Join the 7/21 live chat & demo: How to turn KYB & KYC into your competitive advantage


What is anti-money laundering (AML), and why is it important?

Learn about the stages and harms of money laundering, key AML regulations, and how to meet constantly evolving compliance standards.

Read time:
Share this post
Table of contents
⚡ Key takeaways
  • Anti-money laundering (AML) refers to the procedures, laws, processes and regulations financial institutions follow to prevent criminals from using their business to launder money
  • AML requirements include Know Your Customer (KYC), customer due diligence (CDD), suspicious activity reporting, and transaction monitoring
  • AML laws vary from country to country, but in the US, the most important of these laws include the Bank Secrecy Act, USA Patriot Act, and Anti-Money Laundering Act of 2020.

Since criminal enterprises began to scale during Prohibition, the challenge has always been hiding the source of money — particularly cash — from authorities so it could be spent freely.

The most common solution: "laundering" the money. The idea is to make "dirty" money collected from crimes such as smuggling, arms trafficking, drug trafficking, insider trading, bribery, and computer fraud look clean by passing it through some kind of legitimate enterprise, preferably one that does a lot of cash business. During Prohibition, for example, Al Capone used to launder some of his $100 million a year in dirty money through, ironically, launderettes.

Ever since, governments and law enforcement agencies have taken steps to make it harder for criminals to launder their illegal funds. Importantly, this included passing anti-money laundering laws and regulations that would eventually come to impact wide swaths of the economy. 

Below, we take a closer look at how money laundering works. We then explain what anti-money laundering (AML) is, explore the history of AML regulations, and outline the AML requirements companies must implement in order to comply with AML law and effectively combat money laundering. 

What does the money laundering process look like?

The details of laundering schemes can vary, but they all typically share three common stages. Here’s how money laundering works.

Stages of money laundering

  • Placement: The first step a launderer takes is funneling their dirty money into the financial system, typically through a bank account or business. For example, funds can be blended with clean money, such as income generated by a business, or be used to pay debt, buy real estate, or buy stock from shady brokers.
  • Layering: Once the dirty money is placed, the next step is to hide its source through a series of obscure and complicated bookkeeping maneuvers. The process often involves international transfers, especially to countries with laws that strongly protect account-holder privacy. According to the Basel Institue on Governance in Switzerland, in 2022, the top five countries with financial systems extremely vulnerable to money laundering were The Democratic Republic of the Congo, Haiti, Myanmar, Mozambique, and Madagascar. Typically, the dirty money is divvied up multiple times until it becomes almost impossible to track back to its source.
  • Integration: Once the dirty money has been laundered, it can be integrated into a clean bank account where it can be used for any purpose.

Dangers of money laundering and financial crime

Money laundering harms both society and the world economy.

Society is harmed because laundering enables profitable activities such as drug trafficking, tax evasion, smuggling, human trafficking, and terrorism, and gives criminals the wherewithal they need to expand their illegal activities.

Meanwhile, the world economy is hurt by the enormous volume of laundered money entering it. According to the United Nations Office on Drugs and Crime, 2% to 5% of the world's Gross Domestic Product — or  $800 billion to $2 trillion — enters the global banking system through money laundering. This means the world GDP could be higher if that laundered money entered the world's economy through legitimate means, where it could be used to stimulate business activity or fund government services, instead of being used to corrupt business people and government officials.

A classic example of how laundered money can threaten the financial system is the case of HSBC, a financial institution hit with a $1.9 billion fine in 2012 for its money laundering activities — but wasn't indicted because law enforcement authorities felt that doing so could endanger the global financial system.

Money laundering can also hurt citizens and financial markets. Laundering is often tied to tax evasion, and those taxes could be used to reduce government debt and taxes paid by taxpayers, as well as fund programs that benefit a nation's citizens. In addition, laundering gives criminal organizations the resources they need to thrive by corrupting police and politicians, thereby undermining faith in government. For example, in 2017 the Guardian reported that Azerbaijan’s ruling elite used laundered money as part of a $3 billion scheme to pay politicians and journalists to deflect criticism of Azerbaijan’s president and promote a positive image of the country.

Laundering can also undermine investor confidence in financial markets, especially when large sums of laundered money move in or out of a market. For example, in a typical equity placement scam, a small-cap company with an offshore company as a majority shareholder will sell convertible bonds to someone who needs their money laundered. The sale is undisclosed. The bond-holder then converts the bonds to stock — often at a share price greater than the price of the bonds. Then the stock is sold to investors and the clean money is deposited into a bank account

What is anti-money laundering (AML)?

Anti-money laundering (AML) is a set of procedures, laws, processes, and regulations financial companies must follow and implement to stop criminals from disguising illegally obtained funds as legitimate income.

AML requirements

In order to comply with various AML laws and regulations, financial institutions must meet certain requirements. This includes implementing Know Your Customer and customer due diligence programs, reporting suspicious customer activity, and monitoring customer transactions in an ongoing manner. 

Know Your Customer (KYC)

A Know Your Customer program involves various processes designed to determine whether a person is who they say they are. This typically includes identity verification as well as other AML screenings. In many ways, KYC can be thought of as a type of mini background check that a customer must pass before they are allowed to open an account with a financial institution.

Financial institutions working with other businesses — for example, third-party contractors — are also required to verify key details about those companies. When the KYC process is applied to businesses instead of individuals, it’s known as Know Your Business (KYB).

Customer due diligence (CDD)

Customer due diligence refers to the steps a financial institution must take to assess and mitigate a customer’s risk of money laundering. To comply with the CDD rule, financial institutions must:

  • Identify and verify the identity or customers
  • Identify and verify the identity of beneficial owners of companies opening an account
  • Understand the nature and purpose of customer relationships to develop customer risk profiles
  • Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information

Because money laundering risk varies from customer to customer and from transaction to transaction, financial institutions are free to apply different levels of due diligence depending on how much risk they assess during the account opening process. These levels include:

Transaction monitoring

Financial institutions are required to monitor customer transactions in an ongoing manner. The goal of transaction monitoring is to identify suspicious activity that may be indicative of money laundering or other financial crimes. Transaction monitoring typically occurs automatically — only moving to manual processes when suspicious activity has been identified.

A number of factors are considered during transaction monitoring, including where the money originated and where it is being sent, how large of a transaction it is, the account’s transaction velocity, and the recipient of the funds. 

Suspicious activity reporting (SAR)

When suspicious activity is identified, organizations are required to submit a suspicious activity report (SAR) within 30 days of the suspicious transaction having occurred. Some examples of suspicious activity may include:

  • Large cash transactions
  • International wire transfers
  • Suspected insider trading
  • Increased activity in dormant accounts
  • Transactions that don’t correspond with the type of business listed as the recipient
  • Transactions that appear structured to avoid record-keeping and reporting requirements

History of anti-money laundering (AML) regulations

AML laws vary from country to country, but many of them incorporate recommendations made by the Financial Action Task Force (FATF), an international authority on money laundering and territorial financing. Some of the key measures aimed at money laundering include:

The Bank Secrecy Act (BSA) was passed in the United States in 1970. It was one of the first laws aimed at preventing and punishing money laundering activity. Under the measure, banks and financial institutions cooperate with the government to fight illegal activity by helping regulators "follow the money." A well-known provision of the law requires banks to fill out a currency transaction report for cash transactions greater than $10,000. Other provisions include keeping records of cash purchases of negotiable instruments and reporting suspicious activity that may signify money laundering, tax evasion, or other criminal activities.

Currency transaction report requirements were modified by the Money Laundering Control Act in 1986 to include any transaction greater than $10,000, not just cash. The act also made money laundering a federal crime. Primarily aimed at drug cartels, the law contains controversial provisions allowing the federal government to seize assets without charging anyone with a crime.

The federal government ratcheted up regulation of banks in 1992 with the Annunzio-Wylie Anti-Money Laundering Act. It required banks to implement anti-money laundering prevention practices and penalizes them if criminals use them to launder money. Additional reporting requirements were introduced by the law, namely the Suspicious Activity Report (SAR), which must be filed if a customer or transaction raises certain money laundering flags.

Following the attack on New York City’s World Trade Center in 2001, money laundered by terrorists became a target of regulators through the USA Patriot Act. The measure beefed up cooperation between banks and anti-terrorism fighters within the federal government and boosted fines and penalties for money laundering. The act also requires financial institutions to implement Customer Identification Programs (CIP), which forces banks and broker-dealers to more carefully scrutinize their clients.

In 2020, Congress passed the Anti-Money Laundering Act of 2020 (AMLA) to build upon previous laws. The law has many provisions. It made art and antiquities dealers subject to AML law; required FinCEN to establish a new beneficial ownership database for US businesses; increased information sharing with foreign branches and subsidiaries; streamlined the filing process for non-complex SARs, and established new AML and CFT priorities at the national level, amongst other provisions.

Free white paper
See how experts evaluate AML solutions

Need for AML compliance

Know Your Customer programs seek to discourage money laundering by verifying customers' identities and ensuring transactions are traceable.

Customers can be screened against global watchlists, sanctions lists, and Politically Exposed Person (PEP) lists. People on PEP lists include current or former senior officials in the executive, legislative, administrative, military, or judicial branches of a government; senior officials of a major political party; senior executives of a government-owned commercial enterprise; or immediate family members or close personal/professional associates of such individuals.

In addition to checking lists, financial institutions need to query customers when an activity or transaction requires greater due diligence. For example, a large deposit of cash into an account could prompt a bank to ask the depositor to verify the source of the money. While this may annoy customers who aren't doing anything wrong, the process is necessary to identify those who are up to mischief.

KYC is a cornerstone of any AML compliance program. Designating an AML compliance officer, creating internal policies and anti money laundering procedures, and continuously training employees are other elements of a good compliance program, as well as hiring an outside source to independently evaluate the program from time to time.

Compliance with industry best practices and government regulations is not only important for preventing and stopping money laundering, but also for avoiding stiff penalties (and potentially prison time) for failing to do so. For example, Nasdaq Stockholm AB fined Swedbank more than $5.1 million in May 2021 for "shortcomings in the bank's anti-money laundering controls between December 2016 and February 2019."

And that wasn't the first time the bank was fined for AML shortcomings. In March 2020, the institution was hit with a $386 million fine by a Swedish financial regulator for serious deficiencies in its anti-money-laundering work and withholding information from authorities.

More recently, in December 2021, financial regulators in the United Kingdom fined HSBC $85.1 million for lack of efficiency in its transaction monitoring systems and anti-money laundering processes over a period of eight years.

AML compliance made easy

While it used to be difficult to keep up with constantly evolving regulations, there’s no excuse with today’s wide array of intelligent, flexible, and easy-to-use AML and automated identity verification solutions that can help:

  • Monitor transactions and flag suspicious transaction patterns
  • Identify large cash transactions, such as those greater than $10,000, as specified by U.S. law
  • Generate alerts when sanctioned individuals and organizations are added to watchlists and other reports
  • Collect and verify information about users

AML software can be comprehensive, adaptable, and still easy to implement and use. For example, Persona's identity infrastructure can securely collect and verify information about customers, such as passports and driver’s licenses, as well as augment that data with information from third parties, such as records from the Social Security Administration. These pieces of data can be used to screen new users and monitor customers over their lifecycle. What's more, all this can be done through a single dashboard, making it easier for AML teams to identify suspicious activity.

By automating the collection, verification, and storage of customer information with Persona, companies can reduce the time spent on manual processes. Decision processes can be created without writing a single line of code, and an audit trail can be created automatically without the need to store personal identifying information.

The use of artificial intelligence and robotic process automation in AML solutions can greatly enhance companies’ abilities to identify criminal behavior. For example, used in tandem, the technologies can run statistical analysis of unstructured data to find high-risk cases and eliminate "false positives" caused by redundant data. AI, through the use of flexible Natural Language Processing models, can detect changes in user behavior and, combined with contextual information, improve financial institutions’ ability to know their customers.

With today's AML solutions, financial institutions can efficiently track transactions, effectively monitor questionable ones, and intelligently monitor client behavior so suspicious activity can be discovered early and the organization can stay in compliance and not run afoul of regulators.

Ready to meet constantly evolving compliance standards and regulation changes? Get started for free or contact us to learn more.

Frequently asked questions

What is the European Union (EU) doing to combat money laundering?

There are a number of AML directives across EU member states aimed at combating money laundering. Most recently, the 6th Directive (6AMLD) increased the definition of offenses and the severity of punishments. It also heightened criminal liability, making aiding and abetting in money laundering a crime.

According to the European Commission, the EU’s Anti-Money Laundering Authority (AMLA) should also be established by 2023 and begin its duties by 2024. This organization will be responsible for coordinating with AML authorities, directly supervising specific financial institutions with high-risk rates, and promoting cooperation between national information agencies to facilitate the flow of AML information.

It is also introducing a new regulation that harmonizes all AML rules across the EU into a single, unified set. Cash transactions will also be limited across the EU to 10,000 Euros.

Many individual European countries also have their own AML laws.

What industries are at the greatest risk of money laundering?

Examples of industries with a higher risk of money laundering include financial firms with locations in multiple countries, online gambling organizations, cryptocurrency exchanges, and companies that do business in countries that are at high risk of money laundering. 

While the specifics of risk vary, the common denominator is the lack of visibility — if companies don’t have a clear picture of who is requesting transactions, where these transactions are coming from, and how the money was obtained, they’re putting themselves at risk of processing fraudulent transactions.

Which law enforcement agencies are at the forefront of stopping money laundering?

While not a law enforcement agency, the Financial Crimes Enforcement Network (FinCEN) is one of the most prominent organizations responsible for reducing the spread of money laundering.

As a bureau of the U.S. Department of the Treasury, FinCEN is responsible for enforcing AML rules defined under the Bank Secrecy Act. It’s also responsible for issuing and interpreting regulations authorized by this statute, maintaining government-wide access to FinCEN databases, and coordinating with local law enforcement agencies to assist both investigations and prosecutions.

Why should businesses adopt AML policies?

Businesses must adopt AML policies to remain in compliance with BSA and other global regulations and avoid fines and other penalties for noncompliance. 

Additionally, adopting AML policies can also reduce total risk. Even organizations that are not specifically required to implement AML frameworks can bolster overall security, limit the chance of fraudulent funds being funneled through their system, and improve transaction safety and customer confidence by adopting AML policies.

How do you identify money laundering?

No two cases of money laundering are ever 100% identical. Because there is so much variation, identifying money laundering when it occurs can be a challenge.

That said, there are factors that may increase the risk of money laundering taking place. These include:

  • Secretive customers: If customers go to extreme lengths to obscure information about their identities, source of funds, beneficial owners, and other data, it’s possible they may be doing so to hide illegal activities.
  • Source of funds (SoF): When a customer identifies their source of funds, that information gives you a lot of context about the size and kinds of transactions you may expect to see from them. If transactions do not align with your expectations, given a customer’s source of funds, it may be indicative that money is originating elsewhere. 
  • Unusual activity: Do transactions appear to be engineered specifically to avoid record-keeping requirements? Has a dormant account suddenly re-engaged with a high volume of transactions? Has an account that normally handles only small transactions begun making large transactions? While all of these activities may be inconsequential, they can also be a sign that money laundering is occuring — and deserve further investigation. 
  • Geography: Money laundering and terrorist financing occurs in certain countries and regions with a greater frequency than others. If a customer receives a transaction from someone in one of these high-risk countries or initiates a transaction to one of these high-risk countries, it may be indicative of money laundering.

What is the importance of research in preventing money laundering?

In order for governments to craft regulations that adequately combat money laundering, they must first have a clear understanding of the strategies, methods, tools, and technologies that criminals are using to launder money. It’s through thorough research and analysis that this understanding is gleaned and, ultimately, incorporated into regulations and recommendations.  

Continue reading

Continue reading

Trust & safety in the age of AI
Trust & safety in the age of AI

Trust & safety in the age of AI

LLMs and other types of generative AI have the potential to destroy customer trust in your marketplace or platform. Learn more about the risks and solutions.

LLMs + fraud: How criminals use large language models to commit fraud
LLMs + fraud: How criminals use large language models to commit fraud

LLMs + fraud: How criminals use large language models to commit fraud

Large language models (LLMs) have a lot of potential to be used for fraud. Learn how fraudsters have added this and other AI programs to their toolkit.

DAC7 compliance: What is it, and who does it impact?
DAC7 compliance: What is it, and who does it impact?

DAC7 compliance: What is it, and who does it impact?

See how DAC7 impacts businesses, consumers, and governments, and understand what you need to know to stay compliant. Learn how Persona can help.

AML tools: What to look for in AML software

AML tools: What to look for in AML software

Learn about the different features you may want to look for as you build your AML toolkit.

How to implement the five pillars of AML compliance

How to implement the five pillars of AML compliance

Learn what a compliant AML program looks like and how to establish one at your company.

Global AML compliance: Is your business doing enough?

Global AML compliance: Is your business doing enough?

Discover some of the regulations and protocols you’ll need to know and remember when conducting business internationally

Ready to get started?

Get in touch or start exploring Persona today.