The challenge? While these AML regulations aim to reduce money laundering and the financing of terrorism, they also often increase complexity for organizations, who need to figure out how to remain compliant without impeding their operations.
In this AML checklist, we’ll start with a quick refresher of the five AML pillars, then dive into four processes that can help improve AML compliance.
The five pillars of AML
Compliant AML programs are built on five pillars. Let’s take a quick look at each.
1. Designate a compliance officer
First, you’ll need a compliance officer to oversee AML compliance and ensure your business’s processes align with regulatory expectations. You’re looking for someone with experience in your specific industry — ideally with knowledge of your company — along with the ability to effectively manage a compliance team.
2. Develop written internal policies
There’s no use in having an AML program if it’s not written down. This is the foundation of the second AML pillar: documenting your official AML program and detailing your compliance efforts across your organization.
3. Educate employees
As AML standards evolve, expectations will change. As a result, you need to create ongoing employee training programs to ensure your team has the skills and knowledge they need to stay compliant. Generally speaking, training should be conducted at least once per year.
4. Schedule an independent third-party review
Internal assessment of your AML program isn’t enough to satisfy regulatory standards. The fourth pillar involves having a reliable third-party auditor conduct regular reviews of your program to ensure it’s compliant.
5. Deploy risk-based procedures for conducting customer due diligence
Customer due diligence (CDD) is the newest AML pillar and requires you to verify customer identities and conduct ongoing monitoring to identify and report suspicious transactions.
Looking for a more in-depth analysis of the five pillars? We’ve got you covered.
Four processes to improve AML compliance
While a basic understanding of the five AML pillars is a good starting point for compliance, it’s not enough in isolation. Here are a few actionable AML procedures you can implement to address anti-money laundering expectations as they apply in the real world rather than as part of FINRA or FinCEN regulations.
1. Run a risk assessment
Before you can achieve AML compliance, you need to run a risk assessment to understand where your company is at risk of facilitating money laundering. Some potential risks include:
Locations of operation
Where your company operates can impact how much money laundering risk you may face. If you serve customers in areas known for money laundering, such as Afghanistan, Myanmar, and Hatai, for example, you may want to introduce more in-depth identity verification processes and transaction monitoring to ensure you’re adequately prepared for existing risks.
Product associated risk
Your risk level can also depend on the products or services you sell. For example, it’s especially important to verify user identities before cryptocurrency transactions since they’re typically non-reversible.
Shifting risk factors
Risk isn’t a static quality. As geopolitical forces shift over time, countries that were once relatively safe havens may become more risky. It’s also worth considering the risks introduced by ongoing shifts to remote work, which can make it easier for transaction data to be intercepted or modified by malicious actors.
2. Recognize the signs of money laundering
To better assess money laundering risk, you should also recognize common activities that could indicate money laundering. Some of these activities include:
- Large-volume transactions from countries known for money laundering.
- Multiple new account creation requests over a short period of time that lack verifiable ID.
- Sudden upticks in transaction rates over a short period of time.
- Strange user behavior such as access from multiple new locations or repeated failed login attempts.
3. Set up an AML verification process
Effective AML compliance starts with screening both customers and employees who enter your company. This screening process should include some combination of the following, depending on the assessed risk level:
- Obtaining full name and date of birth.
- Checking these details against current financial sanctions and watchlists to ensure individuals are not high-risk.
- Verifying age and ID documentation to ensure individuals are who they say they are.
- Regularly reevaluating these details to remain in compliance with AML regulations.
4. Implement AML monitoring
While verification processes represent the starting point for AML compliance, continuous monitoring is also critical to ensure due diligence.
In practice, monitoring customer profiles against current watchlists and sanctions lists helps you identify suspicious behavior as it occurs. If these activities are detected, you can have your team investigate further, report them to the appropriate authorities, and temporarily suspend customer transaction privileges if necessary.
Need help? Try AML software
While it’s possible to build and implement an AML compliance program from scratch, the amount of time and effort required to manually evaluate and report potentially fraudulent activities — especially as transaction volumes expand exponentially — can cause your team to spend more time on compliance processes than line-of-business operations.
AML software tools can help streamline this effort. By automating key tasks such as data collection, identity verification, and watchlist screenings, companies gain the benefit of compliance without the complexity that often accompanies this due diligence.
At Persona, we make AML compliance easy. Automatically screen new users, continually monitor them throughout their lifecycle, act on new insights, maintain an audit trail, and more with our trusted identity infrastructure. Plus, maximize conversions by designing an identity experience that’s native to your platform — using Persona, crypto management firm BlockFi was able to double their conversion rate while remaining compliant with strict KYC and AML regulations.