Anti-Money Laundering (AML) Policy ( With Template)

What an anti-money laundering policy template should look like and steps in crafting AML policies

Since the introduction of the Bank Secrecy Act and its implementing regulations, financial institutions are mandated to implement AML and KYC policies to combat money laundering. Anti-money laundering policies prevent the reintroduction of the proceeds of illegal activities into our financial system, therefore financial authorities in most countries require all financial institutions to enact their own AML policies in line with AML regulations.

What is an Anti-Money Laundering policy?
Anti-money laundering policy is a strategy used by an organization to prevent and effectively combat money laundering and other financial crimes.

The guidelines for KYC and AML policies are very similar across the world because they are based on the

FATF recommendations, but there are also local regulations. Firms must also modify their AML policies and procedures to accurately comply with all AML requirements that are relevant to their operations.

Anti-Money Laundering Policy Template
Working with numerous financial institutions in developing AML policies and close cooperation with financial regulators has broadened our understanding of what an AML policy means. To this effect, we’ve summarised what the KYC AML compliance policy should consist of and what it should be in each part. This template was derived from the US Bank Secrecy Act (BSA), EU 4th Anti-Money Laundering Directive (AMLD4), and FATF recommendations.

1. Introduction to the AML Policy
In the introduction of the anti-money laundering policy, the company should declare the reasons for implementing an anti-money laundering policy. The introduction should also define money laundering and terrorist financing, and ensure that the AML policy will be regularly reviewed to keep up with regulatory demands.

2. Assigning an AML Compliance Officer 
In this part, the anti-money laundering policy names the person responsible for the company’s anti-money laundering program i.e. the AML compliance officer. The AML policy should also describe the AML compliance officer’s qualifications and responsibilities.

3. Information Sharing with Financial Intelligence Units
This part of the anti money laundering policy usually explores the possibility of sharing information with financial intelligence units and law enforcement. Here, anti-money laundering describes the institution’s procedures for responding to a regulator’s requests for information on money laundering and terrorism financing activity.
The AML policy should also define the system, through which the company will respond to the request and details on documenting the procedure.

4. Sharing Information with Other Financial Institutions 
The fourth section of an anti-money laundering policy outlines the company’s procedures for sharing AML information with other financial institutions, for purposes of identifying and reporting activities, indicating money laundering. The policy also describes measures taken to ensure the security and confidentiality of the information shared.

5. Sanctions List checks
Given that citizens and residents of the United States are prohibited from dealing with entities listed on the Office of Foreign Assets Control’s Specially Designated Nationals List (SDN), financial institutions are mandated to check all sanctions lists before opening an account, operating an existing account or partnering with a new client.

Here the anti money laundering policy should describe the platforms and procedures for checking the SDN lists and give reasonable assurance that their knowledge of the sanctions list is up to date.

6. Verifying Customer’s Identity 
Customer identification is a major part of every AML compliance program. The AML policy must account for all the procedures and measures taken by the institution to identify and verify the customer’s identity, to form a reasonable belief that they know the true identity of each customer. Let’s go through the steps of customer Identification in an AML policy.

  • Necessary KYC Information 
    The first step is outlining which information should be obtained for the purpose of identification and from who. Here the anti-money laundering policy describes which information will be collected when opening a new account for a customer or their beneficial owners. The information the company obtains depends on the type of account and the risks associated with it.

For details on the information necessary for KYC, see our article on KYC customer due diligence

  • When the Customer declines to provide information or provides false information 
    In this part, the anti-money laundering policy should describe the company’s measures for customers who decline the company’s request for identifying information or intentionally providing false information. The policy explains whether and when the institution refuses to open a new account and close any existing account after assessing the risks involved.
  • Verifying Information 
    This part of the anti-money laundering policy usually describes how the company will verify its customers’ identities using the information obtained. The AML policy should also state whether the firm will verify customer identity through documentary means, non-documentary means or both, and describe how these procedures will take place including the use of verification software.
  • Limits and Threshold of Financial Transactions 
    This part of the AML policy should explain that the company will verify the customer’s information within a reasonable period of time before or after the account is opened. Also mention the institution’s policy for restricting transactions for accounts while verification is ongoing.
  • Inability to Verify Customer’s Identity 
    AML policy should describe procedures in response to situations when the institution cannot verify the identity of a customer. These procedures may include the institution’s refusal to open an account with that customer, or limiting the types of transactions available to the customer while they attempt further verification. The institution may temporarily block or close an account if further attempts at verification fail.
  • Keeping AML-Related Data and Transaction Records 
    Here the institution should describe procedures for keeping records including all identifying information obtained from the customer, how information was obtained and the results of the verification process. With respect to non-documentary verification, the institution should retain documents that describe the methods and the results of any measures taken to verify the identity of a customer. The anti-money laundering policy should also mention the duration of keeping such records according to local regulations. Under the BSA and AMLD4, financial institutions are required to store records of transactions for up to 5 years.
  • Notifying Customers 
    Under customer identification procedures, the institutions should adequately notify customers when requesting information for identity verification purposes. The AML policy should also mention how customers will be notified.
  • Relying on Another Institution for Customer Identity Verification 
    In this part the AML policy should describe the institution’s response to cases when they will rely on information provided by another organization (including an affiliate) for some or all elements of the customer identification process.

7. Customer Due Diligence 
In this part, the anti-money laundering policy should outline measures put in place to identify and verify beneficial owners, politically exposed persons (PEP), and senior management of an organization. Under customer due diligence, the AML policy will describe the procedure for establishing a customer’s risk rating and when enhanced due diligence procedures will be appropriate. The policy should also outline when adverse media checks, sanctions list screenings and ongoing AML monitoring will be appropriately applied for certain customers.

8. Filing SARs and CTRs
Under the BSA, financial institutions are also required to file Currency Transaction Reports (CTR) for transactions exceeding the sum of $10,000, and a Suspicious Activity Report (SAR) to report suspicious transactions. The anti-money laundering policy should mention that the institution will file CTRs in compliance with regulations and SARs if the AML compliance officer deems it necessary.

Our Anti-Money Laundering Policy Template
This AML policy template is suitable for all financial institutions, but a complete anti-money laundering policy goes further than just customer identification and verification.

Our expert legal consultants and automated KYC/AML solutions support full customization of an anti-money laundering policy to suit any type of business and at the same time comply with AML requirements.

Stay updated with Sumsub by signing up for our newsletter

Sign up for our Newsletter

Be up and running in minutes.

Questions? Schedule some time to talk with one of our experts.

By clicking the button you agree with our Privacy Policy.

Thank you for subscribing to our newsletters.

Thanks for contacting us!

We will get in touch with you shortly.