The AML compliance checklist: best practices, tools, and processes

In this AML checklist, we’ll briefly go over the five AML pillars, then dive into four processes that can help improve AML compliance.

Image showing an AML to do list
Read time:
Share this post
Table of contents
⚡ Key takeaways
  • A comprehensive anti-money laundering (AML) program should be centered around complying with the five AML pillars.
  • Conducting an AML risk assessment will empower you to implement a risk-based approach to AML as recommended by FinCEN.
  • Customer due diligence, AML screenings, and transaction monitoring are essential components of a modern AML program.

Compliance with anti-money laundering (AML) regulations developed under FINRA and FinCEN frameworks is mandatory for any institution that handles financial transactions.

The challenge? While these AML regulations aim to reduce money laundering and the financing of terrorism, they also often increase complexity for organizations that need to achieve and maintain compliance without impeding their operations.

In this AML checklist, we’ll start with a quick refresher of the five AML pillars before diving into four processes that can help improve AML compliance.

The five pillars of AML

Compliant AML programs are built on five pillars. Let’s take a quick look at each component of this process.

1. Designate a compliance officer

First, you’ll need to designate a compliance officer to oversee your institution’s AML compliance and ensure your processes align with regulatory expectations. You’re looking for someone with experience in your specific industry. Ideally, they should have knowledge of your industry and the types of risk your business is exposed to. They should also have experience managing a compliance team.

2. Develop written internal policies

As you design and implement your AML program, the policies guiding it must be thoroughly documented. This gives your employees a central piece of documentation to refer back to when they have AML-related questions, and also helps them understand the how and why behind your institution’s AML practices. This document also provides regulators and auditors with a blueprint of your AML program. 

3. Educate employees

If your employees don’t understand how your AML policies work or receive regular training on the compliance requirements specific to their jobs, your documented policies won’t do anything. A comprehensive AML employee training program will increase their understanding of what they need to do such that your company achieves and maintains compliance. Employees should receive training during onboarding and in an ongoing manner — typically once per year, or any time your AML process changes or your business’s risk profile changes.

4. Schedule an independent third-party review

AML regulations require financial institutions to hire third-party auditors to regularly evaluate their AML programs for potential weaknesses. In addition to offering a more unbiased evaluation compared to internal auditors, they also bring valuable experience and insight from previous audits conducted for other institutions. 

5. Deploy risk-based procedures for conducting customer due diligence

As of 2018, financial institutions must comply with FinCEN’s customer due diligence (CDD) rule. This rule requires you to implement a risk-based approach to your customer identification program (CIP), transaction monitoring, and suspicious activity reporting. 

Looking for a more in-depth analysis of the five pillars? We’ve got you covered.

Processes to improve AML compliance

Now that you have a basic understanding of the five AML pillars, it’s time to familiarize yourself with a few steps you can take to address anti-money laundering expectations as they apply in the real world rather than as part of FINRA or FinCEN regulations.

1. Start with an AML risk assessment

In order to embrace a risk-based approach to AML, you must first complete an AML risk assessment to understand the unique money laundering risks that your business is exposed to. Your risk profile can then be used to inform your AML processes.

Some factors to consider during your assessment include:

Locations of operation

Where your company operates and where your customers are located can impact how much money laundering risk you may face. If you serve customers in areas deemed by the Financial Action Task Force (FATF) to have “strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing,” you may want to introduce more friction in your identity verification processes if users in those countries start to exhibit risk signals during onboarding.

Product associated risk

Not all products and services carry the same level of money laundering risk. As such, it’s important to understand the exploitation risk of each of the products and services you offer. Cryptocurrency, for example, has long been linked to money laundering activities due to the non-reversible nature of crypto transactions and high degree of anonymity. 

Shifting risk factors

Risk isn’t a static quality. As geopolitical forces shift over time, countries that were once relative safe havens may become more risky. Criminals may develop new means of exploiting services and products that previously exhibited a low risk of being used for money laundering. Work from home policies may increase the chances of transaction data to be intercepted or modified by malicious actors. Understanding how your risk profile changes over time is an important part of staying compliant.

2. Set up an AML verification process

As noted above, financial institutions are required to perform customer due diligence on all customers seeking to open an account. This means that all customers must have their identities verified in a way that is commensurate with the risk they pose. 

This screening process should include some combination of the following, depending on the assessed risk level:

  • Obtaining full name and date of birth.
  • Checking these details against current financial sanctions and watchlists to ensure individuals are not high-risk.
  • Verifying age and ID documentation to ensure individuals are who they say they are.
  • Regularly reevaluating these details to remain in compliance with AML regulations.

Likewise, it is important to screen your employees during the hiring process for money laundering risk as well, to ensure that you are not inadvertently hiring someone who will act as an insider or mole for criminals to exploit in the future. 

3. Recognize the signs of money laundering

To better assess money laundering risk, you should also have systems in place to recognize and flag suspicious activities that could indicate money laundering activities. Some of these activities include:

  • Large-volume transactions from countries known for money laundering.
  • Multiple new account creation requests over a short period of time that lack verifiable ID.
  • Sudden upticks in transaction rates over a short period of time.
  • Strange user behavior such as access from multiple new locations or repeated failed login attempts.

 4. Implement AML monitoring

While verification processes represent the starting point for AML compliance, continuous transaction monitoring is also critical to ensure due diligence.

In practice, monitoring customer profiles against current watchlists and sanctions lists helps you identify suspicious behavior as it occurs. If these activities are detected, you can have your team investigate further, report them to the appropriate authorities, and temporarily suspend customer transaction privileges if necessary.

Free white paper
Compliance doesn’t have to tank conversions.

Need help? Try AML software

While it’s possible to build and implement an AML compliance program from scratch, the amount of time and effort required to manually evaluate and report potentially fraudulent activities — especially as transaction volumes expand exponentially — can cause your team to spend more time on compliance processes than line-of-business operations.

AML software tools can help streamline this effort. By automating key tasks such as data collection, identity verification, and watchlist screenings, companies gain the benefit of compliance without the complexity that often accompanies this due diligence.

At Persona, we make AML compliance easy. Automatically screen new users, continually monitor them throughout their lifecycle, act on new insights, maintain an audit trail, and more with our trusted identity infrastructure. Plus, maximize conversions by designing an identity experience that’s native to your platform and dynamically adjusting friction based on users' unique risk levels.

Ready to meet constantly evolving compliance standards and regulation changes? Get started for free or contact us to learn more.

Frequently asked questions

What is the AML process in banking?

The AML process consists of a number of discrete steps aimed at preventing criminals from using a bank to launder money. These include:

  • Identity verification: Involves the collection and verification of key pieces of information (name, address, date of birth, and SSN) to ensure a customer is who they say they are.
  • Customer due diligence: Involves the analysis of customer risk, including the identification and verification of beneficial owners (for business customers).
  • AML screening: Involves cross-checking a customer against watchlists, sanctions lists, PEP databases, etc. to gain a more thorough understanding of customer risk.
  • Transaction monitoring: Involves monitoring customer transactions for suspicious activity which may be indicative of money laundering.

What are the stages of the AML cycle?

While banks often get a lot of attention when it comes to anti-money laundering, many different types of businesses are subject to AML requirements. With this in mind, the below stages of the AML cycle are generally applicable to the myriad companies that must comply with AML regulations:

  • Verifying a customer’s identity during onboarding
  • Assessing the customer’s risk level via AML screenings
  • Moving through the appropriate due diligence flow (standard, simplified, or enhanced), once risk level is assessed
  • Approving or rejecting the account
  • Continuously monitoring approved customers’ activities and transactions

How does customer due diligence fit into the AML puzzle?

Customer due diligence is an important part of the AML process. Broadly, it involves assessing customer risk and carries requirements that a financial organization:

  • Verify the identity of customers
  • Identify and verify the identity of a company’s beneficial owners 
  • Develop customer risk profiles based on the nature and purpose of customer relationships
  • Conduct ongoing transaction/activity monitoring

There are three levels of customer due diligence:

How can you understand the full extent of a money laundering incident on your platform?

When you uncover money laundering on your platform, it’s important to understand that it may not be an isolated case. Bad actors often work together to launder money, passing funds between multiple accounts in order to muddy the waters about that money’s origins. And even if a money launderer is working alone, they may be using several fraudulent accounts to launder their funds. 

If you have identified a fraudulent account on your platform, you can and should analyze the connections that that account shares with others on your platform to determine whether or not any of those other accounts may also be fraudulent. This can be done using a data science technique known as link analysis.

Continue reading

Continue reading

Automate school account recovery requests with risk-based identity verification tools
Automate school account recovery requests with risk-based identity verification tools

Automate school account recovery requests with risk-based identity verification tools

Learn how online identity verification can help you automate and simplify your school’s account recovery process.

Guide to KYB in banking
Guide to KYB in banking

Guide to KYB in banking

A strong Know Your Business (KYB) program is the best way for banks and financial institutions to protect against fraud and other financial crimes.

How to detect ghost students and prevent student aid fraud
How to detect ghost students and prevent student aid fraud

How to detect ghost students and prevent student aid fraud

Online identity verification can help schools stop ghost students who steal student aid funds and disrupt classes.

How to implement the five pillars of AML compliance

How to implement the five pillars of AML compliance

Learn what a compliant AML program looks like and how to establish one at your company.

What is anti-money laundering (AML), and why is it important?

What is anti-money laundering (AML), and why is it important?

Learn about the stages and harms of money laundering, key AML regulations, and how to meet constantly evolving compliance standards.

Global AML compliance: Is your business doing enough?

Global AML compliance: Is your business doing enough?

Discover some of the regulations and protocols you’ll need to know and remember when conducting business internationally

Ready to get started?

Get in touch or start exploring Persona today.