What is anti-money laundering (AML), and why is it important?

Learn about the stages and harms of money laundering, key AML regulations, and how to meet constantly evolving compliance standards.

An image of an id card to help understand AML
Last updated:
Read time:
Share this post
Table of contents
⚡ Key takeaways
  • Anti-money laundering (AML) refers to the procedures, laws, processes and regulations financial institutions follow to prevent criminals from using their business to launder money
  • AML requirements include Know Your Customer (KYC), customer due diligence (CDD), suspicious activity reporting, and transaction monitoring
  • AML laws vary from country to country, but in the US, the most important of these laws include the Bank Secrecy Act, USA Patriot Act, and Anti-Money Laundering Act of 2020.

Since criminal enterprises began to scale during Prohibition, the challenge has always been hiding the source of money — particularly cash — from authorities so it could be spent freely.

The only solution: "laundering" the money. The objective is to make "dirty" money collected from crimes such as smuggling, arms trafficking, drug trafficking, insider trading, bribery, and computer fraud look clean by passing it through some kind of legitimate enterprise, historically one that was cash intensive. Once it is “clean,” or wiped of any trace to the crimes that preceded it, the money can theoretically be used for anything from pencils to penthouses. During Prohibition, for example, Al Capone used to launder some of his $100 million a year in dirty money through, ironically, launderettes.

Governments and law enforcement agencies continue to try to keep up with the ever-changing methods that criminals use to launder their illegal funds. Importantly, this has included passing anti-money laundering (AML) laws and regulations that impact many aspects of the economy and financial systems. 

Below, we take a closer look at how money laundering works. We then explain what AML is, explore the history of AML regulations, and outline the AML requirements companies must implement in order to comply with the law and combat financial crimes. 

What does the money laundering process look like?

The details of laundering schemes can vary, but they all typically share three stages. Here’s how money laundering works.

Stages of money laundering

  • Placement: The first step a launderer takes is funneling their dirty money into the financial system, typically through a bank account or business, in order to create the appearance of a legitimate source. For example, funds can be blended with clean money, such as income generated by an actual business, or used to pay debt, buy real estate, or buy cryptocurrency.
  • Layering: Once the dirty money is placed, the next step is to hide its source, often through simple account transfers or even obscure and complicated bookkeeping maneuvers. The process can even involve international transfers, where it benefits from laws that strongly protect account-holder privacy. According to the Basel Institute on Governance in Switzerland, in 2023, the top five countries with financial systems extremely vulnerable to money laundering were Haiti, Chad, Myanmar, the Democratic Republic of the Congo, and the Republic of the Congo. Typically, large caches of dirty money are divvied up multiple times until it becomes almost impossible to track back to its source.
  • Integration: Once the dirty money has been laundered, it can be integrated into a clean bank account or the general financial system where it can be used for any purpose, but generally to benefit further criminal enterprises.

Dangers of money laundering and financial crime

Money laundering harms both society and the world economy.

Society is harmed because money laundering enables profitable activities such as drug trafficking, tax evasion, smuggling, human trafficking, and terrorism, and gives criminals the wherewithal they need to expand their illegal activities.

Meanwhile, the world economy is hurt by the enormous volume of laundered money entering it. According to the United Nations Office on Drugs and Crime, 2% to 5% of the world's gross domestic product (GDP) — or $800 billion to $2 trillion — enters the global banking system through money laundering. This means the world’s GDP could be higher if that laundered money entered the world's economy through legitimate means, where it could be used to stimulate business activity or fund government services, instead of deleterious pursuits.

A classic example of how laundered money can threaten the financial system is HSBC, a financial institution that was hit with a $1.9 billion fine in 2012 for its money laundering activities — but wasn't indicted because law enforcement authorities felt that doing so could endanger the global financial system.

Money laundering can also hurt communities and financial markets. Laundering is often tied to tax evasion, and those lost tax payments could have been used to reduce government debt and individual taxes, as well as fund programs that benefit residents. In addition, laundering enables criminal organizations to thrive, in part by corrupting police and politicians, thereby undermining faith in government. For example, in 2017, the Guardian reported that Azerbaijan’s ruling elite used laundered money as part of a $3 billion scheme to pay politicians and journalists to deflect criticism of Azerbaijan’s president and promote a positive image of the country.

Laundering can also undermine investor confidence in financial markets, especially when large sums of laundered money move in or out of a market. For example, in a typical equity placement scam, a small-cap company with an offshore company as a majority shareholder will sell convertible bonds to someone who needs their money laundered. The sale is undisclosed. The bond holder then converts the bonds to stock — often at a share price greater than the price of the bonds. Then the stock is sold to investors and the clean money is deposited into a bank account

What is anti-money laundering (AML)?

AML is a set of procedures, laws, processes, and regulations financial companies must follow and implement to stop criminals from disguising illegally obtained funds as legitimate income.

AML requirements

In order to comply with various AML laws and regulations, financial institutions must meet certain requirements. This includes implementing Know Your Customer (KYC) and customer due diligence (CDD) programs, reporting suspicious customer activity, and monitoring customer transactions in an ongoing manner. 

What are the differences between AML, KYC, and CDD?

If AML is the umbrella under which financial institutions and related businesses combat money laundering, KYC is one of the primary methods that these companies use as a first layer of protection against money launderers. And customer due diligence (CDD) determines if rubber boots and a raincoat are also required.

Know Your Customer (KYC)

A Know Your Customer program involves various processes designed to determine whether a person is who they say they are. This typically includes identity verification as well as other AML screenings. In many ways, KYC can be thought of as a type of mini background check that a customer must pass before they are allowed to open an account with a financial institution.

Financial institutions working with other businesses — for example, third-party contractors — are also required to verify key details about those partners. When the KYC process is applied to businesses instead of individuals, it’s often referred to as Know Your Business (KYB).

Customer due diligence (CDD)

Customer due diligence refers to the steps a financial institution must take to assess and mitigate a customer’s risk of money laundering. To comply with the CDD rule, financial institutions must:

  • Identify and verify the identity of customers
  • Identify and verify the identity of beneficial owners of companies opening an account
  • Understand the nature and purpose of customer relationships to develop customer risk profiles
  • Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information

Because money laundering risk varies, financial institutions are authorized to apply different levels of due diligence depending on how much risk they assess during the account opening process. These levels include:

Transaction monitoring

Financial institutions are required to monitor customer transactions on an ongoing basis. The goal of transaction monitoring is to identify suspicious activity that may be indicative of money laundering or other financial crimes. Transaction monitoring typically occurs automatically — only moving to manual processes when suspicious activity has been identified.

A number of factors are considered during transaction monitoring, including where the money originated and where it is being sent, how large of a transaction it is, the account’s transaction velocity, and the recipient of the funds. 

Suspicious activity reporting (SAR)

When suspicious activity is identified, organizations are required by U.S. law to submit a suspicious activity report (SAR) within 30 days of the transaction having occurred. Some examples of suspicious activity may include:

  • Large cash transactions
  • International wire transfers
  • Suspected insider trading
  • Increased activity in dormant accounts
  • Transactions that don’t correspond with the type of business listed as the recipient
  • Transactions that appear structured to avoid record-keeping and reporting requirements

Modern examples of money laundering

As money laundering protections and regulations have increased, criminals have continued to evade law enforcement by staying a step ahead with technology and complexity. Here are four ways they have evolved their crimes.

Cryptocurrency laundering

Criminals capitalize on the anonymity and speed of crypto accounts and the relative low cost and ease of transfers via computer scripts. Plus, any quick profits can be easily justified as a product of this emerging landscape.

Drug trafficking

From end to end, drug trafficking is illegal, as is all activity that propagates it, from supplying and selling drugs to possession and use. According to the UN, proceeds from the illegal drug trade comprise the largest source of “dirty money” in the world. Drug trafficking is big business in certain jurisdictions through the rise of crime syndicates and associated crimes, including human and sex trafficking, violent crimes, and the proliferation of weapons.

Terrorist financing

Weapons and widespread violence took an extreme form with the terrorist attacks of Sept. 11, 2001, which were funded by money laundering and related crimes. The consequences of financing large-scale terrorism via nuclear, chemical, and biological weapons can create political instability, wreak havoc on cross-border trade, and exploit weaknesses in the global financial system, to say nothing of the lives that can be lost.

Trade-based money laundering (TBML)

The U.S. Department of State calls TBML a “long-standing area of concern” due to the relative informality of global trading on the black market and other largely undocumented methods such as hawala and commodities like gold and diamonds. Likewise, the ability of participants to simply alter shipping invoices renders much of this trade activity unregulatable, though some countries are starting to require local registration in an effort to track the activity.

History of anti-money laundering (AML) regulations

AML laws vary by country, but many of them incorporate recommendations made by the Financial Action Task Force (FATF), an international authority on money laundering and terrorist financing. Below are some of the key measures aimed at money laundering.

The Bank Secrecy Act (BSA), passed in the United States in 1970, was one of the first laws aimed at preventing and punishing money laundering activity. Under the measure, banks and financial institutions cooperate with the government to fight illegal activity by helping regulators "follow the money." A well-known provision of the law requires banks to fill out a currency transaction report for cash transactions greater than $10,000. Other provisions include keeping records of cash purchases of negotiable instruments and reporting suspicious activity that may signify money laundering, tax evasion, or other criminal activities.

Currency transaction report requirements were modified by the Money Laundering Control Act in 1986 to include any transaction greater than $10,000, not just cash. The act also made money laundering a federal crime. Primarily aimed at drug cartels, the law contains controversial provisions allowing the federal government to seize assets without charging anyone with a crime.

The federal government ratcheted up regulation of banks in 1992 with the Annunzio-Wylie Anti-Money Laundering Act. It requires banks to implement AML prevention practices and provides penalties if criminals use them to launder money. Additional reporting requirements were introduced by the law, namely the suspicious activity report (SAR), which must be filed if a customer or transaction raises certain money laundering red flags.

Following the attack on New York City’s World Trade Center in 2001, money laundered by terrorists became a target of regulators through the USA Patriot Act. The measure beefed up cooperation between banks and anti-terrorism fighters within the federal government and boosted fines and penalties for money laundering. The act also requires financial institutions to implement a Customer Identification Program (CIP), which mandates banks and broker-dealers to more carefully scrutinize their clients.

In 2020, Congress passed the Anti-Money Laundering Act of 2020 (AMLA) to build upon previous laws. It made art and antiquities dealers subject to AML law, required FinCEN to establish a new beneficial ownership database for U.S. businesses, increased information sharing with foreign branches and subsidiaries, streamlined the filing process for non-complex SARs, and established new AML and CFT priorities at the national level, amongst other provisions.

Free white paper
See how experts evaluate AML solutions

Need for AML compliance

Know Your Customer programs seek to discourage money laundering by verifying customers' identities and ensuring transactions are traceable.

Customers can be screened against global watchlists, sanctions lists, and politically exposed person (PEP) lists. People on PEP lists include current or former senior officials in the executive, legislative, administrative, military, or judicial branches of a government; senior officials of a major political party; senior executives of a government-owned commercial enterprise; or immediate family members or close personal/professional associates of such individuals.

In addition to checking lists, financial institutions need to query customers when an activity or transaction requires greater due diligence. For example, a large deposit of cash into an account could prompt a bank to ask the depositor to verify the source of the money. While this may annoy customers who aren't doing anything wrong, the process is necessary to identify those who are up to mischief.

KYC is a cornerstone of any AML compliance program. Designating an AML compliance officer, creating internal policies and AML procedures, and continuously training employees are other elements of a good compliance program, as well as hiring an outside source to independently evaluate the program from time to time.

Compliance with industry best practices and government regulations is not only important for preventing and stopping money laundering, but also for avoiding stiff penalties (and potentially prison time) for failing to do so. For example, Nasdaq Stockholm AB fined Swedbank more than $5.1 million in May 2021 for "shortcomings in the bank's anti-money laundering controls between December 2016 and February 2019."

And that wasn't the first time the bank was fined for AML non-compliance. In March 2020, the institution was hit with a $386 million fine by a Swedish financial regulator for serious deficiencies in its anti-money laundering work and withholding information from authorities.

More recently, in December 2021, financial regulators in the United Kingdom fined HSBC $85.1 million for deficiencies in its transaction monitoring systems and anti-money laundering processes over a period of eight years.

General regulation and compliance measures around the world

United States

The 1970 BSA and the 2001 USA PATRIOT Act require that financial institutions implement a risk-based approach when verifying a customer’s name, date of birth, residential address, and identification number (typically a taxpayer identification number such as a SSN or EIN). 

These laws are primarily enforced by FinCEN, as well as other regulators, including the U.S. Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), and U.S. Commodity Futures Trading Commission (CFTC).

European Union

Individual member states of the European Union have the ability to craft their own KYC and AML legislation. However, the EU has issued a number of directives meant to guide this legislation. For example, rules such as AMLD4, AMLD5, and AMLD6 require companies to collect, verify, and keep records of customers’ personally identifiable information (PII) in addition to screening customers against PEP and adverse media lists to assess overall risk.


KYC first became a law in Canada in 1991 with the passage of what became known in 2001 as the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. Its primary objective is to standardize protective measures for an estimated 24,000 businesses in Canada. Financial institutions under the law are required to identify the customer and verify their true identity, understand the customer’s activities and source of funding, and monitor those activities.

The Financial Transactions Reports Analysis Centre of Canada (FINTRAC) enforces and regulates the KYC requirements established by the law, alongside other governmental agencies.


In 2006, Australia passed the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act, which outlines local KYC and customer due diligence requirements. Specifically, it requires all organizations subject to KYC reporting regulations to collect and verify customer data before providing any financial or transactional services. The law is regulated by the Australian Transaction Reports and Analysis Centre (AUSTRAC).

Industry-specific anti-money laundering measures

Within the U.S., certain industries are gaining special attention from regulators because of their appeal to money launderers. 

Real estate

Real estate is vulnerable to money laundering due to the ease and frequency of cash deals, especially those involving large sums and shell companies with no requirement to divulge the identities of owners. Foreign buyers could be connected to illicit activities or corrupt figures and they can hide behind cash and company names. Furthermore, real estate agents are unlikely to flag such deals as suspicious if it means losing out on a sale. 

Several regulators have introduced protective measures to reduce real estate risk. The BSA has introduced certain AML requirements for mortgage lenders and the IRS now has reporting mandates for cash deals involving more than $10,000. FinCEN has reporting requirements for cross-border couriers of $10,000 or more and requires U.S. title insurance companies to report details of non-financed property deals in certain cities, including New York City and Miami. FinCEN also introduced beneficial ownership reporting rules in 2024 for many types of new and existing companies. 


The ability to seamlessly convert funds into chips or tokens, possibly wager and win big, and then cash out in new “clean” funds has always made gaming attractive for money launderers. Add the ability to do it online from anywhere, and to even use virtual currency, and it’s a crime magnet. Under the BSA, casinos and card clubs are required to maintain records; complete CDD in certain cases, including verifying name, date, and residential address; and adhere to reporting requirements, including SARs and currency transaction reports (CTRs) in the event of an exchange of $10,000 or more in cash.


AML requirements apply to any insurance company that offers covered insurance products, such as permanent life insurance, annuities, and products with cash or investment value. With these types of policies, there is a risk that any subsequent payments can be issued as part of a money laundering scheme. Among other things, the BSA and the USA PATRIOT Act mandate that a KYC process take place and that SARs be filed in the event that suspicious activity is observed.


In 2019, the three largest financial regulators in the U.S. issued a joint decision classifying cryptocurrency exchanges as financial institutions, thus requiring that AML and KYC measures apply when there is FinCEN, CFTC, or SEC overlap. General regulation of crypto is increasing and the firms are on regulators’ radar, so specific AML and KYC requirements are on the horizon.

AML compliance made easy

While it used to be difficult to keep up with constantly evolving regulations, it’s much easier with today’s wide array of intelligent, flexible, and easy-to-use AML and automated identity verification solutions, which can help:

  • Monitor transactions and flag suspicious transaction patterns
  • Identify large cash transactions, such as those greater than $10,000, as specified by U.S. law
  • Generate alerts when sanctioned individuals and organizations are added to watchlists and other reports
  • Collect and verify information about users

AML software can be comprehensive, adaptable, and still easy to implement and use. For example, Persona's identity infrastructure can securely collect and verify information about a customer, such as their passport and driver’s license, as well as augment that data with information from third parties. These pieces of data can be used to screen new users and monitor customers over their life cycle. What's more, all this can be done through a single dashboard, making it easier for AML teams to identify suspicious activity.

By automating the collection, verification, and storage of customer information with Persona, companies can reduce the time spent on manual processes. Decisioning can be implemented without writing a single line of code, and an audit trail can be created automatically without the need to store PII.

The use of artificial intelligence and robotic process automation in AML solutions can greatly enhance the ability to identify criminal behavior. For example, used in tandem, the technologies can run statistical analysis of unstructured data to find high-risk cases and eliminate "false positives" caused by redundant data. AI, through the use of flexible natural language processing models, can detect changes in user behavior and, combined with contextual information, improve financial institutions’ ability to know their customers.

With today's AML solutions, financial institutions can efficiently track transactions, effectively monitor questionable ones, and intelligently monitor client behavior so suspicious activity can be discovered early and the organization can stay in compliance and not run afoul of regulators.

Ready to meet constantly evolving compliance standards and regulation changes? Get started for free or contact us to learn more.

Published on:

Frequently asked questions

What is the European Union (EU) doing to combat money laundering?

There are a number of AML directives across EU member states aimed at combating money laundering. Most recently, the 6th Anti-Money Laundering Directive (AMLD6) increased the definition of offenses and the severity of punishments. It also heightened criminal liability, making aiding and abetting money laundering a crime.

In December 2023, the EU reached a provisional agreement to create the Anti-Money Laundering Authority (AMLA), which began initial discussions in 2021. This agency will be responsible for coordinating with AML authorities, directly supervising specific financial institutions with high risk ratings, and promoting cooperation between national information agencies to facilitate the flow of AML information.

The EU AMLA will also harmonize all AML rules across the EU into a single, unified set. Cash transactions will also be limited across the EU to 10,000 euros.

Many individual European countries also have their own AML laws.

What industries are at the greatest risk of money laundering?

Examples of industries with a higher risk of money laundering include financial firms with locations in multiple countries, online gambling organizations, cryptocurrency exchanges, and companies that do business in high-risk countries. 

While the specifics of risk vary, the common denominator is the lack of visibility — if companies don’t have a clear picture of who is requesting transactions, where these transactions are coming from, and how the money was obtained, they’re putting themselves at risk of processing fraudulent transactions.

Which law enforcement agencies are at the forefront of stopping money laundering?

While not a law enforcement agency, the Financial Crimes Enforcement Network (FinCEN) is one of the most prominent organizations in the U.S. responsible for reducing the spread of money laundering.

As a bureau of the U.S. Department of the Treasury, FinCEN is responsible for enforcing AML rules defined under the Bank Secrecy Act. It’s also responsible for issuing and interpreting regulations authorized by this statute, maintaining government-wide access to FinCEN databases, and coordinating with local law enforcement agencies to assist both investigations and prosecutions.

Why should businesses adopt AML policies?

Businesses must adopt AML policies to remain in compliance with the BSA and other global regulations and avoid fines and other penalties for noncompliance. 

Additionally, adopting AML policies can reduce total risk. Even organizations that are not specifically required to implement AML frameworks can bolster overall security, limit the chance of fraudulent funds being funneled through their system, and improve transaction safety and customer confidence by adopting AML policies.

How do you identify money laundering?

No two cases of money laundering are ever 100% identical. Because there is so much variation, identifying money laundering when it occurs can be a challenge.

Factors that may increase the risk of money laundering taking place include:

  • Secretive customers: If customers go to extreme lengths to obscure information about their identities, source of funds, beneficial owners, and other data, it’s possible they may be doing so to hide illegal activities.
  • Source of funds (SoF): When a customer identifies their source of funds, that information gives context about the size and typical  transactions you may expect to see from them. If transactions do not align with your expectations, given a customer’s source of funds, it may be indicative that money is originating elsewhere. 
  • Unusual activity: Do transactions appear to be engineered specifically to avoid record-keeping requirements? Has a dormant account suddenly re-engaged with a high volume of transactions? Is an account that normally handles only small transactions now making large transactions? While all of these activities may be inconsequential, they can also be an indication of money laundering — and deserve further investigation. 
  • Geography: Money laundering and terrorist financing occurs in certain countries and regions with a greater frequency than others. If a customer receives a transaction from someone in one of these high-risk countries or initiates a transaction to one of these high-risk countries, it may be indicative of financial crimes.

Continue reading

Continue reading

From fraud to fairness: Leveraging KYC and age verification for online gaming
From fraud to fairness: Leveraging KYC and age verification for online gaming

From fraud to fairness: Leveraging KYC and age verification for online gaming

KYC can help keep online gamers of all ages safe and reduce fraud. Learn how KYC and age verification can benefit your gaming platform.

How to fight ID fraud in a world of generative AI
How to fight ID fraud in a world of generative AI

How to fight ID fraud in a world of generative AI

Learn how generative AI is changing the game when it comes to fake IDs and what you should be mindful of when enhancing your fraud strategy.

What is remote KYB onboarding?
What is remote KYB onboarding?

What is remote KYB onboarding?

Remote Know Your Business (KYB) technology efficiently onboards business customers. Learn more about how digital onboarding addresses changing regulations.

AML tools: What to look for in AML software

AML tools: What to look for in AML software

Learn about the different features you may want to look for as you build your AML toolkit.

How to implement the five pillars of AML compliance

How to implement the five pillars of AML compliance

Learn what a compliant AML program looks like and how to establish one at your company.

Global AML compliance: Is your business doing enough?

Global AML compliance: Is your business doing enough?

Discover some of the regulations and protocols you’ll need to know and remember when conducting business internationally

Ready to get started?

Get in touch or start exploring Persona today.