Anti-money laundering, or AML, strategies are a vital part of every bank, credit union, and financial services organization. But before you can implement and carry out a successful AML policy, you need to be completely clear about everything involved.
Read on to learn more about what money laundering is, why it’s so important to prevent it, how AML has evolved, and what’s involved in AML today.
Overview: what is money laundering?
When criminals earn money from illegal activities, that money is considered “dirty money.” To hide the criminal origins of the funds and avoid having to pay taxes in it, they’ll put it through a process to make it appear “clean.” That process is called money laundering. Money laundering typically has three phases: placement, layering, and integration.
Money laundering phase 1: placement
Placement involves introducing the illicit money into the legitimate financial system. One traditional method is to pay cash for expensive items like jewelry or cars. Money launderers also use cash smuggling, moving the money to another country to obscure its origins; or structuring or smurfing, which are two ways to break a large amount down into smaller sums, each of which comes in below the threshold that requires investigation or reporting. Launderers may put the money into shell companies or front companies that have some legitimate operations, and then mix the illicit funds with their legitimate revenues to blur its origin. Traditionally, placement was done via hard currency (banknotes/ physical cash). Currently, digital channels offer new, frictionless ways for legitimate payroll to be sent directly to illicit service providers in what is known as a ‘conversion transaction.’
Money laundering phase 2: layering
With layering, criminals move money around between different locations to obscure its original source and break the “paper trail” marking it as “dirty money.” To make it harder to follow the money, they’ll commonly transfer funds between accounts in multiple banks and ideally multiple countries, often using cashier’s checks and money orders. Effective layering may include the cooperation of gatekeeper professionals such as attorneys, accountants, or even bank insiders. Whatever method they use, the goal is to get the funds to a state where they appear to have originated from legitimate activity.
Money laundering phase 3: integration
Integration refers to using the laundered money to buy assets, often property or luxury goods, or to reinvest the funds into the criminal enterprise. Just like honest business people, criminals also want to run a profitable organization, live a luxurious lifestyle, and prepare for their retirement, so they’ll use their laundered money for the same goals. As such, successful integration minimizes tax liability and may also be reinvested in the criminal enterprise operations and infrastructure.
Money laundering doesn’t always precisely follow these 3 steps. Sometimes, one or more could be skipped or blurred into the next. That said, the 3-step money-laundering model is useful to help AML investigators know what to look for.
Why is AML so important?
Obviously, no ethical bank or financial institution wants to help criminals to launder their dirty money and get away with crime. But the importance of compliance with AML regulations goes far deeper than that. Financial services providers could end up facing serious consequences if they don’t adequately carry out AML activities.
Risk management is inherent in any business, and the risk of money laundering occuring at a financial institution is high. Assessing that risk, then writing controls into policy so that effective processes can be put in place, are all crucial to managing AML risk. Various laws require this, depending on the country and jurisdiction, but it is also good business practice. Failure to control money laundering in an institution tends to behave like a ‘hydra’ of risk, with unfixed problems breeding compliance risks, legal risks, reputational risks, and more. Once a financial institution loses the trust of its regulators and clients, collapse is nearly inevitable. Ensuring that ‘clean’ money isn’t competing with an influx of ‘dirty’ money therefore protects customers, the institution, and the financial system as a whole.
The consequences of lack of AML compliance for banks
In the United States, as in many other countries, financial institutions must report suspicious activities to authorities, or face criminal investigations and prosecutions. Law enforcement agencies such as the FBI, IRS, Drug Enforcement Administration (DEA), Homeland Security Investigations (HSI), and Postal Inspectors utilize data from Suspicious Activity Reports (SAR), and collaborate on money laundering investigations, so they have plenty of opportunity to spot lapses in reporting compliance.
AML violations can result in both civil and criminal penalties against the bank or individuals within the bank, ranging from fines and cease and desist orders to asset forfeiture and imprisonment. Regulators have the authority to revoke or suspend banking licenses, charters, or operating permits for institutions found to have significant deficiencies in their AML programs.
Banks and financial institutions could also face an escalating series of regulatory enforcement actions for AML compliance failures. Regulators conduct examinations, audits, and investigations to assess compliance, and may impose sanctions and corrective measures for deficiencies in AML programs. Such repercussions cause significant reputational damage, and can potentially spark class action lawsuits from shareholders or customers affected by these penalties.
Penalties for money laundering for individuals
Structuring, or the deliberate evasion of currency transaction reporting requirements by conducting transactions in amounts below the reporting threshold, is a crime punishable by fines and imprisonment.
Additionally, even criminals may owe tax on their illicit funds. Using money laundering tactics to evade tax payments is also a federal crime, which is why the IRS is a significant consumer of SAR data.
Legitimate customers should be aware that some activities can generate suspicion of money laundering, even if their actions are totally legal, like repeatedly depositing large sums of cash that come in just under the reporting limit. Banks may decide to remove customers that do this without even warning them (say after repeated SARs, which the customer would not be aware of), in order to avoid the risks of being involved in money laundering.
The money laundering process is also inherently fraudulent, and usually involves electronic transfers as well as fraudulently obtained mule, load, and drop accounts. Such methods quickly run afoul of criminal statutes used to prevent wire fraud and related crimes.
The historical evolution of AML
Although tax authorities have been trying to trace and prevent money-laundering activities for decades, if not centuries, the history of AML is usually agreed to begin in 1970, when the US Congress passed the Bank Secrecy Act (BSA), which introduced requirements for banks and other financial institutions to keep records about and report transactions (Currency Transaction Reports, or CTRs). The goal of the BSA was to resolve the government’s inability to detect and prevent money laundering.
Two Supreme Court challenges, in 1973 and 1976, effectively established the power of the BSA. This was further consolidated in the 1980s, through two major pieces of legislation. The 1986 Money Laundering Control Act defined money laundering as a federal crime and specifically outlawed “structuring” to avoid filing a CTR. The 1988 Anti-Drug Abuse Act expanded financial institutions to include businesses like car dealerships and real estate companies, which now had to also file CTRs on large transactions.
Throughout the 1990s, AML legislation was gradually strengthened. The Financial Crimes Enforcement Agency (FinCEN) was created, and laws like the Annunzio-Wylie Anti-Money Laundering Act, the Money Laundering Suppression Act, and the Money Laundering and Financial Crimes Strategy Act increased the consequences for BSA violations, required banks to carry out AML training, and introduced Suspicious Activity Reports (SARs) to standardize the reporting of suspicious activity.
In 2001, after the September 11 attacks, the US Patriot Act reinforced the BSA, putting responsibility on financial institutions to investigate customers and verify that they aren’t involved in financing terrorism, money laundering, or other suspicious activities. This is typically known as Know Your Customer, or KYC. It also enhanced requirements for due diligence and AML procedures, and improved information-sharing between financial institutions and the government.
Most recently, the Anti-Money Laundering Act 2020 (AMLA) was passed in 2021 to bring the BSA up to date. It addresses emerging technologies like cryptocurrencies and exchange service providers, and newer threats like shell companies. The AMLA also increased penalties for money laundering violations, pushing KYC processes like Customer Risk Rating (CRR), Customer Due Diligence (CDD), and Enhanced Due Diligence (EDD) to the fore.
What are the key components of an AML program?
Although there are many elements that you’ll want to include in your AML program, any successful policy needs to cover the “five pillars” of AML:
- Designating a BSA/AML officer
- Establishing internal controls
- Setting up ongoing training programs
- Planning for independent audits
- Running KYC processes that include risk assessments and due diligence
Designate a BSA/AML compliance officer
Appointing someone to oversee your AML program is a vital first step. A compliance officer will be responsible for developing and implementing effective AML policies and procedures, ensuring compliance with AML laws, and communicating with regulatory agencies and law enforcement regarding AML matters. This helps to streamline communication and enhance accountability around the detection and reporting of suspicious activities
Establish a system of internal controls
A system of internal controls is essential for managing and mitigating the risks associated with money laundering and terrorist financing within a financial institution. These controls need to encompass policies, procedures, and mechanisms designed to detect, prevent, and respond to suspicious activities effectively. To comply with AML regulations, they’ll include customer due diligence (CDD) processes, transaction monitoring systems, and Segregation of Duties (SOD) practices that prevent any conflicts of interest.
Set up ongoing training programs
Continuous education empowers employees to effectively combat financial crime, reducing the risk of compliance breaches and fostering a culture of vigilance and compliance. Comprehensive training programs on topics such as CDD, transaction monitoring, red flags, and regulatory reporting requirements are critical for ensuring that everybody is knowledgeable and up-to-date on AML laws, regulations, and best practices.
Plan for regular independent audits
Independent audits conducted by external auditors or internal audit teams provide valuable insights into the strengths and weaknesses of the AML program, helping institutions address vulnerabilities, enhance controls, and demonstrate compliance. The process involves assessing adherence to AML policies, procedures, and regulatory requirements, as well as identifying any deficiencies or areas for improvement.
Run KYC (Know Your Customer) processes
KYC programs are fundamental to AML efforts. KYC processes involve collecting and confirming customer information, such as identification documents, business activities, and beneficial ownership structures, so as to verify customer identities and assess the risks associated with their relationships. By understanding customer backgrounds, financial institutions can identify and mitigate the risks of money laundering, fraud, and other illicit activities, and tailor their due diligence efforts according to customer risk profiles.
International and national AML standards
There are several international and national standards and regulations aimed at combating money laundering and terrorist financing. Here are some of the key ones that AML units need to be aware of.
Financial Action Task Force (FATF)
The FATF is an intergovernmental organization that sets international standards for combating money laundering and terrorist financing. It has 14 recommendations that provide a framework for countries to establish robust AML regimes and enhance international cooperation in combating financial crime.
These recommendations include setting up Financial Intelligence Units (FIUs) to coordinate AML management; enacting AML legislation; requiring banks to establish AML procedures and carry out customer due diligence; suspicious transaction reporting; international cooperation; and the regulation of designated non-financial businesses and professions.
Basel Committee on Banking Supervision (BCBS) Standards
The BCBS, part of the Bank for International Settlements (BIS), is an international consortium that issues standards and guidelines for banking supervision. While not solely focused on AML, the BCBS has issued guidance on customer due diligence and banking relationships, to help banks mitigate AML risks.
Wolfsberg Group Principles
The Wolfsberg Group is an association of global banks that develops industry standards and guidance on AML, anti-corruption, and other financial crime issues. The Wolfsberg Principles serve as guidelines on various aspects of AML compliance, including customer due diligence, correspondent banking, and trade finance.
Bank Secrecy Act (BSA) and PATRIOT Act (US)
In the US, the BSA establishes requirements for financial institutions to develop and maintain AML programs, report suspicious transactions, and conduct customer due diligence. Additionally, the USA PATRIOT Act introduced enhanced AML provisions, such as requirements for customer identification programs (CIP) and beneficial ownership disclosure, to crack down further on money laundering that finances terrorist operations.
Anti-Money Laundering Directives (EU)
The EU has implemented several directives aimed at harmonizing AML/CFT regulations across member states. The Fourth and Fifth EU Anti-Money Laundering Directives (AMLD) set out requirements for customer due diligence, beneficial ownership disclosure, and the establishment of national AML authorities. The Sixth AMLD introduced further measures to enhance AML supervision and enforcement.
Money Laundering Regulations (UK)
In the UK, the Money Laundering Regulations establish requirements for businesses to implement AML controls, conduct customer due diligence, and report suspicious activity to the National Crime Agency (NCA). The regulations apply to a wide range of sectors, including financial services, legal, accounting, and real estate.
Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) (Canada)
In Canada, the PCMLTFA sets out AML requirements for financial institutions, designated non-financial businesses and professions (DNFBPs), and casinos. The legislation mandates customer identification, transaction monitoring, and reporting of suspicious transactions to FINTRAC, Canada’s central AML and financial regulations authority.
Many countries also have their own FIU, or Financial Intelligence Unit, which is a government agency responsible for receiving, analyzing, and disseminating financial intelligence related to suspicious transactions, money laundering, and terrorist financing. These include:
- Financial Crimes Enforcement Network (FinCEN) in the USA, which collects and analyzes financial transaction data and administers and enforces the BSA.
- The Financial Intelligence Unit of the United Kingdom (UKFIU), part of the National Crime Agency (NCA), serves as the central agency for receiving and analyzing SARs in the UK.
- The Australian Transaction Reports and Analysis Centre (AUSTRAC) is responsible for monitoring and regulating financial transactions in Australia .
- Tracfin is the French FIU, working under the Ministry of Economy and Finance to receive, analyze, and disseminate financial intelligence to combat money laundering.
- Financial Intelligence Unit of India (FIU-IND) is India’s central body for collecting reports of suspicious financial transactions and sharing intelligence with law enforcement authorities to combat financial crimes.
- The Egmont Group is a global network of over 160 FIUs from around the world that facilitates international cooperation and information exchange in the fight against financial crime.
What AML regulatory bodies are there?
As well as the above-mentioned FIUs and international AML authorities, there are also a number of regulatory bodies in the US that are responsible for AML compliance in different jurisdictions.
Office of the Comptroller of the Currency (OCC)
The OCC is a federal agency that regulates and supervises national banks and federal savings associations. It oversees compliance with AML laws and regulations, conducts examinations of financial institutions, and takes enforcement actions to address deficiencies in AML programs.
Federal Deposit Insurance Corporation (FDIC)
The FDIC is an independent agency that insures deposits at banks, and also serves as a banking regulator. It examines financial institutions for compliance with AML laws and regulations, in coordination with other federal and state agencies.
New York State Department of Financial Services (NYDFS)
The NYDFS regulates and supervises financial institutions operating in New York State, including banks, insurance companies, and other financial services providers. It enforces AML laws and regulations and conducts examinations to ensure compliance with AML requirements.
New York Attorney General’s Office
Thanks to New York’s prominence as a center for financial operations, the New York Attorney General’s Office has a lot of power. It plays a role in enforcing AML laws and regulations, particularly concerning financial crimes and consumer protection.
The California Department of Financial Protection and Innovation (DFPI),
In California, the DFPI, formerly known as the Department of Business Oversight (DBO), is the primary regulatory agency overseeing AML compliance in financial institutions, including banks and credit unions.
California Attorney General’s Office
The California Attorney General’s Office may also be involved in enforcing AML regulations, particularly concerning financial crimes and consumer protection. It has jurisdiction over various legal matters, including investigations and prosecutions related to money laundering and financial fraud.
For financial services providers, AML is a serious issue
With so many detailed laws aiming to prevent money laundering, and such serious consequences riding on compliance, it’s not surprising that AML is at the top of every bank and financial institution’s list of priorities.
