Guidance on Anti-Money Laundering (AML) in Banking and Finance for 2023

text: AML Guidance for banking and finance. Image of smart phone graphic with shield, microphone, satellite popping out of screen.

Anti-money laundering (AML) policies are put in place to deter criminals from integrating illicit funds into the financial system. Money laundering schemes are used to conceal the source and possession of money obtained through illegal activities, such as drug trafficking and terrorism. Banks and other financial institutions are legally obligated to follow AML regulations to ensure that they do not support money laundering activities.

What Is Anti-Money Laundering?

AML is a set of regulations, laws and procedures that detect and prevent criminals from disguising illegal funds as legitimate income. AML policies help banks and financial institutions combat financial crimes.

AML regulations require banks to collect customer information, monitor and screen their transactions and report suspicious activity to financial regulatory authorities. Additionally, the AML holding period requires deposits to remain in an account for a specified amount of time (at least five trading days in the U.S.). Banks can use this holding period to help in anti-money laundering and risk management.

How Does Money Laundering Happen in Banking?

Money laundering is the process of making illegally obtained funds (“dirty money”) appear legal. The illegal funds are first introduced into the legitimate financial system to hide their real source. The dirty money is often moved around through financial services organizations like banks, insurance firms, real estate and investment brokers to further legitimize the money. Money launderers also deposit cash in small increments or sneak money into foreign countries to avoid suspicion.

Through these multiple transactions, the dirty money appears clean and is integrated into the financial system. Criminals can withdraw the laundered money from legitimate accounts and put it toward the financing of terrorism, organized crime, drug trafficking, human trafficking or terrorism.

Why Is AML Important to the Banking Industry?

Banks are among the largest institutions in the field of finance. Since banks worldwide mediate millions of transactions throughout the day, these institutions are at a higher risk of financial crimes. And in fact, criminal organizations often carry out their money laundering activities through banks and other financial institutions.

Banks must identify the risks by fulfilling their AML obligations and taking necessary precautions. The AML process is critical for the financial and reputational standing of banks. Auditors and regulators legally require this process.

In addition, the technological shift in financial infrastructure and the rise of online payments has increased the demand for more rigorous customer identity protection. In response to new and more stringent directives, banks and financial institutions adopt emerging trends in AI-based AML solutions to handle AML compliance with greater efficiency.

Digital Trust Throughout the Customer Journey

How to Leverage the Jumio KYX Platform from Onboarding to Ongoing Monitoring

How Does AML Work in Banking?

There are four key areas banks must address with their anti-money laundering compliance program:

  • Know Your Customer (KYC)
  • Customer due diligence (CDD)
  • Customer and transaction screening
  • Suspicious activity reporting

Know Your Customer

Know Your Customer (KYC) involves identifying and verifying a customer’s identity when they open a bank account. Mandatory for banks, KYC is the first critical step in an AML program.

In the KYC procedure, banks collect customer identification and check its accuracy. Banks make sure that a customer’s digital identity matches their real-world identity, proving they are who they say they are.

This process can be done using ID document verification, face verification and proof of address (bills or bank statements). An identity verification solution can help you meet your KYC obligations while delivering protection for your business and convenience to your customers.

Customer Due Diligence

Banks implement a control process called customer due diligence (CDD), through which relevant information of a customer’s profile is collected and assessed for potential money laundering or terrorist financing risk. Although CDD procedures vary from country to country, there is only one goal: to detect risks.

After the KYC control process, banks apply risk assessment to their new customers. Customer information is checked and screened against several online databases, including politically exposed persons (PEPs), government records, watchlists and sanctions screening.

The people included in these lists carry high risks for money laundering and terrorist financing. In banks that provide global services, a customer’s nationality and record of financial transactions can also affect a customer’s risk rating.

Customer and Transaction Screening

Banks and financial institutions generally have a broad customer portfolio. The transactions mediated by these banks are not limited to their own customers. For instance, one customer of a bank can transfer money or make payments to another bank’s customer. Throughout the day, an average-sized bank mediates thousands of money transfers.

Banks are obligated to monitor and control the people involved in money transfer transactions. It is a major crime for a bank to mediate payments sent to a sanctioned or banned person.

The consequences of the crimes brought about by the uncontrolled transaction between the sender and the receiver include severe administrative fines. The banks could also lose their credibility and good reputation.

Banks and financial institutions must monitor all customer deposits and other transactions to ensure they are not part of a money laundering scheme. This includes verifying the origin of large sums of money and reporting cash transactions exceeding $10,000.

With today’s technology, manual money laundering controls are outdated and inefficient. Banks need an automated transaction screening process to carry out customer transactions per AML policies.

Suspicious Activity Reporting

Money laundering investigations by law enforcement agencies often involve scrutinizing financial records for suspicious activity or inconsistency. In the current regulatory environment, extensive records are kept on every significant financial transaction to help law enforcement trace a crime to its perpetrators. It’s critical for banks to have an immutable audit trail that regulators can trust.

What Does an AML Compliance Program Require?

Banks must create an effective AML compliance program that meets the regulatory requirements and manages money laundering risks. Failures in the AML compliance program can result in banks being punished by the regulators.

AML compliance programs consist of all controls and directives applied to ensure banks meet obligations and are protected against regulatory penalties. An effective AML compliance program includes the following procedures:

  • AML compliance officer – Banks and other financial institutions are required to appoint a compliance officer that provides oversight for the AML compliance program and acts as a liaison for the financial authorities. The AML compliance officer should be a senior employee with the expertise and authority to carry out their role effectively.
  • AML training – Bank employees should undergo AML training to remain capable of identifying suspicious transactions for potential money laundering or terrorist financing. The bank’s policies should also include ongoing AML training, keeping employees well-informed to adapt to new legislation and emerging trends in criminal methodologies.
  • Record keeping – The record-keeping practice is essential at every stage of the AML process. Banks must evaluate financial risks based on their customer records. A bank’s AML compliance program should cover the need for effective record keeping and documentation from onboarding to monitoring, screening and submission of SARs.
  • Risk-based approach – Banks should perform a risk assessment with KYC and CDD procedures upon every customer onboarding. With a greater knowledge of customer criminal activity risk levels, banks can more strategically focus their efforts.
  • Customer identity verification – Banks must know the customer they are dealing with and ensure the customer is who they say they are. General information to be collected includes beneficial ownership, the nature of the business, as well as the customer’s personal information, including full name and any aliases, residential and mailing addresses, specimen signature and place and date of birth.
  • Sanctions screening – Banks must also ensure that they do not do business with individuals, companies or countries included in international sanctions lists. A bank’s AML compliance program should take all relevant sanctions lists into account, including those lists issued by national and international authorities. For example, banks in the United States must screen customers against the U.S. Office of Foreign Assets Control (OFAC) sanctions list.
  • PEP status – Banks must establish whether a customer is a politically exposed person (PEP). Because of their positions, PEPs are at a higher risk of being involved in money laundering. Clients who are PEPs are subject to enhanced due diligence measures.

How Do AML Policies Affect Financial Institutions?

Financial institutions are held to high standards when it comes to following procedures that identify money laundering. Employees are trained to detect and monitor suspicious customer transactions. Transactions and processes are recorded extensively to help law enforcement agencies trace the financial crimes back to the source.

Although financial institutions are legally obligated to follow anti-money laundering regulations, not all institutions agree with them. Many institutions believe that implementing policies is costly, time-consuming, ineffective and not worth the money.

But in recent years, audits made by regulators to organizations have increased. Organizations that did not comply with their AML obligations paid hefty administrative fines. AML and related fines increased by 52% in 2022, with the U.S. facing the highest AML penalties with enforcement actions of $3 billion, an increase of 151% from 2021.

Aside from facing steep administrative penalties, organizations that do not meet AML compliance can damage their reputation and lose customers. The financial institution’s image is affected once it has been associated with corrupt individuals or businesses.

What Is The Difference Between KYC and AML in Banking?

Both KYC and AML share the same goal – to prevent the laundering of money through financial services institutions. However, AML is the broader collection of regulations to prevent money laundering, while KYC is a type of AML regulation that focuses solely on customer identification, verification and screening.

What are the Latest Anti-Money Laundering Laws & Regulations?

AML regulations are constantly changing to keep up with money laundering trends. Over the last 50 years the Bank Secrecy Act (BSA) has continually evolved in the United States. And with the recent surge in crypto, new AML laws are being written to prevent virtual currency from being used for financial crime. Here are some of the latest changes in regulations around the world:

    • The European Union’s Sixth Anti-Money Laundering Directive (6AMLD) broadens the definition of money laundering, allows criminal prosecution of any legal person including businesses, increases prison time and penalties and more.
    • The AML 2020 Act is the most extensive reform to the U.S. AML regulations since the USA Patriot Act almost two decades ago. Among other changes, it includes language designed to eliminate anonymous holding companies (“shell companies”) and expand its definitions to include antiquities traders and virtual currencies.
    • Singapore has offered new guidance on AML that takes aim at digital currency businesses and other virtual asset service providers (VASPs).
    • South Korea also passed new AML rules for digital currency companies.
    • Six members of the EU — Germany, Spain, Austria, Italy, Luxembourg and the Netherlands– are working together to create a new AML watchdog focused on cryptocurrency.
    • Estonia is set to pass stricter AML laws regarding cryptocurrencies.

What is the Best AML Compliance Solution?

Jumio supports banks’ AML compliance programs on a global scale. Our identity verification and watchlist screening solutions strictly adhere to the most comprehensive regulations. We can help your organization improve account opening conversions and speed up real-time onboarding while meeting stringent AML requirements and screening obligations. Jumio provides everything you need to meet your regulatory obligations while streamlining the process for your compliance teams as well as your customers.

Identity Verification

Jumio enables you to fulfill your KYC compliance requirements with our accurate, real-time online identity-proofing solutions. We have helped banks and financial institutions accurately establish, maintain and reassert trust from account opening through the entire customer lifecycle. We pioneered the ID + selfie approach to identity verification, leveraging many years of real-world production data and hundreds of millions of domain-specific data points. You can easily embed our automated solutions within the online account setup and onboarding process. We make it easy for you to verify customers across different countries, languages, ID types and devices.

Watchlist Screening

Jumio’s AI-powered screening solution can assess your customers’ risk factors and verify that they are not on any watchlists. Our automated database pings include government watchlists and sanctions to identify AML risks and fraud faster. You can decide which lists to screen against, including global or regional sanctions, PEPs and adverse media.

Let a Jumio expert show you how easy it can be to integrate our automated AML solutions into your compliance program. Contact us here, and we will be in touch shortly.


Originally published in 2021


Get the latest updates from the Identity and Beyond blog, delivered to your inbox.

    Yes, I would like to receive periodic updates from the Jumio blog as well as marketing communications regarding Jumio products, services, and events. I can unsubscribe at any time.

    Jumio values your privacy. To learn more, visit our Privacy Statement.