What is anti-money laundering? A guide to AML compliance

Key Takeaways: 

• AML compliance relies on Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures to verify customer identities, assess risk, and monitor ongoing transactions.

• Non-compliance can result in significant fines, reputational damage, and operational disruption; robust AML programs protect both institutions and the broader financial system.

• A strong AML program includes six pillars: internal policies and controls, an AML compliance officer, employee training, independent testing, ongoing CDD, and PEP/AML watchlist screening.

• Politically exposed persons (PEPs) and AML watchlist screening are critical components of AML programs, helping identify higher-risk customers and ensure enhanced due diligence.

Having and implementing a strong AML program is critical for the financial security of banks and other financial institutions such as credit unions, investment companies, and many financial services companies. 

More broadly, AML obligations are necessary to help countries around the world maintain economic security and protect against potential terrorism. However, AML requirements are complex and navigating the requirements can be challenging for banks and financial institutions. 

In this article, we’ll discuss the AML requirements in the U.S., why anti-money laundering compliance is so important, and how financial institutions can limit their risk of fraud.

What is anti-money laundering in banking?

Anti-money laundering (AML) is a system of policies, laws, and regulations for preventing, detecting, and reporting money-laundering activities and terrorism financing. To comply with  AML obligations, financial institutions must monitor their customers' transactions and report suspicious financial activities. In other words, the AML meaning in banking is the framework that ensures financial institutions identify suspicious activity and block criminals from exploiting the financial system.

In theory, AML applies only to a limited number of transactions and criminal behaviors. But, in practice, it impacts nearly every aspect of a financial institution’s relationships with its customers. It’s the institution’s responsibility to detect and prevent illicit transactions, which can lead to many requirements for customers to follow.

→ Need to stay compliant with AML screenings? Plaid’s fraud and risk management tools provide access to real-time fraud data. 

What is the history of anti-money laundering?

In the United States, the Bank Secrecy Act (BSA), created in 1970, formalized requirements for financial institutions to identify and document the source, volume, and movement of currency deposited into those financial institutions. Among other requirements, this anti-money laundering act requires financial institutions to report and record suspicious cash transactions over $10,000. 

The Office of Terrorist Financing and Financial Crimes (TFFC) (under the U.S. Department of Treasury) continues to develop and implement policies to combat money laundering, terrorist financing, and other financial criminal activity. Alongside TFFC, the Financial Crimes Enforcement Network (FinCEN) collects and analyzes financial transaction data, administers the Bank Secrecy Act (BSA), and supports law enforcement and regulatory agencies in detecting and preventing illicit activities in finance. 

Anti-money laundering rose to international prominence in 1989 when countries and organizations around the world formed the Financial Action Task Force (FATF) to create standards and policies that combat money laundering and terrorism financing at both national and international levels.  

The International Monetary Fund (IMF) is another important organization in the fight against money laundering. Formed in July 1944, the IMF was created to reconstruct the international monetary system after World War II. Today, the IMF works to foster global monetary cooperation, financial stability, international trade, high employment, sustainable economic growth, and reduced poverty. It also helps ensure that its 190 member countries comply with international standards to fight terrorism financing.

What are the three stages of money laundering? 

The three stages of money laundering generally consist of:

• Placement of illegal funds in a legitimate financial institution

• Layering and mixing of illegal and legal funds to hide the origin of the illegal proceeds

• Integration of funds back to the criminal

During the placement stage, money launderers use a variety of techniques and venues to hide their funds, such as:

• Legitimate cash businesses (for example, car parks, tanning salons, car washes, and casinos)

• Trusts and offshore companies

• Foreign bank accounts

The layering stage is complex, as money launderers utilize bookkeeping tricks to obscure the audit trail. This can involve:

• Transferring funds from one country to another

• Moving funds between multiple banks or between accounts within the same institution

• Investing in real estate

• Converting cash into money orders, wire transfers, and stocks

In the integration stage, money launderers must extract their funds without triggering attention from law enforcement or tax authorities. They can do this with: 

• Fake employees

• Loans that are never repaid

• Investments into a property, high-end cars, artwork, jewelry, and other high-priced commodities

How is money laundering detected?

To detect money laundering, U.S. financial institutions must follow Know Your Customer and Customer Due Diligence procedures. They must verify the identity of customers and the beneficial owners of companies opening accounts, and engage in ongoing monitoring based on client risk profiles.

Know Your Customer (KYC) regulations are a standard set of procedures that help financial institutions verify the identities of their clients and assess and monitor customer risk for the purposes of opening and maintaining an account. Under the KYC obligations, clients must provide credentials (e.g., identification documents, like a driver’s license or passport) that prove their identity and address. 

Customer Due Diligence (CDD) is often one component  of a financial institution’s KYC procedures and focuses on assessing the risk level of a potential client. Under the CDD requirements, in addition to verifying the identity of the client and/or the beneficial owners of a company, financial institutions engage in ongoing monitoring of transactions a customer makes  in order to detect anomalous or suspicious behavior.

AML holding periods can require that deposits stay in an account for a minimum number of days. This tactic slows down potential money laundering and builds in more time for risk assessment.

How does AML screening and monitoring help prevent financial crimes?

AML helps financial institutions combat money laundering by stopping criminals from engaging in transactions that disguise the origins of funds connected to illegal activity. AML policies also address terrorism financing, which uses similar methods to source and hide funding.

According to the International Monetary Fund (IMF), the money laundering rate is between 2-5% of the world's GDP. Money laundering enables criminals to reap the benefits of crimes such as corruption, tax evasion, theft, drug trafficking, and migrant smuggling. These crimes can diminish the economic resources available to countries and threaten their economic stability. 

AML regulations were introduced in 1989 to combat money laundering. After the 9/11 terrorist attacks, AML regulations were updated to include measures that seek to prevent financial terrorism. The techniques used to launder money are essentially the same as those used to obscure terrorist financing.

→ Want to fight fraud while handling KYC requirements? Plaid Identity Verification is the lowest friction identity verification experience available.

What are the six key elements of an AML compliance program?

The six pillars of an AML program are:

• Development of internal policies, procedures, and related controls 

• Designation of an AML compliance officer

• Ongoing and relevant employee training 

• Independent testing and review for compliance

• Customer Due Diligence (CDD)

• AML PEP screening 

Policies, procedures, and related controls

Financial institutions must develop written AML policies and procedures that govern their actions. These policies must be appropriate for the risk profile of the financial institution. Firms can visit the FinCEN website for templates for CDD and other BSA forms. Broker dealers and small financial firms can visit FINRA to find templates for setting up their AML programs. The templates include text examples, instructions, relevant rules, websites, and other resources. 

AML compliance officer

Financial institutions must designate an AML compliance officer with the ongoing responsibility to ensure that the institution is in compliance with the BSA. The officer should have the budget, authority, and requisite knowledge and training to manage the program.

Employee training

Employees must be provided with current, tailored, relevant, and ongoing training. Training should be documented, and the amount and frequency of training should be appropriate to the employee’s role and the institution’s risk profile.

Independent review

Independent testing of the compliance program must be conducted by someone with knowledge of the BSA. This testing can be done by a third party. It cannot be done by the institution’s AML compliance officer or anyone with direct responsibility for compliance.

Customer Due Diligence (CDD)

Financial institutions are required to conduct ongoing CDD and monitoring. This helps maintain and update customer information and risk profiles.

PEP screening

Identify politically exposed persons (PEPs) and their close associates or family members using AML watchlists. Since these individuals pose a higher risk of corruption and bribery, institutions may apply enhanced due diligence, such as verifying the source of funds and monitoring transactions more frequently.

What is an AML watchlist and how is it used in compliance?

An AML watchlist is a database of individuals, companies, and organizations that may present a higher than average risk of money laundering, terrorism financing, or other financial crimes. These lists are maintained by government organizations and regulatory bodies and financial institutions are often required to screen their customers and transactions against these lists as part of AML compliance. 

Common AML watchlists used by financial institutions include sanction lists from the U.S. Office of Foreign Asset Control, FBI’s Most Wanted Watchlist, and the European Union Consolidated Financial Sanctions List. 

By checking new and existing customers against AML watchlists, financial institutions can identify possible money laundering, block or freeze transactions, and report suspicious or criminal activity to regulators. Screening is not a one-time requirement; institutions must conduct ongoing monitoring to ensure they capture updates to global watchlists and regulatory advisories.

What are red flags in AML?

AML red flags are indicators of suspicious transactions. Potential red flags could include:

• A significant amount of private funding from an individual running a cash-intensive business. 

• The involvement of a third party private funder without an apparent connection to the business. 

• Transactions inconsistent with the customer’s known profile or frequent deposits just below the reporting thresholds. 

• Transfers from or to high-risk jurisdictions. 

• Customers who are politically exposed persons (PEPs) or appear on AML watchlists. 

In 2019, FINRA (the Financial Industry Regulatory Authority) issued Regulatory Notice 19-18 and provided 97 examples of money laundering red flags. FinCEN also regularly issues advisories with updated red flags.

It’s important to note that lists of red flags are not exhaustive and do not guarantee compliance with AML programs. These red flags aren’t always indicative of illicit activities and may not apply to every financial institution, customer relationship, or business activity. Financial institutions must follow a risk-based approach to AML, and take the appropriate mitigation measures in accordance with the level of risk.

Stages of AML compliance 

Financial institutions can structure their AML compliance programs as a series of stages, each building on the previous to detect and prevent money laundering effectively.

Stage 1: Risk assessment and policies 

Develop written AML policies, procedures, and internal controls appropriate to your organization's risk profile. The policy should be recorded and accessible to the organization’s senior management, board, staff, and regulations. Conduct a risk-based assessment to identify areas of higher financial crime exposure.

Stage 2: Designate an AML compliance officer 

Appoint a trained compliance officer responsible for overseeing AML efforts and regulatory compliance. Provide this officer with the appropriate authority, budget, and resources to enforce policies effectively. 

Stage 3: Customer verification (KYC and CDD) 

Verify customer identity through Know Your Customer (KYC) procedures. Conduct Customer Due Diligence (CDD) to assess and monitor risk. Apply enhanced due diligence for higher-risk clients, such as international money service businesses or organizations with complex ownership structures. 

Stage 4: PEP and AML watchlist screening 

Screen customers against AML watchlists and sanctions lists. Identify political exposed persons (PEPs) and their close associates. Apply enhanced monitoring and verification for flagged customers or organizations. 

Stage 5: Transaction monitoring and reporting 

Continuously review transactions for unusual activity or red flags, such as deposit inconsistencies or frequent transfers to high-risk jurisdictions. Implement AML holding periods or other mitigating measures to slow suspicious activity. Report suspicious transactions and activity to regulators as required. In the United States, banks must file a Suspicious Activity Report (SAR) with the Financial Crimes Enforcement Network (FinCEN). 

Stage 6: Training and independent review 

The final stage of AML compliance is providing ongoing staff training to ensure employees understand the rules and their role in AML compliance. Organizations should also conduct an independent testing and review program to ensure compliance with AML regulations and requirements. 

An AML compliance checklist can support and inform a financial institution’s AML program. This short guide can help ensure your organization adequately covers each stage of an AML program: 

Why is AML compliance important for financial institutions?

AML compliance is critical for financial institutions to maintain their financial security. It’s also important because:

• AML regulations and obligations are becoming increasingly important to regulators 

• Financial crime continues to evolve

• Financial institutions’ reputations for trustworthiness are at stake

Maintaining an AML program requires serious manual effort, which leads to higher costs. US financial services spend billions to prevent money laundering risk. However, failure to comply can also result in astronomical losses to fraud and steep fines. In 2024, FinCEN levied a record breaking $1.3 billion fine against TD Bank for violations of AML laws. 

Any AML crisis can negatively impact a financial institution’s brand reputation. Customers value security from fraud with their institution. Organizations that have been investigated or fined for AML non-compliance may seem untrustworthy to customers. As a result, financial institutions may lose customers and market value in an AML crisis.

How can I meet AML requirements? 

Financial institutions can implement an appropriate AML program by:

• Using technology to conduct ongoing monitoring

• Using data analytics to identify patterns

• Standardizing AML systems

Besides implementing and conducting strong AML compliance programs, financial institutions can use technology, such as AI, for ongoing monitoring. This can help institutions expand their monitoring capacity while allowing their compliance teams to address the accounts that need attention. 

Improved and real-time analytics can help AML officials quickly assess a customer’s level of risk. Analytics can help identify questionable patterns, develop client models, build levels of risk, and flag negative news alerts that bear on the client’s account.

Finally, standardizing systems is a critical need for financial institutions dealing with a network of legacy computer systems. By moving into a fully digital environment, institutions can more easily standardize AML practices across the organization.

Plaid can help your organization meet AML requirements with access to real-time fraud detection, predictive scores, and machine learning-driven risk models. 

Conclusion

AML procedures exist to ensure that financial institutions and banks are taking the right steps to fight money laundering and terrorism financing. AML regulations continue to change globally, and the onus is on financial institutions to keep up with and update their AML programs. By stopping criminals from obscuring the origins and locations of their illegal transactions, banks can help promote broader safety and economic security for the world.

Learn how Plaid helps companies limit fraud risk while limiting customer friction.