The Sumsuber

Verification knowledge hub

5 min read

6 Key Steps to a Successful Anti-Money Laundering (AML) Program in 2023

This guide helps businesses develop an AML compliance program to keep customer onboarding effective.

An effective Anti-Money Laundering (AML) program is one of the keys to protecting businesses from illicit money and fines for regulatory non-compliance.

Let’s start from the basics. Regulatory compliance is a set of procedures that businesses must follow to comply with laws and regulations. And there are many different rules to follow. Some are international, such as the Financial Action Task Force’s (FATF) Recommendations or the European Union’s AML Directives. While others are national, such as the Bank Secrecy and Patriot Acts in the US. Then you have country-specific regulators that regularly amend AML guidelines in their respective jurisdictions.

So, depending on the industry, businesses need to keep an eye on dozens of AML guidelines, rules, and regulations. This mostly relates to banks, law firms, casinos, tax advisors, forex brokers and a number of others.

AML best practices continue to advance in order to keep such businesses stress- and fraud-free. However, incorporating new measures doesn’t always come smoothly. Business owners have to invest time and resources in renovating their Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) policies and building reliable AML programs.

This article will guide you through the process of building an AML compliance program for your business, with insights from the experts at Sumsub.

What is an AML compliance program?

An Anti-Money Laundering (AML) compliance program combines everything a company does to meet AML compliance norms: built-in internal operations, like employee training, user-processing policies, accounts monitoring and detection of suspicious operations, as well as AML reporting.

The aim of an AML compliance program is to detect, respond, and eliminate inherent and residual money laundering, terrorist financing, and fraud-related risks.

An effective AML compliance program won’t let suspicious customers and transactions enter the financial system. However, criminals constantly invent sophisticated methods of money laundering and fraud to fly under the radar. Therefore, it’s essential to develop an AML program that can handle new and complex fraud attempts. Otherwise, businesses expose themselves to financial and reputational losses.

What impacts AML compliance. Before creating a compliance program, an organization has to summarize and define its potential risks and legal obligations.

  • The money laundering risks it’s exposed to;
  • Respective local and global laws and punishment for non-compliance;
  • Potentially suspicious activities within the company.

To develop a strong AML compliance program, businesses have to follow a few steps.

How to develop an AML program: a step-by-step guide

This guide contains the steps to developing an effective compliance program:

Step 1. Appoint an AML compliance officer (AMLCO)…

… or a MLRO (Money Laundering Compliance Officer) to handle all things compliance.

AML legislation in most countries requires obliged entities to appoint an AML compliance officer. This person handles everything related to the compliance program: internal audits management, compliance analysis, development of appropriate guidelines, employee training programs, etc.

Candidates for this position must possess expert knowledge of regulatory data sources, compliance analysis tools, and demonstrate expertise in relevant regulations.

In addition, a compliance officer needs to have extensive experience in the financial sector, preferably in AML compliance, legal or internal risk audits. Another must is appropriate certification (CAMS, CAFP, CRCM, etc).

Step 2. Conduct employee training

It is necessary to design an employee training program to meet the AML requirements of the company. The program should be scheduled in accordance with recent changes in legislation or after serious incidents, such as employees involved in money laundering. If such incidents occur, it means that existing policy is ineffective and must be amended.

To have proper protection from money laundering, entities should have internal controls across all departments and branches.

Who to train: compliance and audit teams, senior management, high-risk departments that come into direct contact with clients.

Training topics:

  • General information: the consequences of failing to comply with AML/CFT laws, as well as the importance of spotting and stopping these crimes.
  • Legal framework: detailed review of anti-money laundering regulations.
  • AML penalties: an overview of penalties for non-compliance with AML laws.

How to train: There are some conventional training methods that are commonly used onsite, online, through third-parties, or with the help of experienced employees:

  • Educational presentations and webinars prepared by the company’s compliance officer;
  • Interactive e-learning modules and evaluation tests to measure AML proficiency;
  • Regular staff meetings concerning the latest AML issues on the market;
  • Updating Anti-Money Laundering controls and guidelines according to legislation and sharing the changes with staff.

Of course, every company has to consider its AML steps depending on the industry and business specifics.

Step 3. Perform risk assessment

FATF recommendations require that financial institutions take steps to identify and assess their money laundering and terrorist financing risks, including factors relating to customers, countries or geographic areas, as well as products, services, transactions, or delivery channels. 

One of the most important points is the Business-wide risk assessments which should help understand the risks in a particular AML jurisdiction.

ML/TF risks associated with business relationships should be covered by Customer Due Diligence (CDD) policies and procedures. This means deciding on the appropriate level and type of CDD for a given customer base. 

Initial CDD measures should include at least the following:

  1. identifying the customer and, where applicable, the customer’s beneficial owner or legal representatives; 
  2. verifying the customer’s identity on the basis of reliable and independent sources and, where applicable, verifying the beneficial owner’s identity; 
  3. establishing the purpose and intended nature of the business relationship.

Next, the entity is required to develop policies and procedures to detect, monitor and report, where applicable, customers and transactions which pose high risk due to common risk factors, such as high-risk countries, PEPs, due diligence results, etc.

Step 4. Develop internal policies and procedures

To handle ML/TF risks and maintain regulatory compliance financial entities have to develop and implement internal AML guidelines. 

Every financial institution has to perform due diligence procedures that follow both regulatory compliance demands and internal policies. Obliged firms must perform Customer Due Diligence (CDD) and monitoring procedures in respect of both natural and legal persons. The practices may vary depending on the nature of ML risks and size of the firm.

Here at Sumsub, our AML solutions are approved by major regulators like FINMA, FCA, CySEC and MAS.

  • Report suspicious activities

A powerful reporting system can immediately deliver information about money-laundering activity to relevant authorities.

Suspicious transactions must be reported to management first. Then, based on the evidence at hand, the MLRO is supposed to decide whether it is necessary to report it to the appropriate Financial Intelligence Unit (FIU) or not. 

Step 5. Detect suspicious activity and report it

First of all, it is necessary to quickly expose red flags, such as:  

  • Abnormally large transactions;
  • Bank accounts opened with insufficient client information;
  • Any fake data submitted by a client.

The full list of suspicious triggers could be found here.

Reporting is one of the main requirements of AML compliance. Based on Recommendation 20 of the FATF, if a financial organization has reasons to suggest that certain funds were accumulated illegally or are linked to fraud and terrorism, it must promptly report them to a FIU.

Step 6. Organize independent audits

Getting reviewed by an independent auditor is a great way to spot weaknesses in a company’s risk assessment and compliance program. The review would include the check of KYC due diligence procedures, compliance training, monitoring, and reporting systems. Financial regulators use such audits to check whether companies are successful at preventing money-laundering crimes.

Section 59(2) of the New Zealand AML/CFT Act obliges companies to carry out an independent audit every two years or upon a supervisor’s request.

Criteria for selection: An independent auditor must have sufficient AML expertise not only to examine existing policies and procedures, but to make proper recommendations for their improvement, if necessary. Under section 59B(3) of the NZ AML Act, the auditor must not have participated in developing the organization’s AML compliance program.

Sumsub commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study to examine the potential value of its platform. The TEI concludes that companies that invest in Sumsub can experience an 240% ROI. This study is designed to help you evaluate Sumsub’s potential financial impact on your company. To that end, Forrester anonymously interviewed four Sumsub customers, aggregated their experiences and benefits, and combined the results into this report.

Frequently Asked Questions about AML

  • What is AML compliance?

    AML compliance is adhering to a set of requirements aimed at combating money laundering and other financial crimes.

  • What are AML requirements?

    A set of measures to be adopted in order to keep money laundering out of a company’s business.

  • Who is required to comply with AML?

    Exact requirements vary from one country to the other. However, the following institutions typically have to comply with AML regulations:

    • Financial institutions (such as banks),
    • Money service businesses (nonbank businesses involved in converting or transmitting money),
    • Real estate brokers,
    • Law firms,
    • Casino and betting companies,
    • Auditors and accountants,
    • Tax advisors,
    • Virtual assets service providers.

  • What are the 6 pillars of an AML compliance program?

    • Appointing a compliance officer,
    • Employee training,
    • Risk assessment,
    • Detection and reporting of suspicious activity,
    • Internal practices,
    • Internal audits.

  • Where can I learn more about AML compliance programs?

    You can learn about the six critical components of an AML compliance program by reading The Sumsuber.

See Sumsub in action