AML for Fintech: Complying With Anti-Money Laundering Regulations

Since the Bank Secrecy Act (BSA) was first enacted in 1970, the U.S. government has strengthened the anti-money laundering (AML) regulations several times, including in 2020 and 2021. These changes were necessary because financial criminals have become more sophisticated and now use advanced technology to mask their crimes. Too many are still successful at hiding their ill-gotten gains in legitimate businesses, despite the effectiveness of the AML system.

AML regulations help curb financial crimes such as terrorist financing, financial fraud and human trafficking. These regulations are absolutely necessary to reduce the risk of money laundering, but keeping the financial system free of these crimes is a difficult burden for affected businesses, such as financial technology (fintech) firms, banks, investment firms, credit unions, cryptocurrency brokers and any other type of financial institution.

The fintech industry in particular is focused on improving its AML compliance. In this article, we’ll cover what fintech companies need to do to stay AML compliant — including insights on how they’re regulated and how they are materially affected by these regulations.

What Is Needed For AML in Fintech?

Fintech companies must have certain risk management components meant to mitigate financial crime risk. According to the Federal Financial Institutions Examinations Council (FFIEC), the following elements are required for them to stay AML-compliant.

Effective AML compliance programs

Under current U.S. regulations, an AML compliance program must include the following elements:

  • Compliance officer — An individual tasked with overseeing day-to-day AML compliance.
  • Ongoing training — In addition to onboarding training, financial companies must provide regular training sessions on AML regulations, including the recent updates to legislation.
  • Transaction monitoring — While monitoring transactions of $10,000 and over is required, financial institutions must also look for suspicious transactional patterns, such as those from questionable off-shore accounts and others that might mask the illegal source of funds.
  • Sanctions screening — Financial institutions must also screen their clients to ensure they are not on sanctions lists.
  • Suspicious activity reporting (SAR) — To stay in compliance with AML, companies are required to submit their SARs to the Financial Crimes Enforcement Network (FinCEN) no later than 30 calendar days after detecting an irregularity.

Similar AML compliance program requirements are enforced in the European Union as well to combat money laundering and terrorist financing.

KYC in Fintech

One of the major AML components is KYC or “Know Your Customer”. AML regulations require the financial industry to be proactive and not simply reactive to financial crime. That means that financial companies must verify the identity of new customers before engaging in financial transactions with them.

This requirement also extends to fintech companies, although it has proven especially difficult for them to implement, largely because fintech onboarding policies have emphasized a frictionless experience for new customers. Their process has at times been so frictionless as to have little to no identification standards for these new customers.

Since KYC requires the stringent verification of new customers, fintech companies must integrate stricter procedures into their customer onboarding process, including such actions as:

  • Requiring passports, driver’s licenses or government-issued ID cards
  • Incorporating the use of “on-the-spot” selfies for comparison to the photos on their IDs
  • Requiring proof of address

After onboarding, fintech companies should also implement a strong form of authentication, such as biometric verification, to ensure the person signing in is the same as the person who onboarded.

CDD in Fintech

Another core part of AML is Customer Due Diligence (CDD). For financial companies, including fintech, CDD is a set of risk management tactics for ongoing monitoring of customer activity. The U.S. government and European Union require that fintechs actively vet their customers and their customers’ transactions for signs of money laundering.

CDD requirements include:

  • Verifying their customers’ identity
  • Determining the identity of beneficial owners with a stake of 25% or more in any company wanting to open an account
  • Developing AML risk profiles
  • Monitoring accounts to spot and report suspicious transactions

Fintech companies need to improve their CDD practices and develop their own risk profiles while onboarding new customers. This process should rate politically exposed persons (PEPs), customers from certain regions and customers in certain industries as being of higher risk than other clients.

Once fintechs identify high-risk clients, they will be better able to screen them further by more carefully monitoring their transactions and tracking any adverse media.

How Do AML Regulations Impact Fintech Companies?

Fintech companies, like all financial organizations, are required by law to monitor customers, analyze their transactions, note unusual customer activity and report any suspicious transactions to the appropriate authorities.

To follow AML regulations, fintech companies must be aware of the following:

Customer conversion rates

Fintech companies may well experience slower customer conversion rates when implementing stronger AML measures, at least initially. For instance, the onboarding process will require more time and effort on the part of clients to complete. More secure log-in and transaction measures can also slow things down. However, the implementation of new AML technology and intelligent orchestration can counter and even eliminate some of these issues.

Slower transaction speeds

These AML protections can also slow down transaction speeds due to the layers of necessary authentication. Money launderers have long been exploiting the speed of online banking transactions to escape detection during routine monitoring. Slowing things down is an annoyance to customers but may be necessary to battle financial criminals.

False-positive AML alerts

Predictably, screening for money laundering will sometimes produce a false-positive AML alert. Something as simple as a misspelled name can cause this issue. Thus, positive matches may require manual screening to separate the legitimate alerts from the mistaken ones. Again, advanced software programs can greatly reduce this burden on fintech companies.

Tricky cross-border transactions

Efficient cross-border transactions are key to business profitability worldwide, but these transactions have proven to be a boon to money launderers since screening them is more complicated and unwieldy.

In 2020, for example, the U.S. proposed changes to the process that requires the collection and transmission of more data for transactions of $250 or more. The need to monitor these transactions conflicts with the speedy completion of these vital transactions.

New technologies and strategies that bypass AML programs

As AML measures change and improve, so do the strategies employed by financial criminals.

Some have embraced cyber currency as a harder-to-detect mode for laundering money. Many have learned to move their money through smaller and irregular transactions.

Others embrace technology that helps them mask their criminal activity. Currently, the AML system is not as flexible as it needs to be to shut down all the clever bad actors.

Why KYC Isn’t Enough

A Guide to Fighting Fraud and Financial Crime from Onboarding to Ongoing Monitoring

Technology for More Efficient AML Compliance

All is not lost, of course. Fintech companies can improve their AML compliance by using the following techniques:

  • Automation — Software that can eliminate much of the manual transaction checking.
  • Artificial intelligence — Used by financial institutions to measure risk and identify financial crime in real-time.
  • BlockchainBlockchain for faster and more secure transaction options when using virtual currency.

How Are Fintech Companies Regulated for AML?

Fintech companies and other financial service providers are regulated in the U.S. by FinCEN, which is a part of the U.S. Treasury Department, as well as the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC) and state regulators — and countries around the globe have their own regulatory agencies, too. For instance, the UK has the Financial Conduct Authority (FCA). The Financial Action Task Force (FATF) functions as a global AML watchdog.

Fintech companies face scrutiny by all levels of government and law enforcement around the world. Plus, AML regulatory requirements differ across these jurisdictions, which is a daunting reality. And failure to practice AML compliance is not a sound option because it can result in crushing fines and even jail time in some instances. Implementing a rigorous AML policy is essential.

Streamline Fintech AML Requirements with Jumio

All financial companies face the challenge of AML compliance, but fintechs have unique AML issues. Traditionally, these companies have focused on enhancing customer experience, sometimes at the expense of security measures.

If you need to improve your company’s AML efforts, Jumio can help. Our cloud-based solutions offer easy integration, user-friendly automated identity verification and screening, advanced transaction monitoring with false-positives prevention, and powerful case management tools that improve your AML compliance while retaining your high level of customer experience.

Contact us now for more information on the latest in Jumio AML compliance tools, and find out how we can help you meet your regulatory requirements without sacrificing customer satisfaction.


global aml regulations 2022


Get the latest updates from the Identity and Beyond blog, delivered to your inbox.

    Yes, I would like to receive periodic updates from the Jumio blog as well as marketing communications regarding Jumio products, services, and events. I can unsubscribe at any time.

    Jumio values your privacy. To learn more, visit our Privacy Statement.