AML tools: What to look for in AML software

If you work in an industry that is required to comply with anti-money laundering (AML) laws and regulations, you already know how important it is to have the right tools. After all, it’s those tools and software that will help you meet compliance requirements at scale.

But with so many different AML tools on the market, it can be difficult to know which options are best and which may fall short of fulfilling your needs.

To help, we’ve compiled a list of the different features you may want to look for as you build your AML toolkit. But first, let’s go over what AML regulations require and who’s subject to them.

Anti-money laundering (AML) requirements

Anti-money laundering (AML) refers to laws, regulations, and business practices that are designed to reduce the occurrence of money laundering, fraud, and other financial crimes.

The Bank Secrecy Act is amongst the most well-known of AML laws, as it laid the groundwork for a number of other AML laws that would follow, including:

• The Money Laundering Control Act of 1986
• The Annunzio-Wylie Anti-Money Laundering Act of 1992
• The USA PATRIOT Act of 2001
• The Anti-Money Laundering Act of 2020

These laws (and others in jurisdictions around the world) require financial institutions to verify their customers’ identities — requirements collectively known as Know Your Customer (KYC). They also require these businesses to monitor the transactions and activity of their customers, and to report any suspicious activity within specified time frames. Finally, they established five pillars of AML compliance that financial institutions must follow when developing their internal AML policies.

Naturally, the best AML tools and software will be the ones that help you meet these legal requirements while also empowering you to grow your business in the most cost-effective and efficient way possible.

Who is subject to AML requirements?

The Bank Secrecy Act and subsequent legislation generally apply to“financial institutions.” This includes businesses such as:

• Banks
• Credit unions
• Credit card companies
• Lenders
• Brokers
• Insurers
• Currency exchanges
• Cryptocurrency exchanges
• Fintech companies
• Dealers of precious metals
• Car/automobile dealers
• Travel agencies
• Pawnbrokers
• Realtors
• Casinos
• And more

It’s also worth noting that the world of AML is constantly evolving, and it is not uncommon for new industries to find themselves subject to AML regulations. For example, while decentralized exchanges (DEXs) are not currently subject to AML regulations, it is very possible that they may be in the future.

Features of best-in-class AML tools and software

Below are a number of features you should look for in any AML tool or software you’re considering for your business. Keep in mind that AML regulations recommend not relying on a single vendor, as this would allow for a single point of failure in your AML processes. Instead, they suggest piecing together your AML toolkit from a number of trusted vendors.

Validation signals

Standard identity verification options

One of the key tenets of AML is knowing the identity of the individuals (and businesses) you do business with. This makes identity verification an integral part of any AML tool.

Identity verification is simply the process of confirming that your customer is actually who they say they are.

Verification processes can look different from business to business depending on your own unique needs. However, it often includes collecting and verifying information such as:

• PII, such as an individual’s name, birthday, address, and Social Security number
• Identifying documents, such as a driver’s license, passport, bank statement, or pay stub
• Biometric details, such as video selfies
• Electronic signals, such as IP addresses, browser fingerprints, or geolocation data

Because verification processes can look very different depending on your particular use case and the particular country, it’s crucial that this particular instrument in your AML toolkit allows you to cater verifications to your needs. Ideally, this means you have the freedom to customize everything from what criteria you use to determine whether someone passes verification to how many times they can attempt to verify their identity.

Screenings, reports, and other risk signals

In addition to verifying the identity of your customers, it’s important to have a comprehensive understanding of who they are on a deeper level. That’s because certain individuals may be more likely to commit financial crimes such as money laundering, bribery, etc. due to the positions that they hold or other factors.

With this in mind, many businesses find that they need to complete additional checks and screenings in addition to basic identity verification. This may include cross-checking your customers against authoritative data sources, such as:

• Sanctions and watchlists
• Politically exposed persons (PEP) lists
• Adverse media reports
• Email and phone risk databases
• Social media reports
• Address lookups
• IP address lookups
• Internal watchlists

These screenings are typically conducted in tandem with basic identity verification and on an ongoing basis after onboarding (sometimes called perpetual KYC). In order to conduct such screenings at scale, it’s important that your AML software can either pull reports from or integrate with these 3rd party data sources.

Transaction monitoring

AML regulations also require financial institutions to monitor and record customers' transactions on an ongoing basis. By pairing this transaction data with analysis and automated rules, it becomes possible to detect instances of potential money laundering in real time.

Transaction monitoring can also help you spot instances of identity theft or fraudulent spending — for example, when a bad actor attempts to make a purchase in a foreign country or jurisdiction where the customer has not indicated they will be traveling.

Behavior analytics

Behavior analytics refers to the application of statistical modeling and other analytical techniques to customer activity. While behavior analytics can be used in a number of ways, in the financial industry it is most widely used to detect individual behaviors (or patterns of behavior) that may indicate fraud or money laundering.

For example, during the identity verification process, behavior analytics may look for signs such as:

• How long it took the individual to complete the form, and whether this is outside the norm
• Whether the individual hesitated at any point while supplying data
• Whether or not the individual copied and pasted data (such as SSN) vs. inputting it manually
• Whether the location the individual indicated matches with their IP address

Behavior analytics can also be used for analyzing transaction activity, amongst other use cases.

Process tools

Case management

When a customer is clearly either a) who they say they are, or b) fraudulent, the verification process can handle everything without a direct human touch. But there can be gray areas that may require human insight in order to sift through the data and make an informed, nuanced, manual decision. This process is typically known as case management.

Case management systems, when a part of an AML toolkit, automatically collect the information that an analyst needs to perform a manual review and display it in one place. This saves a significant amount of time and allows for more rapid case resolution. If your AML toolkit doesn’t support case management, it’s up to your analysts to manually compile the data required to build and evaluate the case, make a decision, and resolve it with the appropriate parties.

Reporting

The Bank Secrecy Act requires financial institutions to submit appropriate reports when customer activity may indicate money laundering, fraud, tax evasion, and other financial crimes.

The most well-known of these reports is the Currency Transaction Report (CTR) which must be filed when a customer makes cash transactions greater than $10,000 in a single business day. Also important are Suspicious Activity Reports (SARs), which must be filed any time a customer’s transactions may be considered suspicious — for example, if there are patterns in their transaction data that suggest they may be attempting to avoid CTR reporting requirements.

In addition to CTRs and SARs, other reports such as Form 8300 and Foreign Bank and Financial Account Reports (FBARs) may also be required in the United States. Institutions operating in different jurisdictions will have their own reporting requirements as well.

Your AML toolkit should include software that helps compile and output any data that you need to file such reports.

Infrastructure

Audit trail and compliance

Section 352 of the USA PATRIOT Act requires financial institutions to develop internal anti-money laundering practices and policies. The law specifically outlines the need for institutions to designate a compliance officer, develop internal policies, create an AML training program for employees, implement a risk-based approach to identity verification, and regularly test and audit their compliance programs with independent, third-party auditors.

With this in mind, one of the tools in your toolkit should compile key data that can be accessed during an audit. This may include a record of any manual actions taken, a list of which employees accessed data (and when), and other data as necessary. Likewise, the software should include redaction capabilities and the ability to generate a report based on this activity and data.

Security and privacy

AML policies and practices require the collection and storage of sensitive information known as personal identifiable information (PII). This information may include customer names, birthdays, Social Security numbers, and more as needed. In order to stay compliant with privacy laws and frameworks, this data must be securely stored and managed — and it shouldn’t be on you to keep it safe. Ideally, the AML tool that helps you collect and verify this information can also house it and secure it in a way compliant with privacy laws.

In evaluating AML tools, seek one that has obtained security certifications and complies with  whichever privacy frameworks your business is subject to in your particular jurisdiction. This may include:

• California Consumer Privacy Act (CCPA) / CPRA
• General Data Protection Regulation (GDPR)
• AICPA/SOC 2

Likewise, you should consider AML software that includes or supports features such as:

• Disaster backup and recovery
• Secure development
• Continuous vulnerability scanning
• Data encryption
• Third-party audits of the system
• Multi-factor authentication
• Individual- and team-level restriction

Operational benefits

Conversion optimization

Meeting AML requirements is an essential part of operating a business within the financial industry. Unfortunately, meeting these requirements often requires you to introduce friction, which may increase the likelihood that a potential customer abandons the sign-up process. This is especially true for some of the oldest legacy AML tools, which were designed without much consideration for user experience.

Fortunately, compliance doesn’t need to come at the expense of a pleasant user experience. High-quality AML software should be designed with UX and conversion optimization in mind as well as compliance.

What, exactly, this looks like will depend on your needs and the expectations of your customers. That being said, an AML tool that offers the following capabilities can go far in reducing friction and increasing conversions:

• White labeling: The ability to customize the look and feel of the onboarding process so it matches your brand identity.
• Device transfer: The ability to leave a session on one device (e.g., a desktop) and pick it back up from another device (e.g., a mobile device). This can be particularly helpful during identity verification, when a user may be asked to take a picture of a document or take a selfie.
• Dynamic flow: In some cases, you may find that identity verification requires only a few pieces of data; in others, you may find that more data is necessary. By dynamically adjusting the user’s experience based on signals your tool receives during the verification process, you can ensure users only have to submit the minimum needed for their specific situation, allowing for a better — but still thorough — vetting process.

Automation

Complying with AML rules and regulations involves many different steps and requirements — from identity verification and screenings to transaction monitoring, behavior analytics, case management, and more. Orchestrating how you will comply with all of these requirements can require a lot of manual activities, such as:

• Integrating with other systems
• Sourcing vendors
• Moving and collating data
• Reviewing cases

This adds to your team’s workload and increases customer friction and wait times, which may translate into lower conversion rates, both of which impact your bottom line.

An AML tool with automation capabilities reduces these headaches and saves valuable operational time, helps you understand where the process pain points and friction exist, and helps you iterate on processes for maximum efficiency — ultimately allowing you to meet AML requirements at scale. Moreover, having a configurable system makes it very easy to stay on top of shifting requirements and regulations — instead of needing to reimplement your software, you can simply add/remove/change your automations.

Which processes you choose to automate will be dictated by your business needs and also the capabilities of your software. That being said, when evaluating AML tools, look for those which allow you to automate verification processes, risk flow, and specific tasks (such as the generation of regular reports).

‍

Choosing the right AML tool

Here at Persona, we fully understand the critical role that AML tools and software play for any business subject to anti-money laundering regulations. That’s why we’ve designed our solutions to meet many of the criteria discussed above — and why we continuously iterate and add new features and functionalities.

Use our Verifications solution and Dynamic Flow to create a user-friendly identity verification process that collects any information you need — whether that’s documents, IDs, or other non-documentary data points — with minimum disruption to your conversion rates. Leverage our Reports solution to continuously cross-check your customers against internal and external databases such as watchlists, sanctions lists, and more. When manual review or actions are necessary, our Cases solution automatically compiles the necessary data and empowers you to act swiftly.

Best of all, you can automate as much or as little of your AML processes as you’d like with our drag-and-drop, no-code Workflows solution.

Whichever AML capabilities your business requires, Persona is here to help. Leverage our entire platform in conjunction with your data platform, or pick and choose specific tools and modules to fill gaps in your capabilities in order to design the AML program that best serves your users.

Start for free or get a demo today.

‍

Disclaimer: Persona is only one aspect of an AML program. It is your responsibility to make a final determination regarding AML risk and specific country requirements. We recommend you consult with an attorney regarding your AML obligations in your particular jurisdiction.