Under the Bank Secrecy Act (BSA), financial institutions are required to establish anti-money laundering (AML) programs that help reduce money laundering and the financing of terrorism. These programs are defined under FINRA Rule 3310, which describes the minimum standards necessary to ensure effective AML operations. The recent Anti-Money Laundering Act of 2020 (AMLA) also introduces increased penalties — up to $1 million in fines — and potential prison terms if customers or financial institutions knowingly violate AML compliance rules.
While AML rules were initially limited to banks and similar businesses, they now apply to any institution that conducts financial transactions, including everything from in-person and online casinos to investment firms and even cryptocurrency exchanges.
In this piece, we’ll explain the basics of AML compliance programs, explore the five pillars of AML, and dig into why they matter.
What is an AML compliance program?
An AML compliance program aligns corporate operations with regulatory expectations to effectively vet customers and prevent money laundering.
What are the five pillars of AML compliance?
The newest version of the Bank Secrecy Act identifies five key compliance pillars: The designation of a compliance officer, development of internal policies, creation of a training program for employees, integration of independent testing and auditing, and development of risk-based processes for ongoing customer due diligence (CDD).
Here are the 5 pillars of AML compliance:
1. Designate a compliance officer
The first step to creating an effective AML compliance program is designating a compliance officer. This individual is your point person for all things AML and BSA — it’s their job to evaluate current processes, determine where you can improve, draft new policies, and ensure the new strategy complies with all current AML regulations and is implemented across your organization.
The ideal compliance officer should be someone who is familiar with your industry and organization, has experience setting and overseeing regulatory procedures, and can proactively solve problems as they emerge. It’s also critical to hire someone who has the ability to connect with employees and effectively communicate the importance of compliance. This helps reduce the risk of staff simply seeing compliance as an operational roadblock to avoid whenever possible.
2. Develop internal policies
Next, you need to develop internal policies that effectively monitor for suspicious activity and ensure applicable data is accurately reported to agencies such as FinCEN.
In practice, this means integrating solutions such as customer identity verification that can help establish the authenticity of customer data before transactions are processed, transactional monitoring, and periodic evaluation of AML processes to ensure they meet compliance standards. Automated cloud-based systems can help reduce the time between data submission and returned results to both quickly vet legitimate customers and weed out potentially malicious actors before they cause harm.
3. Create a training program for employees
After you have an AML policy in place, your compliance officer and their team need to create training programs for employees that help ensure ongoing adherence to BSA standards. This training should be based on both current trends in the finance market and tied to common concerns such as unexpectedly large transactions, suspicious personal details, or odd account behavior. Research firms such as Deloitte are a good place to find key trend data — for example, many financial firms are now adopting environmental, social, and governance (ESG) policies to better align with customer expectations.
You may also want to give refresher trainings every few months to ensure AML compliance remains top-of-mind.
4. Ensure independent testing and auditing
While internal training and evaluation of AML programs is critical, alignment with BSA obligations also requires regular testing and auditing of your compliance program by accredited third-parties. Not only do these third-party tests offer a way to discover potential weak points in your compliance program, but they also provide independent confirmation of compliance, which helps prove due diligence.
5. Deploy in-depth risk assessment
As of May 2018, FINCEN’s customer due diligence rule came into effect and is now considered one of the five pillars of AML compliance. The CDD rule requires companies to identify and verify the identity of customers and conduct ongoing monitoring to identify and report suspicious transactions.
Specifically, the CDD rule mandates a risk-based approach: Organizations must evaluate both customers and transaction requests in relation to the risk they pose — higher risk requires greater oversight to limit the potential of fraudulent transactions. For example, if a customer creating an account has an IP address located in a country known for high rates of money laundering, it may be worth having them complete additional checks or reviewing other signals before approving their account.
Why do these five pillars of AML compliance matter?
There are three broad benefits to creating a five-pillar compliance program:
Improved regulatory compliance
Failure to comply with AML obligations opens up your business to regulatory risk. As noted by ICLG, a willful failure to file suspicious activity reports (SARs) comes with fines ranging from $25,000 to $100,000 for each transaction involved. And this isn’t simply hypothetical: according to research firm Fenegro, more than $99 million in fines were levied for AML non-compliance in 2020 alone.
Creating a robust AML compliance program helps reduce the risk of potential regulatory missteps and potential penalties.
Increased customer satisfaction
Customers want to know that their funds and transactions are safe with your business. If you lack a robust compliance framework, clients may worry that fraudulent transactions at your business could leave them with limited access to their funds or investments, especially if a large-scale breach occurs and government auditors get involved.
A comprehensive compliance program gives consumers assurance that you’re prepared to manage and mitigate money laundering threats.
Enhanced operational agility
AML regulations aren’t static — the most recent compliance pillar was added in 2018. An agile compliance program can make it easier to stay on top of evolving standards and incorporate new rules or regulations into existing frameworks.
How does a business stay AML compliant?
Once you have designed and implemented a compliant AML program at your organization, your priority shifts toward staying compliant. At a minimum, this means following through with the program you have implemented — monitoring transactions, submitting reports, conducting regular audits, training new employees on your policies, etc.
But you also need to ensure you are regularly updating your AML/BSA program as new laws are passed and regulations are updated. Failure to do so means that you risk falling out of compliance, which could have major repercussions for your business.
In some instances, businesses even can benefit by “reading the tea leaves” and preparing for potential regulations before they become required — adopting new technologies or implementing stricter AML policies when it becomes apparent that such a shift is inevitable. Doing so can leave your business in a position of strength, allowing you to lead your competition instead of playing catch up.
What factors determine the success of an AML program?
The success of an AML/BSA program depends on the ability of a company to create effective risk analysis frameworks and implement them at scale.
This starts with the creation of clear guidelines for policy and procedures, followed by implementation across the business. Finally, businesses must also regularly assess the overall risk of money laundering to current operations, address any suspicious activities within the organization, and ensure they understand the impact of both local and global laws on AML policies.
Staying compliant with Persona
If you’re looking to streamline the five pillars of AML and stay compliant, Persona can help. With Persona, you can pair integrated, customized, and comprehensive identity verification with no-code workflows, helping you run individuals against current watchlists and sanctions reports and make decisions instantly — without negatively impacting the customer experience.