LibraryblogHow to maintain AML compliance

How to maintain AML compliance

When developing your policies, you should make your due diligence process a focal point. You should outline the exact checks you need to carry out and the reasons why you may carry out enhanced due diligence. You should also then state what forms of ongoing monitoring you’ll conduct and how your business will mitigate against risk.

Header image
December 19, 2022
Blog Post

Putting an effective anti-money laundering (AML) program in place is one of the best ways you can protect your business from money launderers and other financial criminals.  

Depending on where your business is located and the jurisdictions you operate in, you’ll have different AML rules you need to follow. In the US, the Bank Secrecy Act states that all financial institutions must develop and implement AML compliance programs. In addition, members are also governed by the anti-money laundering rule in FINRA Rule 3310. 

This rule sets the minimum standards for AML compliance programs, which must be designed to achieve ongoing compliance with the requirements of the Bank Secrecy Act. Consistent with the Bank Secrecy Act, FINRA Rule 3310 also requires firms to take a number of other steps to ensure they maintain AML compliance. These steps include:

Appointing an AML compliance officer

Each company must nominate an AML compliance officer who is responsible for implementing and monitoring their firm’s AML compliance program. The responsibilities of this role include:

  • Performing internal audits
  • Developing appropriate guidelines, policies, and procedures
  • Developing and delivering staff training
  • Performing risk assessments
  • Ensuring processes are followed by all staff members
  • Reporting suspicious activities/transactions
  • Organizing independent audits

As you can see from the AML officer’s key responsibilities, this is a senior position. Due to this, your chosen AML compliance officer must have the correct accreditation and relevant expertise in the financial sector, preferably in AML compliance, legal, or internal risk audits.

Provide employee training on money laundering

Employee training should be a centerpiece of your company’s anti-money laundering compliance policy. AML training should be given to every member of staff who deals with either customers or transactions. This includes your compliance and audit teams, senior management team, and anyone who comes into direct contact with a customer, such as a member of your customer services team.

Each of these members of staff must have a detailed understanding of your company’s policies and procedures. They also need to understand:

  • The legal requirements of the business
  • The techniques used by money launderers to bypass AML systems
  • The checks they need to carry out
  • How and when suspicious activities should be reported

Your training program should be specific to your business and the risks it faces. That said, popular training topics include: 

  • The consequences of failing to comply with AML laws
  • The importance of spotting and stopping financial crime
  • A detailed review of anti-money laundering regulations
  • An overview of penalties for non-compliance with AML laws

Remember, training isn’t a one-off obligation or a box-ticking exercise. This means that you should also offer refresher programs that will help keep staff vigilant and informed. It will also ensure that the program is kept up-to-date and reflects any regulatory changes. 

On top of this, refresher courses should also be administered to all staff members if one of your employees has been involved in money laundering or has failed to spot dirty money passing through your system. This is because this incident means your existing policy was ineffective and must be amended.

Perform money laundering risk assessments

Recommendations from the Financial Action Task Force state that you must also perform a money laundering risk assessment. As part of this, your business must assess all money laundering and terrorist financing risks it faces, including factors relating to customers, countries or geographic areas, as well as products, services, transactions, and delivery channels.

You should start this process by conducting a business-wide risk assessment. This will help you understand the risks in your jurisdiction and niche. Of course, determining risk is not an exact science. For this reason, you should focus on creating dynamic, dependable, and adaptable policies and procedures.

Regulators now advocate a risk-based approach to compliance. This means that you should think systematically about your business, customers, partners, and regulators. 

When developing your program, you must remember that no two institutions face the same set of AML risks. There’s no one-size-fits-all solution to compliance and individual institutions are expected to build a solution that works for their risk profile. As a result, when devising your risk-based approach to AML, you must take into account factors like the products and services you offer, your customers and clients, and your geographic location. 

All risks associated with your customers and business relationships should be covered by your customer due diligence (CDD) policies and procedures. This means you should select an appropriate level of CDD for each individual customer, rather than following the same CDD process for everyone.

All of your basic CDD measures should:

  • Identify the customer and any beneficial owners and legal representatives (if applicable)
  • Verify the customer’s identity on the basis of reliable and independent sources. Where applicable, you should also verify the beneficial owner’s identity
  • Establish the purpose and intended nature of the business relationship
  • Help you understand what ongoing monitoring methods you need to put in place

These initial checks may then reveal that enhanced due diligence measures (EDD) are required because the customer poses a significant level of risk.

By adapting your customer due diligence measures based on the customer’s risk profile, you can ensure that your anti-money laundering compliance program is robust, but does not place a significant burden on honest and low-risk customers. With the help of flexible CDD approaches, your compliance efforts can protect the organization but also provide a quick and seamless experience for your customers. 

Develop internal AML policies and procedures

In order to properly manage risk and maintain regulatory compliance, your business needs to develop a set of internal AML policies and procedures. These can then take the form of AML guidelines that members of staff can follow and regulators can inspect/review.

When developing your policies, you should make your due diligence process a focal point. You should outline the exact checks you need to carry out and the reasons why you may carry out enhanced due diligence. You should also then state what forms of ongoing monitoring you’ll conduct and how your business will mitigate against risk.

On top of this, you should also provide details on how you will report suspicious transactions and whether you will use a transaction monitoring system to help with this process. 

Crucially, once you’ve decided on your company’s internal AML policies and procedures, you must commit them to paper. Within your document, you should clearly state:

  • The identification policies you have in place
  • The reporting processes you’ve created
  • Your record retention policy
  • The regulations you’re complying with and how you’re achieving compliance

By writing out your policies, you can make sure they can be viewed by staff members, executives, and regulators whenever required. Remember, it’s vital that your staff members are aware of their own roles and responsibilities within the AML program. This document (alongside the training you’re providing) will help with this.

As well as writing down your policies, you should also write down when you intend to review them, measure their effectiveness, and make any changes.

Detect suspicious activity and report it

By identifying your customers, verifying their identities, and then performing due diligence, you can stop fraudsters from accessing your services or opening an account. However, on occasion, previously onboarded and honest customers can begin to act suspiciously. It’s your job to spot this suspicious behavior and report it to the appropriate authorities.

Reporting is one of the main requirements of an anti-money laundering program. If a financial organization has reason to suggest that certain funds were accumulated illegally or are linked to fraud and terrorism, it must promptly report them to a financial intelligence unit.

Reporting triggers include:

  • Abnormally large transactions or cash payments
  • Bank accounts that are opened with insufficient client information
  • A client submitting fake or manipulated information
  • Unusual customer requests, such as requests to bypass AML procedures or expedite transitions
  • Transactions that don’t appear to be commercially viable
  • Attempts to avoid reaching reporting thresholds

Organize independent AML audits

Once you have your anti-money laundering compliance program in place, you should get it reviewed by an independent auditor. This individual will be able to help you spot weaknesses in your risk assessment and compliance program. These audits are usually carried out every 12-18 months. However, institutions working in particularly high-risk areas might consider a more frequent schedule than that.

Generally speaking, the auditor will check all of your AML/KYC due diligence procedures, compliance training, monitoring procedures, and reporting systems. 

The independent auditor you use must have sufficient AML expertise. It’s not enough for this individual to examine your existing policies and procedures. Instead, they must have the ability to spot weaknesses and make proper recommendations for improvement. This individual should also have no connection to your company and must not have participated in developing your organization’s AML compliance program.

How Veriff can help you with AML screening

If you’re developing an anti-money laundering compliance program, then you need to consider how you can automate the AML and KYC process to improve efficiency and accuracy.

Our class-leading AML screening solution can help you achieve regulatory compliance while also increasing conversions. It does this by verifying the identities of your customers, conducting politically exposed persons (PEP) and sanctions checks, screening for adverse media, and providing ongoing monitoring. As a result, it reduces risk for your business at every turn.

By harnessing the power of artificial intelligence, our solution can conduct the AML and KYC checks you require in a matter of seconds. It also increases accuracy and reduces false positives, smoothing the onboarding process for the customer.

As an added bonus, due to the increase in accuracy and convenience it provides, our solution can also help you increase conversions by up to 30%.

See how Veriff’s AML screening solutions can help you - Book a demo

Interested in learning more about how our AML screening solution can help your business meet its AML compliance obligations? Book a no-obligation demo with our experienced and knowledgeable team today.

We’d love to show you how our tools will fit in with your anti-money laundering compliance program and help you achieve compliance.