LibraryblogWhat is AML compliance?

What is AML compliance?

We're taking a deep dive into AML compliance, including the pillars of effective AML compliance programs, how your business can become compliant, and what happens if you fail compliance checks.

Header image
July 1, 2022
Blog Post
AML Screening

AML is an acronym that stands for anti-money laundering. This is a term that’s used to describe the standard controls and protocols that companies must carry out in order to avoid, identify, and report suspicious behavior. 

AML compliance programs help businesses uncover suspicious activities that are associated with criminal acts like money laundering. In the United States, it is a legal obligation for financial institutions to have an AML compliance program in place.

With this in mind, let’s take a look at AML compliance programs in greater detail. We’ll look at the pillars of effective AML compliance programs, how your business can become compliant, and what happens if you fail compliance checks.

What should an AML compliance program do?

A good AML compliance program will ensure that a business can detect any suspicious activities that might be associated with criminal activities. Although an AML compliance program primarily targets money laundering, it can also identify tactics that could be linked to tax evasion, fraud, and terrorist financing.

If a company’s AML compliance program detects any suspicious activities, then these activities must then be reported to the relevant authorities via a suspicious activity report (SAR).

AML compliance programs focus on both internal and external factors. Although they must accurately assess the effectiveness of the systems and controls that have been developed by the business to detect money laundering, they must also analyze the risks posed by the activities of customers.

As a result, an AML compliance program should be built on a strong foundation of regulatory understanding. It must be overseen by personnel who are experienced and knowledgeable enough to create a climate of compliance at every level of their organization.

What is the Bank Secrecy Act? (BSA)

In the United States, the need for businesses to have an AML compliance program in place stems from the Bank Secrecy Act (BSA). Introduced in 1970, the Act requires financial institutions to work with the US government to combat financial crime.

The Act also established the requirements for AML compliance programs, including the fact that financial institutions must adopt policies and procedures to detect suspicious activity and notify the government via the submission of suspicious activity reports (SARs). Since, the USA PATRIOT Act has expanded the definition of an entity required to perform suspicious activity reporting.

The Bank Secrecy Act is administered by the Financial Crimes Enforcement Network (FinCEN), which imposes a variety of compliance obligations on financial institutions.

The pillars of AML compliance in business

According to the Federal Financial Institutions Examination Council’s (FFIEC) Bank Secrecy Act/Anti-Money Laundering examination manual, an AML compliance program must include the following elements:

  • The existence of a system of internal controls to assure ongoing compliance
  • The performance of independent testing for compliance
  • Designation of a compliance officer with responsibility for overseeing day-to-day compliance
  • Ongoing training for employees
  • A risk-based customer identification program (CIP) that allows an institution to establish the identity of its customers
  • Risk-based techniques for conducting ongoing customer due diligence (CDD) and complying with beneficial ownership requirements

How to become AML compliant

All companies that are identified by the Bank Secrecy Act or the USA PATRIOT Act need to create an AML compliance program.

Financial institutions must develop an AML compliance program that suits the needs of their business and the risk profile it faces. However, all AML compliance programs should include: 

Internal systems and controls

The AML program should be built around a set of written rules and procedures that are designed to help employees detect money laundering activities and other forms of financial crime.

Compliance officer

An employee should also be appointed to oversee and implement the development of the company’s AML compliance program and day-to-day compliance operations.

Assuming the role of compliance officer, this employee should provide oversight. They should also arrange for independent audits and examinations of the program.

Staff training

Basic training in AML compliance should also be provided to all members of staff. Employees who have a greater level of responsibility may also need advanced training or certification. This will depend on the purpose of the business and the role of the employees.  

Independent audits

The AML practices of the business should be routinely and regularly reviewed by an independent auditor. A qualified third-party can test the ongoing effectiveness of an AML program to ensure compliance and suggest improvements.

Accurate assessments of customer risk

Businesses must evaluate the risk profiles of their clients and process them accordingly. To do this, they must apply enhanced due diligence and customer due diligence measures.

Risk-based customer due diligence policies and procedures are the cornerstone of a strong AML compliance program. By conducting customer due diligence, financial institutions can understand the types of transactions a customer will engage in. This helps the business determine when transactions may be suspicious.

Banks must implement appropriate risk-based procedures for conducting ongoing customer due diligence. This means they must:

  • Obtain and analyze sufficient customer information to understand the nature and purpose of customer relationships
  • Verify the identity of their customers
  • Conduct ongoing monitoring to identify and report suspicious transactions
  • Maintain and update customer information, including information regarding the beneficial owner(s) of legal entity customers
  • Develop customer risk profiles
  • Ensure they understand the money laundering and terrorist financing risks of each customer  

Accurate reporting and record keeping

The Bank Secrecy Act also outlines the numerous reporting and filing obligations of businesses. Obligations include:

Currency transaction reports

If a cash transaction exceeds $10,000 in value, then the financial institution must file a currency transaction report (CTR). This requirement concerns only the physical exchange of money (cash and paper) between persons.

Many large financial institutions use pieces of software that create these reports automatically.

Form 8300

Certain businesses, including car dealerships and art galleries, must file Form 8300 if they receive more than $10,000 in cash in a single transaction, or in multiple related transactions within 24 hours.

Suspicious activity reports (SAR)

If a business has reason to believe that a transaction is suspicious and may be linked to a BSA violation, then the transaction should be documented in a suspicious activity report.

These transactions are usually flagged by an automated monitoring system, but human administrators are responsible for verifying and reporting suspicious activity. In most financial institutions, a nominated AML officer will be a point of contact for employees reporting suspicious activity. Ultimately, the AML officer is then responsible for submitting the SAR to authorities.

How to file reports

The majority of reports can now be filed electronically using the BSA e-filing system. Organizations simply need to apply for a FinCEN username and password before they use the system for the first time. 

However, as well as filing reports with FinCEN, financial organizations must also keep detailed reports of suspicious activities. In particular, institutions must maintain a log of purchases of monetary instruments (such as a bank, travelers, and cashiers’ checks) of between $3,000 and $10,000. In these instances, the log must record and verify the identities of purchasers, and aggregate the value of their transactions.

What happens when you fail compliance checks?

Achieving Bank Secrecy Act compliance is critical for financial institutions. It shows that the organization is committed to helping law enforcement organizations tackle financial crime.

The US government is committed to fighting money laundering. As a result, financial institutions that fail to adhere to the requirements of the Bank Secrecy Act face major penalties.

The exact sanctions faced depend on the violation. For example, record-keeping violations generally incur a $10,000 fine. However, more serious infractions can see fines of up to $200,000.

That said, if particularly severe breaches of the rules are uncovered, then fines can extend into millions and even billions of dollars. The current record for Bank Secrecy Act violations stands at $613 million. However, one multi-national bank recently paid a record $1.9 billion as a settlement for money laundering activities.

Although the financial consequences of non-compliance can be huge, institutions that violate the BSA will also suffer from reputational damage. This means they will also lose the confidence of their customers and their employees.

Book a consultation with Veriff

Complying with the Bank Secrecy Act is an ongoing administrative challenge. However, establishing an AML compliance program is mandatory. Plus, as the fines displayed above have shown, spending the time and resources to create a top-tier AML compliance program could save you money in the long-term.

Thankfully, by enlisting the help of tools and software, you can also make the AML compliance process quicker and simpler. For example, our AML and KYC compliance solution can help you verify the identity of your customers, check them against PEP and sanctions watch lists, and provide ongoing monitoring.

With accurate, automated decision-making, Veriff stops bad actors from exploiting financial services, crypto companies, and industries of all kinds. Plus, you can check that your customers aren’t on any global sanctions and politically exposed persons lists, and monitor their risk profile on an ongoing basis.

Take a look at our pricing plans today to discover how much our identity verification options will cost your business. We understand that no two companies have the same KYC and fraud prevention needs. This is why we adapt to your requirements.

To discover exactly how we can support your business, book a personalized consultation and demonstration from an identity verification and KYC expert on our team today.