What is Anti-Money Laundering?
Anti-money laundering (AML) is a set of rules, principles, legislations, laws, regulations, processes, and tools specific to the financial sector, whose goal is to tackle actions of laundering illicitly obtained funds by criminal or terrorist organizations. This involves the monitoring and reporting of suspected customers and transactions. Financial institutions and other businesses in many countries have a legal obligation to follow directives for doing this. For example, financial and insurance institutions are obliged to check their customers according to "Know Your Customer" (KYC). This involves legitimation and identity verification.
Thus, to boil it down, AML is the prevention of money laundering which is the process of acquiring money illegally and turning it into clean, legal tender in three main stages including placement, layering, and integration.
The first AML set of rules was issued with the creation of the Financial Action Task Force (FATF), then reinforced after the 2001 terrorist attacks.
AML is framed on a national and international level by a set of regulations imposing obliged entities/persons of the financial industry such as banks or insurances to implement specific internal procedures and controls, as well as reporting to relevant authorities. Hence, financial institutions need to monitor their customers’ activities in order to be able to identify and report suspicious deposits or transactions. On a national level, Financial Investigative Units (FIUs) are on the forefront of AML. They receive Suspicious Activities Reports (SAR) from obliged entities/persons and investigate if relevant.
History of Anti-Money Laundering regulation and control
Anti-money laundering initiatives increased globally following the formation of the Financial Action Task Force (FATF) in 1989. It was established to develop international standards to tackle money laundering and promote implementation in different countries. The International Monetary Fund (IMF) is also involved in this.
Anti-money laundering laws are implemented by many countries, often based on the FATF guidance. They usually require banks and other financial institutions to monitor activities and report suspicious transactions.
In Europe, these are implemented through the Anti-Money Laundering Directive (AMLD). This has developed through several iterations, most recently launching the sixth AMLD in June 2021. In the UK, activity is governed by several acts, primarily the Proceeds of Crime Act 2002.
What should obliged entities implement to comply with AML controls?
Obliged entities (whose list can be found here), are held to high standards when it comes to implementing procedures to identify money laundering activities within their scope. To be compliant with main AML national and international regulations, they have to implement a comprehensive AML framework, which should include the following measures:
- Transaction’s screening mechanisms and software filtering;
- Strong Know Your Customers (KYC) processes to verify the identity and to screen customers or companies against sanctions lists and watchlist;
- Ultimate beneficiaries’ identification for legal entities, through due diligence and enhanced due diligence depending on the level of estimated risk;
- Demonstration that the company made its best effort to prevent any money laundering-related activities;
- Archive relevant documentation related to the identity of its customers and transactions.
In the near future, compliance with AML regulations for “selected obliged entities” presenting a high risk will be monitored by the future European institution AMLA EU (Anti-Money Laundering Authority of the European Union). Thus, an enhanced focus on those institutions may have an important impact on their need for compliance to AML regulations.
What are the most relevant regulations and their objectives?
At the European union level, the 4th Anti Money-Laundering directive (4AMLD) was the biggest shift in AML, implementing 40 recommendations provided by the FATF. The following main objectives have been defined under the 4AMLD:
- Increase transparency of beneficial owner (UBOs), by developing national and central registers storing this information;
- Broadening the scope of obliged entities (such as gambling services), meaning that more companies have to comply with AML requirements;
- Regulating e-money products such as prepaid cards, by implementing thresholds and forbidding anonymous funding of those payment services;
- Need for the implementation of a risk-based approach for obliged entities, by considering different factors such as country (allegedly through Transparency International Index), type of business, transactions or delivery channel;
- Mandatory character of sanctions that EU members have to enforce for designated entities/persons not respecting AML requirements.
The 5th Anti Money-Laundering directive (5AMLD) addresses new areas that were insufficiently or not covered in the previous directive, such as crypto-currency, high-value transactions, high-risk third countries and art transactions. Therefore, crypto exchanges are since the ratification of the 5AMLD in national legislations considered as obliged entities, and must now comply to AML regulations.
The European Union is moving towards a harmonized framework for AML as well as combating terrorism financing (CFT), with the establishment of the EU single rulebook/package. The latter, consisting of four legislative proposals, in order to streamline AML requirements across European member states, as well as create a supra-national authority under the AMLA EU.
Who is using AML?
The most common users of AML laws are banks and other financial institutions, who are required to report any suspicious activity to the authorities. However, not only are they required to report suspicious activity, but because they issue credit to customers who open accounts with the company, financial institutions are at a higher risk with money laundering.
Due to this increased risk of money laundering, AML regulations require banks to have a KYC process in place in order to verify their customers’ identities and make sure they are not participating in money laundering activities or financial crimes. As such, once the banks have established their customers’ identities, they can perform a customer due diligence check in order to establish their level of risk. The final step in the KYC process is ongoing monitoring where the bank continuously checks to make sure where large sums of money originate or any other changes that should warrant investigation.
Furthermore, with the increased usage of banking occurring online, a more rigorous customer verification program is needed in order to hinder unwanted criminal activity.
Why is AML important in banking and how does it affect financial institutions?
Anti-money laundering (AML) laws are important in the banking sector because they help to prevent the illegal funneling of money through financial institutions. These laws cast a wide net, requiring banks to track and report suspicious activity, as previously mentioned. This includes not only criminal activity, but also activities that may be indicative of tax evasion or other financial crimes.
However, failure to comply with AML regulations can result in hefty fines and reputational damage for banks, even jail time for the bank and its employees. In addition, it can also lead to higher costs associated with compliance.
But despite these challenges, AML compliance is essential for protecting the integrity of the financial system.
What are the risks for companies failing to implement a compliant AML process?
In the recent years, there has been a surge of investigations for AML requirements violations from relevant national authorities. Consequently, firms which failed to implement a robust AML program and did not demonstrate sufficient monitoring were subsequently fined. Depending on the authority, their scope and prerogatives may differ.
As an example, the French institution Autorité de Contrôle Prudentiel et de Résolution (ACPR) in charge of monitoring the activity of banks and insurances, has the power to impose the following sanctions:
- Up to EUR 100 million fine, or 10% of the turnover;
- Withdraw financial license, allowing the company to operate on the French market;
- Impose to an individual an interdiction to operate in the financial sector;
- Appoints a non-permanent administrator for monitoring purposes.
Other examples may illustrate how serious fines can be for failing to comply to AML requirements. In June 2020, the British regulator Financial Conduct Authority (FCA), fined the London branch of the German Commerzbank a GBP 37 million fine, “for failing to put adequate anti-money laundering (AML) systems and controls in place between October 2012 and September 2017.”
In 2017, the U.S. FIU Financial Crimes enforcement Network (FinCen) imposed a USD 184 million civil money penalty to Western Union Financial Services for violating “the Bank Secrecy Act’s anti-money laundering (AML) requirements by failing to implement and maintain an effective, risk-based AML program and by failing to file timely suspicious activity reports (SARs)”.
What are the differences between KYC and AML processes?
Although Know Your Customers (KYC) and AML rules are closely related, there are critical differences. While KYC processes aim to verify the identity of financial institutions’ customers, AML is a much wider concept of regulatory processes that must be in place, including monitoring and checking activity and transactions. AML encompasses the abovementioned processes, being only one of the components of the AML framework.
In fact, AML is broader than KYC and implies different measures that have to be taken by financial institutions to combat money laundering and financial crimes. Nonetheless, both of them serve the same goal of securing financial institutions and their customers.
Learn more about AML with our Handbook FinTech Regulations 2020.
AML Compliance through IDnow’s Solutions
As a global leader in the ID verification industry, IDnow has developed solutions for KYC and AML. Our solutions offer a full range of features and meet the regulations in a growing list of countries.
For example, AutoIdent is an AML Act-compliant identity verification product that operates as an automated process and meets high-security requirements. It can verify customers within minutes and also be combined with AML screening and monitoring. Not only can you verify your customers, but you can check them against PEP and sanction lists, or more enhanced due diligence checks.