This guide helps businesses develop an AML compliance program to keep customer onboarding effective.
An effective Anti-Money Laundering (AML) program is one of the keys to protecting businesses from illicit money and fines for regulatory non-compliance.
Let’s start from the basics. Regulatory compliance is a set of procedures that businesses must follow to comply with laws and regulations. And there are many different rules to follow. Some are international, such as the Financial Action Task Force’s (FATF) Recommendations or the European Union’s AML Directives. While others are national, such as the Bank Secrecy and Patriot Acts in the US. Then you have country-specific regulators that regularly amend AML guidelines in their respective jurisdictions.
So, depending on the industry, businesses need to keep an eye on dozens of AML guidelines, rules, and regulations. This mostly relates to banks, law firms, casinos, tax advisors, forex brokers and a number of others.
AML best practices continue to advance in order to keep such businesses stress- and fraud-free. However, incorporating new measures doesn’t always come smoothly. Business owners have to invest time and resources in renovating their Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) policies and building reliable AML programs.
This article will guide you through the process of building an AML compliance program for your business, with insights from the experts at Sumsub.
An Anti-Money Laundering (AML) compliance program combines everything a company does to meet AML compliance norms: built-in internal operations, like employee training, user-processing policies, accounts monitoring and detection of suspicious operations, as well as AML reporting.
The aim of an AML compliance program is to detect, respond, and eliminate inherent and residual money laundering, terrorist financing, and fraud-related risks.
An effective AML compliance program won’t let suspicious customers and transactions enter the financial system. However, criminals constantly invent sophisticated methods of money laundering and fraud to fly under the radar. Therefore, it’s essential to develop an AML program that can handle new and complex fraud attempts. Otherwise, businesses expose themselves to financial and reputational losses.
What impacts AML compliance. Before creating a compliance program, an organization has to summarize and define its potential risks and legal obligations.
To develop a strong AML compliance program, businesses have to follow a few steps.
This guide contains the steps to developing an effective compliance program:
… or a MLRO (Money Laundering Compliance Officer) to handle all things compliance.
AML legislation in most countries requires obliged entities to appoint an AML compliance officer. This person handles everything related to the compliance program: internal audits management, compliance analysis, development of appropriate guidelines, employee training programs, etc.
Candidates for this position must possess expert knowledge of regulatory data sources, compliance analysis tools, and demonstrate expertise in relevant regulations.
In addition, a compliance officer needs to have extensive experience in the financial sector, preferably in AML compliance, legal or internal risk audits. Another must is appropriate certification (CAMS, CAFP, CRCM, etc).
It is necessary to design an employee training program to meet the AML requirements of the company. The program should be scheduled in accordance with recent changes in legislation or after serious incidents, such as employees involved in money laundering. If such incidents occur, it means that existing policy is ineffective and must be amended.
To have proper protection from money laundering, entities should have internal controls across all departments and branches.
Who to train: compliance and audit teams, senior management, high-risk departments that come into direct contact with clients.
Training topics:
How to train: There are some conventional training methods that are commonly used onsite, online, through third-parties, or with the help of experienced employees:
Of course, every company has to consider its AML steps depending on the industry and business specifics.
FATF recommendations require that financial institutions take steps to identify and assess their money laundering and terrorist financing risks, including factors relating to customers, countries or geographic areas, as well as products, services, transactions, or delivery channels.
One of the most important points is the Business-wide risk assessments which should help understand the risks in a particular AML jurisdiction.
ML/TF risks associated with business relationships should be covered by Customer Due Diligence (CDD) policies and procedures. This means deciding on the appropriate level and type of CDD for a given customer base.
Initial CDD measures should include at least the following:
Next, the entity is required to develop policies and procedures to detect, monitor and report, where applicable, customers and transactions which pose high risk due to common risk factors, such as high-risk countries, PEPs, due diligence results, etc.
To handle ML/TF risks and maintain regulatory compliance financial entities have to develop and implement internal AML guidelines.
Every financial institution has to perform due diligence procedures that follow both regulatory compliance demands and internal policies. Obliged firms must perform Customer Due Diligence (CDD) and monitoring procedures in respect of both natural and legal persons. The practices may vary depending on the nature of ML risks and size of the firm.
Here at Sumsub, our AML solutions and AML systems are approved by major regulators like FINMA, FCA, CySEC and MAS.
A powerful reporting system can immediately deliver information about money-laundering activity to relevant authorities.
Suspicious transactions must be reported to management first. Then, based on the evidence at hand, the MLRO is supposed to decide whether it is necessary to report it to the appropriate Financial Intelligence Unit (FIU) or not.
First of all, it is necessary to quickly expose red flags, such as:
The full list of suspicious triggers could be found here.
Reporting is one of the main requirements of AML compliance. Based on Recommendation 20 of the FATF, if a financial organization has reasons to suggest that certain funds were accumulated illegally or are linked to fraud and terrorism, it must promptly report them to a FIU.
Getting reviewed by an independent auditor is a great way to spot weaknesses in a company’s risk assessment and compliance program. The review would include the check of KYC due diligence procedures, compliance training, monitoring, and reporting systems. Financial regulators use such audits to check whether companies are successful at preventing money-laundering crimes.
Section 59(2) of the New Zealand AML/CFT Act obliges companies to carry out an independent audit every two years or upon a supervisor’s request.
Criteria for selection: An independent auditor must have sufficient AML expertise not only to examine existing policies and procedures, but to make proper recommendations for their improvement, if necessary. Under section 59B(3) of the NZ AML Act, the auditor must not have participated in developing the organization’s AML compliance program.
Sumsub commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study to examine the potential value of its platform. The TEI concludes that companies that invest in Sumsub can experience an 240% ROI. This study is designed to help you evaluate Sumsub’s potential financial impact on your company. To that end, Forrester anonymously interviewed four Sumsub customers, aggregated their experiences and benefits, and combined the results into this report.
AML compliance is adhering to a set of requirements aimed at combating money laundering and other financial crimes.
A set of measures to be adopted in order to keep money laundering out of a company’s business.
Exact requirements vary from one country to the other. However, the following institutions typically have to comply with AML regulations:
You can learn about the six critical components of an AML compliance program by reading The Sumsuber.