a stolen identity.
• Record Management: Using software to record and analyze transactions helps institutions recognize suspicious activity, such as large cash deposits or repetitive transfers.
• Holding Periods: Requiring deposits to remain in the same account for several days before they can be transferred slows down layering tactics and gives institutions more time to investigate suspicious activity.

Financial institutions are a necessary channel for money launderers, so improving AML measures can help significantly reduce levels of illegal funding. Because of this positioning, regulatory bodies often require financial institutions to create and maintain an AML program. 

What is an AML program?

Anti-money laundering programs are designed to improve an organization’s ability to detect and deter criminal financial activities. AML program requirements vary depending on the national and international governments that have jurisdiction over an institution. For example, a bank that is based in the US but has branches in European countries will have to comply with both US and EU regulations. However, there are several common key features among different AML programs.   

What are the five pillars of AML compliance?

The five pillars of an AML compliance program are: appoint compliance leadership; complete risk assessments; prepare anti-money laundering policies and a procedure manual; monitor and maintain your AML program; and do your due diligence.

• Appoint Compliance Leadership: Assign leadership roles to team members who understand AML laws and best practices, and also have the communication skills to teach and encourage your employees at all levels.
• Complete Risk Assessments: Determine which money laundering risks pose the greatest threat to your financial institution. Can you keep up with documenting and flagging suspicious transfers? Can customers create multiple accounts using different names? How do you handle transactions from foreign accounts? 
• Prepare Anti-Money Laundering Policies and a Procedure Manual: Outline which steps your organization will take to deter and catch money laundering activities. To get started in the US, you can use this FINRA template for guidance on requirements. Requirements vary in the EU, UK, and other jurisdictions, so contact a local expert for the best starting point. Ensure that your employees receive proper training on how to take these steps.
• Monitor and Maintain Your AML Program: Money laundering tactics–and regulations–change over time. Keep up-to-date on the best practices in your jurisdiction to increase your chances of success and to remain compliant.
• Do Your Due Diligence: Your AML program should monitor accounts, transactions, and potential customers for money laundering red flags. Program components include keeping records updated and treating each interaction as a new case rather than trusting your history with an individual or company.

What is required for AML verification?

Financial institutions need to perform certain checks on activity to maintain AML compliance. These checks include recording customer information and monitoring transaction patterns. Ultimately, it’s up to financial institutions to implement the tools they need for their AML compliance program. Onfido empowers organizations to identify and deter money laundering risks without burdening honest customers with time consuming processes. How? With automated digital identity solutions that include document and biometric verification, trusted data verification, and fraud detection signals — learn more in our interactive product tour.