The challenge? While these AML regulations aim to reduce money laundering and the financing of terrorism, they also often increase complexity for organizations that need to achieve and maintain compliance without impeding their operations.
In this AML checklist, we’ll start with a quick refresher of the five AML pillars before diving into four processes that can help improve AML compliance.
The five pillars of AML
Compliant AML programs are built on five pillars. Let’s take a quick look at each component of this process.
1. Designate a compliance officer
First, you’ll need to designate a compliance officer to oversee your institution’s AML compliance and ensure your processes align with regulatory expectations. You’re looking for someone with experience in your specific industry. Ideally, they should have knowledge of your industry and the types of risk your business is exposed to. They should also have experience managing a compliance team.
2. Develop written internal policies
As you design and implement your AML program, the policies guiding it must be thoroughly documented. This gives your employees a central piece of documentation to refer back to when they have AML-related questions, and also helps them understand the how and why behind your institution’s AML practices. This document also provides regulators and auditors with a blueprint of your AML program.
3. Educate employees
If your employees don’t understand how your AML policies work or receive regular training on the compliance requirements specific to their jobs, your documented policies won’t do anything. A comprehensive AML employee training program will increase their understanding of what they need to do such that your company achieves and maintains compliance. Employees should receive training during onboarding and in an ongoing manner — typically once per year, or any time your AML process changes or your business’s risk profile changes.
4. Schedule an independent third-party review
AML regulations require financial institutions to hire third-party auditors to regularly evaluate their AML programs for potential weaknesses. In addition to offering a more unbiased evaluation compared to internal auditors, they also bring valuable experience and insight from previous audits conducted for other institutions.
5. Deploy risk-based procedures for conducting customer due diligence
As of 2018, financial institutions must comply with FinCEN’s customer due diligence (CDD) rule. This rule requires you to implement a risk-based approach to your customer identification program (CIP), transaction monitoring, and suspicious activity reporting.
Looking for a more in-depth analysis of the five pillars? We’ve got you covered.
Processes to improve AML compliance
Now that you have a basic understanding of the five AML pillars, it’s time to familiarize yourself with a few steps you can take to address anti-money laundering expectations as they apply in the real world rather than as part of FINRA or FinCEN regulations.
1. Start with an AML risk assessment
In order to embrace a risk-based approach to AML, you must first complete an AML risk assessment to understand the unique money laundering risks that your business is exposed to. Your risk profile can then be used to inform your AML processes.
Some factors to consider during your assessment include:
Locations of operation
Where your company operates and where your customers are located can impact how much money laundering risk you may face. If you serve customers in areas deemed by the Financial Action Task Force (FATF) to have “strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing,” you may want to introduce more friction in your identity verification processes if users in those countries start to exhibit risk signals during onboarding.
Product associated risk
Not all products and services carry the same level of money laundering risk. As such, it’s important to understand the exploitation risk of each of the products and services you offer. Cryptocurrency, for example, has long been linked to money laundering activities due to the non-reversible nature of crypto transactions and high degree of anonymity.
Shifting risk factors
Risk isn’t a static quality. As geopolitical forces shift over time, countries that were once relative safe havens may become more risky. Criminals may develop new means of exploiting services and products that previously exhibited a low risk of being used for money laundering. Work from home policies may increase the chances of transaction data to be intercepted or modified by malicious actors. Understanding how your risk profile changes over time is an important part of staying compliant.
2. Set up an AML verification process
As noted above, financial institutions are required to perform customer due diligence on all customers seeking to open an account. This means that all customers must have their identities verified in a way that is commensurate with the risk they pose.
This screening process should include some combination of the following, depending on the assessed risk level:
- Obtaining full name and date of birth.
- Checking these details against current financial sanctions and watchlists to ensure individuals are not high-risk.
- Verifying age and ID documentation to ensure individuals are who they say they are.
- Regularly reevaluating these details to remain in compliance with AML regulations.
Likewise, it is important to screen your employees during the hiring process for money laundering risk as well, to ensure that you are not inadvertently hiring someone who will act as an insider or mole for criminals to exploit in the future.
3. Recognize the signs of money laundering
To better assess money laundering risk, you should also have systems in place to recognize and flag suspicious activities that could indicate money laundering activities. Some of these activities include:
- Large-volume transactions from countries known for money laundering.
- Multiple new account creation requests over a short period of time that lack verifiable ID.
- Sudden upticks in transaction rates over a short period of time.
- Strange user behavior such as access from multiple new locations or repeated failed login attempts.
4. Implement AML monitoring
While verification processes represent the starting point for AML compliance, continuous transaction monitoring is also critical to ensure due diligence.
In practice, monitoring customer profiles against current watchlists and sanctions lists helps you identify suspicious behavior as it occurs. If these activities are detected, you can have your team investigate further, report them to the appropriate authorities, and temporarily suspend customer transaction privileges if necessary.
Need help? Try AML software
While it’s possible to build and implement an AML compliance program from scratch, the amount of time and effort required to manually evaluate and report potentially fraudulent activities — especially as transaction volumes expand exponentially — can cause your team to spend more time on compliance processes than line-of-business operations.
AML software tools can help streamline this effort. By automating key tasks such as data collection, identity verification, and watchlist screenings, companies gain the benefit of compliance without the complexity that often accompanies this due diligence.
At Persona, we make AML compliance easy. Automatically screen new users, continually monitor them throughout their lifecycle, act on new insights, maintain an audit trail, and more with our trusted identity infrastructure. Plus, maximize conversions by designing an identity experience that’s native to your platform and dynamically adjusting friction based on users' unique risk levels.