Anti-Money Laundering (AML)

What is Anti-Money Laundering?

Anti-money laundering (AML) is a set of rules, principles, legislations, laws, regulations, processes, and tools specific to the financial sector, whose goal is to tackle actions of laundering illicitly obtained funds by criminal or terrorist organizations. This involves the monitoring and reporting of suspected customers and transactions. Financial institutions and other businesses in many countries have a legal obligation to follow directives for doing this. For example, financial and insurance institutions are obliged to check their customers according to "Know Your Customer" (KYC). This involves legitimation and identity verification.

First AML set of rules was issued with the creation of the Financial Action Task Force (FATF), then reinforced after the 2001 terrorist attacks.

AML is framed on a national and international level by a set of regulations imposing obliged entities/persons of the financial industry such as banks or insurances to implement specific internal procedures and controls, as well as reporting to relevant authorities. Hence, financial institutions need to monitor their customers’ activities in order to be able to identify and report suspicious deposits or transactions. On a national level, Financial Investigative Units (FIUs) are on the forefront of AML. They receive Suspicious Activities Reports (SAR) from obliged entities/persons and investigate if relevant.

Anti Money Laundering regulation and control

Anti-money laundering initiatives increased globally following the formation of the Financial Action Task Force (FATF) in 1989. It was established to develop international standards to tackle money laundering and promote implementation in different countries. The International Monetary Fund (IMF) is also involved in this.

Anti-money laundering laws are implemented by many countries, often based on the FATF guidance. They usually require banks and other financial institutions to monitor activities and report suspicious transactions.

In Europe, these are implemented through the Anti-Money Laundering Directive (AMLD). This has developed through several iterations, most recently launching the sixth AMLD in June 2021. In the UK, activity is governed by several acts, primarily the Proceeds of Crime Act 2002.

What obliged entities should implement to comply with AML controls?

Obliged entities (whose list can be found here), are held to high standards when it comes to implementing procedures to identify money laundering activities within their scope. To be compliant with main AML national and international regulations, they have to implement a comprehensive AML framework, which should include the following measures:

  • Transaction’s screening mechanisms and software filtering;
  • Strong Know Your Customers (KYC) processes to verify the identity and to screen customers or companies against sanctions lists and watchlist;
  • Ultimate beneficiaries’ identification for legal entities, through due diligence and enhanced due diligence depending on the level of estimated risk;
  • Demonstration that the company made its best effort to prevent any money laundering-related activities;
  • Archive relevant documentation related to the identity of its customers and transactions.

In the near future, compliance with AML regulations for “selected obliged entities” presenting a high risk will be monitored by the future European institution AMLA EU (Anti-Money Laundering Authority of the European Union). Thus, an enhanced focus on those institutions may have an important impact on their need for compliance to AML regulations.

What are the most relevant regulations and their objectives?

At the European union level, the 4th Anti Money-Laundering directive (4AMLD) was the biggest shift in AML, implementing 40 recommendations provided by the FATF. The following main objectives have been defined under the 4AMLD:

  • Increase transparency of beneficial owner (UBOs), by developing national and central registers storing this information;
  • Broadening the scope of obliged entities (such as gambling services), meaning that more companies have to comply with AML requirements;
  • Regulating e-money products such as prepaid cards, by implementing thresholds and forbidding anonymous funding of those payment services;
  • Need for the implementation of a risk-based approach for obliged entities, by considering different factors such as country (allegedly through Transparency International Index), type of business, transactions or delivery channel;
  • Mandatory character of sanctions that EU members have to enforce for designated entities/persons not respecting AML requirements.

The 5th Anti Money-Laundering directive (5AMLD) addresses new areas that were insufficiently or not covered in the previous directive, such as crypto-currency, high-value transactions, high-risk third countries and art transactions. Therefore, crypto exchanges are since the ratification of the 5AMLD in national legislations considered as obliged entities, and must now comply to AML regulations.

The European Union is moving towards a harmonized framework for AML as well as combating terrorism financing (CFT), with the establishment of the EU single rulebook/package. The latter, consisting of four legislative proposals, in order to streamline AML requirements across European member states, as well as create a supra-national authority under the AMLA EU.

What are the risks for companies failing to implement a compliant AML process?

In the recent years, there has been a surge of investigations for AML requirements violations from relevant national authorities. Consequently, firms which failed to implement a robust AML program and did not demonstrate sufficient monitoring were subsequently fined. Depending on the authority, their scope and prerogatives may differ.

As an example, the French institution Autorité de Contrôle Prudentiel et de Résolution (ACPR) in charge of monitoring the activity of banks and insurances, has the power to impose the following sanctions:

  • Up to EUR 100 million fine, or 10% of the turnover;
  • Withdraw financial license, allowing the company to operate on the French market;
  • Impose to an individual an interdiction to operate in the financial sector;
  • Appoints a non-permanent administrator for monitoring purposes.

Other examples may illustrate how serious fines can be for failing to comply to AML requirements. In June 2020, the British regulator Financial Conduct Authority (FCA), fined the London branch of the German Commerzbank a GBP 37 million fine, “for failing to put adequate anti-money laundering (AML) systems and controls in place between October 2012 and September 2017.” In 2017, the U.S. FIU Financial Crimes enforcement Network (FinCen) imposed a USD 184 million civil money penalty to Western Union Financial Services for violating “the Bank Secrecy Act’s anti-money laundering (AML) requirements by failing to implement and maintain an effective, risk-based AML program and by failing to file timely suspicious activity reports (SARs)”.

What are the differences between KYC and AML processes?

Although Know Your Customers (KYC) and AML rules are closely related, but there are critical differences. While KYC processes aim to verify the identity of financial institutions’ customers, AML is a much wider concept of regulatory processes that must be in place, including monitoring and checking activity and transactions. AML encompasses the abovementioned processes, being only one of the components of the AML framework.

In fact, AML is broader than KYC and implies different measures that have to be taken by financial institutions to combat money laundering and financial crimes. Nonetheless, both of them serve the same goal of securing financial institutions and their customers.

Learn more about AML with our Handbook FinTech Regulations 2020.


Let's talk!