What Makes an AML Compliance Program Effective?

The financial industry requires compliance with local, state, and international anti-money laundering (AML) standards. This promotes effective implementation of legal, regulatory, and operational measures aimed at combating money laundering, terrorist financing, and other threats to the integrity of the international financial system.

Since business relations are becoming increasingly remote, structural changes have been proposed to EU AML regulations. In 2021, EU AML/CFT rules were amended, proposing a new EU authority to fight money laundering. Back in 2020, the Fifth Anti-Money Laundering Directive (5AMLD) was applied to solve a number of emerging and ongoing issues in the framework of the European Union’s AML/CFT regulations. All these changes were intended to make sure that financial institutions use suitable AML prevention systems to protect themselves from money laundering and terrorist financing.

To keep up with these changes and stay compliant, companies should consider investing time and resources in building and renovating their AML compliance programs. Otherwise, they risk exposing themselves to legal, operational, and reputational risks. Let’s learn more about creating an effective AML compliance program below.

What is an AML Compliance Program?

In short, an AML сompliance program is a set of policies, practices, measures, procedures, and controls related to the prevention and reporting of money laundering and terrorist financing.

Money laundering refers to the process of concealing the existence, source, movement, destination, or illegal usage of illicitly-obtained property or funds to make them appear legitimate. The United Nations states that approximately $2 trillion is laundered globally every single year. Yet, only 1% of illegal funds are detected by authorities, leading to a huge amount of money flying under the radar.

When it comes to anonymous payment services, peer-to-peer transfers through mobile phones, virtual currencies, and other online financial relations, money launderers may use anonymizing software, VPNs, and other technologies.

Therefore, the financial institutions providing the above-mentioned services can get used as money laundering instruments, especially if they have weaknesses in their AML compliance programs—which, in most cases, are discovered by regulators and accompanied by fines.

The consequences for non-compliance are severe for all participants in the financial services industry.

• Banks

Banks involved in money laundering receive hefty fines. During the first half of 2021, the total amount of fines reached $2 billion. For example, Deutsche Bank appeared to be involved in a commodities fraud case and was fined $130 million. Meanwhile, one of the largest banks in the Netherlands, ABN AMRO, was fined $574 million due to serious shortcomings in money laundering prevention.

• Trading organizations

The World Trade Organization (WTO) states that the average annual global trade in goods is about $20 trillion—$2 trillion of which is laundered. Organizations receive hefty fines for violations. For instance, the FCA fined Sunrise Brokers LLP £642,400 for serious failings in financial crime control in relation to cum-ex trading.

• Payroll services

In August 2021, the owner of several payroll companies in the USA was sentenced to 24 years in state prison for a $4 billion money-laundering scheme.

• Casinos

Gambling is one of the highest-risk industries for money laundering. In the first quarter of 2021, the UK Gambling Commission issued $33,505,885 in fines to online and land-based gambling operators.

• Mortgage companies

In 2014, the UK’s Office of Fair Trading fined three real estate agents a total of £247,000 for “significant and widespread” anti-money laundering lapses, including failures to apply proper due diligence measures.

Above are just a few examples of the consequences that occur due to incompliance with AML requirements. An effective and regularly updated AML compliance program helps to avoid the above mentioned fines and conduct business safely.

What’s included in an AML Compliance Program?

Before getting licensed by a regulator, companies are required to develop and implement an AML compliance program, which is mandated to include the following:

• An appointed AML compliance officer/Money Laundering Reporting Officer (MLRO). According to ML regulations, an AML Compliance Officer (MLRO) is the person responsible for the development, monitoring, and implementation of a company’s AML compliance program. The main responsibility of the MLRO is to keep the company in line with AML regulations and prevent it from getting fined, debarred from the financial industry, or having its license revoked. A company MLRO should have the following powers:
  • the authority to act independently;
  • access to all required information databases;
  • sufficient resources, such as technology and staff members.

In addition, the MLRO is responsible for external reporting and arranging AML training for relevant employees. The role and responsibilities of the MLRO in UK-based regulated companies are described in the FCA handbook.

• AML training for employees. Usually, employees are the first ones who deal with all suspicious activities and their decision-making is crucial in situations of high risk. Therefore, companies should provide ongoing training for those who have AML-specific responsibilities and deal with transactions and accounting. This will keep such employees aware of red flags, suspicious activity, and the relevant legal obligations when dealing with high-risk customers.
• Risk assessment and Management. Companies need to evaluate risks related to their customers, products, services, and location. Employees, agents, and third-party vendors should also be the subject of close scrutiny as well. Specifically, companies need to distinguish high-risk customers and update risk profiles regularly. Thus, risk management is an ongoing process that is kept under regular review.
• Customer Due Diligence. Regulated companies should collect and verify personal information about their customers and the beneficial owners. The amount of personal information varies depending on the risks associated with a particular customer. If higher ML/TF risks are detected, companies shall apply Enhanced Due Diligence (EDD)—for example, when a potential customer is determined to be a Politically Exposed Person (PEP). That’s why companies should implement AML screening of potential customers against global watchlists (sanctions and PEPs) as part of Know Your Customer (KYC) procedures.
• Suspicious activity reporting. Every regulated company should have a process in place to identify suspicious transactions and report them. For example, in the UK it is stated by the National Crime Agency (NCA) that all staff has to file an internal report if they know or suspect something related to money laundering and terrorist financing. The company’s MLRO considers all such reports and makes an external report to the National Crime Agency in case there are reasonable grounds that the suspect is involved in money laundering. In addition, the MLRO documents their decision to not file a report and the reasons for that decision. The company waits for NCA consent before proceeding with the suspected customer and must freeze funds in case suspicions are confirmed.
• Record keeping. According to FCA requirements regulated companies have to keep records concerning customer identification and transactions. These records show that the company is compliant with regulations and may be used as evidence in any investigation conducted by law enforcement.

Thus, AML compliance programs include various complex processes that vary depending on the specifics of the company. If the program works well, companies can grow their business in a safe environment without fearing consequences from legal authorities. Plus, they’ll be well protected from financial criminals and more attractive to customers thanks to a stronger reputation.

Too much information? Complying with requirements can be much easier with our complete AML/KYC solution.

What makes an effective AML Compliance Program?

There are some things that can make the AML Compliance Program much more efficient.

1) Developing an AML culture in a company

It’s important for company management to work together with the AML compliance team to create a solid compliance culture. This helps identify and reduce ML risks and leads to more effective compliance solutions.

Regulators use the concept of AML culture to refer to consolidated AML/CTF efforts. In other words, a company with a solid AML culture takes initiative in combating money laundering at all levels of management. On the other hand, there are companies that are far less compliance-oriented. These may have senior management that underestimates the importance of AML compliance, or AML-responsible employees that see compliance as a mere burden. In such cases, serious penalties are inevitable. Just last year, the total amount of fines issued to financial companies worldwide totalled more than $10 billion, underscoring the importance of building a strong compliance culture. 

2) Using high-tech AML solutions

It’s much more convenient for companies to use new technologies for AML compliance, including AI-powered solutions. For example, innovative screening software collects all required information, verifies the identity of a customer, and then screens the data against regularly updated global watchlists. Whereas manual verification can be much more time-consuming and may lead to mistakes, which can be much more costly than simply using an AI-powered solution.

3) Establishing an independent internal audit

In general, the effectiveness of a particular AML compliance program is determined in the process of independent internal audits. If the company successfully complies with all required regulations (while avoiding the administrative burdens of over-compliance and the legal dangers of under-compliance), the program can be considered successful. Therefore, companies should constantly evaluate the effectiveness of their measures in meeting compliance standards.

To sum up, AML compliance isn’t just another regulatory burden. It’s designed to create a safe business environment beneficial for both financial institutions and their customers. But it’s not enough to simply create an AML compliance program; you have to keep it up to date, which is a time-consuming process.

Learn more about the high-tech solutions Sumsub offers for developing and running an effective AML Compliance Program. Request a demo today.