By some estimates, the amount of money laundered annually around the world equals $800 billion, or nearly five percent of the total global GDP. That makes combating money laundering — preventing these illegitimate funds from entering the global financial system — one of the most serious challenges governments and economies face.
Because banks, lenders, fintech companies, and other financial institutions are uniquely positioned as interfaces into this system, it’s only natural that governments would look to them to mitigate money laundering activities.
But how does anti-money laundering work in the financial industry, what does the AML process look like, and how can financial institutions design and implement an AML program compliant with relevant regulations? Below, we answer these and other common questions about the role of AML in the financial industry.
How does money laundering happen in the finance space?
When criminals make money from an illegal activity (such as theft, drug trafficking, or weapons dealing) the money is said to be “dirty.” Spending dirty money is risky, as it can offer investigators a path to “follow the money” back to the crime from which it originated — and the criminal that perpetrated the crime. In a worst-case scenario for the criminal, it can lead to their indictment and eventual imprisonment.
With this in mind, criminals have a lot of incentive to “launder” this money: i.e., make it appear as though it came from a legitimate source. Laundering money helps criminals throw investigators off of their tracks and potentially evade taxes. It also makes it easier for the criminal to spend their ill-gotten gains without worrying that their spending will attract the eyes of auditors.
But how, exactly, do criminals use — or try to use — the financial system to launder money?
While there are a lot of different strategies criminals might leverage to try and launder money, the most common strategy they use is depositing funds into a bank account and then spending it at a later date.
The Bank Secrecy Act requires financial institutions to file a currency transaction report (CTR) any time someone makes a cash deposit greater than $10,000 — something criminals naturally don’t want to happen. To avoid triggering these reporting requirements, criminals usually make multiple smaller deposits specifically designed not to trigger the requirements. They may also spread the money around multiple accounts at different institutions to obfuscate their efforts even further. This process is known as structuring or smurfing.
Through structuring, criminals make their dirty money appear legitimate. The money can then be withdrawn or spent at a later date with less risk of raising suspicion.
How does the AML process work in banking?
The AML process can vary slightly from financial institution to financial institution. That said, it typically consists of multiple strategies, including:
Know Your Customer & customer due diligence
In order for a criminal to launder money through the financial system, they must first open an account with a financial institution such as a bank. This is why it’s important for all financial institutions to have processes in place for identifying suspicious or high-risk individuals who are attempting to open an account — a process called Know Your Customer (KYC).
Customer due diligence (CDD) is a major component of KYC and is essentially a process for assessing customer risk. Importantly, it entails verifying the identities of all new customers before they are allowed to open an account, among other tactics. Specifically, financial institutions must collect and verify the following pieces of information from each customer:
- Birth date
- Identification number (e.g. SSN or TIN)
When it happens: During customer onboarding/account creation
Customer screening, also called AML screening, refers to the process of cross-checking customer identities against certain authoritative databases and lists to see whether a customer carries a greater risk of money laundering.
Once the identifying information (name, aliases, date of birth, identification numbers) is collected, that information is run against the relevant databases and lists. If the screening returns a positive result, the financial institution must then determine whether or not it is a false positive. If it is not a false positive, the institution must decide whether they can and should do business with the individual.
There are many different types of lists that can inform this process, including:
- Sanctions lists
- Criminal watchlists
- Politically exposed persons (PEP) databases
- Adverse media reports
- Social media reports
- Address lookup
- Email and phone risk reports
When it happens: During customer onboarding, then in an ongoing manner
Transaction monitoring & suspicious activity reporting
Unfortunately, just because a customer passes the identity verification and AML screening processes outlined above doesn’t mean the risk of money laundering is gone. Criminals sometimes slip through the cracks, and individuals previously deemed low risk may find themselves compromised in the future — for example, through political exposure.
Transaction monitoring provides financial institutions with a second layer of defense against these challenges.
By law, financial institutions are required to monitor the transactions their customers make. When a transaction meets certain criteria — for example, it surpasses a certain amount — the institution must record the transaction and file a report with the relevant regulatory body.
Some of the most important transaction reports related to money laundering FIs may need to file include:
- Currency Transaction Reports (CTR): A CTR must be filed any time a customer makes one or multiple cash transactions in a single day that total $10,000 or more.
- Form 8300: Form 8300 must be filed any time certain businesses receive cash payments of $10,000 or more from a single customer. As with CTRs, this can be from one transaction or multiple transactions within a single day. Car dealerships, art galleries, pawn shops, and insurance firms must comply with this requirement, in addition to other businesses.
- Suspicious Activity Report (SAR): A SAR must be filed any time a financial institution suspects or identifies suspicious activity from an account. What defines suspicious activity is left to the judgment of the institution. It can include a pattern of transactions that resemble smurfing activities, as well as other behavior that is out of the ordinary for a given account.
- Unusual Activity Report (UAR): Some partner banks may require fintechs to submit a UAR before filing an official SAR when the FI detects activity that is unusual or out of the ordinary for a given account. Unexpected large payments, increased transaction frequency, and other activities can all be considered unusual.
When it happens: Ongoing
How can a financial institution prepare an AML compliance program?
Under the Bank Secrecy Act, building a fully compliant AML program involves five key pillars:
- Designating a compliance officer
- Developing internal AML policies
- Training employees on these policies
- Facilitating independent testing and auditing
- Deploying in-depth risk assessment
In addition to implementing these pillars, it’s crucial that you stay on top of AML regulations in whatever jurisdictions your business operates within. Laws can vary significantly from country to country and are constantly being adjusted. Failure to stay up-to-date in this arena can result in significant risk.
Here at Persona, we understand the importance of a strong AML program. That’s why we’ve designed our platform specifically with AML in mind. Leverage our Verifications solution during customer onboarding to meet KYC and CDD requirements. Leverage our Reports solution for customer screening against sanctions lists, watchlists, adverse media, and more. And leverage Cases to streamline investigations when you identify potentially suspicious activity.