What is anti-money laundering? A guide to AML compliance

Key Takeaways: 

• AML compliance relies on Customer Identification Program (CIP) and Customer Due Diligence (CDD) procedures to verify customer identities, assess risk, and monitor ongoing transactions. CIP and CDD are often referred to together as part of a financial institution’s broader Know Your Customer (KYC) framework.

• Non-compliance can result in significant fines, reputational damage, and operational disruption; robust AML programs protect both institutions and the broader financial system.

• A strong AML program includes five pillars: internal policies and controls, a designated AML compliance officer, employee training, independent testing, and ongoing CDD.

• Politically exposed persons (PEPs) and AML watchlist screening are critical components of AML programs, helping identify higher-risk customers and ensure enhanced due diligence.

Having and implementing a strong AML program is critical for the financial security of banks and other financial institutions, such as credit unions, investment companies, and many financial services companies. 

More broadly, AML obligations are necessary to help countries around the world maintain economic security and protect against potential terrorism. However, AML requirements are complex, and navigating the requirements can be challenging for banks and financial institutions. 

In this article, we’ll discuss the AML requirements in the U.S., why anti-money laundering compliance is so important, and how financial institutions can limit their risk of fraud.

What is anti-money laundering in banking?

Anti-money laundering (AML) obligations are a set of policies, laws, and regulations designed to prevent, detect, and report money laundering and terrorist financing. One component to comply with AML obligations is that financial institutions must monitor their customers' transactions and report suspicious financial activities. 

In theory, AML transaction monitoring applies only to a limited number of transactions and criminal behaviors. But, in practice, it impacts nearly every aspect of a financial institution’s relationships with its customers. It’s the institution’s responsibility to detect and prevent illicit transactions, which can result in many requirements for customers.

→ Need to stay compliant with AML screenings? Plaid’s fraud and risk management tools provide access to real-time fraud data. 

What is the history of anti-money laundering?

In the United States, the Bank Secrecy Act (BSA), created in 1970, formalized requirements for financial institutions to identify and document the source, volume, and movement of currency deposited into those financial institutions. 

The Financial Crimes Enforcement Network (FinCEN) (under the U.S. Department of the Treasury) continues to develop and implement policies to combat money laundering, terrorist financing, and other financial criminal activity. FinCEN also collects and analyzes financial transaction data, administers the Bank Secrecy Act (BSA), and supports law enforcement and regulatory agencies in detecting and preventing illicit activities in finance. 

Anti-money laundering rose to international prominence in 1989 when countries and organizations around the world formed the Financial Action Task Force (FATF) to create standards and policies that combat money laundering and terrorism financing at both national and international levels.  

The International Monetary Fund (IMF) is another important organization in the fight against money laundering. Formed in July 1944, the IMF was created to reconstruct the international monetary system after World War II. Today, the IMF works to foster global monetary cooperation, financial stability, international trade, high employment, sustainable economic growth, and reduced poverty. It also helps ensure that its 190 member countries comply with international standards to fight terrorism financing.

What are the three stages of money laundering? 

The three stages of money laundering generally consist of:

• Placement of illegal funds in a legitimate financial institution

• Layering and mixing of illegal and legal funds to hide the origin of the illegal proceeds

• Integration of funds back to the criminal

During the placement stage, money launderers use a variety of techniques and venues to hide their funds, such as:

• Legitimate cash businesses (for example, car parks, tanning salons, car washes, and casinos)

• Trusts and offshore companies

• Foreign bank accounts

The layering stage is complex, as money launderers utilize bookkeeping tricks to obscure the audit trail. This can involve:

• Transferring funds from one country to another

• Moving funds between multiple banks or between accounts within the same institution

• Investing in real estate

• Converting cash into money orders, wire transfers, and stocks

In the integration stage, money launderers must extract their funds without triggering attention from law enforcement or tax authorities. They can do this with: 

• Fake employees

• Loans that are never repaid

• Investments into a property, high-end cars, artwork, jewelry, and other high-priced commodities

How is money laundering detected?

Where required under applicable regulations to detect money laundering, covered financial institutions must follow Customer Identification Program (CIP) and Customer Due Diligence (CDD) requirements. Covered financial institutions must verify the identity of customers and the beneficial owners of companies opening accounts, and engage in ongoing monitoring based on client risk profiles.

Know Your Customer (KYC) includes the process of verifying the identities of clients and assessing risk for the purposes of opening an account. Under KYC procedures, clients must provide personal information or credentials (e.g., address, social security number, identification documents like a driver’s license or passport) that prove their identity and address. 

Customer Due Diligence (CDD) is often one component of a financial institution’s KYC procedures and focuses on assessing the risk level of a potential client. Under CDD requirements, in addition to the initial identity verification performed under CIP, financial institutions engage in ongoing monitoring of customer profiles to ensure KYC and CDD remain current and accurate.

How does AML screening and monitoring help prevent financial crimes?

AML helps financial institutions combat money laundering by stopping criminals from engaging in transactions that disguise the origins of funds connected to illegal activity. AML policies also address terrorism financing, which uses similar methods to source and hide funding.

According to the International Monetary Fund (IMF), the money laundering rate is between 2-5% of the world's GDP. Money laundering enables criminals to reap the benefits of crimes such as corruption, tax evasion, theft, drug trafficking, and migrant smuggling. These crimes can diminish the economic resources available to countries and threaten their economic stability. 

US AML regulations were introduced in 1970 to combat money laundering. After the 9/11 terrorist attacks, AML regulations were updated to include measures that seek to prevent terrorism financing. The techniques used to launder money are essentially the same as those used to obscure terrorist financing.

→ Want to fight fraud while handling CIP/KYC requirements? Plaid Identity Verification is the lowest-friction identity verification experience available.

What are the key elements of an AML compliance program?

The five pillars of an AML program are:

• Internal policies, procedures, and related controls 

• Designation of an AML compliance officer

• Ongoing and relevant employee training 

• Independent testing and review for compliance

• Customer Due Diligence (CDD)

Policies, procedures, and related controls

Financial institutions must develop written AML policies and procedures that govern their actions. These policies must be appropriate for the risk profile of the financial institution. Firms can visit the FinCEN website for guidance on CDD and other BSA reports. Broker-dealers and small financial firms can visit FINRA to find templates for setting up their AML programs. The templates include text examples, instructions, relevant rules, websites, and other resources. 

AML compliance officer

Financial institutions must designate an AML compliance officer with the ongoing responsibility to ensure that the institution is in compliance with the BSA. The officer should have the budget, authority, and requisite knowledge and training to manage the program.

Employee training

Employees must be provided with current, tailored, relevant, and ongoing training. Training should be documented, and the amount and frequency of training should be appropriate to the employee’s role and the institution’s risk profile.

Independent review

Independent testing of the compliance program must be conducted by someone with knowledge of the BSA. Independent testing must be conducted by personnel (internal or external) who are independent of the AML functions being tested. 

Customer Due Diligence (CDD)

Financial institutions are required to conduct ongoing CDD and monitoring. This helps maintain and update customer information and risk profiles.

What is a watchlist, and how is it used in compliance?

A watchlist is a database of individuals, companies, and organizations that may present a potentially higher than average risk of money laundering, terrorism financing, or other financial crimes, or with which a financial institution is prohibited from doing business. These lists are maintained by government organizations and regulatory bodies, and financial institutions are often required to screen their customers and transactions against these lists as part of AML compliance. 

Common watchlists used by financial institutions include sanction lists from the U.S. Office of Foreign Assets Control, the FBI’s Most Wanted Watchlist, and the European Union Consolidated Financial Sanctions List. 

By checking new and existing customers against watchlists, financial institutions can identify possible money laundering, block or freeze transactions, and report suspicious or criminal activity to regulators. Screening is not a one-time requirement; institutions must conduct ongoing monitoring to ensure they capture updates to global watchlists and regulatory advisories.

PEP screening

Identify politically exposed persons (PEPs) and their close associates or family members using watchlists. Since these individuals pose a higher risk of corruption and bribery, institutions may apply enhanced due diligence, such as verifying the source of funds and monitoring transactions more frequently.

What are red flags in AML?

AML red flags are indicators of suspicious transactions. Potential red flags could include:

• A significant amount of private funding from an individual running a cash-intensive business. 

• The involvement of a third-party private funder without an apparent connection to the business. 

• Transactions inconsistent with the customer’s known profile or frequent deposits just below the reporting thresholds. 

• Transfers from or to high-risk jurisdictions. 

• Customers who are politically exposed persons (PEPs) or appear on watchlists. 

In 2019, FINRA (the Financial Industry Regulatory Authority) issued Regulatory Notice 19-18 and provided 97 examples of money laundering red flags. FinCEN also regularly issues advisories with updated red flags.

It’s important to note that lists of red flags are not exhaustive and do not guarantee compliance with AML programs. These red flags aren’t always indicative of illicit activities and may not apply to every financial institution, customer relationship, or business activity. Financial institutions must follow a risk-based approach to AML and take the appropriate mitigation measures in accordance with the level of risk.

AML compliance checklist

To summarize, here is an easy-to-follow checklist of components of an AML program to help guide your compliance operations. 

• Risk assessment and policies 

Develop written AML policies, procedures, and internal controls appropriate to your organization's risk profile. The policy should be recorded and accessible to the organization’s senior management, board, staff, and regulations. Conduct a risk-based assessment to identify areas of higher financial crime exposure.

• Designate an AML compliance officer 

Appoint a trained compliance officer responsible for overseeing AML efforts and regulatory compliance. Provide this officer with the appropriate authority, budget, and resources to enforce policies effectively. 

• Customer verification (CIP and CDD) 

Verify customer identity through your Customer Identification Program (CIP). Conduct Customer Due Diligence (CDD) to assess and monitor risk. Apply enhanced due diligence for higher-risk clients, such as international money service businesses or organizations with complex ownership structures. 

• PEP and watchlist screening 

Screen customers against watchlists and sanctions lists. Identify politically exposed persons (PEPs) and their close associates. Apply enhanced monitoring and verification for flagged customers or organizations if appropriate. 

• Transaction monitoring and reporting 

Continuously review transactions for unusual activity or red flags, such as deposit inconsistencies or frequent transfers to high-risk jurisdictions. Report suspicious transactions and activity to regulators as required. In the United States, banks and other covered financial institutions must file a Suspicious Activity Report (SAR) with FinCEN. 

• Training and independent review 

Provide ongoing staff training to ensure employees understand the rules and their role in AML compliance. Organizations should also conduct an independent testing and review program to ensure compliance with AML regulations and requirements.

Why is AML compliance important for financial institutions?

AML compliance is critical for financial institutions to maintain their financial security. It’s also important because:

• AML regulations and obligations are becoming increasingly important to regulators 

• Financial crime continues to evolve

• Financial institutions’ reputations for trustworthiness are at stake

Maintaining an AML program requires serious manual effort, which leads to higher costs. US financial services spend billions to prevent money laundering risk. However, failure to comply can also result in astronomical losses due to fraud and steep fines. In 2024, FinCEN levied a record breaking $1.3 billion fine against TD Bank for violations of AML laws. 

Any AML crisis can negatively impact a financial institution’s brand reputation. Customers value security from fraud with their institution. Organizations that have been investigated or fined for AML non-compliance may seem untrustworthy to customers. As a result, financial institutions may lose customers and market value in an AML crisis.

How can I meet AML requirements? 

Financial institutions can enhance their ability to implement an appropriate AML program by:

• Using technology to conduct ongoing monitoring

• Using data analytics to identify patterns

• Standardizing AML systems

Besides implementing and conducting strong AML compliance programs, financial institutions can use technology, such as AI, for ongoing monitoring. This can help institutions expand their monitoring capacity while allowing their compliance teams to address the accounts that need attention. 

Improved and real-time analytics can help AML officials quickly assess a customer’s level of risk. Analytics can help identify questionable patterns, develop client models, build levels of risk, and flag negative news alerts that bear on the client’s account.

Finally, standardizing systems is a critical need for financial institutions dealing with a network of legacy computer systems. By moving into a fully digital environment, institutions can more easily standardize AML practices across the organization.

Plaid can help your organization meet AML requirements with access to real-time fraud detection, predictive scores, and machine learning-driven risk models.

Conclusion

AML procedures exist to ensure that financial institutions and banks are taking the right steps to fight money laundering and terrorism financing. AML regulations continue to change globally, and the onus is on financial institutions to keep up with and update their AML programs. By stopping criminals from obscuring the origins and locations of their illegal transactions, banks can help promote broader safety and economic security for the world.

Learn how Plaid helps companies limit fraud risk while limiting customer friction.