Certified Anti-Money

Laundering Specialist

STUDY GUIDE

Version 7.0
Credits, Notes, and Copyright

Certified Anti-Money Laundering Specialist Task Force

We would like to thank the following individuals for their significant contribution to
the development of the Certified Anti-Money Laundering Specialist (CAMS)
certification:

Zhenyu Shao, CAMS, George Voloshin, CAMS, Caroline Kennedy, CTMA

CAFS, CGSS CGSS

Stanley Small, CAMS, Crispin Yuen, CAMS, Chandrakant Maheshwari,

CAMS-RM CAMS-Audit, CGSS CAMS, CAMS-Audit, CAFS,
CCAS, CGSS, CKYCA,
CTMA

Nico Di Gabriele, CCAS Scott McCleskey, CAMS, Bryony Pettman, CAMS

CGSS

Kadir Serkan Gurbuzoglu, Caryn Leong, CAMS, Mark Nuttall, CAMS, CGSS
CAMS, CAMS-RM CAFS, CAFCA, CCAS

Mark Turkington April Humblias, CAMS Joby Carpenter, CAFS,

CCAS

Mireya Valverde Okon, Yusuke Araki, CAMS-Audit Florence Hui, CAMS

CAMS, CGSS

Eoghan Nihill, CAMS, Dorota Donigiewicz, Samuel Lung, CAMS

CAMS-RM, CCAS, CGSS CAMS

Christopher Sykes, CAMS Sam Adam Elnagdy, Ana Davila, CAMS, CAFS
CAMS, CAMS-Audit,
CAMS-FCI, CGSS

Dr. William Scott Grob, John F Tobon, CAMS Chris Bagnall, CAMS,
CAMS-FCI, CGSS CAMS-FCI, CCAS

Ian Mynot Cory Howard, CAMS, Siobhain Ivers, CAMS

CCAS
Jude Jung, CAMS, CAMS- Dr. John Mathew, CAMS Hiroshi Ozaki, CAMS,
Audit, CAMS-FCI, CAMS- CAMS-Audit
RM, CAFS, CCAS, CGSS,
CAFCA

Rachele Byrne, CAMS Emiel V. F. den Boer, Jennifer Sanchez, CAMS,

CAMS, CGSS CAFS, CCAS

Ka Po Rachel Pun, CAMS Ming Yan Chung, CAMS Yin (Adam) Zhang, CAMS,
CAMS-Audit, CAMS-FCI,
CAMS-RM, CAFS, CAFCA,
CGSS, CKYCA, CTMA

Nicola Ingram Mateo Arbelaez, CAMS, Sandra Edun-Watler,

CAMS-RM, CGSS CAMS

Piotr Lisak, CAMS, CAMS- Lydra Arkaxhiu, CAMS, Christos Christou, CAMS,
RM, CAFCA CAMS-RM, CGSS, CTMA CCAS, CGSS, CAFCA

Brian Arrington, CAMS John Waterstram, CAMS, Sara Brunsdon-McVeigh,

CCAS CAMS

Myrna Olvera, CAMS Sine Edal, CAMS, CAMS- Kevin Toth, CAMS, CAMS-
RM, CGSS, CKYCA FCI, CTMA

Stephen Lau, CAMS Frank Calestino, CAMS Dr. Pamela Connell,

CAMS, CAMS-FCI, CCAS,
CGSS

Anna Stylianou, CAMS, Shahmeem Purdasy Greg Wlodarczyk, CAMS

CCAS

Saurabh Seth, CAMS, Gregory Dellas, CAMS, Ken Simmons, CAMS,

CAMS-RM, CGSS CAMS-Audit, CAMS-FCI, CAMS-Audit, CAMS-FCI,
CAMS-RM, CAFS, CAFCA, CAMS-RM, CCAS, CGSS
CGSS, CKYCA, CTMA

Seth Sattler, CAMS, CCAS Rod Francis Kevin Anderson, CAMS,

CAMS-FCI
Andris Nikitins, CAMS, Luiza Jarocka, CAMS, Megan Jeffries, CAMS
CAMS-RM, CAFS, CAFCA, CGSS
CGSS

Liliya Khamzina, CAMS, Gilberto Flores Heather Cody

CAMS-Audit, CAFS

Natalie Ng, CAMS, CKYCA, Yuri Broodman, CAMS, Hashim Butt, CAMS
CTMA CAFS, CCAS, CAFCA,
CGSS, CTMA

Anna Streuli, CAMS Tan Emily, So, CAMS Dr. Tanya McCartney,
CAMS, CAFCA

Katherine May, CAMS, James De Rugeriis, CAMS, Sana Khan, CAMS, CAMS-
CAMS-FCI, CAMS-RM, CGSS RM, CCAS, CGSS, CKYCA
CAFS, CAFCA, CGSS

Matthias Greiller, CAMS, Tatiana Turculet, CAMS,

CAMS-Audit, CAMS-RM, CAFS
CAFS, CCAS, CGSS,
CKYCA, CTMA

ACAMS Product Staff

Gary Hughes Michelle Rance, CAMS Heather Carroll

Andrea Miller Keitaro Matsuoka Adam Cochran

Astrid Rouleau, CAMS Sarah Gillis, CAMS David Payne, CCAS

Melinda Fleming Jenna Tripsas Brenda Fewox

John Cannon Jacqueline Zavala Nicole Lewis

Lindsay Pfisterer Sean Packwood Anielka Chacon, CAMS,

CAFS

Shilpa Arora, CAMS Ron Myers Rossana Quintana

Charles Ball Sarah Morrow Mary Little

Eric Solecki Iliana Colon Katherine May, CAMS,

CAMS-FCI, CAMS-RM,
CAFS, CAFCA, CGSS

Acronyms are used in this Study Guide. Please refer to the Glossary to facilitate
your comprehension.

© 2025 Association of Certified Anti-Money Laundering Specialists, LLC ("ACAMS").

All rights reserved. Only a licensed learner may download or print this document
and such use must be limited to personal study. You may not otherwise share this
material. No other use is allowed without express written permission from ACAMS.
Table of Contents

Understanding the Risks and Methods of Financial Crime ...................................... 13

Money Laundering and Financial Crime......................................................................... 14
Introduction ....................................................................................................................... 14
Introduction: Money laundering and financial crime ........................................................................... 14
Case example: Linguistix’s suspicious transactions ............................................................................ 14
Money laundering ............................................................................................................ 16
What is financial crime?..........................................................................................................................................16
Money laundering.......................................................................................................................................................16
Common techniques for money laundering ........................................................................................... 17
Case example: Tamayo's money mules ..................................................................................................... 19
Types of financial crime................................................................................................. 21
Predicate crimes and money laundering ................................................................................................... 21
Sanctions evasion ..................................................................................................................................................... 23
Case example: Komarov’s tactics .................................................................................................................. 24
Bribery and corruption ........................................................................................................................................... 25
Case example: FullTechGlobal corruption scandal ............................................................................ 26
Tax avoidance versus tax evasion .................................................................................................................. 28
Fraud .................................................................................................................................................................................. 29
Cyber-enabled crime............................................................................................................................................. 30
Examples of predicate crimes .................................................................................... 32
Human trafficking and human smuggling................................................................................................. 32
Environmental crime............................................................................................................................................... 33
Drug trafficking ........................................................................................................................................................... 34
Terrorism financing ........................................................................................................ 36
Terrorism financing compared to money laundering ...................................................................... 36
How terrorists move and store funds .......................................................................................................... 37
Case example: Mr. Wolfe’s scheme .............................................................................................................. 38
Consequences of financial crime ............................................................................... 41
Consequences of financial crime.................................................................................................................... 41
Social consequences of financial crime..................................................................................................... 42
Institutional accountability to prevent financial crime ...................................................................... 43
Individual impact of violations of AFC regulations ............................................................................... 44
Financial crime risks in relation to other types of risks ...................................... 46

Certified Anti-Money Laundering Specialist Page i

Version 7.0
 Financial crime risks ................................................................................................................................................. 46
Case example: A lasting lesson ........................................................................................................................ 47
Operational, legal, concentration, and reputational risks ................................................................ 48
Money Laundering Risks in Financial Services ........................................................... 50
Introduction ...................................................................................................................... 50
Introduction: Money laundering risks in financial services .............................................................. 50
Student note: Sector-specific case studies ............................................................................................50
Case example: A new corporate banking role........................................................................................ 51
Student note: Financial crime risk .................................................................................................................. 52
Money laundering risks associated with banking................................................. 53
Money laundering risks associated with banking ................................................................................. 53
Shell and shelf companies risks ....................................................................................................................... 54
Case example: Estonian bank branch ......................................................................................................... 56
Politically exposed person risks ....................................................................................................................... 57
Control and ownership for AML compliance .......................................................................................... 59
Concentration accounts .......................................................................................................................................61
Money laundering risks associated with retail and commercial banking ..... 63
Retail and commercial banking products and risks............................................................................ 63
High-risk retail and commercial banking products............................................................................. 64
Trade finance products and risks ...................................................................................................................66
Credit-related product risks .............................................................................................................................. 67
Card risks ........................................................................................................................................................................68
Credit unions and building societies risks..................................................................................................69
Private banking and wealth management risks .................................................... 71
Money laundering risks associated with private banking and wealth
management ................................................................................................................................................................ 71
High-risk private banking and wealth management products ................................................... 72
Trust risks ........................................................................................................................................................................ 73
Offshore financial center risks .......................................................................................................................... 74
Special purpose vehicle risks............................................................................................................................. 75
Corporate and investment banking risks ............................................................... 77
Corporate and investment banking risks .................................................................................................. 77
Wire transfer risks ..................................................................................................................................................... 78
Fundraising risks ......................................................................................................................................................... 79
Mergers and acquisitions risks ......................................................................................................................... 80
High-risk corporate and investment banking products ................................................................... 81
Correspondent banking risks ............................................................................................................................ 83
Capital markets risks ............................................................................................................................................... 84

Certified Anti-Money Laundering Specialist Page ii

Version 7.0
Money Laundering Risks in Nonbank Financial Institutions .................................... 86
Introduction ...................................................................................................................... 86
Introduction: Money laundering risks in nonbank financial institutions ..................................86
Case example: CashBayou's risk management challenges .........................................................86
Money laundering risks associated with MSBs, payment service
providers, and e-commerce ....................................................................................... 89
Payment service providers ................................................................................................................................. 89
Payment service providers risks...................................................................................................................... 92
Money services business ...................................................................................................................................... 93
Risks associated with banking MSBs ............................................................................................................. 95
E-commerce ...............................................................................................................................................................96
E-commerce risks .................................................................................................................................................... 98
Case example: LotusMall and illegal gambling ....................................................................................... 99
Money laundering risks associated with insurance, securities,
brokerage, and custodian services ......................................................................... 101
Insurance products risks ..................................................................................................................................... 101
Case example: Investment product misuse ......................................................................................... 102
Securities and brokerage risks ....................................................................................................................... 103
Asset managers ....................................................................................................................................................... 105
Custodial services risks........................................................................................................................................106
Money laundering risks associated with cryptoassets and other
FinTechs ........................................................................................................................... 108
Cryptoassets industry ecosystem ...............................................................................................................108
Blockchain ..................................................................................................................................................................... 110
Cryptoasset risks ....................................................................................................................................................... 111
Stablecoin, token, and NFT risks ..................................................................................................................... 112
Central bank digital currency ........................................................................................................................... 113
Mixers and tumblers ............................................................................................................................................... 114
Money Laundering Risks in DNFBPs and Other High-Risk Sectors ..................... 116
Introduction ..................................................................................................................... 116
Introduction: Money Laundering Risks in DNFBPs and Other High-Risk Sectors ............ 116
Case example: DNFBP risks in the Hendricks case............................................................................. 116
Money laundering risks associated with DNFBPs ................................................ 119
Risks of banking designated nonfinancial businesses and professions ............................... 119
Gaming sector risks ............................................................................................................................................... 120
Real estate sector risks......................................................................................................................................... 121
Accountancy and audit sector risks ............................................................................................................ 123
Legal services sector risks ................................................................................................................................ 125
Trust and company service provider and company secretary sector risks ..................... 126

Certified Anti-Money Laundering Specialist Page iii

Version 7.0
 High-risk business sectors ........................................................................................ 128
High-value asset risks ........................................................................................................................................... 128
Case example: Suspicious transactions at Goodwish Jade ........................................................ 129
Import/export businesses risks ...................................................................................................................... 131
Free-trade zones risks ......................................................................................................................................... 132
Alternative remittance systems .................................................................................................................... 133
Charity and NGO risks .......................................................................................................................................... 134
Military organization and goods risks .......................................................................................................... 135
Providing financial services to embassies, foreign consulates, and missions ................. 137
Drug-related businesses risks ......................................................................................................................... 138
Global AFC Frameworks, Governance, and Regulations...................................... 140
Global AFC Standards and Guidance ........................................................................... 141
Introduction ..................................................................................................................... 141
Introduction: Global AFC standards and guidance ............................................................................ 141
Case example: Implementing AFC standards at FinTrust ............................................................ 142
Financial Action Task Force ....................................................................................... 144
Financial Action Task Force .............................................................................................................................. 144
FATF-style regional bodies ............................................................................................................................... 145
FATF 40 Recommendations ............................................................................................................................ 146
FATF Recommendations 1-8 ........................................................................................................................... 147
FATF Recommendations 9-23........................................................................................................................ 148
FATF Recommendations 24-40..................................................................................................................... 149
FATF 11 Immediate Outcomes ........................................................................................................................ 150
FATF mutual evaluation ....................................................................................................................................... 153
FATF high-risk and noncooperative jurisdictions ............................................................................... 155
Impact of FATF mutual evaluation reports on jurisdictions.......................................................... 156
FATF guidance for risk assessment............................................................................................................. 158
AFC guidance from leading international organizations ................................. 160
United Nations AFC guidance .........................................................................................................................160
Case study: The 1999 Convention and UNSC resolutions for CFT............................................ 161
World Bank and International Monetary Fund AFC guidance .................................................... 163
Organisation for Economic Co-operation and Development AFC guidance ................. 164
Basel Committee on Banking Supervision AFC guidance ............................................................ 165
Egmont Group AFC guidance ........................................................................................................................ 167
Wolfsberg Group AFC guidance ................................................................................................................... 168
International Organization of Securities Commissions AFC guidance ................................ 169
AFC guidance from other organizations ................................................................ 171
G-20 Anti-Corruption Working Group AFC guidance ..................................................................... 171
Transparency International AFC guidance............................................................................................. 172

Certified Anti-Money Laundering Specialist Page iv

Version 7.0
 Basel Institute on Governance AFC guidance ..................................................................................... 174
Tax Justice Network AFC guidance ............................................................................................................ 175
AFC Regulations and Regimes........................................................................................ 177
Introduction ..................................................................................................................... 177
Introduction: AFC regulations and regimes ........................................................................................... 177
Student note: Regulatory framework elective courses ................................................................. 177
Case example: Drafting policies for an AFC department based in APAC.......................... 178
US AML/CFT regulatory landscape ......................................................................... 180
Bank Secrecy Act ....................................................................................................................................................180
USA PATRIOT Act ..................................................................................................................................................... 181
The Anti-Money Laundering Act of 2020 ................................................................................................ 182
Financial Crimes Enforcement Network.................................................................................................. 184
Other US regulators ............................................................................................................................................... 185
Case study: US regulatory enforcement actions ............................................................................... 186
Office of Foreign Assets Control ................................................................................................................... 187
EU AML/CFT regulatory landscape ......................................................................... 189
History of AML regime in Europe ................................................................................................................... 189
EU AML package ......................................................................................................................................................190
The role of AML Authority.................................................................................................................................... 191
Markets in Cryptoassets Regulation ............................................................................................................ 192
Other regional AML/CFT regulatory landscapes ............................................... 194
Local AML regulations and cross-jurisdictional impact .................................................................. 194
UK AML regulations ................................................................................................................................................ 195
Australia AML regulations ................................................................................................................................... 196
Singapore AML regulations ............................................................................................................................... 198
Hong Kong (China) AML regulations .......................................................................................................... 199
China AML regulations ........................................................................................................................................200
Japan AML regulations ......................................................................................................................................... 201
South Korea AML regulations ......................................................................................................................... 202
United Arab Emirates AML regulations..................................................................................................... 203
Other AFC regulations that impact organizations .............................................205
Major ABC regulations ......................................................................................................................................... 205
Major sanctions regimes .................................................................................................................................... 206
Other sanctions regimes................................................................................................................................... 207
Other laws and regulations that impact organizations ................................... 209
Data security and privacy ..................................................................................................................................209
Digital Operational Resilience Act................................................................................................................. 210
EU General Data Protection Regulation .................................................................................................... 211
The GDPR and the balance between privacy and transparency ............................................ 212

Certified Anti-Money Laundering Specialist Page v

Version 7.0
 Consumer protection and inclusive banking ........................................................................................ 213
AI regulations.............................................................................................................................................................. 214
ESG regulations ........................................................................................................................................................ 216
Use of Guidance and AFC Cooperation...................................................................... 219
Introduction .................................................................................................................... 219
Introduction: Use of guidance and AFC cooperation ...................................................................... 219
Case example: Using typology reports to enhance AML controls ......................................... 220
Using the reports and guidance from different authorities ........................... 222
Using AFC reports, guidance notes, and policy papers ................................................................ 222
Using reports, guidance notes, and policy papers in your AML/CFT controls................ 223
Case example: Terrorist financing red flags ......................................................................................... 224
National, sectoral, and thematic risk assessments ........................................................................... 225
Case study: SRA on decentralized finance............................................................................................ 226
Cooperation between authorities .......................................................................... 228
Roles of regulators, law enforcement, and FIUs................................................................................. 228
Case study: J5-US law enforcement collaboration .......................................................................... 229
Cooperation between regulatory authorities...................................................................................... 230
Law enforcement and FIU AFC cooperation ........................................................................................ 231
Case study: Law enforcement and FIU cooperation ...................................................................... 232
Partnership requirements and mutual legal assistance treaties..............................................233
Cooperation involving the private sector............................................................. 235
Public-private partnership................................................................................................................................ 235
Case study: AUSTRAC Fintel Alliance investigation .......................................................................... 236
Private sector collaboration .............................................................................................................................237
Private sector information sharing ............................................................................................................. 238
Building an AFC Compliance Program ....................................................................... 240
Components of an AFC Program ................................................................................. 241
Introduction .................................................................................................................... 241
Introduction: Components of an AFC program .................................................................................. 241
Case study: Systemic BSA failures at a Canadian bank .................................................................. 241
AFC program .................................................................................................................. 243
AFC program components ............................................................................................................................. 243
Pillars of an AFC compliance program..................................................................................................... 244
Three lines of defense ................................................................................................ 246
Three lines of defense ........................................................................................................................................ 246
First line of defense AFC function ............................................................................................................... 246
Second line of defense AFC function ....................................................................................................... 248
Role of money laundering reporting officer ......................................................................................... 249

Certified Anti-Money Laundering Specialist Page vi

Version 7.0
 Role of quality control and quality assurance ...................................................................................... 249
Financial crime functions' structure ........................................................................................................... 250
Compliance monitoring and testing.......................................................................................................... 252
Case example: Financial crime functions' structure at Global Finance, Corp. ............... 253
Third line of defense AFC function ............................................................................................................. 256
Liaising with internal audit ................................................................................................................................. 258
Functions of board of directors and management oversight .................................................. 259
Second LOD's AFC role and its interaction with the front office.............................................. 261
Second LOD's interaction with other functions ................................................................................. 262
Establishing a culture of compliance......................................................................................................... 264
Risk Assessment ................................................................................................................ 265
Introduction .................................................................................................................... 265
Introduction: Risk assessment ....................................................................................................................... 265
Case study: Failure to update an EWRA at a wealth management firm............................. 265
Types of risk assessment ........................................................................................... 267
The importance of risk assessment in AFC........................................................................................... 267
Types of risk assessment within an organization .............................................................................. 269
The risk-based approach .................................................................................................................................. 270
The risk appetite statement ............................................................................................................................. 271
Preparing a risk appetite statement .......................................................................................................... 272
Enterprise-wide risk assessment............................................................................ 274
Enterprise-wide risk assessment ................................................................................................................ 274
Determining inherent risks ............................................................................................................................... 275
Control effectiveness ...........................................................................................................................................277
Measuring control effectiveness.................................................................................................................. 278
Residual risks action plan ................................................................................................................................... 279
Third-party tools to conduct risk assessment..................................................................................... 280
Reporting results of risk assessment.......................................................................................................... 281
The importance of continuous risk assessment ................................................. 283
Continuously assessing financial crime risk .......................................................................................... 283
Customer risk assessment versus enterprise-wide risk assessment ................................. 285
Product risk assessment ................................................................................................................................... 286
Design Your AFC Program and Controls ....................................................................288
Introduction ....................................................................................................................288
Introduction: Design your AFC program and controls ................................................................... 288
Case study: Lack of governance at a Canadian bank .................................................................... 289
Governance and oversight ........................................................................................ 291
Need for AFC policies and procedures .................................................................................................... 291

Certified Anti-Money Laundering Specialist Page vii

Version 7.0
 Drafting AFC policies and procedures ...................................................................................................... 291
Maintaining effective AFC policies and procedures........................................................................ 293
Governance committees and their functions..................................................................................... 294
Internal reporting to governance committees .................................................................................. 296
Regulatory reporting for AFC compliance ............................................................................................ 297
Responding to regulator requests .............................................................................................................. 299
Implementation of AFC program and controls ................................................... 301
Controls across the customer lifecycle ................................................................................................... 301
Onboarding AFC controls ......................................................................................... 304
The KYC process .................................................................................................................................................... 304
Customer risk assessment .............................................................................................................................. 307
KYC for a natural person .................................................................................................................................... 309
KYC for a legal person .......................................................................................................................................... 310
Additional onboarding controls for high-risk scenarios ................................................................. 312
Function of quality control ................................................................................................................................. 313
Ongoing AFC controls ..................................................................................................315
Ongoing due diligence ........................................................................................................................................ 315
Payment screening................................................................................................................................................ 317
Batch screening ....................................................................................................................................................... 319
Politically exposed persons screening ..................................................................................................... 320
Adverse media checks ....................................................................................................................................... 322
Other due diligence requirements that help to mitigate risks ...................... 324
Know your employee and vendor ............................................................................................................... 324
Transaction Monitoring and Investigation................................................................. 325
Introduction .................................................................................................................... 325
Introduction: Transaction monitoring and investigation............................................................... 325
Case example: AML control failures at a UK Bank ............................................................................. 325
Transaction monitoring .............................................................................................. 328
Transaction monitoring controls .................................................................................................................. 328
Transaction monitoring versus payment screening ....................................................................... 329
Technology solutions for transaction monitoring ............................................................................. 330
Transaction monitoring system tuning ..................................................................................................... 331
Alert generation ............................................................................................................ 333
Typical scenarios that would generate an alert ..................................................................................333
Procedures for alerts review .......................................................................................................................... 334
Other sources of investigation .......................................................................................................................335
Investigations................................................................................................................. 337
Steps applied to an investigation ..................................................................................................................337

Certified Anti-Money Laundering Specialist Page viii

Version 7.0
 Information gathering ..........................................................................................................................................337
How much research is reasonably enough? ........................................................................................ 338
Communication channels and tipping off ............................................................................................. 339
Communicating with customers ................................................................................................................. 340
Investigating someone inside the organization .................................................................................. 341
Analysis of information........................................................................................................................................ 342
Suspicious activity escalation process ..................................................................................................... 344
Documenting your research........................................................................................................................... 345
Decision to file a SAR ............................................................................................................................................ 346
Concluding Investigations and Coordinating with Law Enforcement .............348
Introduction ....................................................................................................................348
Introduction: Concluding investigations and coordinating with law enforcement .... 348
Case study: Failure to file report ................................................................................................................... 348
Concluding an investigation and suspicious activity reporting .....................350
Protecting the organization during an investigation ....................................................................... 350
Duty to report............................................................................................................................................................. 351
Regulations related to suspicious activity reporting ....................................................................... 352
Suspicious activity report structure ............................................................................................................353
Case example: SAR for a family trust......................................................................................................... 354
Maintaining an account after unusual activity ...................................................................................... 356
Reasons and consequences for not filing a SAR ................................................................................357
Follow-up action when no SAR is filed ...................................................................................................... 358
Defensive suspicious activity reports ........................................................................................................ 359
Working with law enforcement agencies............................................................. 361
Communicating with law enforcement for an investigation...................................................... 361
Responding to law enforcement requests ........................................................................................... 362
How law enforcement case investigators read a SAR ................................................................... 363
Offboarding and de-risking .......................................................................................364
Refusing or terminating a customer .......................................................................................................... 364
De-risking .................................................................................................................................................................... 365
Financial inclusion................................................................................................................................................... 366
Tools and Technologies to Fight Financial Crimes ..................................................368
Technology for AFC Compliance..................................................................................369
Introduction ....................................................................................................................369
Introduction: Technology for AFC compliance .................................................................................. 369
Case example: Implementing technology in AFC compliance ............................................... 370
Understanding AFC technology ............................................................................... 372
AFC technology overview .................................................................................................................................372

Certified Anti-Money Laundering Specialist Page ix

Version 7.0
 Tools and technologies for AFC compliance....................................................................................... 374
Global AFC innovation ......................................................................................................................................... 376
Technology implementation considerations........................................................................................377
Choosing AFC tools for an organization................................................................ 381
Adopting a risk-based approach when choosing AFC technology....................................... 381
Using AFC technology to reduce friction in customer journeys ............................................. 382
AFC tools, choices, and considerations ................................................................................................... 383
Artificial intelligence and machine learning .......................................................................................... 384
Transitioning from traditional systems to AI-based tools ............................................................ 386
Governance of compliance technology................................................................................................. 387
Regulatory requirements for technology .............................................................................................. 388
Integrating new AFC tools with existing systems and data........................................................ 389
Prioritizing resources ........................................................................................................................................... 390
Privacy regulations and technology ....................................................................... 392
Impact of privacy regulations on technology use ............................................................................ 392
Privacy-enhancing technology..................................................................................................................... 393
Technology and tools used across the customer life cycle............................ 395
Geolocation technology .................................................................................................................................... 395
Device intelligence ................................................................................................................................................ 396
Robotic process automation .......................................................................................................................... 397
Behavioral and profile monitoring ............................................................................................................... 398
Open-source intelligence ................................................................................................................................ 399
Technology for Customer Onboarding ...................................................................... 401
Introduction .................................................................................................................... 401
Introduction: Technology for customer onboarding ....................................................................... 401
Case example: Improving technology for customer onboarding .......................................... 401
Technology for KYC .................................................................................................... 404
How does technology help KYC? ................................................................................................................ 404
Electronic KYC.......................................................................................................................................................... 405
Perpetual KYC...........................................................................................................................................................406
Digital onboarding technology ......................................................................................................................408
Authentication and security technology ................................................................................................409
Biometric technology ............................................................................................................................................ 411
Facial and voice recognition technology................................................................................................. 412
Liveness check technology .............................................................................................................................. 415
Technology for screening .......................................................................................... 416
How does technology help screening? .................................................................................................... 416
Understanding screening system logic .................................................................................................... 417
List management .................................................................................................................................................... 419

Certified Anti-Money Laundering Specialist Page x

Version 7.0
 Student note: Sanctions lists ........................................................................................................................... 420
Fuzzy logic and partial matches ................................................................................................................... 420
Screening system tuning ................................................................................................................................... 421
Whitelisting and adding to internal lists .................................................................................................... 422
Integrating screening technology with other systems ................................................................. 424
Using AI for screening ......................................................................................................................................... 426
Technology for Ongoing Monitoring and Investigations ......................................428
Introduction ....................................................................................................................428
Introduction: Technology for ongoing monitoring and investigations................................ 428
Case example: New batch screening technology considerations........................................ 428
Technology for payment and batch screening ................................................... 431
Types of ongoing screening ............................................................................................................................ 431
Maintaining screening technology.............................................................................................................. 432
Technology for payment screening .......................................................................................................... 433
Screening digital assets and currencies ................................................................................................. 434
Evolution of transaction monitoring .......................................................................436
Rules-based transaction monitoring ......................................................................................................... 436
New and emerging technologies for monitoring customers ................................................... 437
Case example: Evolution of transaction monitoring ....................................................................... 439
Technology for transaction monitoring ............................................................... 442
Transaction monitoring and sufficient scenarios coverage ...................................................... 442
Transaction monitoring scenario development ................................................................................ 443
Transaction monitoring scenario calibration testing ...................................................................... 445
Ongoing testing and tuning for rules-based systems ................................................................... 446
Ongoing testing and tuning for AI tools ................................................................................................... 448
Governance for transaction monitoring ................................................................................................. 449
Technology for investigations .................................................................................. 451
Technology to assist investigation ............................................................................................................... 451
Network analysis solutions for transaction monitoring.................................................................. 453
Technology to assist case management ............................................................................................... 455
Technology for blockchain tracing............................................................................................................. 456
Technology for reporting.................................................................................................................................. 457
Data Collection and Preparation ..................................................................................459
Introduction ....................................................................................................................459
Introduction: Data collection and preparation .................................................................................... 459
Case example: Identify data for a new TM system...........................................................................460
Data as an input for solutions .................................................................................. 462
Understanding your data................................................................................................................................... 462

Certified Anti-Money Laundering Specialist Page xi

Version 7.0
 Coverage and gap assessment.................................................................................................................... 463
Clean data for technology solutions .......................................................................................................... 464
Data collection.............................................................................................................. 466
Internal versus external data........................................................................................................................... 466
Internal static data ................................................................................................................................................. 467
Internal observed data........................................................................................................................................ 468
Leveraging data from internal platforms ............................................................................................... 469
Case example: AI for money laundering detection ......................................................................... 470
External data.............................................................................................................................................................. 472
Integrating data from various sources ..................................................................................................... 473
Data preparation........................................................................................................... 475
Data quality ................................................................................................................................................................. 475
Data preparation ..................................................................................................................................................... 476
Case example: Handling increased alert volume .............................................................................. 477
Data lineage ............................................................................................................................................................... 478
AFC data extraction .............................................................................................................................................. 480
Data mining and matching ................................................................................................................................ 481
Case example: Analyzing customer behaviors .................................................................................. 482
Data validation and testing ............................................................................................................................... 483
Entity resolution ....................................................................................................................................................... 484
Attributes of a block and sources of data .............................................................................................. 485
Clustering .................................................................................................................................................................... 486
Governance process .................................................................................................. 488
Data governance committees ...................................................................................................................... 488
Data governance administration and quality control ..................................................................... 489
Glossary................................................................................................................................ 491

Certified Anti-Money Laundering Specialist Page xii

Version 7.0
Understanding the Risks and
Methods of Financial Crime
After completing this learning experience, you will be able to:

• Describe how money laundering works and the predicate crimes that can
include money laundering charges.

• Explain the money laundering risks for different banking segments.

• Describe the characteristics of nonbank financial institutions' products and

their associated money laundering risks.

• Explain the money laundering risks associated with nonfinancial services.

Certified Anti-Money Laundering Specialist Page 13

Version 7.0
Money Laundering and
Financial Crime

Introduction

Introduction: Money laundering and financial

crime
This module serves as an introduction to money laundering and other types of
financial crime, as well as their consequences and risks. You will learn how
criminals exploit financial institutions and trade networks, use emerging
technologies to launder illicit funds, and obscure ownership to evade
detection. By understanding these types of financial crimes, you will be more
prepared to strengthen your compliance programs, enhance transaction
monitoring alert management systems, and implement risk-based strategies
to prevent financial crime and ensure institutional and individual accountability.

Case example: Linguistix’s suspicious

transactions
Joyce works in the AFC department in a bank. One day, while reviewing
transaction reports, she noticed something unusual: Linguistix, a translation
service, had significantly increased its transaction volume over the past six
months. This spike was concerning because the initial KYC process indicated
much lower revenue projections.

To investigate further, Joyce reached out to the operations team. They

confirmed her suspicions: Linguistix's revenue had surged, and many
transactions were coming from high-risk jurisdictions. This raised red flags,
prompting Joyce to dig deeper.

Certified Anti-Money Laundering Specialist Page 14

Version 7.0
During her analysis, Joyce discovered one transaction that raised specific
concerns: a large transfer from an account that seems associated with an
organized drug trafficking group. This finding further raised suspicions that
drug trafficking could be the predicate crime funding potential money
laundering, Joyce's primary concern.

Joyce gathered more data on the transactions and customer profiles. The
evidence suggested that Linguistix was likely being used to launder illicit funds.

Given the complexity of the situation, Joyce escalated the case to the financial
crime compliance team. The team applied advanced analytical tools to trace
the flow of funds and confirmed the links between Linguistix and the
organized crime group. This analysis confirmed that the translation service
was being used as a front to launder drug trafficking proceeds, effectively
disguising the origins of the money.

Key takeaways

• Increases in revenue beyond initial KYC projections might indicate risk.

• Common predicate crimes, such as drug trafficking and fraud, generate

illegal funds that are subject to laundering.

• Indicators of suspicious activity include financial transactions from high-risk

jurisdictions and unusual revenue patterns that deviate from expectations.

• Collaboration with specialist teams helps uncover criminal activity.

Certified Anti-Money Laundering Specialist Page 15

Version 7.0
Money laundering

What is financial crime?

Financial crime encompasses a variety of illegal activities that exploit financial
systems for personal or organizational gain, often undermining the integrity of
economies and markets. Types of financial crime include money laundering,
where illicit funds are disguised to appear legitimate; fraud, which involves
deceitful practices to gain financial advantage; tax evasion, the illegal
avoidance of tax obligations; sanctions evasion, where legal restrictions are
circumvented; and bribery and corruption, involving unethical exchanges for
favorable or preferential treatment. These crimes have serious repercussions,
emphasizing the need for robust regulatory measures and compliance efforts
to protect financial systems and promote transparency.

Money laundering
The definition of money laundering varies in each country where it is
recognized as a crime. However, it is generally understood to be the process
of concealing or disguising the existence, source, movement, destination, or
illegal application of criminally derived property or funds to make them appear
legitimate. Criminal activities that lead to money laundering are also referred
to as predicate crimes. Examples include arms sales, narcotics trafficking,
contraband smuggling, embezzlement, insider trading, bribery, and fraud
schemes. Different jurisdictions decide which crimes qualify as predicate
offenses for the purposes of AML prosecutions.

There are three basic stages of money laundering. These are placement,
layering, and integration.

The first stage of money laundering involves placement of funds into a

financial system. This process begins with the collection or generation of
proceeds derived from criminal activity. This so-called “dirty money” is placed
into the financial system, such as through a bank account. The proceeds are
then layered. Layering involves activities to conceal the origin of the dirty
money, such as transferring the proceeds from the bank account to a holding

Certified Anti-Money Laundering Specialist Page 16

Version 7.0
company. Other examples are paying the proceeds to a company in order to
pay a false invoice and making a private loan to another company. Finally, the
proceeds are integrated, or used, by the criminal to purchase goods and
services in the legitimate economy.

The three stages of money laundering are not always followed in this exact
way. Sometimes two of the steps occur almost simultaneously. The important
point is that the objective of money laundering is to “clean” or conceal the
proceeds of criminal activity in order to use them in the legitimate economy.

Common techniques for money laundering

Money laundering techniques allow criminals to obscure proceeds from illegal
activities and integrate them into the financial system. These methods exploit
regulatory loopholes, trade networks, financial markets, and vulnerable
members of society.

Some of the most common techniques criminals employ to launder money

include:

• Structuring, microstructuring, smurfing:

o Large illicit funds are split into small transactions to avoid triggering AML
reporting thresholds.

o Criminals use multiple accounts, financial institutions, and

intermediaries to evade monitoring.

o Microstructuring resembles traditional structuring but is typically used

with digital asset laundering.

• Digital asset laundering:

o Cryptocurrencies, NFTs, and DeFi allow pseudonymous cross-border

fund transfers.

o Launderers use mixing services and privacy coins for anonymity.

o Criminals often launder and cash out their illicit proceeds using digital
asset service providers in jurisdictions with weak AML/CFT regulations.

• Money muling networks:

Certified Anti-Money Laundering Specialist Page 17

Version 7.0
 o Mules act as intermediaries, transferring illicit funds between accounts
on behalf of criminals.

o Criminals recruit individuals through job scams, social engineering, or

coercion, making fund transfers more difficult to trace.

• Trade-based money laundering (TBML):

o Methods include over-invoicing, under-invoicing, multiple invoicing, and

phantom shipments to obscure the source of funds.

o Criminals manipulate trade invoices, customs declarations, and pricing

mechanisms to move illicit funds.

• Market-based money laundering (MBML):

o Financial instruments create complex transaction chains that mask

fund origins.

o Criminals exploit stocks, bonds, hedge funds, derivatives, and private

equity investments to layer illicit funds.

• Commodity-based money laundering:

o These assets are bought with illicit funds, resold, or smuggled to avoid
scrutiny.

o Criminals use high-value commodities such as gold, diamonds, luxury

watches, and fine art to transfer value anonymously.

• Shell companies and front businesses:

o Shell companies facilitate illicit financial flows without conducting real

business activities.

o Front businesses mix illegal proceeds with legitimate revenue, making

tracing difficult. For example, a restaurant that appears to be a
legitimate dining establishment might actually be a front. It might inflate
sales and rely on cash transactions to disguise its illicit income.

Certified Anti-Money Laundering Specialist Page 18

Version 7.0
Case example: Tamayo's money mules
According to a US Department of Justice press release, in December 2019,
Yamel Guevara Tamayo of Miami, Florida, was sentenced to 63 months in
prison for conspiring to commit money laundering. Tamayo acted as a money
mule and recruited more than 15 additional money mules as part of an
international money laundering operation related to business email
compromise and other cybercrimes.

From November 2016 to June 2019, Tamayo and his co-conspirators stole over
US$1.5 million from individual and corporate victims. Their scheme involved
creating fraudulent email addresses that imitated legitimate company emails,
tricking victims into transferring funds by wire into bank accounts opened by
money mules. Tamayo and his associates would then quickly withdraw
thousands of dollars through in-person withdrawals, ATM transactions, and
debit card purchases, often transferring the funds to foreign accounts
controlled by co-conspirators.

Tamayo systematically structured cash deposits to avoid triggering financial

reporting thresholds. He would use deposit amounts slightly under the
mandated reporting threshold of US$10,000. Additionally, Tamayo used
microstructuring, making even smaller incremental deposits, typically under
US$1,000, spread across many accounts. This approach made detection
increasingly difficult, as banks typically monitor larger cash movements for
suspicious activities.

To further obscure the source of the illicit funds, Tamayo recruited and
supervised money mules to move illicit proceeds through personal bank
accounts. This operation was part of a larger network, with more than 200
money mules and recruiters identified. These recruits, often unaware of the
illegal nature of their actions, facilitated both domestic and international wire
transfers. Tamayo directed the mules to transfer funds across various banks
and jurisdictions, creating multiple layers of transactions that obstructed
tracing efforts by financial investigators.

Ultimately, Tamayo and his mules attempted to launder over US$1.4 million and
managed to successfully launder more than US$700,000 before banks
intervened to freeze and reclaim some of the funds on suspicion of fraud.

Following an extensive investigation by US authorities, Tamayo pleaded guilty

to federal charges related to money laundering. In addition to his prison

Certified Anti-Money Laundering Specialist Page 19

Version 7.0
sentence, the court mandated that Tamayo serve three years of supervised
release and pay restitution of US$700,474.97.

Key takeaways

Financial institutions should:

• Enhance cybersecurity awareness to prevent cyber fraud schemes.

• Strengthen KYC practices to verify the identities of accountholders and

detect suspicious activities.

• Monitor transaction patterns to identify unusual behaviors, such as

structuring and microstructuring, that might indicate money laundering.

Certified Anti-Money Laundering Specialist Page 20

Version 7.0
Types of financial crime

Predicate crimes and money laundering

Predicate crimes are specified unlawful activities whose proceeds can give
rise to prosecution for money laundering. Individuals or organizations who
engage in predicate crimes often want to "clean," or launder the proceeds
from these crimes so they can use them legitimately without drawing
attention from law enforcement.

FATF has identified 21 categories of predicate offenses that financial

institutions must acknowledge and monitor under AML compliance programs.
However, different jurisdictions might classify these offenses differently. For
example, while some countries have strong laws against human trafficking,
others do not recognize certain forms of exploitation as criminal offenses. This
variation can complicate AML efforts, with compliance professionals operating
in cross-border contexts needing to align risk controls with the laws and
regulations of more than one jurisdiction.

The list of 21 FATF-designated predicate crimes includes:

1. Participation in an organized criminal group and racketeering: Engaging in

systemic financial crimes

2. Terrorism, including terrorist financing: Providing financial support to these

operations

3. Trafficking in human beings and migrant smuggling: Generating illicit

profits through human exploitation

4. Sexual exploitation, including that of children: Crimes linked to forced

prostitution and human trafficking

5. Illicit trafficking in narcotic drugs and psychotropic substances: Production,

transportation, and sale of illegal substances

6. Illicit arms trafficking: Illegal trade and smuggling of firearms and explosives

7. Illicit trafficking of stolen and other goods: Black market trade of stolen and
counterfeit items

Certified Anti-Money Laundering Specialist Page 21

Version 7.0
8. Corruption and bribery: Abuse of power in public or private sectors for
financial gain

9. Fraud: Financial deception, scams, and identity theft schemes

10. Counterfeiting currency: Illegal manufacturing of banknotes

11. Counterfeiting and piracy of products: Violations of intellectual property,

including counterfeit goods

12. Environmental crime: Logging, poaching, and waste disposal

13. Murder and grievous bodily injury: Violent crimes motivated by financial
gain

14. Kidnapping, illegal restraint, and hostage-taking: Crimes involving ransom

demands

15. Robbery or theft: Large-scale property crimes driven by financial motives

16. Smuggling (including in relation to customs and excise duties and taxes):
Illegal movement of goods to evade duties

17. Tax crimes (related to direct and indirect taxes): Tax fraud and false
reporting schemes

18. Extortion: Coercing for financial gain through threats or intimidation

19. Forgery: Falsifying documents, financial records, or identities

20. Piracy: Maritime or cyber-based hijacking for financial gain

21. Insider trading and market manipulation: Illegal use of nonpublic

information to achieve profits

Certified Anti-Money Laundering Specialist Page 22

Version 7.0
Sanctions evasion
Economic sanctions, whether asset freezes or sector-specific restrictions,
impose high financial, reputational, and operational costs on individuals and
entities targeted by them. For this reason, sanctions targets often attempt to
evade or circumvent sanctions in order to secretly engage in a prohibited
activity, such as continuing to use an asset or receive economic benefits. For
example, a designated individual might evade personal sanctions and
continue using his luxury yacht by obscuring its ownership.

Sanctions evasion can be internal, with the help of personnel at an

organization, or external, when evaders try to bypass internal controls without
assistance from the inside. Methods of sanctions evasion include payments,
trade, and ownership.

Payment-related evasion occurs when, for example, Bank A attempts to have

Bank B process prohibited transactions, with or without help from Bank B
insiders. Identifying information is removed, or stripped, from payment
instructions to avoid detection. Nested and payable accounts are particularly
vulnerable to this evasion typology.

Trade-related evasion involves illegally importing or exporting goods without

proper licensing or despite trade bans. Common techniques include the use
of shell companies, switching cargo on the open sea (also known as
transshipment), and using neutral or opaque jurisdictions for transit.

Ownership-related evasion involves obscuring the ownership of an asset by a

designated person. This can be achieved by using complex corporate
structures, proxies, and bearer shares and by diluting ownership.

Regulated entities must have strong AML and sanctions compliance programs
with robust policies, procedures, and internal controls for detecting and
preventing sanctions evasion. The penalties for noncompliance and failing to
prevent sanctions evasion could include:

• Civil monetary penalties against organizations

• Civil and criminal prosecution of individuals

• Designations as a sanctions target

Certified Anti-Money Laundering Specialist Page 23

Version 7.0
Case example: Komarov’s tactics
Businessman Alexei Komarov amassed his fortune through Volkof Industries, a
high-tech distribution company with clients worldwide. Though some of his
customers were from a wide range of industries (from consumer electronics
and automotive to healthcare and industrial manufacturing), most sales went
to a foreign government engaged in nuclear weapons development. After UN
sanctions targeted this proliferation activity, Volkof Industries faced
restrictions, losing its access to global markets.

Facing financial collapse, Komarov was determined to find a way to continue

trading. To evade the sanctions, he created a shell company, RedStar
Solutions. He incorporated it in a jurisdiction with limited regulatory
expectations toward AML and sanctions compliance and masked it as a
technical support and maintenance service provider. Through RedStar, he
resumed exports to the foreign government developing its nuclear weapons
program, using transshipment points in permissive jurisdictions and falsified
invoices that labeled export-controlled items, such as semiconductors, as
“industrial machinery and spare parts.” RedStar also employed local
distributors in those jurisdictions to further distance Komarov and Volkof
Industries from the transactions and paid them to ensure the shipments were
received without question.

To launder the proceeds back to Volkof Industries, Komarov routed payments

through offshore accounts and shell companies. He was thus able to credit
Volkof Industries’ accounts using laundered funds from the illegal activities of
RedStar.

Komarov’s goal was not just to hide the profits of RedStar, but to keep Volkof
Industries trading, as its name still carried weight in industry circles. Despite UN
sanctions against Volkof Industries, this strategy helped the company meet
loan obligations, retain employees, and strengthen business ties to the foreign
government, its main client.

The scheme unraveled when a bank’s compliance officer flagged irregular

payment flows linked to RedStar. Further investigation exposed the illicit
network, revealing Komarov and Volkof Industries’ role in sanctions evasion,
proliferation financing, laundering criminal proceeds, and foreign bribery and
corruption offences.

Certified Anti-Money Laundering Specialist Page 24

Version 7.0
Key takeaways

• Sanctions evasion can serve as a predicate offense for money laundering,

highlighting the interconnected nature of financial crimes.

o Criminals might use shell companies to mask illicit activities and

circumvent sanctions restrictions.

o Complex financial strategies can obscure prohibited activities such as

nuclear weapons development.

Bribery and corruption

Bribery is giving or receiving money or some other asset in exchange for the
improper use of one’s delegated power. A bribe can be in cash but can also
take other forms. These forms include gifts, entertainment, business events,
hiring, padded invoices, political donations, and kickbacks.

Corruption is the misuse of delegated power for one’s personal benefit.

Corruption is a broad term that refers to many types of unethical behavior.
These types include bribery, embezzlement, extortion, graft, and influence
peddling. People in positions of public power and authority, such as
government officials, are particularly susceptible to corruption.

The giving of gifts, hospitality, or entertainment can be viewed as bribery,

especially if it is lavish. However, some cultures not only allow gift giving as a
part of doing business but expect it. Failing to provide a gift or refusing a gift
might offend a business partner from such a culture. Organizations must
clearly define acceptable gifts in their ABC policies. An example of bribery is
providing expensive tickets to a sporting event to senior members of an
organization with which your company is bidding on a project.

Corruption can occur in various forms. In one form, embezzlement, a person

entrusted with a position of authority or fiduciary responsibility steals money
directly from the government or company. For example, a CFO at a state-
owned investment firm misuses his position for self-enrichment by
transferring money out of the firm's account into his own personal account.

In another form, graft, a person obtains a dishonest financial advantage in a

less direct way. For example, a government official in charge of appropriations

Certified Anti-Money Laundering Specialist Page 25

Version 7.0
hires a road construction company that she owns and overpays the company,
to her own profit.

Bribery and corruption are often linked to other financial crimes, such as
money laundering. Organizations face the risk that their customers will
launder financial bribes, either given or received, through their accounts.

Case example: FullTechGlobal corruption

scandal
Sophie is an AFC manager in the compliance department of a financial
institution that has some global businesses as its customers. One day, she
came across negative news concerning their customer FullTechGlobal
Services, which is incorporated and headquartered in the US and is a
subsidiary of a UK company. The company faced serious accusations of
widespread bribery and corruption due to its overseas sales practices. This
raised concerns under the extraterritorial provisions of the UK Bribery Act
2010.

The UK Bribery Act 2010 is one of the world’s strictest anti-corruption laws. It
applies to any company with a UK connection and also holds parent firms
liable for corrupt activities by subsidiaries, regardless of location. This
extraterritorial scope means that the UK parents of non-UK businesses
engaging in bribery and corruption can also face prosecution, emphasizing
the need for robust compliance measures.

Sophie’s initial investigation revealed that FullTechGlobal had strategically

employed intermediaries in high-risk jurisdictions to secure lucrative
contracts. According to the allegations and further investigative efforts, it
appeared the subsidiary was systematically obscuring illicit financial flows
through inflated consultancy fees, fabricated invoicing practices, and opaque
shell companies. Additionally, evidence suggested that FullTechGlobal
provided sophisticated inducements, including lavish gifts and premium travel
arrangements to public officials and high-ranking executives to unlawfully
influence decision-making processes.

She followed up on the investigation and conducted a review that identified

failures within FullTechGlobal’s ABC framework and internal controls. Her audit
uncovered deficiencies in internal control mechanisms and inadequate
oversight, which facilitated prolonged and undetected corrupt activities.
Certified Anti-Money Laundering Specialist Page 26
Version 7.0
Bribery was identified as the predicate crime, leading to the laundering of illicit
funds through complex financial networks designed to evade regulatory
scrutiny and forensic tracing efforts.

Given these findings, the regulatory implications under the UK Bribery Act
2010 are profound. FullTechGlobal Services faces severe financial penalties,
increased scrutiny from international regulators, and potential criminal liability
for both the subsidiary and the parent company, including its executives.

As an AFC manager, she recognizes that her institution needs to maintain

compliance integrity and mitigate bribery and corruption risks in its dealings
with global businesses such as FullTechGlobal Services.

Key takeaways

• Multinationals using intermediaries in high-risk areas face increased bribery

risks.

• Corporate bribery often involves third parties, shell companies, and false
invoicing.

• Illicit funds are frequently laundered to conceal their origin.

• Financial institutions should:

o Conduct audits to identify control deficiencies.

o Enhance transaction monitoring for suspicious activities, especially

regarding “consultancy fees” to individuals or intermediaries located in
high-risk jurisdictions.

o Include anti-bribery clauses for customers engaging in intermediary

models.

Certified Anti-Money Laundering Specialist Page 27

Version 7.0
Tax avoidance versus tax evasion
Tax avoidance, or tax planning, is not illegal. It is the activity of legitimately
reducing the amount of tax owed to government by legal or natural persons.

Some jurisdictions encourage tax avoidance by allowing pre-tax savings.

Tax evasion is the use of illegal practices to avoid paying a tax liability. This
could include not declaring taxable income or hiding taxable assets from the
authorities. Tax evasion is illegal and those caught are generally subject to
criminal charges and substantial penalties.

While tax avoidance is legal and causes financial services firms no concerns,
aggressive tax avoidance is defined as the aggressive legal interpretation of
the law without adequately considering its intent or spirit.

An example of aggressive tax avoidance is a multinational company requiring

its subsidiaries to pay a royalty fee for the use of its intellectual property. This
reduces the profitability of the overseas unit and therefore reduces the tax
they pay in that jurisdiction.

AFC professionals should be satisfied that a customer’s activities across an

account fall within avoidance parameters.

Tax evasion is illegal and is considered a predicate offense for money

laundering. A predicate offense is a component part of a more serious crime.

Information gathered at onboarding and during transaction monitoring should

inform the activity the organization should expect across the customer’s
account. Unusual activity such as excessive personal expense claims across a
small business account might be a warning signal that a customer is evading
tax.

The Common Reporting Standard (CRS), developed in response to the G-20

countries' request and approved by the OECD (Organization for Economic
Cooperation and Development) Council, calls on jurisdictions to obtain
information from their financial institutions and automatically exchange that
information with other jurisdictions on an annual basis. It sets out the financial
account information to be exchanged, the financial institutions required to
report, the different types of accounts and taxpayers covered, as well as
common due diligence procedures to be followed by financial institutions. Its
purpose is to combat tax evasion.

Certified Anti-Money Laundering Specialist Page 28

Version 7.0
Fraud
Fraud is an intentional act of criminal deception in order to obtain an unjust or
illegal advantage. Typically, fraud results in financial or personal gain. Notice
that fraud is intentional and uses deception to achieve the goal. Fraud can be
committed by one or more individuals—from low-level employees, to
management, to government officials. It can be found in every country and
every type of business. Knowing the common features of fraud, as well as
typical motivations and red flags, will help you combat this crime.

People commit fraud for three major reasons: pressure, opportunity, and
rationalization. This three-sided model is referred to as the “Fraud Triangle.”
Pressure is sometimes called "incentive." It can be a financial problem that
drives a person to commit fraud, such as gambling or other debt. This can
create the pressure to commit fraud. Opportunity is often provided by a lack
of effective internal controls within an institution. For example, confidential
documents are left unattended in the office. Rationalization is when the
fraudster convinces herself that what she is doing does not really matter or
that the fraud is justified.

There are many different types of fraud, or schemes, each of which has its
own unique red flags. Common red flags of fraud include:

Certified Anti-Money Laundering Specialist Page 29

Version 7.0
• Something sounds too good to be true

• A promise of high returns for low investment

• Demand for upfront payments

• Deliberate creation of an artificial shortage of opportunities

• Element of secrecy

• Sense of urgency

• Pressure to act...right now!

Cyber-enabled crime
Cyber-enabled crime has been recognized as a multi-billion-dollar industry.
The Financial Crimes Enforcement Network (FinCEN) defines cyber-enabled
crime as “Illegal activities carried out or facilitated by electronic systems and
devices, such as networks and computers.” These illegal activities include, but
are not limited to, fraud, identity theft, and other crimes. Cyber-enabled
criminals use technology to gain access to funds, yet they must still launder
their ill-gotten gains.

The foundation of all cyber-enabled crime is trust. Trust is necessary to gain

the confidence of the target. Some of the methods used by well-educated,
technologically savvy cybercriminals include:

• Social engineering

• Impersonation methods such as phishing and spoofing

• Installation of malicious software such as malware and ransomware

Some of the effective methods that result in cyber-enabled crime include:

• Disruption or destruction of networks

• Fraudulently obtaining funds

• Extortion for a ransom payment

• Committing identity theft for other nefarious purposes

Cybercriminals can use deceptive practices, together or separately,

depending upon the intended outcome of the criminal scheme. These

Certified Anti-Money Laundering Specialist Page 30

Version 7.0
techniques can be successful only when the cybercriminal has earned the
target’s trust. Whether it is to obtain sensitive information from a target or to
convince the target to click on a fraudulent link, cybercriminals must create a
combination of urgency and source reliability. When the intention of the
criminal scheme is to spy, corrupt, or extort, the installed malicious computer
programs can infect the target’s operating system.

Examples of cyber-enabled crime are as broad as the imagination. Hacking,

attempted hacking, account takeovers, compromised accounts, payment
card fraud, fraudulent wire transfers, and others meet this definition. Given
how we conduct much of our lives through electronic systems or devices, it
would be difficult to find a crime that was not cyber-enabled in some way.

There is a direct relationship between cyber-enabled crime, money

laundering, and terrorist financing. In fact, terrorists and money-launderers
use many of the same techniques to conceal funds and payments.

Cyber-enabled crime occurs rapidly, through the internet. Proceeds of this

crime, or payments, also can occur rapidly, through a multitude of accounts
involving many different institutions.

Certified Anti-Money Laundering Specialist Page 31

Version 7.0
Examples of predicate crimes

Human trafficking and human smuggling

Human trafficking is a type of exploitation that can involve a domestic citizen
or a foreign national. Human smuggling involves transportation and, unlike
human trafficking, can only involve a foreign national. Since human smuggling
involves crossing a border, geography plays a key role.

Both human trafficking and human smuggling organizations can be

associated with transnational criminal organizations (TCOs). Illicit proceeds
from human trafficking and human smuggling can be laundered through
various money laundering methods. Laundered funds might be used to
purchase modes of transportation and residences to reinvest in individuals’
movement or exploitation. Detecting these crimes requires gathering multiple
indicators from different sources.

While human trafficking and human smuggling have different elements, both
types of crimes exploit an individual’s desperation in order to make a profit.

Since human smuggling involves the voluntary crossing of a border by a

foreign national, law enforcement agencies operating at borders and within
the countries or states can play a critical role in the identification of the
specified unlawful activity. Victims of human smuggling can become victims
of human trafficking; however, not all trafficked victims have been smuggled.

Smuggling and trafficking enterprises require structure and often work with
other TCOs to assist with victim transportation or laundering of associated
proceeds. The logistics of both billion-dollar industries can require housing,
vehicles, withheld or false identities, and the ability to successfully launder
smuggling proceeds and the earnings from the exploited victims. Given the
complex nature of both criminal organization enterprises, several indicators
arise from associated transactional data and victim typology.

Primary and secondary indicators include:

• Proceeds from unknown sources could be initially fragmented.

• Funnel accounts, trade-based money laundering schemes, shell

companies, and cash-intensive businesses can launder proceeds.
Certified Anti-Money Laundering Specialist Page 32
Version 7.0
• Profits from the unlawful activity are reinvested back into the business
model.

Fees paid from smuggling and trafficking can also fuel other illicit TCO
schemes.

Environmental crime
While all financial crime is troubling, environmental crimes are unique in terms
of their lasting effects. The Financial Crimes Enforcement Network (FinCEN)
acknowledged this fact in its advisory on environmental crimes, defining them
as “...illegal activity that harms human health, and harm nature and natural
resources by damaging environmental quality. This can include driving
biodiversity loss, and causing the overexploitation of natural resources, and
thereby increasing carbon dioxide levels in the atmosphere.

Wildlife trafficking can be considered a subcategory of environmental crime

due to its impact on nature. However, for enforcement purposes, it is a
standalone crime.

Environmental crimes are complex. It is difficult to pursue criminal charges for

the following reasons:

• They often involve transnational criminal organizations (TCOs).

• They can be very difficult to detect prior to and during the activity.

• They can involve several global criminal and noncriminal regulations.

TCOs and other criminal organizations are constantly looking for ways to
supplement their income, and environmental crimes offer the opportunity to
both earn and launder funds simultaneously. For example, a TCO might be a
part owner of a waste management and transportation front company. Their
ownership would allow the TCO to inflate contracts to place illicit funds. It
could then execute those contracts with complicit accountholders to layer
the funds. If there is any actual hazardous waste disposal carried out, it is done
in a way that minimizes overhead and increases profit, such as dumping
chemical production byproducts in public drinking and bathing reservoirs.

Similarly, TCOs might initiate or extort legitimate-appearing fishing, logging,

and mining operations, either illegally harvesting natural resources or
expanding the scope of a previously legitimate operation. When authorities

Certified Anti-Money Laundering Specialist Page 33

Version 7.0
investigate the illicit activity, they often become hindered by corrupt
government officials who have been bribed to block or hide the inquiry.

Drug trafficking
Drug trafficking involves the illegal production, distribution, and sale of
controlled substances. Commonly trafficked drugs include heroin, cocaine,
cannabis, and synthetic drugs such as fentanyl and methamphetamine. The
legal status of some of these drugs complicates enforcement and regulation
efforts. For example, both fentanyl and cannabis have legal medicinal uses,
and recreational cannabis use is permitted in certain jurisdictions, but illegal in
others.

Drug trafficking operates as a highly structured network, analogous to a

multinational corporation, and can involve an extensive global supply chain.
Money laundering can occur during the sourcing, manufacturing, or
distribution stages.

Criminal organizations utilize various methods to launder money at the

sourcing stage when the raw material is obtained and refined. Payments for
chemical precursors and logistics are often made on the basis of fraudulent
trade invoices and routed through offshore shell companies, cryptocurrency
mixing services, and hawala networks. This allows traffickers to obscure the
origins of their funds from the beginning of the supply chain. At the
manufacturing stage, proceeds are funneled through agribusiness, real estate
acquisitions, shell logistics firms, and TBML. These methods help traffickers
integrate illicit funds into the economy.

According to FinCEN, criminal organizations also utilize the international trade

system to launder proceeds from drug trafficking. Colombian drug traffickers,
for instance, have historically used the Colombian Black Market Peso
Exchange (BMPE) to convert US dollars into Colombian pesos. This system
allows traffickers to settle drug debts or purchase future shipments while
obscuring the origins of their funds.

Once drugs are sold and distributed, traffickers launder the consolidated cash
through shell companies to appear legitimate, integrating illicit funds into the
financial system. This process highlights the legal implications of drug
trafficking as a predicate offense for money laundering, as the proceeds are
considered "dirty money" that need to be concealed to avoid detection by law

Certified Anti-Money Laundering Specialist Page 34

Version 7.0
enforcement. Integration methods include real estate acquisitions in global
cities, luxury asset purchases such as art, gold, yachts, and rare diamonds, and
crypto-laundering through exchanges and non-fungible token platforms.

Certified Anti-Money Laundering Specialist Page 35

Version 7.0
Terrorism financing

Terrorism financing compared to money

laundering
Terrorism financing and money laundering are both financial crimes that
exploit the global financial system to achieve illicit objectives. However, the
two phenomena diverge significantly in important ways.

The goal of money laundering is to conceal the origins of illegally obtained

funds, while the goal of terrorism financing is to provide financial support to
terrorist organizations and their activities. In terrorism financing, the source of
funds may be legitimate or illegitimate.

The pathway of the funds is also different. Money laundering transactions are
typically circular. At the end of the process, the person or entity directing the
laundering activity expects to regain control of the funds. In terrorism
financing, the funds have a linear pathway to support the activities of
terrorists.

Terrorism financing

Funding type Revenue source Counterstrategy

Terrorism Legitimate and Fronts, donations, Detection of

financing illegitimate criminal activities funding stream

Money laundering Illegitimate Corruption, fraud, Tracking

organized crime suspicious
transactions

Terrorism financing can come from both legitimate and illegitimate sources.
Legitimate sources may include revenue from business fronts and charitable
donations from individuals or entities sympathetic to a terrorist organization's

Certified Anti-Money Laundering Specialist Page 36

Version 7.0
cause. Illegitimate funding could involve proceeds from criminal activities such
as kidnapping, drug trafficking, or smuggling.

In contrast, money laundering is exclusively concerned with obscuring the

illegal origins of money generated from criminal activities such as corruption,
fraud, or organized crime. The process involves three stages. The first is
placement, where the illicit funds are introduced into the financial system. The
second stage is layering, where the funds are moved through numerous
transactions to confuse tracing efforts. The third stage is integration, where
the laundered money is mingled with legitimate funds, appearing as lawful
assets.

Given the contrasts between money laundering and terrorism financing,

counterstrategies also vary:

• Regulations against terrorism financing focus on both the detection of

funding streams to terrorist groups and the prevention of such funding.
This includes stringent scrutiny of nonprofit organizations and remittance
services.

• Money laundering countermeasures emphasize transparency and the

tracking of suspicious transactions within financial institutions to uncover
and deter the integration of illegitimate money into the economy.

How terrorists move and store funds

Terrorists and terrorist organizations have many options when choosing to
move and store funds between jurisdictions. The choice depends on
numerous variables. These variables include the size of the transaction, how
quickly the transaction needs to be performed, and the risks of detection for
the organization and its financial facilitators.

Whether it is through trade, commerce, or outside of the financial system,

terrorists will seek to abuse any channel and method available to them.
Because of the exploitative nature of terrorism financing, banks should have a
comprehensive understanding of their customers and the nature of their
transactions.

Terrorist organizations could use the traditional banking system, along with
legitimate money service businesses, and cash to move and store funds. For
example, correspondent banking is a business model that makes financial

Certified Anti-Money Laundering Specialist Page 37

Version 7.0
transactions possible between unrelated banks in different jurisdictions. It also
makes possible a red flag for terrorism financing, through nested transactions
in which funds could be paid to unrelated third parties or in lines of business
different than the customer of record.

Prepaid cards are typically sold with few KYC requirements. Terrorists might
use false identities to purchase multiple prepaid cards. They could use illicit
cash or stolen credit cards as a funding mechanism to load onto prepaid
cards.

Many terrorist organizations also use cryptocurrencies and stablecoins in their

financing operations. A potential red flag could be numerous, seemingly
unrelated deposits of cryptocurrency. Afterward, the deposits are quickly
converted to stablecoins, or into fiat currency and withdrawn through a virtual
asset service provider and/or in a jurisdiction with poor AFC controls.

Terrorist organizations may also use alternative remittance systems (ARS).

ARS transactions are legal in some jurisdictions and represent an exchange of
value between two parties but without moving physical cash from one
location to another. Red flags for illegal use of ARS include repeated deposits
made in one jurisdiction followed by immediate ATM withdrawals in another
jurisdiction.

Case example: Mr. Wolfe’s scheme

Mr. Wolfe, a wealthy businessman with radical political views, decided to
conduct a terrorist financing scheme to support ISIS operations in Syria, in
alignment with his ideology. Unlike traditional money laundering typologies,
this type of terrorist financing scheme involved various funnel points and both
legitimate and illicit financial streams. Mr. Wolfe utilized his import-export
firms, travel agencies, and retail businesses to generate authentic income.
However, he then concealed portions of these legitimate revenues through
deceptive channels, such as privacy-centered cryptocurrencies, to ultimately
reach terrorist organizations without detection.

Simultaneously, Mr. Wolfe’s criminal associates used explicitly illegal activities

to raise funds. Criminal operations, including cybercrimes such as
ransomware attacks, financial institution hacking, and credit card fraud
generated substantial illicit proceeds. They also used traditional criminal
enterprises, such as narcotics trafficking and large-scale fraud schemes, and

Certified Anti-Money Laundering Specialist Page 38

Version 7.0
deliberately directed the funds toward terrorist networks. Once the financiers
obtained the funds, facilitators employed sophisticated money laundering
methods to obscure their origins and destinations to avoid detection.

The facilitators:

• Committed trade-based money laundering involving false invoicing and

fictitious commodity transactions through seemingly legitimate
businesses.

• Layered funds through unregulated fintech platforms, cryptocurrencies,

and peer-to-peer payment networks, using digital wallets to complicate
traceability.

• Smuggled physical bulk cash, moving large amounts of money across

borders outside conventional banking oversight.

• Used hawala brokers to facilitate cross-border transfers, leveraging

informal networks to obscure financial trails.

Financial institutions first detected the illicit activity through transaction

monitoring systems, which flagged structured deposits, rapid inter-
jurisdictional layering, and anomalous fund movements linked to known
terror-affiliated wallets. Blockchain analytics firms provided forensic
intelligence, mapping illicit cryptoasset flows through darknet marketplaces
and high-risk exchanges. FIUs synthesized bank SARs with cross-border
financial activity, triggering red flags within international regulatory networks.

As FIUs escalated the case, law enforcement agencies, including Europol,

Interpol, and national counterterrorism task forces, conducted targeted
surveillance on Mr. Wolfe and his criminal associates. These individuals,
designated as subjects of interest, were monitored to trace cash smugglers
and hawala networks. They conducted coordinated asset freezes to disrupt
financial channels, resulting in the seizure of digital wallets and the dismantling
of Mr. Wolfe’s companies used to finance terrorism. Mr. Wolfe and his
associates all received lengthy prison sentences and heavy fines. Intelligence-
led investigations, real-time interagency collaboration, and advanced analytics
all played a key role in countering this terrorist financing network.

Certified Anti-Money Laundering Specialist Page 39

Version 7.0
Key takeaways

• Terrorist financing increasingly relies on cryptocurrency and unregulated

fintech platforms.

• Terrorist financing often involves legitimate funds being diverted for illicit
purposes, making detection more complex.

• Law enforcement agencies should focus on both conventional and cyber-

enabled detection strategies, such as blockchain analysis and trade
finance scrutiny.

• Organizations should enhance transaction monitoring across both digital

and cash-based systems, collaborating with technology firms, law
enforcement agencies, and global regulators.

Certified Anti-Money Laundering Specialist Page 40

Version 7.0
Consequences of financial crime

Consequences of financial crime

Financial crime is a global problem that has dire consequences for nations. It
weakens governments and economies. It lowers the standard of living for
populations. It especially hurts developing nations and emerging economies,
who can least afford the financial losses these crimes cause. The worldwide
proceeds of financial crime are estimated to be up to 5% of global gross
domestic product, or US$2 trillion.

Financial crime weakens nations by shifting control of finances and economic

policy from governments to criminals. It discourages foreign investment
because nations where financial crime is widespread are unstable and
present high risk to investors. Because criminals do not typically report the
proceeds of crime as income, nations lose massive amounts of tax revenue.
Financial crime damages the reputation of nations.

The loss of income to nations due to financial crime and the need to divert
funds to fight it take funding away from vital social programs. International
agencies and donors are less likely to provide aid where financial crime is
rampant. As a result, social services, education, and health care programs may
be unfunded or underfunded. This loss of funding contributes to poverty, lack
of education, and poor health.

Financial crime hurts organizations, including financial institutions, in many

ways. It gives an unfair advantage to individuals and companies that engage in
illegal activity. It threatens the operations and reputation of organizations that
become involved in it, whether intentionally or unintentionally. It can lead to
loss of market share and even bankruptcy. Legitimate, law-abiding companies
are at a disadvantage when competing against companies that are fronts for
illegal activity and that evade paying taxes. Financial institutions are hurt when
criminals use them to conduct illicit financial activity. This activity destabilizes
them and costs them money in terms of direct losses, regulatory fines, and
legal and compliance costs. It also damages their reputation in the
marketplace, leading to customer distrust and loss of business.

Certified Anti-Money Laundering Specialist Page 41

Version 7.0
Social consequences of financial crime
Financial crime has far-reaching social and economic consequences,
undermining institutions, eroding public trust, and inflicting long-term
economic harm. Corruption and fraud erode confidence in governments and
public bodies that have been entrusted with the mandate to improve services
such as infrastructure and health care. This can lead to reduced civic
engagement and can discourage foreign investment. Money laundering
facilitates the financing of human trafficking, drug cartels, terrorism, and arms
smuggling, which foster widespread criminality and societal disruption. In
regions where anti-money laundering measures are weak, these risks are
magnified, often resulting in higher crime rates, capital flight, and even civil
unrest.

Jurisdictions with lax AML enforcement often experience broad reputational

damage that extends beyond individual companies. Such regions can find
themselves subject to international sanctions and trade restrictions, which
discourage economic growth and job creation. Other countries might be
reluctant to engage in business with countries with high levels of financial
crime, which can isolate the affected country politically as well as
economically. Lasting reputational damage can severely impact their ability to
operate effectively in the global market.

Financial crime can also disrupt businesses, leading to a loss of productivity.

Companies might spend significant resources on compliance and legal issues,
diverting attention from their core operations and limiting their ability to grow
and innovate.

Victims of financial scams, fraud, and identity theft frequently suffer severe
personal setbacks. In addition to significant financial losses, victims might
experience psychological distress, depression, and a profound loss of security.
Elderly populations are disproportionately affected by financial scams, which
can lead to financial ruin and social isolation due to a loss of money, trust, and
stigmatization associated with being a victim.

Certified Anti-Money Laundering Specialist Page 42

Version 7.0
Institutional accountability to prevent
financial crime
Financial crime undermines economic stability and has wider negative
societal consequences if ignored. Imposing strict obligations through
legislation and regulation on institutions with the objective of preventing illicit
funds entering and flowing through the financial system is one of the ways to
fight financial crime. Depending upon the entity type, how regulation is applied
can differ greatly due to the distinct differences between regulated entities
and obliged entities.

A regulated entity is a business that falls under the direct supervision of

financial regulators, such as banks, money services businesses, and other
financial institutions. These entities must comply with detailed AML/CFT
requirements which include, but are not limited to, implementing
comprehensive AML programs, conducting customer due diligence, real-time
transaction monitoring, and promptly reporting suspicious activity.

An obliged entity is a broader category that includes both regulated entities

and nonfinancial organizations subject to other financial crime laws, such as
ABC and sanctions regulations. For example, sectors like energy, mining,
logistics, pharmaceuticals, and real estate might not be directly regulated by
financial authorities, yet they must perform risk assessments and have
adequate and effective controls to deter financial crime. These organizations
are expected to take reasonable steps to prevent illicit activities and to
implement remediation measures following enforcement actions, such as
fines or leadership changes. An entity can be both regulated and obliged,
meaning all relevant financial crime laws and regulations will apply to the
institution.

Regulatory developments, such as the AML Act in the US, the Economic Crime
and Corporate Transparency Act 2023 in the UK, the EU AML Package, and
updated guidelines from FATF, have heightened industry-wide standards.
Failure to comply with these obligations can result in severe consequences,
including heavy fines, operational restrictions, and substantial reputational
damage. In extreme cases, repeat offenders risk disqualification from critical
markets, loss of operating licenses, or entering into a deferred prosecution
agreement whereby the offending entity agrees to fulfill certain

Certified Anti-Money Laundering Specialist Page 43

Version 7.0
requirements, such as an overhaul of the AML/CTF compliance program in
exchange for the postponement of prosecution.

All institutions, irrespective of whether regulated or obliged, must invest in

appropriate and effective compliance strategies, staff training, and advanced
monitoring technologies to safeguard against financial crime in an
increasingly complex environment. These measures not only protect the
institution from regulatory scrutiny, but also safeguard consumers and
investors, which builds confidence and supports long-term business
sustainability.

Individual impact of violations of AFC

regulations
Compliance professionals are not only held accountable under financial crime
laws but are also subject to all applicable criminal statutes within their
jurisdiction. AML professionals can face prosecution for aiding or failing to
prevent financial crimes and as seen more recently, for deficiencies in their
firm's compliance program of which they carry ultimate accountability. Senior
leaders, such as MLROs or BSA officers, bear the greatest personal
responsibility.

For example, Samantha, an MLRO, was recently investigated due to

compliance failures that involved significant unreported suspicious
transactions relating to financial crimes. Regulatory scrutiny identified that
Samantha deliberately neglected to address compliance alerts, failed to
report suspicious transactions, and inadequately documented compliance
activities. Samantha faced severe consequences, including substantial
regulatory fines, professional disqualification, and potential criminal charges
for obstruction of justice and conspiracy.

An individual’s accountability and consequences are usually appropriate to the

seniority of their role and the part they played in the non-compliance or
regulatory breaches. Compliance breaches made by first LoD or operational
staff are more likely to result in administrative penalties or monetary fines
rather than criminal prosecution, unless there is clear evidence of intentional
wrongdoing or collusion.

The regulatory landscape differs across jurisdictions. For example, in many

European countries severe compliance failures can lead to temporary
Certified Anti-Money Laundering Specialist Page 44
Version 7.0
disqualification from holding senior roles, asset freezes, or travel restrictions.
US regulators are particularly stringent, and agencies like the Department of
Justice and the Securities and Exchange Commission actively pursue
individual accountability.

Noncompliance with AFC regulations poses not only institutional risks but also
serious, individual legal and reputational risks. While all compliance
professionals must adhere to rigorous standards and maintain accurate and
appropriate documentation of their decision-making processes, the personal
consequences for individuals in senior positions can be significantly more
severe than those for more junior staff.

Certified Anti-Money Laundering Specialist Page 45

Version 7.0
Financial crime risks in relation to
other types of risks

Financial crime risks

Institutions that deal with money or assets with transferable value have
greater exposure to financial crime risks when conducting business. These
include, but are not limited to, banks, nonbank financial institutions, payment
service providers, legal firms, and accountants. Criminals exploit these sectors
to move illicit funds and obscure ownership structures to evade detection.
Due to their vulnerability, these specific industries, and some others, are
deemed “obliged” entities and are subject to stringent financial crime
regulations.

The risks associated with financial crime exposure are multifaceted and go far
beyond direct financial losses. Some types of risks that organizations face
include, but are not limited to, operational, legal, concentration, and
reputational. Institutions also face systemic risks, where criminal misuse of
financial systems can destabilize entire markets or financial ecosystems.
Cybersecurity risks increase as institutions manage digital transactions and
combat emerging threats such as ransomware and deepfake fraud.
Geopolitical risks arise when financial crime intersects with international
sanctions, trade restrictions, or politically exposed persons, making
compliance even more complex and challenging to manage.

Regulatory fragmentation presents another challenge, as global financial

crime compliance requirements vary across jurisdictions. Regulatory
fragmentation is when multiple regulatory bodies have varying rules around
the same issue, often creating inconsistencies in enforcement and risk
exposure. Additionally, technological risks emerge as digital payment
platforms, cryptocurrencies, and decentralized finance introduce new and
largely unquantified financial crime risks that institutions must monitor and
mitigate.

To address these risks, obliged entities must implement proactive financial

crime compliance programs, including transaction monitoring and utilization

Certified Anti-Money Laundering Specialist Page 46

Version 7.0
of tools such as AI, enhanced due diligence, and real-time fraud detection.
Strengthening governance frameworks and improving inter-agency
collaboration ensures that financial institutions remain resilient against
financial crime threats while maintaining regulatory compliance and market
stability.

Case example: A lasting lesson

In 2012, HSBC was involved in a money laundering scandal that remains one of
the most significant AML compliance failures in banking history. Due to
inadequate transaction monitoring and an overall fragmented and ineffective
compliance framework, HSBC allowed drug cartels to launder over US$880
million in its Mexico operations.

In response to the breach, US federal regulators imposed a record fine of

US$1.9 billion, which was the largest AML penalty at that time, comprising
US$665 million in civil penalties. The US Department of Justice entered into a
five-year deferred prosecution agreement with HSBC, mandating a
comprehensive overhaul of its global compliance operations. One critical
outcome of the investigation was the forced resignation of several senior
executives, including the Global Head of Compliance, reflecting the
regulator’s strong criticism of the bank’s AFC culture. Regulators highlighted
that HSBC’s internal environment had often prioritized local business interests
and profit over robust, centralized compliance controls.

The operational repercussions were profound. Not only did the scandal trigger
an immediate regulatory and financial backlash, but it also inflicted lasting
reputational damage. HSBC’s credibility was severely undermined, leading to a
significant erosion of customer trust and a weakened market position. As a
corrective measure, the bank was compelled to rebalance power dynamics
within its organization, strengthening central oversight and compliance
functions while limiting the autonomy of local business units. This restructuring
aimed to restore the integrity of its financial crime risk management
framework and reduce exposure to high-risk jurisdictions through a strategic
de-risking process.

Ultimately, the HSBC case offers a severe lesson on the operational and
reputational risks associated with weak financial crime controls. It underscores
the critical importance of maintaining a strong compliance culture and
implementing robust AML controls. It also serves as an instructive example for
Certified Anti-Money Laundering Specialist Page 47
Version 7.0
financial institutions worldwide: neglect in these areas not only results in
severe financial penalties and operational disruption but also irrevocably
damages a bank’s reputation, ultimately undermining its long-term viability in
the global market.

Key takeaways

• AML compliance failures expose financial institutions to regulatory and

reputational risks.

• Weak AML controls can result in severe penalties, as well as business

restructuring.

• Leadership accountability helps to mitigate financial crime risks.

• Ongoing compliance investment ensures resilience against evolving

financial crime threats.

• Strong AML frameworks protect institutions from enforcement actions and

market exclusion.

Operational, legal, concentration, and

reputational risks
Key risks that organizations face include: Operational, legal, concentration, and
reputational.

Operational risk is direct or indirect loss of operations due to inadequate or

failed internal processes, people, or systems, or as a result of external events.

Legal risk is the possibility that criminal penalties, lawsuits, or contracts that
cannot be enforced might harm an organization.

Concentration risk stems from over-exposure to a single customer or group

of related customers.

Reputational risk comes when an institution known to have weak controls is

then targeted by criminals or avoided by stakeholders who lose confidence in
the institution.

Although these risks are usually managed by non-AFC risk management

teams, understanding the correlation with financial crime risk is indispensable.

Certified Anti-Money Laundering Specialist Page 48

Version 7.0
Operational risk is complex and includes an organization’s ability to maintain
AFC controls in an evolving regulatory environment across multiple
jurisdictions. Typically, a global organization makes the policies of its home
regulator its base standard. The organization will then adjust to each host
country’s laws. Evolving regulations might become misaligned with current
business models and controls. Compliance programs must continually be
updated.

Legal risk stems from potential violation of regulations, laws, and ethical
practices. Governments might issue administrative penalties or fines. Third
parties, such as customers who feel damaged, might file lawsuits. Adequate
AFC controls add protection from crime and inappropriate relationships.

Concentration risk can be reduced by AFC controls and strategic

diversification. Customer due diligence, enabled by technology, helps manage
exposure. Concentration could occur in borrowing, funding, purchasing,
provision of key services, or any other business relationship. Risk could
increase through actions by a customer, or external actions involving a
customer.

Reputational risk is difficult to quantify. Trust takes a long time to earn but can
be lost quickly. A single news story—even fake news—can drive away
customers and investors. Many organizations deserve their reputations, good
or bad, based on their chosen business practices and ethics.

Certified Anti-Money Laundering Specialist Page 49

Version 7.0
Money Laundering Risks in
Financial Services

Introduction

Introduction: Money laundering risks in

financial services
This module covers various money laundering risks associated with financial
services. The financial services sector is integral to the global economy,
facilitating the movement and management of capital across borders. Given
its central role, this industry is particularly vulnerable to the risks of money
laundering. Understanding these risks is necessary for maintaining
compliance, protecting the integrity of the financial system, and safeguarding
institutional reputations. By learning these topics, you will be equipped to
identify vulnerabilities, implement effective controls, and manage and
mitigate risks, ensuring your organization remains secure and trusted by
customers.

Student note: Sector-specific case studies

This module will cover the key ML risks of various sectors, products, and
services. For a detailed explanation and analysis of a specific sector, we
encourage you to take one of our sector-specific case study courses.

Certified Anti-Money Laundering Specialist Page 50

Version 7.0
Case example: A new corporate banking
role
Elena is an experienced AML compliance officer in retail banking. She is
starting a new role overseeing the AFC team within the corporate banking
division of her financial institution. To succeed in her new role, she needs to
understand the unique risks associated with this sector and implement
effective controls to mitigate them.

Conducting a thorough risk assessment of her organization’s corporate

banking products and services is an important first step. This involves
identifying and evaluating the inherent risks associated with each product.
She will also need to assess the customer base to understand the risks,
including the industries they operate in, their geographical locations and the
typical transaction activity.

She will then need to assess the systems and controls that are in place to
determine if they are commensurate with the specific risks of money
laundering and terrorist financing that the bank faces. Effective CDD is a
critical component of any AFC program, but is particularly important in
corporate banking. This is because the transactions are often of higher value,
more complex, and might require the services of third parties such as lawyers
and accountants if a deal involves multiple financial instructions. As a result,
corporate banking transactions will require a relatively robust transaction
monitoring system that can analyze patterns and detect anomalies in a more
effective manner.

It is also valuable for her to understand recent high-profile money laundering

prosecutions to gain insights into the failings in the compliance programs at
other banks. For example, in October 2024, TD Bank agreed to a historic US$3
billion settlement with the US government. This settlement was a result of the
bank's failure to detect and prevent money laundering activities within its
institution over nearly a decade.

It is also considered best practice and in most jurisdictions an industry

standard to invest in continuous AFC training for herself and her team.
Attending industry seminars, workshops, and training sessions can help Elena
stay up to date on the best practices in corporate banking compliance.

Certified Anti-Money Laundering Specialist Page 51

Version 7.0
Key takeaways

To understand and control financial crime risks associated with banking

products, you should:

• Conduct a thorough risk assessment of your organization’s banking

products and services.

• Assess the systems and controls currently in place to determine if they are
adequate for the level and type of risk your organization faces.

• Learn from past compliance failures to ensure you avoid similar ones in the
future.

• Pursue continuing training so you can stay up to date on best practices in

banking compliance.

Student note: Financial crime risk

Please note that “risks” in this context means financial crime risks. The risks we
are focusing on include money laundering risk, terrorist financing risk, and
many other types of financial crime risk.

Certified Anti-Money Laundering Specialist Page 52

Version 7.0
Money laundering risks
associated with banking

Money laundering risks associated with

banking

The banking sector is inherently more vulnerable to money laundering than

other industries as banks can be involved in all three stages of the money
laundering cycle. Banks are responsible for conducting millions of transactions
a day. Many of these transactions are rapid transfers of funds that could
include cross-border movements. This dynamic environment offers
numerous opportunities for money launderers to disguise illicit funds among
legitimate ones. The complexity and sophistication of certain banking
products and services further increases this risk.

Placement of illicit funds into the financial system might occur through bank
deposits or purchase of monetary instruments. During layering, the funds are
moved through various accounts and transactions to obscure their origins.

Certified Anti-Money Laundering Specialist Page 53

Version 7.0
Finally, in the integration stage the laundered funds re-enter the economy as
seemingly legitimate funds through investments or business ventures, again
facilitated by banks.

Different banking services, such as retail, commercial, private, and

correspondent banking, each present unique vulnerabilities. For example, in
retail banking, individual customers might engage in small but frequent
transactions to avoid detection. The sheer volume of these transactions
makes it difficult for banks to identify suspicious activity. In commercial
banking, a customer could use business accounts to launder large sums of
money through trade finance, loans, and other commercial activities.

Several factors contribute to the banking sector's increased vulnerability to

money laundering:

• Volume and scale: Banks handle a large volume of transactions daily,

making it easier for illicit funds to blend in with legitimate activities.

• Global reach: Many banks operate internationally, providing criminals with

the ability to move funds across borders and exploit regulatory differences.

• Complex products: The variety of financial products and services offered

by banks, such as wire transfers, investments, trade finance, and
correspondent banking, can be exploited by money launderers.

• Customer relationships: Banks often emphasize maintaining strong

customer relationships, which can sometimes lead to insufficient scrutiny
of high-risk customers.

Shell and shelf companies risks

A shell company or corporation is a company that, at the time of
incorporation, has no significant assets or operations. A similarly named "shelf"
company is a corporation that has had no activity. It has been created and put
"on the shelf" so that it can be sold later to someone who prefers a previously
registered corporation over a new one. Both shell and shelf companies are
generally kept dormant and used later to appear legitimate while usually
masking the beneficial owner. A front company is an entity that conducts
some legitimate business while also shielding another company from liability
or scrutiny. Financial criminals might use a front company to conceal illicit
activity. For example, they might operate a car wash to launder the profits of

Certified Anti-Money Laundering Specialist Page 54

Version 7.0
drug trafficking. While there are legitimate uses for shell, shelf, and front
companies, within the context of researching and accepting customers, they
are considered high risk.

Shell companies can be established with the primary objective of claiming the
proceeds of crime as legitimate revenue or commingling criminal proceeds
with legitimate revenue. According to the Financial Action Task Force (FATF),
the use of shell companies to facilitate financial crime is a well-documented
typology.

Shell companies can be set up in onshore and offshore locations.

Their ownership structures can take several forms:

• Shares can be issued to a natural or legal person in registered or bearer

form.

• Some shell companies can be created for a single purpose or to hold a

single asset.

• Some shell companies can be established as multipurpose entities.

Shell companies are often legally incorporated and registered by the criminal
organization but have no legitimate business purpose. Often purchased from
lawyers, accountants, or corporate service providers, they are convenient
vehicles for bribery and corruption, money laundering, and sanctions evasion.

Sometimes, the stock of these shell corporations is issued in bearer shares,

which means that whoever carries them is the purported owner. Tax haven
countries and their strict secrecy laws can further conceal the true ownership
of shell corporations. In addition, the information may be held by professionals
who claim secrecy.

When FATF reviewed the rules and practices that impair the effectiveness of
financial crime prevention and detection systems, it found in particular that
shell corporations and nominees are widely used mechanisms to launder the
proceeds from crime. As a result, shell companies are considered to
represent a higher risk of financial crime.

Certified Anti-Money Laundering Specialist Page 55

Version 7.0
Case example: Estonian bank branch
Danske Bank, Denmark's largest financial institution, became embroiled in a
significant money laundering case centered around its Estonian branch.
According to Reuters, between 2007 and 2015, approximately €200 billion of
suspicious funds were funneled through the bank, primarily originating from
Russia as well as Estonia, Latvia, Cyprus, and Great Britain. The scandal
became known in 2018, unveiling the intricate use of shell and shelf companies
to facilitate the laundering process.

One prominent example was the use of United Kingdom limited liability
partnerships (LLP) and Scottish limited partnerships (SLP). These entities
allowed for minimal disclosure requirements, enabling criminals to hide
behind complex ownership structures. The shell companies conducted
fictitious transactions and created false invoices to justify the movement of
funds, making it difficult for authorities to trace the origins of the illicit money.

The laundering process in the Danske Bank scandal involved multiple steps to
layer and integrate the illicit funds. Initially, money was deposited into
accounts held by shell and shelf companies in Danske Bank's Estonian branch.
These funds were then transferred through a complex web of transactions
involving other shell companies, often spanning multiple jurisdictions. By
moving the money through various entities and accounts, the criminals
created a convoluted trail that was challenging to untangle. The use of false
documentation, including fake contracts and invoices, provided legitimacy to
the transactions. An additional finding of the scandal revealed that Danske
Bank’s head office was unaware of the AML compliance failings, including the
lack of an MLRO appointment for over a year, as they did not have adequate
oversight and supervision of the Estonian branch and of the transactions that
were being processed.

The Danske Bank scandal had far-reaching consequences for the institution
and the broader financial landscape. According to a press release by the US
Department of Justice, Danske Bank faced significant regulatory scrutiny,
leading to the resignation of several top executives. Danske Bank pleaded
guilty to bank fraud conspiracy and paid substantial fines of more than US$2
billion. The scandal also reiterated the importance of robust AML controls and
the need for enhanced transparency in financial transactions and adequate
supervision of subsidiary businesses and operations if they are remote or
overseas in higher-risk jurisdictions.

Certified Anti-Money Laundering Specialist Page 56

Version 7.0
Key takeaways

• Intricate structures of shell and shelf companies can be used to facilitate

money laundering.

• Financial institutions should remain vigilant and implement stringent AML

controls to detect and prevent such activities. These should include:

o Robust enhanced customer due diligence and transaction monitoring

processes.

o Strong capabilities for beneficial ownership verification where

customers exhibit complex ownership structures.

o Adequate and appropriate oversight of their overseas subsidiaries with

regular audits conducted and any identified deficiencies reported in a
timely manner.

Politically exposed person risks

A politically exposed person (PEP) is an individual in a prominent political
function, their immediate family, close associates, and any businesses held or
controlled by that person. One challenge in identifying PEPs is the varying
guidance and recommendations in each jurisdiction.

Organizations must adhere to their local regulatory requirements in identifying

PEPs. However, organizations may choose to enforce higher standards based
on their risk appetite.

According to the Financial Action Task Force (FATF), there are three types of
PEPs:

• Foreign PEPs are individuals entrusted with prominent public functions by a

foreign country.

• Domestic PEPs are individuals entrusted domestically with prominent

public functions.

• International organization PEPs are individuals from an international

organization entrusted with a prominent function such as secretary
general, executive director, or president.

Certified Anti-Money Laundering Specialist Page 57

Version 7.0
Individuals in high positions and their associates are more vulnerable to
corruption.

Corruption might be favors where the PEP directs government contracts to

an organization in return for kickbacks. In addition, a PEP might influence
legislation for bribes or flee the country with government funds.

Use a broad definition for defining a PEP.

PEPs can generally be defined as:

• A person in a prominent decision-making or influential role

• A person within royal, military, legislative, judicial, executive, or similar

government positions

PEPs will often use nominees or businesses they are associated with.

Therefore, the definition of PEP can also include:

• Immediate family

• Close friends or associates

• Businesses owned or held by those individuals

Under a risk-based approach, PEP risk is manageable. Some organizations

follow a “once a PEP, always a PEP” approach because the individual may
remain in the same circles of influence, even if they have stepped down.

Other organizations will look at:

• The individual’s influence at the time, such as their ability to award

contracts or allocate funds

• How long the individual has been classified as a PEP

The purpose of the PEP designation is important. Organizations must take the
necessary steps to adapt transaction monitoring and KYC reviews and
escalate based on their risk appetite.

Certified Anti-Money Laundering Specialist Page 58

Version 7.0
Control and ownership for AML compliance
Control and ownership play a vital role in AML efforts, as they can often be
obscured or concealed, allowing bad actors to disguise criminal activities and
facilitate financial crime. A beneficial owner (BO) is defined as an individual or
entity that possesses ownership of a legal entity, either through shareholding
or other means. In contrast, the ultimate beneficial owner (UBO) refers
specifically to one or more natural persons who ultimately owns a substantial
percentage of shareholding. It is important to note that a BO might appear to
have ownership of a company but might not control the company.
Conversely, a UBO might not directly hold shares but does exert ultimate
control over it. This distinction is crucial when it comes to regulatory
requirements surrounding ownership structures.

When reviewing ownership structures, there is a regulatory obligation to

identify the UBO of a customer. For AML purposes, most jurisdictions require
beneficial ownership to be identified at a threshold of 25% or more. That
means you need to know every entity or individual who owns at least 25% of a
customer. Your organization will set the appropriate threshold using a risk-
based approach. For certain high-risk customers, the beneficial ownership
threshold might be as low as 10% and could go as low as 5% for customers
who pose a significantly higher risk. For example, high-risk financial institutions
with correspondent banking relationships in a high-risk jurisdiction might set
their threshold at 5%.

Certified Anti-Money Laundering Specialist Page 59

Version 7.0
In order to identify the UBOs of Company A, you need to identify indirect
ownership stakes in addition to direct ownership. Individual D owns 10% of
Company A directly. They also own 72% of Company A indirectly, as they own
90% of shares of Company B, which owns 80% of Company A. Individual D is
then considered a UBO with 82% shareholding of Company A. Individual C,
who owns 10% of Company A directly and an additional 8% indirectly via their
10% ownership of Company B, is not a UBO.

In companies where there is no natural beneficial owner, a controller or a

notional beneficial owner should be identified and verified. This allows you to
understand who is in control of the decision-making in the company when
natural individual UBOs are not present. For example, for a company that is
publicly listed on the stock exchange and has thousands of shareholders, a
notional beneficial owner could be the president or chief executive officer, or
equivalent.

Certified Anti-Money Laundering Specialist Page 60

Version 7.0
Concentration accounts
A concentration account is a type of account used by financial institutions to
aggregate funds from various sources into a central account. It is often
referred to as a settlement, sweep, suspense, or collection account. This
centralization streamlines the management of funds, enabling institutions to
optimize cash flow, reduce the number of transactions, and simplify account
reconciliations.

While concentration accounts serve legitimate purposes, they are also

vulnerable to misuse by money launderers and other criminals. The main risk
arises from the high volume of transactions and the pooling of funds, which
can obscure the origins and destinations of money. This makes it easier for
illicit funds to be mixed with legitimate funds, facilitating money laundering
activities.

Money launderers can exploit concentration accounts in various banking

segments, including:

• Retail banking: Small deposits from multiple sources can be aggregated

into a single account, making it difficult to trace the individual origins of illicit
funds.

• Corporate banking: Large volumes of transactions can mask the

movement of illegal funds, blending them with legitimate corporate cash
flows.

To mitigate the risks associated with concentration accounts, financial

institutions should implement robust controls and monitoring mechanisms.
Financial institutions might:

• Prohibit direct customer access to concentration accounts.

• Capture customer transactions in the customers’ account statements.

• Implement an isolation of duties to prevent unauthorized access and

reduce the risk of internal fraud. Separate personnel should be responsible
for the initiation, approval, and reconciliation of transactions.

• Reconcile concentration accounts frequently by someone who is

independent of the transactions.

Certified Anti-Money Laundering Specialist Page 61

Version 7.0
• Conduct regular internal and external audits to identify and address any
weaknesses in controls.

• Train employees regularly on the risks associated with concentration

accounts and the importance of compliance with AML regulations.

Certified Anti-Money Laundering Specialist Page 62

Version 7.0
Money laundering risks
associated with retail and
commercial banking

Retail and commercial banking products

and risks
Retail and commercial banking service providers offer a wide variety of
products, each designed to meet the diverse needs of individual consumers
and businesses. Each product type comes with its own set of risks and
complexities regarding money laundering and financial crime.

Retail banking refers to the provision of financial services and products

directly to individual consumers rather than businesses. Examples of retail
banking products include loans, debit cards, and checking accounts, also
known as current accounts or savings accounts, depending on the region.
However, there are many more banking products available. Retail banking has
several unique money laundering and wider financial crime risks due to the
large number of individual accounts and transactions that organizations are
required to manage. These risks include:

• Remote onboarding: The use of digital channels for onboarding new

customers can introduce additional risks to the verification process,
making it easier for criminals to use fake or stolen identities and exploit
weaknesses in technology.

• Diverse customer backgrounds: The wide range of customer backgrounds

makes it difficult to establish a risk profile or agree on “typical” customer
behaviors or transaction patterns, creating a situation where illicit activities
can go unnoticed.

• Synthetic identities: The ease of manufacturing synthetic identities can

allow criminals to open multiple accounts under false pretenses, facilitating
money laundering activities.

Certified Anti-Money Laundering Specialist Page 63

Version 7.0
Commercial banking provides financial services to businesses, small and
medium-sized corporations, and governments. Typical products and services
include business loans, merchant services, corporate credit cards, and cash
management solutions. Commercial banks play a crucial role in supporting the
financial health and growth of businesses and the international financial
system more widely.

Commercial banking is also vulnerable to money laundering and other

financial crime risks due to the large volumes of transactions and the
complexity of corporate structures. These specific risks include:

• Front companies: Businesses can operate as fronts for money laundering

with legitimate operations obscuring the movement of illegal funds.

• Complex ownership structures: Identifying the beneficial owners of

corporate accounts can be challenging, making it easier to hide Specially
Designated Nationals or other bad actors within intricate ownership webs.

• Volume and value of transactions: The volume of transactions in corporate

banking can obscure illicit fund movements, blending them seamlessly
with legitimate cash flows. The increased value of the transactions enables
the movement of large amounts with relative ease.

Here are a few higher risks associated with retail and commercial banking.

High-risk retail and commercial banking

products
As financial crime continually evolves, both retail and commercial banking
sectors face significant risks related to money laundering.

The increased use of remote onboarding in retail banking has introduced new
risks, in particular the rise of synthetic identities. The process of using selfies
and videos for verifying customer identities during onboarding can be
exploited using deepfake technology. These synthetic identities can be
difficult to detect, posing a significant risk during the customer onboarding
process.

Mule accounts are another high-risk area in retail banking. Criminals recruit
individuals, often those in low-income employment or in financial difficulty, to
transfer illicit funds through their bank accounts. These mules act as

Certified Anti-Money Laundering Specialist Page 64

Version 7.0
intermediaries, which makes it challenging for banks to trace the origin of the
funds.

Credit-related products, including credit cards, also pose money laundering

risks. Criminals might use credit cards to make large purchases or withdraw
cash, subsequently repaying the credit with illicit funds.

In commercial banking, there is a risk of front companies, which are legitimate

businesses that criminals use as a cover for money laundering activities. These
businesses might have legitimate operations but also engage in illicit activities.
This makes it difficult for banks to distinguish between legal and illegal
transactions. For example, a nail salon with unusually high profits might raise
red flags, but one with only slightly higher profits than the regional average
might be harder to detect.

Compared with corporate banking, commercial banking usually serves small

and medium-sized corporations with a primarily local or regional footprint.
Therefore, commercial banking often provides services to cash-intensive
businesses such as restaurants, convenience stores, and nail salons. These
businesses handle large volumes of cash transactions, which makes them
vulnerable to money laundering activities. Businesses such as casinos and car
dealerships, for instance, handle large cash transactions that can obscure the
movement of illicit funds. The wide variation of customers within a
commercial banking portfolio presents further challenges in establishing
transaction monitoring rulesets and programming alert management
systems.

Commercial banking might involve high-value transactions, which can be

exploited for money laundering purposes. When combined with the large
volume of transactions, this can obscure the movement of illicit funds, as they
become mixed seamlessly with legitimate cash flows.

Financial institutions should employ sophisticated tools and analytics to

monitor and flag suspicious cash or high-value transactions.

Certified Anti-Money Laundering Specialist Page 65

Version 7.0
Trade finance products and risks
Trade finance involves a range of financial products and services that facilitate
the movement of goods and services across borders and ensure that
exporters receive payments promptly while importers receive their goods as
agreed.

Given the complexity and global nature of trade transactions, money

launderers might seek to disguise the proceeds of crime and move value
using TBML to misrepresent the price, quantity, or quality of imports and
exports. Risks of TBML can include:

• Trades booked remotely within a group of related entities to obscure the

true nature and purpose of transactions.

• Pre-arranged trading that can create artificial trading volumes and

obscure the origin of funds.

• Instructions or involvement from third parties that add layers of complexity,

making it harder to trace the source of funds.

• Nonstandard settlement arrangements a customer uses to disguise the

true nature of transactions.

• Uneconomic or irrational trading strategies that do not make economic

sense.

• Unusual trading patterns such as counterparty concentration, unusual win-

loss rates, or flat or neutralizing activity.

• Factoring and forfaiting, which can be exploited to convert illicit

receivables into legitimate funds.

• Supply chain financing where complex supply chain arrangements might

be used to obscure the origin and flow of illicit funds.

Certain trade finance products are particularly vulnerable to exploitation by

money launderers, including:

• Letters of credit which can be misused to create fictitious trade

transactions to move illicit funds across borders.

• Bills of exchange that can be manipulated to disguise the true nature of

transactions and facilitate money laundering.

Certified Anti-Money Laundering Specialist Page 66

Version 7.0
• Trade credit insurance where fraudulent claims can be made to launder
money.

Understanding the features of trade finance that might be abused and

recognizing the associated risks is important for financial institutions,
regulatory bodies, and businesses involved in trade. By implementing robust
AML/CFT measures and remaining vigilant, stakeholders can mitigate these
risks and ensure the integrity of trade finance transactions.

Credit-related product risks

Credit-related products are fundamental to customer propositions in retail
and commercial banking. Lending products, a subset of credit-related
products, include personal loans, home ownership finance, and secured and
unsecured loans. Personal loans help banks build customer relationships, while
home ownership finance and secured loans can be a significant source of
revenue and capital, respectively. They are essential financial services that
enable individuals and businesses to achieve their goals, drive economic
growth, and promote financial stability. Secured and unsecured loans are
crucial for businesses, offering the necessary capital to expand operations,
invest in new projects, and manage cash flow effectively.

However, credit-related products also present substantial money laundering

risks. Early loan repayment is one method used by criminals to disguise the
origin of illicit funds. By repaying loans ahead of schedule, criminals can
convert illegal proceeds into ostensibly legitimate funds. This tactic
complicates the detection of suspicious activity, as early repayments do not
inherently indicate wrongdoing and can often be viewed as a sign of financial
health.

Banks often face significant challenges when attempting to close customer

accounts due to money laundering concerns, while the customer still owes
money on credit-related products. One of the primary difficulties is the
potential need to write off the loan balance, which creates a financial loss for
the bank. This situation can lead to the following complications:

• Recovery of funds: If the bank knows or suspects the customer is using

illicit funds to repay the loan, the risk of default becomes a secondary risk
to manage. The bank should not accept funds for the purposes of loan

Certified Anti-Money Laundering Specialist Page 67

Version 7.0
 repayment if the source of funds derives from illegal activities or predicate
offences to money laundering.

• Risk appetite: When exiting customer relationships that fall outside the
bank's risk tolerance, the loan balance complicates the process, as writing
off a loan is a significant financial decision, often requiring extensive
justification and approval.

• Reputational risk: Failure to effectively manage these challenges can

damage the bank's reputation and erode trust with regulators and
customers, impacting long-term business operations and compliance
standing.

Card risks
Retail and commercial banks provide a wide range of card-related products,
including but not limited to debit cards, gift cards, prepaid cards, and credit
cards. Prepaid cards allow users to load funds onto the card and use it for
purchases and withdrawals via common payment processing networks.
Unlike debit or credit cards, prepaid cards are not linked to a bank account.
The characteristic of being a bearer instrument and transferable presents a
high risk for money laundering. Because prepaid cards can be purchased and
reloaded anonymously, with minimal KYC being conducted, they are
susceptible to exploitation by individuals seeking to move illicit funds without
detection.

Gift cards are a popular choice for gifting, providing the recipient with the
flexibility to use the card at specific retailers or a group of merchants. They are
typically prepaid and can have limited or no ability to be reloaded. The limited
use and lower transaction values of gift cards generally pose a lower risk of
misuse when compared to prepaid cards.

Debit cards are directly linked to a user’s current or checking account, or a

savings account, allowing them to access their funds for purchases and
withdrawals. Transactions made using a debit card are immediately deducted
from the account balance. The risk of money laundering with debit cards is
somewhat mitigated by the direct association with a bank account and the
regulatory oversight and AFC controls that are involved.

Certified Anti-Money Laundering Specialist Page 68

Version 7.0
Credit cards allow users to borrow funds up to a predetermined limit for
purchases, withdrawals, and balance transfers. Users are required to repay the
borrowed amount, usually with interest, according to the terms of the card
issuer. Credit card accounts are not typically used in the initial placement
stage of money laundering and are more likely to be used in the layering and
integration stages. While credit cards are less prone to money laundering risks
when compared to prepaid cards, they still require vigilance due to their ability
to be overpaid, paid down quickly, or use with purchasing of high-value or
luxury goods.

Credit unions and building societies risks

Credit unions and building societies are financial institutions that operate on a
membership basis. Unlike banks that serve customers, credit unions and
building societies have members who are both the owners and customers of
the institution. This member-centric structure fosters a sense of community
and mutual benefit.

Credit unions are typically nonprofit entities whose members share a

common bond such as employment, residency, or association membership.
Conversely, building societies tend to serve a wider range of customers within
a particular geographical region.

FATF classifies credit unions and building societies as financial institutions. This
classification subjects them to similar regulatory frameworks and AFC
obligations as other financial institutions.

Depending on their size and scope of operations, some credit unions and
building societies might offer a range of financial products and services similar
to those provided by retail banks. These can include savings accounts, loans,
home ownership finance, and payment services. As a result, the money
laundering risks they face can be comparable to those encountered by retail
banks.

The United Kingdom’s Joint Money Laundering Steering Group (JMLSG) states
in its sectoral guidance that credit unions potentially pose lower money
laundering and terrorist financing risks, because they typically have a
restricted or localized customer base and offer fewer products and services,
with more limitations, than larger retail banks. However, the guidance notes
that, while their limited functionality and flexibility make them lower risk for

Certified Anti-Money Laundering Specialist Page 69

Version 7.0
money laundering, these restrictions might not fully deter potential terrorist
financiers.

While some risks are common with retail banks, credit unions and building
societies also face unique challenges:

• Membership structure: The member-centric model can create challenges

in implementing strict AML/CFT measures. The sense of mutual trust and
community might lead to less rigorous scrutiny of members' activities.

• Smaller-scale operations: Smaller institutions could lack the resources and

expertise to implement comprehensive AML/CFT programs. This can
result in weaker AFC controls.

Certified Anti-Money Laundering Specialist Page 70

Version 7.0
Private banking and wealth
management risks

Money laundering risks associated with

private banking and wealth management
Private banking and wealth management offer high-net-worth and ultra-
high-net-worth individuals personalized and confidential banking services,
such as checking/current accounts, saving accounts, investment portfolio
management, estate planning, and legacy services. Fees are often based on
assets under management (AUM), which is the total market value of the
assets that a person, or entity, manages on behalf of a customer. Private
banking often operates semi-autonomously from other parts of a bank. Some
of the financial crime risks associated with private banking stem from its
perceived high profitability for the organization and the culture of discretion
and trust between the relationship managers and their customers. The desire
to establish and maintain close relationships with their customers might cause
relationship managers to overlook warning signs.

Competition for high-net-worth individuals increases the pressure on

relationship managers to obtain new customers, to increase their AUM, and to
contribute a greater percentage to the net income of their organizations.
Additionally, most relationship managers and business development
managers receive compensation based on the AUM they bring to their
institutions. Due to this compensation structure, private banking managers
might not recognize certain aspects of their customer activities as high risk
from an AFC perspective. This conflict of interest is an inherent risk of private
banking and wealth management.

Other examples of financial crime risk in private banking include:

• Customers who use private investment companies or complex ownership

structures to reduce the transparency of the ultimate beneficial owners.

• Customers who choose to maintain personal and business wealth in

numerous jurisdictions without justified business reasons to evade tax.

Certified Anti-Money Laundering Specialist Page 71

Version 7.0
• Customers who are considered PEPs or have close associates who are
PEPs increase the bribery and corruption risk of the business.

The compliance department must be empowered and robust in its approach

to providing proper oversight and challenges to the business. Business leaders
should use a balanced scorecard for performance evaluation. This ensures
that managing risk remains a fundamental part of the private banker's role.

Here are a few higher risks associated with private banking and wealth
management.

High-risk private banking and wealth

management products
Commonly used in private banking and wealth management (PBWM), trust
funds are financial instruments used to hold and manage assets on behalf of
beneficiaries. While they offer legitimate benefits such as estate planning and
tax efficiency, they are also susceptible to abuse for money laundering and
other financial crimes. The complexity and opacity of trust structures make it
difficult to trace the origin of funds and identify the UBO.

Sovereign wealth funds (SWFs) are state-owned investment funds used to

manage national reserves and invest in diverse asset classes. Large sums of
money and the cross-border nature of SWF transactions create opportunities
for money laundering. The involvement of PEPs and public officials in the
management of these funds further increases the risk.

Also common in the portfolios of high-net-worth PBWM customers are high-

value assets, such as real estate, fine art, antiquities, luxury goods, and
precious metals. These assets are also attractive to money launderers due to
their substantial worth, potential for value appreciation, and because transfer
of ownership can be relatively easy to arrange. The purchase and sale of these
assets can obscure the origin of illicit funds and provide a means to launder
money discreetly.

Secured loans, where collateral is held in one jurisdiction and the loan is made
from another, can also have increased money laundering risks. These
arrangements can be common in private banking facilities but can make it
easier to conceal the sources of illicit funds.

Certified Anti-Money Laundering Specialist Page 72

Version 7.0
In addition to the higher risk levels associated with many PBWM services, the
risk profile of PBWM customers can vary significantly based on their country of
residence, country of operations (as this might differ from country of
residence), and business structure. For example, customers from jurisdictions
with weak AML regulations or high levels of corruption present higher risks.
Similarly, customers who operate out of sanctioned countries or countries
with high levels of financial crime present higher jurisdiction risks. Complex
business structures with multiple layers of ownership can obscure the
beneficial owners and controllers, making it harder to conduct thorough due
diligence.

Trust risks
Trusts are legal arrangements that separate the legal title and control of an
asset. In most jurisdictions a trust is a legal person. The assets in a trust are
legally owned by trustees who are natural persons. A trust cannot conduct
transactions or hold property, but must do so through those trustees.

Trusts have many legitimate uses, including succession and estate planning,
and wealth and confidentiality protection. Trusts can also speed up probate.
Offshore trusts are sometimes used for legal tax avoidance in tax havens.
Charitable trusts and foundations often have sizable assets used to promote
good causes.

The entity that establishes the trust is called the settlor, donor, grantor, trustor,
or trust maker. The settlor’s role is to legally transfer control of an asset to the
trustees, who manage the trust for one or more beneficiaries. In certain trusts,
the settlor may also be the trustee, the beneficiary, or even both. Trusts are
often created with guidance from a corporate service provider.

In researching a trust, you need to know the settlor, the trustees, the
beneficiaries, and any individual who has control over the trust. Typically, the
settlor transfers a legal title clearly documented either by a trust instrument or
a trust deed.

However, in many jurisdictions, there is no registration requirement for a trust.

They are viewed as private arrangements and their existence is not a matter
of public record. FATF has expressed a particular concern about the ease with
which corporate vehicles can be created and dissolved in some jurisdictions.

Certified Anti-Money Laundering Specialist Page 73

Version 7.0
Those seeking to disguise their connection with financial crime appreciate the
separation of legal and beneficial ownership which gives an aura of legitimacy.
But trusts can have the same or connected persons as both settlor and
trustee, meaning the trustee will simply follow the directions of the settlor.
Even when the trustees are advised by a seemingly independent investment
management company, those, too, might be influenced by the settlor.

Trusts are often the last layer of secrecy in a complex legal structure designed
to disguise a criminal’s connection to illicit funds. In order to aid this
concealment, arrangements often span multiple jurisdictions, with trust assets
and investment management companies each located in a different country.

An example would be a high-ranking member of government who is paid a

bribe to award a large road construction contract to a construction company.
He cannot receive this directly without raising suspicion. So, the construction
company pays an advisory fee to a company set up in another jurisdiction.
Ownership of the advisory company has been settled into a trust, the
beneficiaries of which are the government official and his family.

Offshore financial center risks

An offshore financial center (OFC) is a jurisdiction that provides sophisticated
financial services to non-residents. OFCs are also known as offshore booking
centers. They serve as a stable and convenient financial services hub for non-
residents. OFCs allow businesses to conduct cross-border transactions and
manage funds. Customers who use OFCs benefit from favorable regulatory
environments due to their geographical proximity to key markets.

There is risk related to OFCs when they are used for illicit purposes. OFCs can
be used for tax evasion or hiding illicit funds.

Red flags associated with OFCs include:

• Complex ownership structures

• Use of shell companies for holding assets

• Lack of transparency

• Unusual transaction patterns including:

o Sudden, large flows of funds

o Round tripping or moving funds in and out

Certified Anti-Money Laundering Specialist Page 74

Version 7.0
 o Rapid asset transfers between offshore entities

• Use of cash-intensive businesses by a customer registered in an OFC

• Transactions involving politically exposed persons (PEPs)

While some of these red flags can be legitimate business practices, there
should be a clear business purpose or reasonable explanation. Otherwise, they
are often a sign of illicit activity.

Complex ownership structures can obscure the true beneficial owner and the
flow of funds. The use of shell companies can also be an attempt to conceal
beneficial ownership. A lack of transparency makes it challenging to obtain
complete information on companies and transactions. Offshore jurisdictions
typically have less stringent reporting and transparency requirements.

An unusual frequency of transactions with known tax havens or jurisdictions

with weak regulations might indicate illicit activity. Criminals can also use a
technique called round tripping to move funds in and out of the OFC without a
legitimate economic purpose. For example, an investor sends funds to the
OFC and then reinvests those funds back into their home country.

Enhanced due diligence is essential to detect any suspicious activity.

Transaction monitoring can help uncover potential misuse of OFCs.

Special purpose vehicle risks

Special purpose vehicles (SPVs) are legal entities created for specific and
limited purposes. SPVs can be used in mergers and acquisitions, joint
ventures, real estate projects, infrastructure development, and energy
projects. SPVs can also be used to manage and protect intellectual property
assets including trademarks and copyrights. SPVs are often used in complex
financial transactions and investments such as securities and asset-backed
financing.

There are financial crime risks associated with SPVs.

• SPVs can have complex and opaque structures to disguise the true
beneficial ownership.

• SPVs might be used to obscure the source of illicit funds. Criminals layer
illicit proceeds through a series of transactions via the SPVs, transferring
funds to or from financial institutions. This creates a complex web of

Certified Anti-Money Laundering Specialist Page 75

Version 7.0
 financial transactions, preventing detection by law enforcement and
regulatory authorities, as it makes the money trail hard to trace.

There are several red flags that indicate attempts to disguise illicit funds or
conduct fraudulent activities using SPVs. These include:

• Complex ownership structures involving multiple layers of companies

• Lack of transparency

• Unclear purpose of the SPV

Criminals might select jurisdictions that have lenient regulatory oversight or

tax-friendly environments. This enables them to hide their financial activities
and minimize tax liabilities.

Pooled investment vehicles (PIVs) are small investments pooled together

from a large group of investors. PIVs can be used in Ponzi schemes and insider
trading. Additionally, criminals might engage in trade-based money laundering
using SPVs and PIVs. Criminals manipulate trade transactions between SPVs
and PIVs by deflating or inflating prices. This process enables the movement
of illicit funds while disguising it as legitimate trade activity.

Financial institutions must be vigilant in conducting enhanced due diligence

(EDD) on SPVs and PIVs. It is important to ensure these investments comply
with CDD regulations such as the Financial Crime Enforcement Network's CDD
rule. Financial institutions must identify ultimate beneficial owners and
understand the true purpose of these entities. This will help mitigate any
potential financial crime risks associated with SPVs.

Certified Anti-Money Laundering Specialist Page 76

Version 7.0
Corporate and investment
banking risks

Corporate and investment banking risks

Corporate and investment banks engage in a wide range of activities that are
susceptible to money laundering and other financial crimes. The volume and
value of transactions, coupled with complex financial instruments and global
operations, create numerous opportunities for illicit activities to go
undetected.

Money laundering risks in corporate lending include difficulties in identifying

beneficial owners due to complex corporate structures, including shell
companies and several layers of ownership. Corporate lending often involves
third parties such as guarantors, intermediaries, and contractors, where it
might be difficult to verify the legitimacy of these parties and their
involvement in the transaction.

Mergers and acquisitions (M&A) involve the consolidation of companies or

assets, often involving significant sums of money and complex financial
arrangements. Money laundering risks can be increased with M&A
transactions where due diligence processes are inadequate over
counterparties. This includes being able to verify the legitimacy of the
business and its financial statements, its ownership structure, and financial
health.

Investment banking activities and brokerage are also susceptible to various

forms of market manipulation and insider trading, which can be used to
disguise the movement of illicit funds. Examples include:

• Front-running: Trading securities based on advance knowledge of pending

orders from customers. It allows traders to profit from market movements
before the orders are executed, leading to unfair gains.

• Tailgating: Placing trades immediately after large customer orders to profit

from the expected market movement.

Certified Anti-Money Laundering Specialist Page 77

Version 7.0
• Churning: Excessive trading of a customer's account to generate
commissions for the broker, resulting in increased transaction volume,
making it difficult to detect illicit activities.

• Spoofing: Placing fake orders to manipulate the market price of securities,

creating the illusion of supply and demand, allowing traders to profit from
the resulting price movements.

• Insider trading: Based on nonpublic, material information about a company

which undermines market integrity and can be used to launder illicit gains.

Here are a few higher risks associated with corporate and investment banking.

Wire transfer risks

A wire transfer is an electronic transfer of funds between two parties. A wire
transfer is conducted over a secure payment network such as SWIFT. Wire
transfers are conducted domestically and cross-border.

A bank transfer is a different method used to electronically transfer funds. This

is conducted between two banks and is usually domestic. Bank transfers use a
settlement system called an automated clearing house (ACH). This system
supports the transfer of credits and debits between banks.

Wire transfers carry risk because they can be used to send money to
criminals. They are international, which makes them more attractive to use to
send money across jurisdictions. Wire transfers can send funds immediately,
and it can be difficult to reverse a transaction. They can also transfer a large
amount of funds, which makes them riskier.

Some of the illicit activity that wire transfers can be used for include:

• Financing of terrorism

• Breach of sanctions

• Concealing the proceeds of crime

• Facilitating fraudulent wire transfers

There are several red flags associated with these risks including:

• High-risk jurisdictions

• Sanctioned individuals or entities

Certified Anti-Money Laundering Specialist Page 78
Version 7.0
• Unusual wire transfer activity including:

o Unusual volume or amount of the transfer

o Unusual timing of the transfer

o Complex transaction paths

• Unusual instructions with the wire transfer, such as a sequence of transfer

instructions or the addition of an unrelated party name in the instructions

• Concealing information, such as not providing adequate beneficiary

information

Organizations should use controls to reduce the risk associated with wire
transfers. Controls include payment screening, transaction monitoring
technology, and fraud detection. These controls help detect different risk
typologies. They must be used to ensure adherence to regulations and
protect customers' funds.

Fundraising risks
Fundraising activities are necessary for corporate growth and development,
providing companies with the required capital to expand and compete in the
marketplace. However, they can also attract money launderers.

An initial public offering (IPO) involves offering shares of a private corporation

to the public in a new stock issuance, allowing the company to raise capital.
IPOs are heavily regulated, but the initial influx of capital can potentially mask
illicit funds if not properly scrutinized and verified.

Sponsorships involve companies funding events, activities, or organizations in

exchange for advertising and brand exposure. While sponsorships are usually
transparent, they can be exploited by money launderers who use the guise of
legitimate business relationships to move illicit funds. Sponsorships and
donations are also higher risk for bribery and corruption if they are made to an
organization with the aim of benefiting or influencing a decision-maker.

Bond issuance is a method for companies to raise funds by issuing debt

securities to investors, who then receive periodic interest payments. This
method can also be manipulated to launder money by disguising the origin of
funds through complex financial transactions.

Certified Anti-Money Laundering Specialist Page 79

Version 7.0
Crowdfunding platforms allow individuals and businesses to solicit small
contributions from a large number of people, typically via the internet. The
decentralized and less regulated nature of crowdfunding can make it an
attractive avenue for money laundering, as it is often challenging to trace the
sources of numerous small donations.

Debt issuance, such as the issuance of notes or bonds, is another common

fundraising activity. When a firm is requested to issue debt by an investor or a
representative of an investor, it is essential to consider not only the credit risk,
but also other financial-crime risks involved, including:

• Lack of transparency: Debt instruments can be structured in complex

ways, making it difficult to identify the UBOs of the funds.

• High-value transactions: The large sums of money involved can provide

efficient means for laundering significant amounts of illicit funds quickly.

• Cross-border transactions: Debt issuance often involves international

investors, adding an additional layer of complexity and potential regulatory
arbitrage.

Mergers and acquisitions risks

Mergers and acquisitions (M&A) involve various transactions for the
consolidation of companies or assets. The complexity and scale of M&A
activities provide numerous opportunities for disguising the origin of illegal
proceeds.

Money launderers might acquire companies with clean financial records,

allowing them to blend dirty money with legitimate business operations. By
purchasing a legitimate company, they can mask the illicit origin of funds
through the company's revenue stream, making it challenging for regulators
to detect suspicious activities. Additionally, the intricate structures of M&A
deals can obscure the true ownership of assets, further complicating efforts
to trace laundered money.

Investment banks might inadvertently facilitate money laundering by

acquiring companies that have previously engaged in laundering activities,
evaded sanctions, committed fraud, or violated laws such as the US Foreign
Corrupt Practices Act or the UK Bribery Act. The use of shell companies and
complex ownership structures can obscure the true beneficiaries of the

Certified Anti-Money Laundering Specialist Page 80

Version 7.0
transaction, making it difficult to identify potential money laundering risks.
Additionally, M&A activities often involve multiple jurisdictions and cross-
border transactions, each with varying levels of regulatory oversight and
enforcement, increasing the challenge of conducting thorough due diligence.

To mitigate these risks, investment banks should implement specialized due

diligence procedures, which could include the following:

• Enhanced CDD to conduct comprehensive background checks on all

parties involved in the transaction to identify potential red flags.

• Transaction monitoring to continuously monitor transactions related to an

M&A deal to detect any unusual or suspicious activities.

• Beneficial ownership verification to identify and verify the ultimate

beneficial owners of the companies involved to ensure transparency and
accountability.

• Jurisdictional risk assessment to evaluate the regulatory environment and

potential risks associated with the jurisdictions involved in the transaction.

• Legal and compliance reviews to ensure adherence to relevant laws and

regulations, including by the companies being subject to an acquisition.

High-risk corporate and investment banking

products
Certain corporate and investment banking products and services are
inherently high-risk for money laundering and other financial crimes. These
include:

• Trade finance: The complexity and global nature of trade finance

transactions, such as letters of credit and trade loans, make them
vulnerable to money laundering. Money launderers can use trade finance
to move funds across borders, often through over- or under-invoicing,
multiple invoicing, and phantom shipments.

• Structured products: Complex financial instruments, such as derivatives

and structured notes, can be used to layer and integrate illicit funds. The
opacity of these products makes it difficult to trace the origin and flow of
funds.

Certified Anti-Money Laundering Specialist Page 81

Version 7.0
Corporate and investment banking products are often associated with certain
higher-risk customer types, including those from higher-risk sectors or by way
of the customer’s structure. Some examples include:

• Embassies and diplomatic missions, which enjoy certain privileges and

immunities that can be exploited for money laundering. The diplomatic
status can shield transactions from scrutiny, enabling the movement of
illicit funds under the guise of diplomatic activities.

• Special purpose vehicles (SPV), which are created for specific financial
transactions, often with a high level of secrecy. Their opaque nature and
the complexity of their structures make it difficult to trace the origin and
destination of funds, providing an attractive avenue for laundering money.

• Charities and NGOs, which often operate across borders and handle
significant amounts of money. These organizations can also have
increased exposure to PEPs, public officials, or be associated with groups
linked to terrorist financing or sanctioned activities. Lax regulatory
oversight in some jurisdictions over these types of organizations can be
exploited to channel illicit funds under the cover of legitimate charitable
activities.

• Defense sector, which involves high-value transactions and complex

supply chains, which can be manipulated to launder money. The sensitive
nature of defense-related transactions often limits scrutiny, making it
easier to conceal illicit financial activities. There are also increased
sanctions risks associated with these transactions, where goods being
traded might be considered dual-use.

Certified Anti-Money Laundering Specialist Page 82

Version 7.0
Correspondent banking risks

Correspondent banking is typically when one bank acts as the agent of

another bank in a foreign country. A respondent bank has customers who
want banking services in a foreign country, so it contracts with a foreign
correspondent bank to support its customers. By establishing multiple
correspondent relationships, a local bank can undertake international financial
transactions for themselves and for their customers in jurisdictions where
they have no physical presence. There can also be nonforeign correspondent
banking relationships, which allow local banks to make use of the services of
larger banks.

The indirect nature of correspondent banking relationships means that the

correspondent bank provides services for individuals and entities for which it
has neither verified the identities nor obtained any first-hand knowledge,
often referred to in industry as “at arm's length.” Therefore, the amount of
money that flows through correspondent accounts can pose a significant
threat, because the correspondent is processing large volumes of
transactions for the respondent's customers.

Before establishing a correspondent relationship, a bank should know the

owners of the respondent bank and the nature of its regulatory oversight.
Lower-risk respondent banks might be offered a broad range of services,
such as cash management — for example, interest-bearing accounts in a
variety of currencies, international funds transfers, check clearing, payable-
through accounts, and foreign exchange. Higher-risk respondent banks might
be restricted to noncredit cash management services.

Correspondent banking is higher risk because the correspondent bank:

• Does not or cannot conduct typical due diligence to know the end
customers of the respondent.

Certified Anti-Money Laundering Specialist Page 83

Version 7.0
• Does not have data on respondent transactions that typically enable
transaction monitoring controls to spot unusual patterns.

• Might be able to identify the respondents’ regulators but not always the
degree of supervision to which the respondent bank is subject.

• Might have limited information on the respondent’s anti-financial crime

controls—perhaps through a questionnaire or an annual interview—yet still
relies on the respondent bank to have and use sufficient, effective controls
on its customers.

• Might have respondent banks that are themselves correspondents to

third-party banks, a practice called “nesting.” Nested accounts further
shield correspondent banks from seeing the parties involved.

• In recent years, some financial institutions have extended their

correspondent banking services to money services businesses or payment
services providers. Given the nature and regulatory discrepancies across
jurisdictions and various kinds of entities, this makes correspondent
banking involve higher risks.

Capital markets risks

Capital markets present significant risks for money laundering due to their
complexity, liquidity, and the volume of transactions. The common products
provided in capital markets include commodity trading, foreign currency
exchange, securities, and derivatives.

Commodity trading involves the buying and selling of raw materials such as oil,
gold, and agricultural products. Money launderers can exploit commodity
trading by purchasing commodities with illicit funds and then selling them to
generate clean money. The value and liquidity of commodities fluctuate
almost daily, which makes it difficult to ascertain an average or expected sales
price and as a result, makes them attractive for laundering purposes.

The foreign exchange market is the largest financial market in the world, with
a daily trading volume exceeding US$6 trillion as of 2024. Money launderers
use foreign currency exchange (FX) to move money across borders, often
taking advantage of fluctuating exchange rates to obscure the origins of illicit
funds. Products such as FX forwards and options add layers of complexity,
allowing launderers to structure transactions in ways that evade detection.

Certified Anti-Money Laundering Specialist Page 84

Version 7.0
Securities include stocks, bonds, and other financial instruments that
represent ownership or debt. Money launderers can use securities by
purchasing them with illicit funds, holding them for a period, and then selling
them to generate clean money.

Derivatives are financial contracts whose value is derived from an underlying

asset, such as stocks, bonds, commodities, or currencies. Examples include
futures, options, and swaps. Derivatives can be used for speculative purposes
or to hedge risks, but their complexity and the potential for leveraging make
them susceptible to money laundering schemes. Launderers can use
derivatives to create convoluted transactions that are difficult to trace.

Money laundering risks differ between primary and secondary markets due to
the nature of transactions and participants involved. The primary market
involves the issuance of new securities directly from issuers to investors. Risks
in the primary market include:

• Money launderers might invest illicit funds in IPOs, purchasing large

amounts of shares to convert dirty money into legitimate financial assets.

• Money launderers might participate in bond or note offerings, using illicit

funds to purchase debt instruments that can later be sold or redeemed for
clean money.

The secondary market involves the trading of existing securities between

investors. Risks in the secondary market include:

• The volume of transactions in secondary markets makes it easier for

money launderers to blend in, executing numerous trades to launder
money.

• Many secondary market transactions occur electronically, with limited

transparency regarding the parties involved. This anonymity facilitates
money laundering.

Certified Anti-Money Laundering Specialist Page 85

Version 7.0
Money Laundering Risks in
Nonbank Financial Institutions

Introduction

Introduction: Money laundering risks in

nonbank financial institutions
This module covers the significant risks money laundering poses to nonbank
financial institutions. These services are increasingly targeted by criminals
seeking to disguise the origins of illicit funds. While banks are heavily regulated
and monitored for AML purposes, nonbank financial institutions often face
unique challenges in identifying and mitigating the risks associated with
money laundering. In these lessons, you will learn about the different types of
nonbank financial institutions and delve into the specific challenges that they
face in combating money laundering. With this knowledge, you will be better
equipped to address these challenges within your organization.

Case example: CashBayou's risk

management challenges
CashBayou is a thriving e-commerce platform, connecting buyers and sellers
across the globe. CashBayou’s platform is structured in such a way that they
hold buyers’ funds temporarily and convert them into the sellers' preferred
currency before transferring them to sellers. Because of this, they are
required to have an MSB license. CashBayou also works closely with payment
service providers, payment aggregators, card issuers, and other financial
entities to ensure smooth and efficient transactions and facilitate their e-
commerce ecosystem.

Certified Anti-Money Laundering Specialist Page 86

Version 7.0
CashBayou has a new head of AML compliance, Emma. On her second day on
the job, she receives an alert about unusual transaction patterns. She quickly
gathers her team to investigate. They discover that a new buyer, using
multiple accounts, is making high-frequency, low-value transactions with a
network of sellers who are all based in the same jurisdiction. This raises a red
flag for money laundering. While investigating, Emma realizes CashBayou's
current KYC governance and execution are inadequate. Insufficient reviews of
purchasers and storefront owners could expose the platform to financial
crime, fraud risks, and potential regulatory issues, which might result in
temporary service suspension.

The company’s current primary payment service provider, PaySecure, which

is an E-Money License Institution (EMI) registered in the UK, contacts Emma
and requests more information on a series of transactions. Emma notices that
the request covers part of the unusual transactions related to the new buyer.
In addition, based on the frequency of transactions, PaySecure requests a call
with the compliance officer of CashBayou to understand their due diligence
process. During the meeting, PaySecure expresses their concern on
CashBayou’s policies and stresses the need for ongoing collaboration and
rigorous monitoring to mitigate risks.

Later that week, Emma's team receives a letter from their card issuer partner,
CardGuard. The letter states that companies using CardGuard’s services are
required to align their due diligence procedures with CardGuard’s standards
for referred cardholders. Failure to comply will result in the termination of
CardGuard’s partnership with CashBayou.

This example demonstrates how NBFIs, unlike traditional banks, need to

navigate multifaceted relationships with various financial entities, each
presenting unique compliance challenges. By proactively identifying and
addressing AML and KYC deficiencies and fostering open communication
with their partners, Emma aims to create a more secure transaction
environment that protects both the platform, its partners, and its users from
financial crime.

Key takeaways

• NBFIs encounter risks that differ from traditional banks.

• Inadequate KYC governance can increase financial crime risks and

operational liabilities.

Certified Anti-Money Laundering Specialist Page 87

Version 7.0
• Ongoing due diligence on partners is critical for risk management.

• Collaboration with financial partners enhances oversight and compliance

efforts.

• Proactive AML and KYC measures help NBFIs meet their regulatory
obligations and safeguard their reputation.

Certified Anti-Money Laundering Specialist Page 88

Version 7.0
Money laundering risks
associated with MSBs, payment
service providers, and e-
commerce

Payment service providers

The payment industry and associated technologies are evolving rapidly, often
outpacing the development of licensing frameworks and regulatory oversight.
In this dynamic environment, many organizations leverage money services
business (MSB) or e-money licenses to expand their operations and carve out
a distinct role within the broader payments ecosystem.

Payment service providers (PSP) play a central role, by enabling digital

payments across various industries, offering products and services tailored to
their business models and the types of transactions they process. These
services can include payment aggregation, card issuance, mobile wallets, and
cross-border payment facilitation. In some financial institutions, MSBs and
PSPs are collectively referred to as “Third-Party Payment Processors” (TPPP),
reflecting their shared function of handling transactions on behalf of other
entities.

A typical PSP flow that facilitates the processing of a payment transaction

between a customer and a merchant includes:

1. Verification: The PSP verifies the customer’s payment information with the
issuing bank.

2. Approval: The PSP communicates with the issuing bank to receive approval
for the transaction.

3. Transfer: The PSP transfers funds from the customer’s account to the
business’s account.

Certified Anti-Money Laundering Specialist Page 89

Version 7.0
Services include online payment gateways, mobile wallet solutions, and cross-
border payment systems. A payment gateway is vital for processing
payments because it facilitates the actual transfer of funds.

As demand for digital solutions grows, PSPs are expected to expand product
offerings, adapt to customer needs, and comply with changing regulations.
This adaptability ensures they stay at the forefront of the payment landscape.

Examples of PSPs and their offerings:

PSP Description Products and services

Payment Aggregate payments for • Online payment

aggregators multiple merchants without processing
requiring direct bank
• Recurring billing
relationships

Card issuers Provide credit, debit, and • Credit cards

prepaid cards to consumers,
• Debit cards
typically branded with major
card networks (e.g. Visa, • Prepaid cards

MasterCard, American
Express)

Payment Handle the technical aspects of • Mobile payment

processors transaction processing solutions
between merchants and
• Point of sale (POS)
customers, managing
systems
authorization, settlement, and
clearing

Certified Anti-Money Laundering Specialist Page 90

Version 7.0
Payment Focus on managing payments • ACH payments
collectors on behalf of businesses,
• Bill payment services
particularly for collections and
settlements • Invoicing solutions

• Remittance
processing

• Direct bank account

transfers

Mobile wallet Enable users to securely store • Digital wallets

providers payment information on their
• Peer-to-peer
smartphones or other devices
payments
for easy access and
transactions

Alternative Offer nontraditional payment • E-wallets

payment methods that go beyond
• Facilitation of
providers credit/debit cards and bank
cryptocurrency
transfers
payments

• Installment payment
options

Cross-border Facilitate international • International

payment transactions, including payment platforms
providers currency exchange and
international payment
processing

Certified Anti-Money Laundering Specialist Page 91

Version 7.0
Payment service providers risks
Managing risks is essential for PSPs due to the complexity and diversity of their
services, and because most transactions are conducted remotely.

The risk landscape for PSPs varies based on their specific product offerings.
However, key risks include:

• Fraud: The potential for deceptive practices that can lead to financial loss.

• Chargebacks: Disputes initiated by customers that can impact revenue.

• Data breaches: Unauthorized access to sensitive customer information.

• Regulatory noncompliance: Risks associated with failing to adhere to legal

requirements.

• Operational failures: Disruptions in service delivery that can affect business

operations.

• Financial losses: Overall impact on profitability due to various risk factors.

For PSPs, customer risks are primarily indirect. Although PSPs usually do not
directly engage in the financial or transactional activities of their customers,
they still bear the responsibility of ensuring that transactions and AFC program
controls comply with regulations. This includes confirming that these
transactions are secure and do not lead to financial crimes.

In contrast, partnership risks are typically higher due to PSPs' operational

reliance on banks, financial institutions, card networks, technology providers,
and third-party service providers. It is important for PSPs to understand their
partners’ AFC controls in order to mitigate the relevant risks.

One concern is regulatory compliance risk. PSPs must ensure that their
partners adhere to regulations and data protection requirements, such as the
EU’s Payment Services Directive for strong customer authentication. Their
noncompliance can lead to repercussions for PSPs because noncompliant
partners might inadvertently facilitate money laundering by creating gaps in
the controls to detect illicit activities.

Operational risks also present challenges, as many PSPs depend on third-

party providers for essential infrastructure, including cloud storage. Service
outages and issues, such as long response times or inadequate customer

Certified Anti-Money Laundering Specialist Page 92

Version 7.0
support, are red flags, as they might indicate lapses in the partner’s
transaction monitoring and compliance efforts.

Cybersecurity and fraud risks are heightened when collaborating with various
institutions. Differences in cybersecurity standards can create integration
gaps, and in the event of a breach, the PSP is often responsible for customer
communication and damage control. A partner's failure to maintain robust
cybersecurity measures can lead to unauthorized access to sensitive data,
facilitating fraudulent activities and money laundering.

Money services business

A money service business (MSB) is a type of nonbank financial institution that
provides financial services involving the transfer of money or value. An entity is
an MSB if it holds funds on behalf of another person or entity. In many
jurisdictions, MSBs are required to comply with local regulatory AML and CFT
requirements. These requirements can include registering with local
regulators and establishing an AML compliance program.

MSB services vary according to their licensing requirement. Examples of MSB

services include:

• Currency exchange

• Money transfers

• Money orders

• Stored-value products, such as prepaid cards or gift cards

• Bill payment services

These services can be delivered through online platforms, mobile apps, or

physical branches.

MSBs originally required licensing mainly for currency exchange, but the
scope has expanded to include cross-border money transfers and additional
services. If a business participates in activities categorized as MSB services, it
must obtain a license to operate legally.

Historically, MSBs were mainly used to serve individual customers’ cross-

border transactions more quickly and cheaply. Today, MSBs also serve small
and medium-sized businesses that are not served by larger financial

Certified Anti-Money Laundering Specialist Page 93

Version 7.0
institutions. The changes in the usage of MSB licenses also bring stringent
jurisdictional registration requirements and regulations.

According to FinCEN, hawala is an informal value transfer system (IVTS), which

is classified under the money transmitter category of MSBs. However, hawala
differs from other, more traditional, MSBs in several ways. The primary
distinction is that MSBs are regulated by the banking system, while hawala
operates as an informal and largely unregulated method of money transfer.

MSB Hawala

Regulation Typically licensed and Relies on trust between the

regulated by government parties involved and typically
authorities, which ensures operates outside of the
transparency, accountability, formal banking system.
and compliance with local
AML and CFT laws.

Mechanism Typically (and should) employ Operates through a network

formal systems, such as bank of brokers who transfer
accounts, financial money based on mutual
institutions, and electronic trust and informal
platforms to facilitate agreements.
transactions.

Transparency Required to maintain records Often has little to no

of transactions, report regulatory oversight and
suspicious activity, and might circumvent
comply with AML regulations. compliance and AML/CTF
regulations, such as currency
transfer reporting.

Certified Anti-Money Laundering Specialist Page 94

Version 7.0
Risks associated with banking MSBs
MSBs face complex jurisdictional licensing requirements, including varying
fees and compliance obligations. Each jurisdiction may impose different AML
regulations, which can create operational burdens and increase regulatory
scrutiny. This complexity can lead to difficulties in maintaining compliance
across multiple borders. Noncompliance, intentional or accidental, might lead
to severe penalties, including regulatory fines, consent orders, and even loss
of business licenses.

MSBs often serve customers or engage in business activities less likely to be

supported by traditional financial institutions. These customers include
individuals lacking access to mainstream banking services. However,
customers without access to traditional banking services can pose challenges
when assessing money laundering and terrorist financing risks. Some of these
risks include:

• Lack of financial history: Unbanked customers often lack financial records,

making it difficult for MSBs to assess the legitimacy of their transactions.

• Cash transactions: Unbanked individuals rely on cash, which can create

vulnerabilities for MSBs, such as difficulty in tracking a high volume of
transactions and ascertaining the source of these funds.

These risks typically fall outside the risk appetite of traditional financial
institutions, particularly due to the substantial volume of cross-border
remittances. MSBs need to implement additional strategic money laundering
and operational controls, such as enhanced due diligence. They should also
limit the exposure to high-risk customers.

Cross-border transactions complicate compliance efforts. Different

jurisdictions enforce varying laws regarding fund movement, currency
controls, sanctions, and regulatory and tax reporting. Some countries
implement strict restrictions on remittances, while others are more lenient.

Red flags of money laundering that MSBs encounter include:

• Unusual customer behavior, such as a reluctance to provide accurate

information or submission of falsified data.

• Unusual or suspicious transaction patterns involving large round dollar

amounts, rapid fund movements, or inconsistent transaction sizes.

Certified Anti-Money Laundering Specialist Page 95

Version 7.0
• Transactions involving high-risk jurisdictions, such as frequent transfers to
or from countries known for weak AML regulations.

• Structuring or smurfing, which involves breaking up large amounts into

smaller transactions to avoid detection.

Establishing long-term and trusted relationships with correspondent banks

can mitigate money laundering and compliance risks. A correspondent bank
serves as an intermediary in international transactions, aiding the MSB in
accessing banking services that might not be directly available to it because
of its higher-risk customer base. Correspondent banks are required to assess
the soundness of the MSB’s compliance program and ensure that the MSB’s
activities align with the correspondent bank’s risk appetite.

E-commerce
Electronic commerce (e-commerce) platforms facilitate the buying and
selling of goods and services over the internet. They serve as intermediaries
between sellers and buyers, providing a digital marketplace for transactions.
There are various types of e-commerce platforms, each tailored to meet
different business models and customer needs.

Business models include:

Business Model Acronym Description Examples

Business-to- B2C The most common Online clothing stores,

consumer form of e-commerce, food delivery services,
where businesses sell Amazon, Alibaba,
products directly to Rakuten, AliExpress,
consumers Netflix and other
streaming platforms

Business-to- B2B Involves transactions Manufacturers selling

business between businesses to wholesalers or
retailers

Certified Anti-Money Laundering Specialist Page 96

Version 7.0
Consumer-to- C2C A model that allows eBay, Craigslist, Etsy,
consumer consumers to sell Vinted
directly to other
consumers

Consumer-to- C2B Individuals offering Freelance

business goods or services to marketplaces, such as
businesses Upwork and Fiverr

Direct-to- D2C Manufacturers selling Ace & Tate, Dollar

consumer directly to customers Shave Club, and Oatly
without
intermediaries

The revenue models of e-commerce platforms determine how they

generate sales. Models include:

• Transaction-based: This model charges a fee or commission for each

transaction made on the platform, commonly seen in marketplaces, such
as eBay and Amazon. For example, eBay takes a percentage of the sale
price from sellers.

• Subscription-based: Users pay a recurring fee to access the platform or

premium features. One example is Amazon Prime, which offers members
benefits such as free shipping and streaming premium videos without a
fee.

• Freemium: Users can access basic services for free but must pay for
advanced features, as seen with Spotify, which offers a free version with
limited features and premium subscriptions for ad-free content.

• Advertising: Platforms such as Google and Facebook offer services for free
but generate revenue by selling advertising space.

• Direct sales: In this model, the platform itself acts as a retailer, selling
products directly to consumers, as exemplified by Amazon and also
Walmart, a large American retail chain.

• Affiliate marketing: Platforms earn commissions from sales made through

affiliate links, as seen with blogs and influencer platforms. A beauty blogger

Certified Anti-Money Laundering Specialist Page 97

Version 7.0
 might earn a commission by promoting skincare from an online retailer
through affiliate links.

• Licensing: Some platforms, such as Shopify, charge a licensing fee for

businesses to use their technology.

More developed e-commerce platforms also set up their own PSPs to

facilitate receipts and payments, in order to lower their costs and ensure
customers a smooth user experience on the platform.

E-commerce risks
Participants in e-commerce include merchants, customers, and financial
institutions (FI). E-commerce businesses greatly facilitate legitimate global
commerce between buyers and sellers. However, they also offer criminals a
venue for conducting illegal activities and concealing the movement of illicit
funds.

Key financial crime risks associated with e-commerce include:

• Consumer fraud, in which a seller does not deliver a good or service after
receiving payment from the buyer

• Use of a stolen credit or debit card or other data to purchase goods or

services

• Use of an e-commerce business:

o As a front for illicit transactions

o To launder illicit funds

Criminals can use e-commerce businesses to both illegally generate funds

and launder them. Ultimately, these funds will be deposited with an FI.
Therefore, FIs must strive to prevent and detect financial crime through their
roles as payment processors, card issuers for customers, and account
openers for merchants.

Two examples of financial crime threats that financial institutions should be

aware of include the use of e-commerce businesses as front companies for
dark market activities and for trade-based money laundering. In a recent case,
an online business that posed as a clothing store covertly sold illegal drugs to

Certified Anti-Money Laundering Specialist Page 98

Version 7.0
customers. The business used codewords such as “T-shirt size” to allow
customers to indicate the type and quantity of drugs they wanted.

In another example, members of a terrorist organization were able to transfer

funds through a PSP to a collaborator in another jurisdiction under the guise of
purchasing printers on a well-known marketplace.

Red flags for financial crime related to the use of e-commerce include the
following:

• Prices inconsistent with the fair market value of goods or services being
sold

• Sales of goods or services that are difficult to value

• Attempts by customers to hide their identity or location, such as by using a

virtual private network

• Unusual counterparty pairs

• Involvement of potential shell companies

Case example: LotusMall and illegal

gambling
As e-commerce has expanded, so too have opportunities for illicit financial
activity. One example is LotusMall, a Chinese e-commerce platform, LotusMall,
was implicated in facilitating illegal online gambling and associated money
laundering.

Operators of gambling websites such as LuckyBet exploited the e-commerce

platform by directing users to fund their gambling accounts through QR code
payments processed via a PSP. However, transaction records showed the
payments were actually being made to merchants on LotusMall, creating the
appearance of legitimate e-commerce activity.

Behind the scenes, LuckyBet had orchestrated a network of fake storefronts.

They recruited individuals, often paid a commission, to register as sellers using
their real identification, listing everyday goods such as clothing. These stores
appeared legitimate, but no products were ever shipped. Instead, funds from
gamblers were funneled directly to LuckyBet under the guise of online
purchases.

Certified Anti-Money Laundering Specialist Page 99

Version 7.0
For some merchants, product listings were priced far above the expected
market value, a red flag for fraud. Other merchants had many low-value
products listed, but had extremely high numbers of transactions per day,
which is another red flag. Additionally, LuckyBet’s gambling sites operated
from offshore servers, adding another layer of anonymity and making law
enforcement tracing efforts more difficult.

Authorities eventually uncovered the operation when two individuals were

arrested for selling over 90,000 fake delivery records tied to these bogus
transactions. In total, more than CNY¥10 billion (approximately US$1.38 billion)
was laundered through LotusMall.

The fallout was severe: LotusMall reported financial losses of CNY¥3.4 billion
(around US$468 million) and faced legal action against senior executives for
enabling money laundering. Authorities urged e-commerce platforms to
improve risk monitoring, flag high-risk patterns such as multiple seller
accounts linked to a single entity, and take a more proactive stance against
fraud and collusion between buyers and sellers.

Key takeaways

Large e-commerce platforms can be exploited by money launderers:

• Common typologies include low-value and high-frequency transactions

and collusion between buyers and sellers.

• Red flags such as inflated prices and false delivery records indicate
fraudulent activities.

• E-commerce platforms should adopt more proactive measures for risk

control and fraud detection and implement stricter monitoring.

Certified Anti-Money Laundering Specialist Page 100

Version 7.0
Money laundering risks
associated with insurance,
securities, brokerage, and
custodian services

Insurance products risks

The insurance sector contributes to the financial services industry by
providing essential risk management solutions and enhancing financial
stability. It offers a diverse range of products, such as life, property, casualty,
medical, travel, and liability insurance. In the context of money laundering, the
insurance sector is primarily involved in the integration stage of the laundering
process. The sector’s inherent AML risk is generally lower than that of banking
due to less liquid transactions, less complex product nature, and structured
payout schedules. However, industry supervisory authorities usually remind
entities that certain high-risk accounts and products still require attention.
Specifically, insurance products with high cash values or flexible payment
options can be misused to obscure the source of funds, facilitating both
money laundering and terrorist financing.

Certain products can be high-risk, such as high-value life insurance and

investment-linked policies, and can present AML concerns. Criminals might
exploit these products by making large, irregular premium payments, cashing
out policies prematurely, or having an unrelated third party make the
payments for the policy itself. Red flags include early termination of policies
after the cooling-off period, premium overpayments from third parties, claims
filed shortly after the policy becomes effective, and early cash surrenders.
These actions can indicate attempts to convert illicit funds into legitimate
assets. For instance, a criminal might purchase a high-value life insurance
policy with illicit funds and then surrender it shortly after for a higher cash
value, effectively laundering illegal money into legitimate assets.

Certified Anti-Money Laundering Specialist Page 101

Version 7.0
Maritime insurance is often linked to trade-based money laundering. Criminals
might misclassify goods or submit fraudulent declarations to trigger insurance
payouts, enabling illicit transfers of value that involve both money laundering
and insurance fraud. For example, goods such as electronic components
might be falsely declared as “used clothing” to reduce scrutiny. Phantom
shipping can occur when criminals report shipments that never existed.
Undershipment happens when fewer goods are shipped than declared. Both
allow criminals to file claims for lost or damaged shipments that never existed.
The combination of money laundering and insurance fraud enables illicit
transfers of value while obscuring the true nature of the activities involved.

Case example: Investment product misuse

Peter, a recent retiree living in the Cayman Islands, received a lump-sum
pension payment of US$100,000. Seeking to invest, he approached his broker,
Tom, who recommended an investment-linked insurance (ILI) policy with
premium financing. Tom highlighted the appeal of ILIs, which combine
insurance protection with investment potential.

The policy was valued at US$100,000, but Peter only needed to contribute
US$30,000 upfront. The remaining US$70,000 would be financed at a 10%
annual interest rate. Tom noted that many clients used this structure to
enhance returns. The investment fund linked to the policy had reportedly
delivered 15% annual returns in the past. Peter believed the gains would cover
the interest and yield a profit.

However, a year later, Peter discovered his investment had lost 50% of its
value. He tried contacting Tom without success and eventually escalated his
complaint to the insurance company. The matter reached Mary, the
compliance manager, who had recently strengthened the company’s AML
and AFC framework and was actively monitoring for suspicious activity.

Mary’s analytics had already flagged Tom’s transactions as unusual. Peter’s

complaint confirmed her concerns and triggered a deeper investigation.
Several red flags emerged:

• Tom’s brother owned the finance company providing premium loans to

Tom’s clients.

• Tom and his wife owned an offshore investment firm managing the policy
funds, which appeared unlicensed.

Certified Anti-Money Laundering Specialist Page 102

Version 7.0
• The promised 15% returns were inconsistent with market norms.

Recognizing the risks, Mary reported her findings and recommended

immediate actions:

• Apply enhanced due diligence to brokers and affiliated entities involved in

ILIs.

• Monitor ownership structures to detect conflicts of interest and prevent

collusion.

• Require employees and agents to declare external business interests,

including those of close associates.

• Provide targeted AML training to brokers, emphasizing red flags and

compliance obligations.

Tom was ultimately dismissed following evidence of collusion and

misrepresentation.

Key takeaways

• Red flags of ILI products can include ownership conflicts, unlicensed

companies, and unrealistic returns, which might indicate fraud.

• Monitoring of ownership structures can help identify conflicts of interest

and prevent collusion.

• Training agents and brokers to recognize money laundering risks

promotes a culture of compliance and ethics.

Securities and brokerage risks

According to FATF, securities providers can range from those that largely
interact with retail investors, such as retail stockbrokers, wealth managers, and
financial advisors, to those who serve institutional markets such as clearing
members, prime brokers, and global custodians.

Providers offer various services including capital market research, portfolio

management, and investment funds distribution. The securities and
brokerage sector serves direct customers and intermediaries that transact on
behalf of their underlying customers. Transactions can encompass a wide

Certified Anti-Money Laundering Specialist Page 103

Version 7.0
range of financial instruments, including transferable securities, money-
market instruments, investment funds, options, futures, swaps, forward rate
agreements, and other derivative contracts.

This sector is particularly vulnerable during the layering and integration stages
of money laundering. FATF notes that the sector is unique in that it can be
used not only to launder illicit funds but also to generate illicit funds within the
industry itself through fraudulent activities. Characteristics such as high levels
of interaction between securities providers and intermediaries such as
investors and brokers, substantial transaction volumes, rapid execution
speeds, and a degree of anonymity, all create opportunities for criminals to
launder proceeds.

• Complex financial products present a risk as they can obscure the source
of funds and complicate transaction monitoring.

• Offshore accounts provide anonymity, which can facilitate money

laundering and enable criminals to exploit lax regulatory jurisdictions.

• High-risk customers, such as PEPs, and intermediaries require careful risk

assessment. PEPs might be susceptible to corruption, while intermediaries
might facilitate illicit transactions on behalf of customers.

• Additionally, the rise of electronic trading platforms emphasizes speed and

high transaction volumes, making it challenging to monitor and apply
mitigation controls.

Continuous monitoring of trading activities can help identify unusual patterns

or behaviors that might indicate money laundering. Robust transaction
monitoring systems that flag suspicious transactions based on predefined
criteria can help identify large or unusual trades, rapid trading patterns, high-
frequency transactions and transactions involving high-risk jurisdictions.
Conducting CDD helps ensure that the source of funds is legitimate, and that
customers are correctly segmented according to their expected and
historical trading patterns.

Certified Anti-Money Laundering Specialist Page 104

Version 7.0
Asset managers
Asset managers or asset management companies conduct investments and
handle assets on behalf of their customers. Asset managers are required to
understand the money laundering risks of their business as they handle large
volumes of capital across multiple jurisdictions, in diverse and evolving asset
classes, often with anonymity in transactions, using complex financial
products and third parties.

Asset managers provide a variety of financial products and services, including:

• Exchange-traded funds (ETF): These are investment funds traded on

stock exchanges, similar to individual stocks. They offer diversification and
liquidity but can also obscure the identities of underlying investors.

• Derivatives: These financial instruments, such as options and futures, derive

their value from underlying assets. Their complexity and potential for
leverage can be exploited for money laundering.

• Hedge funds: These pooled investment funds employ various strategies to

generate returns. Their often opaque structures and high minimum
investment requirements can attract illicit actors.

• Private equity: This involves investing directly in private companies or

buying out public companies. The lack of transparency in these
transactions can pose money laundering challenges.

• Commodity trading advice: Asset managers might provide guidance on

trading physical commodities, which can be subject to manipulation and
illicit activities.

• Real estate investments: Investing in real estate involves various

stakeholders, including sellers, buyers, renters, property managers, and
agents, all of whom should be thoroughly vetted to mitigate money
laundering risks.

• Crowdfunding: As a relatively new form of asset management,

crowdfunding platforms allow individuals to invest in projects or startups.
These platforms can be misused for money laundering due to insufficient
regulatory oversight and the anonymity they can provide to investors.

Certified Anti-Money Laundering Specialist Page 105

Version 7.0
The complexity and variability of these products and services make it
increasingly difficult to detect money laundering. Additionally, asset managers
face a complex and evolving CDD process that requires knowledge of all
parties involved in the transactions. Those parties include investment fund
managers, portfolio managers, and alternative investment fund managers,
such as those overseeing hedge funds and private equity.

By adopting a risk-based approach that emphasizes strong CDD controls and

continuous monitoring, they can meet regulatory requirements and
demonstrate a genuine commitment to the sector’s integrity. This
commitment also addresses emerging risks associated with new asset
classes, such as cryptocurrencies and novel financial instruments, which
might be more susceptible to exploitation by money launderers.

Custodial services risks

A custodian bank is a financial institution that safeguards its customers' assets,
including stocks and bonds. Custodian banks typically serve banks and other
financial institutions, including securities intermediaries. They provide a range
of services, including securities safekeeping, processing and execution of
settlement instructions, transition management, and funds distribution. They
might also provide reporting and tax compliance services. These services can
be for a customer’s account and/or for its underlying clients, representing
various beneficial owners.

This complexity emphasizes the need for custodian banks to know their
customers and underlying clients, including their:

• AML policies.

• Geographical footprint of business operations.

• Country of incorporation.

• Transparency in information exchange.

Money laundering risks are inherent in custodial services, particularly with shell
companies or nominee accounts. They can conceal true ownership of assets,
making it difficult to identify beneficial owners. Additionally, custodian banks
might be used to layer transactions, complicating the tracking of fund origins
and identification of suspicious activity.

Certified Anti-Money Laundering Specialist Page 106

Version 7.0
Financial crime risks in custodial services stem from relying on other banks to
perform KYC checks. This reliance creates a false sense of security, as the
custodian bank might not have complete information on client identities. If the
other bank fails to perform adequate checks, the custodian could
inadvertently facilitate transactions involving illicit funds, exposing itself to
regulatory scrutiny. Multiple customers in a chain present additional risks as
complex ownership structures obscure beneficial ownership and complicate
transaction tracing. Each additional client in the chain adds a layer of
complexity, which can complicate due diligence processes.

Regulators have begun examining the custodial services sector more closely
for financial crime risk. For example, in 2024, the UK’s FCA admonished
custodian banks for their AML shortcomings and emphasized the need for
rigorous AML controls. They cited a variety of common failings, including
discrepancies between registered and actual activities, inadequate AML
resources, and failure to assess customer activity risks.

Certified Anti-Money Laundering Specialist Page 107

Version 7.0
Money laundering risks
associated with cryptoassets and
other FinTechs

Cryptoassets industry ecosystem

The cryptoassets industry ecosystem is a dynamic and interconnected
network that facilitates the creation, exchange, and management of digital
assets. The industry continues to evolve, and as technology advances, new
participants and services emerge, broadening the scope of the ecosystem.

The key structures within the ecosystem include:

• Blockchains: Blockchains are a form of "distributed ledger technology"

(DLT). They provide the infrastructure for the development and
deployment of decentralized applications and smart contracts.

• Decentralized Finance or DeFi: DeFi refers to a collection of financial

services that operate on smart contract protocols. These protocols aim to
replicate traditional financial systems, such as lending, borrowing, and
exchanges, without intermediaries.

• Miners: Validate transactions on blockchain networks by solving complex

mathematical problems, a process called mining. In return, miners earn
newly created cryptoassets for mining a block.

• VASPs: VASPs include cryptocurrency exchanges, wallet providers, and

other entities. They facilitate activities involving virtual assets, such as
transactions with cryptocurrency, and are subject to strict regulations in
many jurisdictions.

o Wallet providers: Digital wallets allow users to store, send, and receive
cryptoassets. They come in two forms: hot wallets, which are
connected to the internet for easy access, and cold wallets, which are
offline and provide enhanced security.

Certified Anti-Money Laundering Specialist Page 108

Version 7.0
 o Cryptocurrency exchanges: Facilitate the buying, selling, and trading of
cryptoassets. These platforms can either be centralized or
decentralized.

• Access and infrastructure providers, such as cryptocurrency ATMs: Allow

users to exchange cryptocurrencies for fiat currency (and vice versa) at
physical locations. These machines can be used for facilitating peer-to-
peer crypto transactions.

While these form the operational backbone of the cryptoassets ecosystem,

their roles revolve around a diverse set of digital assets—each with distinct
characteristics and functions. The main categories are:

• Cryptocurrencies: Primarily used for transactions and value storage.

Examples include Bitcoin, Ethereum, and Solona.

• Stablecoins: Digital currencies that are pegged to traditional assets, such as

the US Dollar, to reduce volatility. This stability facilitates the connection
between cryptoassets and traditional currencies, enabling cross-border
payments. Examples include Tether (USDT) and Circle (USDC).

• Tokens: Represent assets, rights, or access within a blockchain ecosystem

and can be traded across borders, bypassing traditional financial systems.
They might be swapped on decentralized platforms, obscuring the origin
and destination of illicit funds.

• Non-Fungible Tokens or NFTs: Represent unique digital assets, often used

to demonstrate ownership of digital art and collectibles. Their uniqueness
can make it difficult to accurately assess their true market value. Money
laundering risks include overpricing and anonymity in selling NFTs using
illicit funds, particularly on decentralized platforms.

The supporting elements of the ecosystem include:

• Regulatory bodies: Regulators monitor the legal and compliance aspects

of cryptoassets to deter illegal activities, such as fraud and money
laundering.

• DeFi: DeFi refers to a collection of financial services that operate on smart

contract protocols. These protocols aim to replicate traditional financial
systems, such as lending, borrowing, and exchanges, without
intermediaries.

Certified Anti-Money Laundering Specialist Page 109

Version 7.0
Blockchain
A blockchain is a decentralized, distributed public ledger. It is a database that
uses encryption to store blocks of data and chains them together
chronologically. It serves as the single source of this data and is immutable, or
very difficult to alter. This shared, immutable ledger allows the recording of
transactions and tracking of assets in a business network. Assets traded on a
blockchain network can be tangible assets, such as machinery or land, or
intangible assets, such as patents or bonds. There are many characteristics of
blockchain technology that provide benefits for users.

A blockchain always consists of nodes, miners, and blocks. Nodes are

computers used to access blockchain networks. Miners are users who verify
transactions and add new blocks to the blockchain. Blocks are structures of
transaction data for cryptocurrency transactions.

Every chain of data consists of multiple data-filled blocks. The data in the block
is sealed forever and is attached to a random number called a “nonce” and is
the result of a cryptographic function called a “hash.” In a blockchain, each
block has a unique nonce and hash, which makes it extremely difficult to
manipulate the blockchain. To make a change, the entire block would need to
be re-mined along with any other blocks in its chain. This would require an
enormous amount of time and computing power. Once a blockchain is mined,
it also must be verified by other nodes on the network.

Blockchain technology offers many benefits. Blockchains are immutable,

which means they are permanent and cannot be altered. They also offer
transparency, as all users can access a copy of the ledger. Blockchains are
usually decentralized, meaning that no central governing authority has
decision-making power over them. They are also secure because they consist
of individually encrypted records. Additionally, blockchain offers faster
settlements than traditional banking system transactions.

Certified Anti-Money Laundering Specialist Page 110

Version 7.0
Cryptoasset risks
Cryptoassets encompass virtual currencies, such as Bitcoin, and stablecoins,
such as Tether (USDT) and USD Coin (USDC). Stablecoins are designed to
minimize price volatility by pegging their value to traditional assets, such as fiat
currencies. In contrast, cryptoassets, such as Bitcoin and Ethereum,
experience significant price fluctuations, making them more suitable for
investment and speculative purposes rather than as stable mediums of
exchange.

Cryptoassets usually require third-party providers, known as VASPs, to assist in

exchanging for fiat currency. Without proper controls, the conversion point
between cryptoassets and fiat is particularly vulnerable to money laundering,
but CDD checks and monitoring can help identify suspicious activities.

These assets operate on public ledgers, such as blockchains, which use

cryptography to secure transaction data. Cryptography secures cryptoasset
data via a distributed ledger, which publicly stores the data of the
cryptoassets. The decentralized nature of these ledger networks eliminates
the need for one centralized ledger, allowing for fast, peer-to-peer
transactions. Permissionless oversight allows for fast, easy payments and
provides a payment method to individuals without access to mainstream
financial services. However, it can also facilitate criminal activities, and
cryptoassets can attract individuals looking to exploit the system.

For instance, despite the inherent transparency of blockchain technology,

tracing ownership can be challenging, making it attractive to criminals looking
to engage in illicit activities with minimal traceability. Some privacy coins utilize
nonpublic blockchains to facilitate anonymous fund transfers, further
complicating efforts to attribute transactions and heightening the risk of illicit
activity.

Criminals might exploit cryptoassets to launder illicit funds. Examples of red

flags include:

• Transactions involving wallet addresses that are sanctioned or linked to

illegal activity.

• Large purchases made within a 24-hour period, withdrawn as fiat currency

through multiple small transactions.

Certified Anti-Money Laundering Specialist Page 111

Version 7.0
• Repeated transfers to fiat currency exchanges in jurisdictions with weak
regulatory enforcement.

• A customer who purchases cryptoassets with funds that significantly

exceed their known wealth or source of funds.

Stablecoin, token, and NFT risks

The increasing popularity of stablecoins, tokens, and NFTs within the
cryptoasset ecosystem presents significant risks related to money laundering
and illicit financial activities. While these digital assets offer benefits, such as
efficient transactions, they create new opportunities for money laundering
and terrorist financing due to their pseudonymity, cross-border reach, and
lack of regulatory oversight.

Stablecoins are digital currencies pegged to stable assets, such as the US

dollar, to reduce volatility.

Types of stablecoins include:

• Fiat-collateralized stablecoins: Backed 1:1 by fiat reserves, such as euro, and

stored in custodial accounts. The issuer holds an equivalent amount of fiat
currency in reserve for every stablecoin issued. Risks include ease of
conversion back into traditional fiat and regulatory gaps, making them
attractive targets for money laundering.

• Crypto-collateralized stablecoins: Backed by other cryptocurrencies

rather than fiat. Their volatility can lead to liquidity issues, and criminals
might use decentralized exchanges to obscure the origin of funds through
complex transactions.

• Algorithmic stablecoins: Maintain their peg through algorithms and market

adjustments to supply and demand instead of being backed by fiat or
crypto collateral. Money launderers might use algorithmic stablecoins to
move funds rapidly, leveraging value fluctuations to disguise illicit asset
transfers and complicate forensic tracking.

• Central Bank Digital Currency (CBDC): Government-issued digital

currency, typically not classified as a stablecoin due to its direct link with
state-issued fiat. While CBDCs are stable by design, as they are directly
backed by central banks and maintain parity with national currencies, weak

Certified Anti-Money Laundering Specialist Page 112

Version 7.0
 AML and KYC regulations can pose financial crime risks. Poor oversight and
implementation could allow criminals to exploit vulnerabilities in the
payment system.

In contrast to stablecoins, digital assets such as tokens and NFTs are not stable
and highly volatile. Their price fluctuations make them prone to speculative
activities and present greater money laundering risks due to their capacity to
obscure transaction trails.

Central bank digital currency

A central bank digital currency (CBDC) is a digital version of a country’s fiat
currency issued and regulated by its central bank. It also functions as legal
tender. CBDCs combine the advantages of digital payments, such as speed
and convenience, with the stability of traditional currencies. While often
discussed alongside cryptocurrencies such as Bitcoin and Ethereum, CBDCs
are different because cryptocurrencies operate independently of
government oversight.

Central banks issue CBDCs for several reasons:

• Payment efficiency: CBDCs can facilitate faster and more efficient

payment systems both domestically and internationally compared to
conventional systems.

• Cost reduction: The issuance of a CBDC can reduce the costs associated
with physical cash production and handling. It also reduces the operational
expenses related to clearing and settlement systems used in traditional
banking.

• Monetary policy implementation: Central banks can influence monetary

policy more directly through CBDCs by adjusting the supply and demand
for digital currency. This enables the central banks to more readily respond
to economic changes or manage economic instability.

Certified Anti-Money Laundering Specialist Page 113

Version 7.0
• Financial inclusion: A well-designed CBDC could grant access to banking
services for individuals excluded from the traditional financial system,
particularly in countries with underdeveloped banking infrastructure. The
access makes it easier for unbanked populations to obtain basic financial
services.

• Illicit activity deterrence: Unlike cash, CBDCs can be monitored in real time,
providing authorities with greater transparency over transactions. This
monitoring can help combat money laundering, tax evasion, and terrorist
financing.

Several countries are actively researching, piloting, or already implementing

CBDCs, each with distinct goals and strategies. Some examples include:

• The Bahamas: The Sand Dollar is the first fully implemented CBDC in the
world, launched in October 2020 and available across the island for use
alongside traditional cash. The initiative aims to improve financial inclusion
and enhance security against money laundering and illicit activities.

• Nigeria: The eNaira was launched in October 2021. It facilitates digital

payments, transfers, and transactions, aiming to increase financial inclusion
and streamline cash management across the country.

• Jamaica: Jamaica Digital Exchange (Jam-Dex) was launched in May 2022. It

enables secure P2P transactions and payments for goods and services. It
aims to reduce the costs associated with cash handling and storage.

Mixers and tumblers

Cryptoasset mixers and tumblers are widely used to hide the source of
cryptoasset funds and to make transaction tracing nearly impossible. Wasabi
Wallet, also known as CoinJoin, is an example of one of the many Bitcoin
mixers. It mixes the coins of multiple users together and returns the funds to
the original user from another cryptocurrency address. There are many other
types of mixers that work similarly by mixing coins from different entities and
returning the funds from different addresses. When such mixing services are
used, it is extremely difficult and sometimes impossible to trace funds.

There are two types of mixers: centralized and decentralized. Both types work
similarly and consist of a service or protocol that is designed to mix funds from

Certified Anti-Money Laundering Specialist Page 114

Version 7.0
different entities using various obscuring techniques. Decentralized mixers
use a protocol to obfuscate transactions using a fully coordinated or peer-to-
peer method. In contrast, centralized mixers are companies that will accept
your cryptoasset and send back different coins for a fee. The funds are then
returned to their original entities from new addresses that are very difficult or
even impossible to link to the original addresses. Mixing and tumbling
protocols earn funds by taking a fee for their services, usually from 1% to 3%.

Criminals have widely used mixers and tumblers to launder illicitly acquired
funds. Various sanctioned entities and users of dark web marketplaces use
these mixing and tumbling services in their money laundering process to hide
the trail between the illegal funding source and the destination.

The use of mixer protocols does not necessarily indicate that the original
funds are illegal. Some users of such services simply believe in privacy and use
these services to protect their information without doing anything illegal.
However, virtual asset service providers should treat transactions linked to
mixers and tumblers as high risk and take appropriate diligence measures to
reduce potential risk.

Certified Anti-Money Laundering Specialist Page 115

Version 7.0
Money Laundering Risks in
DNFBPs and Other High-Risk
Sectors

Introduction

Introduction: Money Laundering Risks in

DNFBPs and Other High-Risk Sectors
This module covers various money laundering risks associated with
Designated Nonfinancial Businesses and Professions (DNFBP) and other high-
risk factors. While DNFBPs are not primarily financial in nature, they engage in
activities that can be vulnerable to abuse by criminals for money laundering
and terrorist financing. In these lessons, you will learn about the different types
of DNFBPs and how they can be used as vehicles for laundering illicit funds
due to their role in handling large sums of money, assets, and legal structures.
This knowledge will help you establish appropriate safeguards to mitigate
DNFBP risks.

Case example: DNFBP risks in the Hendricks

case
Josh is a US-based lawyer and AFC professional with experience in regulated
entities. He has been invited to participate in his jurisdiction’s Financial Risk
Review Task Force to examine whether additional regulations are needed for
DNFBPs and other high-risk sectors. The task force aims to classify the various
types of DNFBPs, the customers they serve, and the associated risks to
establish the regulatory needs.

Certified Anti-Money Laundering Specialist Page 116

Version 7.0
A notable case discussed involved Kurt Hendricks, a Russian customer
charged with bank fraud and money laundering related to two condominiums
in California. Hendricks used a corporate nominee and a multi-tiered structure
of shell companies to conceal his identity from US financial institutions. He
wired nearly US$4 million from overseas accounts in Latvia and Switzerland,
where there are lower regulatory expectations with response to AML/CFT, to
fund a US$3 million real estate transaction through a corporate entity set up by
the nominee in the British Virgin Islands. The remaining funds were invested in
a brokerage account maintained by the nominee and used to pay expenses
for the condominiums.

The Hendricks case demonstrated how money laundering cases can involve
multiple DNFBPs, each presenting unique risks, including:

• Real estate agents who facilitate high-value transactions involving ultimate

beneficial owners that are not clearly identified.

• Lawyers and trust or company service providers (TCSP) who create

complex corporate structures to obscure the sources of funds.

• Accountants who enable illicit transactions to appear legitimate.

The task force noted that attorneys in the US are self-regulated by state bar
associations, which provide recommended rules but lack mandatory
reporting requirements. Similarly, real estate agencies and TCSPs do not have
to adhere to AML/CFT regulations or conduct audits for compliance.

Given the complexities and risks associated with DNFBPs, the task force
recommended comprehensive AML/CFT regulations to bridge existing gaps.
Requiring DNFBPs to set up an AML/CFT framework and find the right balance
between customer privacy and AML reporting requirements could deter the
financial benefits of enabling such activities and reduce the occurrence of
money laundering. This tailored regulatory approach enhances the financial
system's integrity and protects it from exploitation by criminal actors.

Certified Anti-Money Laundering Specialist Page 117

Version 7.0
Key takeaways

• DNFBP risks vary widely depending on the type of business and the
clientele it serves.

• Many money laundering cases require the involvement of more than one
DNFBP to execute the transaction.

• A comprehensive AML/CFT control framework tailored to the specific risks

associated with DNFBPs can enhance the integrity of the financial system.

Certified Anti-Money Laundering Specialist Page 118

Version 7.0
Money laundering risks
associated with DNFBPs

Risks of banking designated nonfinancial

businesses and professions
DNFBPs are entities that, while not primarily financial institutions, engage in
activities that are at risk for money laundering and terrorist financing. Often
referred to as "gatekeepers," these businesses act as intermediaries between
criminals and the financial system. If safeguards are absent, DNFBPs should be
considered vulnerable to criminal enterprise as they can be exploited for illicit
purposes through their roles in hiding the origins of illicit funds, creating legal
structures, or handling high-value goods.

Examples of DNFBPs and their inherent money laundering risks include:

• Real estate agents: Real estate transactions can be used to launder money
by inflating property values or creating complex ownership structures that
obscure true ownership. The risk increases with international buyers and
high-value assets, especially in markets with limited regulatory oversight.

• Lawyers: Lawyers might assist in establishing complex structures, such as

trusts or shell companies, which can conceal the identities of true
beneficiaries. The risk increases when handling customers with
international connections or those involved in high-value transactions.
Legal privilege is valuable for criminals to hide the financial crime involved.

• Dealers in precious metals and stones: These dealers are at risk due to the
portability of valuable goods that can be easily converted into cash or
moved across borders. Criminals might exploit this sector to conceal illicit
funds through high-value purchases and resales, often without triggering
scrutiny or regulatory oversight. This is one of the higher-risk DNFPB types
due to the high-value assets and high-volume and cross-border
transactions.

Certified Anti-Money Laundering Specialist Page 119

Version 7.0
• Casinos: Casinos are particularly vulnerable to money laundering due to
high volumes of cash transactions. Criminals can anonymously purchase
chips with illicit funds, gamble briefly, and cash out, effectively "cleaning"
their money. The anonymity of cash transactions complicates tracing the
origins of the funds.

• Accountants: Accountants might inadvertently assist criminals in making

their illicit transactions appear legitimate by verifying the source of funds
for a transaction, supporting the placement of illicit funds, and facilitating
the layering stage of money laundering.

• Trust or company service providers: These providers create structures that

obscure beneficial ownership and the origin of funds, making them
attractive to individuals seeking to launder money. Those structures
complicate regulatory oversight and increase the risk of exploitation.

Gaming sector risks

The gaming sector includes physical and virtual casinos, internet gaming, and
betting or gambling. Gaming operators offer various products and services
based on their local regulations. This means that the financial crime risk
associated with each gaming segment is unique. For example, both casinos
and online operators are vulnerable to many forms of money laundering, such
as customers converting illicit funds into chips, engaging in minimal play, and
using falsified documents to open multiple accounts.

The gaming sector has unique characteristics that carry inherently high
financial crime risks. These include risks associated with a fragmented
regulatory environment, the cross-border nature of activities, and the offering
of quasi-financial services. Another inherent risk arises from the variety,
frequency, and volume of transactions. This situation is further complicated by
the rapid growth of online gaming, which involves non-face-to-face customer
interactions and onboarding, along with emerging technologies that often
introduce vulnerabilities alongside opportunity.

Since online gaming operators onboard customers remotely, they might face
exposure to high-risk jurisdictions. The quick onboarding process appeals to
criminals, and the risk of identity fraud escalates when necessary controls are
lacking. Additionally, online gaming operators might inadvertently permit
customers outside the jurisdiction to participate in gaming if IP spoofing

Certified Anti-Money Laundering Specialist Page 120

Version 7.0
occurs or geolocation safeguards fail, usually facilitated by users accessing
the website or mobile application through a VPN.

Physical casinos encounter certain financial crime risks as well. While they are
not classified as financial institutions, they do provide quasi-financial services.
For example, they accept funds on account, perform money and foreign
currency exchanges, facilitate money transfers, provide stored-value
services, cash checks, and offer safe deposit boxes. These services potentially
expose them to many of the same risks faced by financial institutions.

Junkets, a form of tourism, including sponsored or incentive-based trips, are

also inherently high-risk due to the cross-border movement of funds and
people, particularly involving high-net-worth individuals. Junket operators
refer clients to casinos and seldom collect KYC details from the customers
and share them with casinos. This practice introduces risks regarding
transparency of customer identification and source of funds.

Both physical and online gaming are susceptible to certain financial crime
risks. They encounter criminal threats such as organized crime, loan sharking,
prostitution, drug dealing, and human trafficking, all of which are predicate
offenses. They are also at risk of transaction structuring to evade reporting
thresholds, including the use of third parties and multiple transactions to
arrange deposits. In peer-to-peer or collusion gaming, such as poker,
participants might intentionally lose to another player to transfer value and
potentially criminal proceeds.

Real estate sector risks

The real estate sector is inherently susceptible to money laundering due to
the substantial sums involved in property transactions and the tangible nature
of these assets. Criminals can utilize real estate to integrate illicit funds into the
legitimate economy by purchasing tangible assets, typically of significant
value. The gains or profits are realized upon the sale of the asset, which, by
then, is fully supported and legitimized in the paper trail of sale
documentation, allowing money launderers to benefit from it. Real estate
transactions often involve lawyers and other third parties, further legitimizing
the movement of funds.

Buying, selling, or renting properties presents opportunities for criminals to

disguise the origin of funds through obscured ownership structures. For

Certified Anti-Money Laundering Specialist Page 121

Version 7.0
example, properties acquired by corporate entities, trusts, or nominees
without a clear justification as to why they were not purchased directly by an
individual are red flags. The lack of justification raises further concerns if the
entity has minimal business activity. It is also a concern if the entity is based in
a jurisdiction known for its corporate secrecy for example, the Cayman Islands
or the Bahamas.

The global nature of the real estate market further complicates detection
efforts. International buyers and cross-border transactions can mask illicit
activities. A buyer from a high-risk or uncooperative jurisdiction, one lacking an
established local presence or legitimate reason for purchasing property,
poses an additional risk.

Cash transactions remain relatively common in some markets and increase

the potential for money laundering, as cash is more challenging to trace than
payments made through financial institutions. Red flags include buyers who
pay entirely or primarily in cash, particularly in regions where bank financing is
the norm.

Other red flags include buyers who exhibit little concern for the property's
specifics, such as its condition or location, prioritizing the swift completion of
the transaction instead. Properties that frequently change ownership or are
involved in a series of rapid transactions should also raise suspicions.

Real estate professionals should collaborate with other DNFBPs to identify and
prevent money laundering. Lawyers and notaries can confirm the legitimacy
of property ownership, ensure the validity of contracts, and examine the
legality of the source of funds. They review transaction structures and the
legitimacy of corporate buyers. Accountants can evaluate buyers' financial
backgrounds, offering insights into the legitimacy of their wealth and
compliance with local tax obligations. This collaboration enhances market
integrity and transparency, supporting the mitigation of money laundering
risks in the real estate sector.

Certified Anti-Money Laundering Specialist Page 122

Version 7.0
Accountancy and audit sector risks
Money laundering poses substantial risks in the accounting and auditing
sectors due to professionals' access to sensitive financial information and their
roles in financial management, reporting, and advising.

Accountants frequently find themselves in a position to detect suspicious

activities, but they should remain vigilant to ensure they do not inadvertently
facilitate illegal practices. Their involvement in handling financial records
provides easy access to data, and their inability to detect suspicious activity
might lead them to unwittingly create complex structures that enable illegal
activities, such as structuring. If an accountant designs overly complex or
opaque transactions, it might raise a red flag for money laundering.

One consequential risk for accountants is inadvertently supporting tax

evasion, with subsequent transactions potentially serving as a conduit for
money laundering. Tax avoidance involves legally minimizing tax liabilities,
while tax evasion includes illegal actions, such as falsifying records or
concealing income. If accountants become complicit in illegal tax evasion
schemes, they might also inadvertently assist in money laundering, as illicit
funds are often concealed through fraudulent tax practices.

Accountants provide various services, some of which are listed below. These
services have corresponding money laundering risks.

Accountancy roles Services Money laundering risks

Auditors Examine financial Overlooking financial

statements to ensure discrepancies during
compliance with reviews might conceal
accounting standards suspicious activities.
and laws.

Consultants Provide advice on Might inadvertently aid

financial strategies and in facilitating money
operational efficiencies. laundering through
transaction structuring.

Certified Anti-Money Laundering Specialist Page 123

Version 7.0
Risk advisors Help organizations Failure to identify money
identify and manage laundering risks could
financial and facilitate illicit activities.
compliance risks.

Tax advisors Advise on tax planning The line between legal

and compliance with tax avoidance and illegal
regulations. tax evasion is slim,
risking facilitation of
money laundering.

Accountants have a responsibility to detect and prevent money laundering,

which includes:

• Conducting due diligence by understanding their customer’s business

activities and reviewing transactions for suspicious patterns.

• Reporting suspicious activities, such as high-risk or unusual transactions. In

many countries, accountants are legally obligated to report these to
relevant authorities.

• Identifying any red flags from financial records or unusual client behavior
during their engagement.

• Adhering to ethical standards set by professional bodies and regulatory

authorities.

Certified Anti-Money Laundering Specialist Page 124

Version 7.0
Legal services sector risks
Money laundering is a prominent concern in the legal sector due to the
influential role lawyers and notaries play in managing financial transactions,
providing legal advice, and knowing their clients. Criminals often exploit the
services of legal professionals to conceal illicit funds, facilitate fraudulent
transactions, or structure deals in ways that obscure the origin of money.

Legal professionals provide various services, some of which are listed below.
These services have corresponding money laundering risks.

Services Description Money laundering risks

Advisory Provide legal advice on Might inadvertently assist in

services issues such as business structuring transactions that
formation, mergers, estate disguise illicit activities, such as
planning, and tax matters, advising on using offshore
ensuring compliance with accounts or trusts that hide the
laws. beneficial ownership of assets,
enabling tax evasion, or
concealing illicit wealth.

Case handling Represent clients in legal Might be exposed to suspicious

disputes, including civil, transactions, particularly
criminal, and commercial involving large sums of money,
cases, handling litigation, international transactions, or
negotiations, or disputes over high-value
settlements. assets.

Due diligence Conduct due diligence for If a client provides false

transactions, investments, information, undetected
mergers, or acquisitions by discrepancies could lead to
investigating business fraudulent deals. Another risk is
partners, verifying deal advising on transactions where
legitimacy, and assessing the true beneficial owner is
legal risks. concealed.

Certified Anti-Money Laundering Specialist Page 125

Version 7.0
Verification of Assist in verifying the Money launderers often use
assets legitimacy of assets during the purchase and sale of assets
transactions, such as to legitimize illicit funds.
property sales, confirming Lawyers risk involvement if
lawful ownership, and they do not thoroughly assess
transferability. the origin of funds or the
ownership history of the assets.

Notary public Notaries provide services Might unknowingly participate

services such as witnessing in money laundering if they fail
document signings to to verify identities or allow
ensure the legitimacy of fraudulent documents to be
documents used in legal notarized, enabling criminals to
transactions. legitimize documents that
conceal illicit activities or
assets.

Trust and company service provider and

company secretary sector risks
Trust and company service providers (TCSP) offer a range of business
services, including nominee services, the establishment of shell companies,
and the incorporation of onshore and offshore companies.

Company secretaries ensure compliance with corporate governance

standards and relevant laws and regulations. Their responsibilities include
maintaining company records, filing annual reports, and organizing board
meetings.

The nature of their work can present money laundering risks. Criminals might
exploit TCSPs to obfuscate true ownership of assets or structure transactions
that disguise the origin of illicit funds. For secretaries, heightened money
laundering risks arise if they fail to vet key stakeholders or identify red flags in
corporate structures and transactions. A lack of due diligence in maintaining
company records or supporting corporate governance processes could

Certified Anti-Money Laundering Specialist Page 126

Version 7.0
enable criminals to obscure UBO identities, unwittingly facilitating illicit
activities.

TCSPs often offer nominee services, where they provide third parties to act
on behalf of customers in ownership and management roles, such as
directors, officers, or shareholders. These nominee directors or shareholders
can be used to conceal the identity of the UBO or operator of the business,
creating a layer of anonymity that heightens money laundering risks through
obfuscation. Criminals might use this nominee structure to distance
themselves from illicit activities and treat it as a cover to move funds across
jurisdictions with weak regulations.

Shelf companies are often sold to customers looking to bypass procedural

requirements or expedite company formation. Shelf companies present an
increased money laundering risk. Since they are pre-registered, they typically
have clean histories and can be established with fake ownership structures.
This can complicate the ability of financial institutions and regulatory
authorities to identify the actual UBOs.

Offshore company formation involves establishing a company outside the

customer’s home country, usually in low-tax and/or high-secrecy jurisdictions.
The services include handling administrative tasks such as maintaining the
company's registration, filing documents, and ensuring compliance with local
regulations. However, weak AML regulations in some offshore locations allow
criminals to obfuscate true ownership. The limited availability of public records
and complex international transaction flows increase the money laundering
risks associated with offshore companies, making TCSP an important
gatekeeper.

Certified Anti-Money Laundering Specialist Page 127

Version 7.0
High-risk business sectors

High-value asset risks

High-value assets are valuable items such as art, antiques, jewelry, precious
metals, and expensive goods, such as jets or yachts. These assets pose
financial crime risks because they are:

• Often easy to move

• Often easy to hide

• High value

A risk associated with high-value assets is that criminals can use these assets
to launder money. Criminals convert illicit funds into seemingly legitimate
investments or use them to purchase expensive items.

Financial institutions must understand the nature of these assets to effectively

assess the risks. Robust due diligence and transaction monitoring systems are
important to identify potential money laundering activities.

Several red flags can alert AFC professionals to potential money laundering
when dealing with high-value assets.

• Transactions which involve funds from unknown or suspicious sources

• Large cash purchases without a clear source of funds or with insufficient

supporting documents

• Loan agreements between unrelated third parties: The lender and

borrower lack a legitimate connection or economic justification for the
loan. Instead, the loan serves as a way to transfer illicit funds.

• The use of complex ownership structures: These include the use of shell
companies. These can obscure the true beneficial owner of the asset,
which makes it difficult to trace the source of funds.

Certified Anti-Money Laundering Specialist Page 128

Version 7.0
• Transactions between high-risk jurisdictions or jurisdictions known for
money laundering: These jurisdictions provide favorable environments for
criminals to carry out money laundering schemes.

• Inconsistent valuations of high-value assets: This means the asset is priced

higher or lower than market value. Criminals inflate or deflate the asset’s
value to manipulate financial transactions and obscure the true nature of
the funds involved.

To identify these red flags, it is important to apply robust due diligence

measures. These might include comprehensive customer background
checks, and transaction monitoring systems which detect suspicious patterns
of activity related to high-value assets.

Case example: Suspicious transactions at

Goodwish Jade
Goodwish Jade (GJ) is a retail shop specializing in jade and precious stones,
located near a major casino area in Macau. As a customer of TRF Bank, GJ's
operations raised additional queries during a routine review by the bank's AML
officer.

During the review, the AML officer discovered several cash transactions
exceeding US$500,000 that occurred at midnight in recent months. Notably,
GJ's website states that the shop operates daily from 10 a.m. to 6 p.m., and
does not run an online store, raising questions about the legitimacy of these
late-night transactions.

Upon examining the KYC documents, the officer found that GJ is owned by an
offshore company incorporated in the British Virgin Islands, a high-risk
jurisdiction for tax secrecy and lax beneficial ownership registers. The
documents cited Teh Ong as the ultimate beneficial owner. Ong is a
businessman known for running several sauna parlors and nightclubs in
Macau. Recent media coverage uncovered that Ong's sauna parlors are, in
fact, brothels offering prostitution services. The reporter also discovered that
some staff at Ong’s nightclubs were selling drugs to customers, with signs
around the venues stating, “Cash Only.” Upon receiving this information, the
AML officer's suspicions about GJ’s source of funds and ongoing transactions
intensified.
Certified Anti-Money Laundering Specialist Page 129
Version 7.0
Further investigation into GJ's transaction records revealed that the buyers of
jade and precious stones during the midnight hours were managers from
Ong’s businesses, as confirmed by financial records and the company registry
maintained by the government. These managers reportedly earn monthly
salaries of around US$2,500, making their ability to purchase high-value items
suspicious.

The AML officer suspected that the funds used for these purchases were
potentially derived from illegal activities, including drug trafficking and
prostitution from Ong’s sauna parlors and nightclubs. The pattern of cash
transactions, combined with the profiles of the buyers, indicated a potential
laundering of crime proceeds through the acquisition of high-value assets.

Considering these findings, the AML officer escalated the case to the MLRO
with the recommendation to file a suspicious activity report with the relevant
authorities. He also recommended that TRF Bank's management review the
risk assessment of Goodwish Jade as a customer, and any relevant network
companies to mitigate the risks associated with potential money laundering
activities.

Key takeaways

• Retailers of high-value items require close monitoring.

• Large cash or credit transactions outside usual or expected hours of

operation might indicate illegal activities.

• Negative media coverage or allegations should trigger a refresh of

customer review and if appropriate, prompt a refresh of the customer risk
assessment tool.

• Businesses with diversified operations, particularly in high-value and risky

sectors, should be subject to enhanced due diligence to evaluate their
activities and risks.

Certified Anti-Money Laundering Specialist Page 130

Version 7.0
Import/export businesses risks
Trade-based money laundering is a process through which criminals disguise
the proceeds of crime and transfer value by using trade transactions to
legitimize their illicit origins. Criminals frequently exploit import and export
businesses to facilitate financial crime and employ a variety of methods to do
so, including:

• Under-invoicing: This describes invoicing goods or services at a price

below the fair market value. The seller can transfer value to the buyer by
presenting an invoice that reflects a lower price than what is charged in
the market.

• Over-invoicing: In contrast to under-invoicing, goods or services are sold at

a price above the fair market value. This allows the seller to receive more
from the buyer than the actual worth of the goods or services.

• Multiple invoicing: This method involves issuing multiple invoices for the
same shipment of goods, enabling the criminal to justify numerous
payments based on these invoices.

• Short-shipping: This occurs when the actual quantity of goods shipped is

less than the quantity of goods invoiced. The seller can benefit financially
from the excess payment made.

• Over-shipping: This occurs when the actual quantity shipped is more than
the quantity of goods invoiced. The buyer can benefit financially from the
excess payment made.

• Ghost-shipping: This describes fictitious trades where either no buyer or

seller exists, or collusion occurs to create shipping documents that do not
correspond to any actual goods being shipped.

• Letters of credit (L/C) fraud: L/C can be misused to transfer money

between buyers and sellers by manipulating import and export prices or
facilitating payments for nonexistent goods.

The trade of dual-use goods poses unique risks of money laundering.

Criminals might attempt to evade sanctions by using these goods to facilitate
illicit trade and disguise transactions from authorities. The proceeds from
these activities would then need to be laundered.

Certified Anti-Money Laundering Specialist Page 131

Version 7.0
The source of funds risk affects all businesses; however, the import/export
sectors are particularly vulnerable as transactions often span multiple
jurisdictions. Due to the differing applications of AML regulations globally,
criminals might strategically structure their trade activities to exploit
jurisdictions with weak, ineffective, or inadequate AML regulations where the
source of funds is the point of entry to the financial system via import/export
businesses.

Free-trade zones risks

A free-trade zone (FTZ) is a designated area within a country treated as
outside its customs territory, allowing businesses to import, store, handle,
manufacture, and distribute goods without incurring customs duties until
those goods enter the domestic market. FTZs were originally set up to attract
foreign direct investments and create jobs, and they are often located in
developing countries. According to the think tank Global Financial Integrity,
approximately 4,500 FTZs exist in more than 130 countries as of 2025.

FTZs benefit companies by offering cost savings, enhancing cash flow, and
boosting their competitiveness in international trade. FTZs can lower or
remove taxes, customs duties, and business registration regulations. Many
zones globally offer special exemptions from standard immigration
procedures and foreign investment restrictions, among other benefits. These
zones aim to promote economic activity and employment that might
otherwise take place elsewhere.

However, their business-friendly features attract criminals to exploit them. The

EU has commented that FTZs have a high incidence of corruption, tax evasion,
and other criminal activities, such as fraud and sanctions evasion. The
European Commission has also pointed out that since FTZs are popular for
storing artwork, antiquities, precious metals, and wine, and that they pose
emerging threats to the integrity of the trade system.

According to FATF, systemic weaknesses for FTZs include:

• Inadequate AML/CFT safeguards.

• Minimal oversight by local authorities.

Certified Anti-Money Laundering Specialist Page 132

Version 7.0
• Weak procedures to inspect goods and legal entities, including inadequate
recordkeeping and information technology systems.

• Lack of cooperation between FTZs and local customs authorities.

FTZs might enable TBML by importing consignments with counterfeit or

tampered paperwork and then re-exporting the goods to other countries
while disguising their actual origin and nature. This environment also provides
a platform for illegal trades, such as drug trafficking, ivory trade, stolen
artwork, and people smuggling. Additionally, FTZ regulations with inadequate
enforcement might facilitate tax evasion and VAT fraud by allowing criminals
to obscure the actual beneficial owners of assets derived from crimes. This
can hinder authorities and law enforcement agencies from tracing and
recovering proceeds of crime due to relaxed oversight.

Alternative remittance systems

An alternative remittance system (ARS) is a frequently used method for
transferring value. Globally, this form of money movement has existed in
several forms across numerous jurisdictions, with one recurring theme
involved in its transfer process: trust. Those operating an alternative
remittance system do not hold an MSB license or equivalent.

The best-known form of ARS is a hawala, an informal system involving the

international transfer of value outside the legitimate banking system. Hawala
rely on collaborative parties setting up a transfer and exchange process built
on trust, and often debt, to move the value of funds. This is usually done by
arranging for equivalent amounts of currency to be transferred at the
customer’s instruction, rather than by transferring the actual funds.

Before wire transfers, ARSs were born of necessity. Physically transporting

money carried a high risk of theft and loss. Merchants would meet, agree on
the terms of a deal, and then arrange for payment via a trust-based system.

Similarly, today, hawala brokers maintain a ledger of collaborative transferors

along with their available funds and currencies. The “remitter” provides an
amount in a local currency plus fees to the broker, who relies on their network
of transferors overseas to effectively forward that amount in the local
currency. Those transferors may owe the broker a debt, which they repay to
the “remitter’s” payee as a third-party payment, or they may be a

Certified Anti-Money Laundering Specialist Page 133

Version 7.0
collaborative partner who charges the payee a service fee. As a result, the
value is transferred overseas, and the currency is converted without involving
a bank or money services business (MSB).

Hawalas are popular amongst:

• Marginalized communities, such as refugees and those living in conflict

zones, who lack access to, or trust in, banks.

• Individuals who do not want a digital record of their transactions.

As a result, terrorist financiers leverage hawalas, relying on the trust and

anonymity that an ARS provides to transfer money to high-risk geographies or
even “directly” to domestic terrorist groups.

Charity and NGO risks

Charities and nongovernmental organizations, or NGOs, play an indispensable
role in addressing societal needs. An NGO is a nonprofit organization that is
not directly linked to the governments of specific jurisdictions. Similar to
charities, they provide a variety of services and humanitarian functions. Many
jurisdictions will grant charities and NGOs tax-exempt status, allowing donors
to deduct their contributions on their tax returns. This encourages the public
to make donations to causes that serve the public good. Unfortunately, these
organizations could be used to launder illicit funds or breach sanctions
requirements. For this reason, charities and NGOs need to be scrutinized to
ensure their ongoing legitimacy.

Charities and NGOs have the following characteristics that make them
particularly vulnerable to misuse for financial crime:

• Enjoying the public trust

• Often having a global presence

• Having access to considerable funds from unknown or undisclosed

sources

• Being cash-intensive

• Often being in or near areas exposed to terrorist activity

• Often being subject to little or no regulation or having few obstacles to

their creation

Certified Anti-Money Laundering Specialist Page 134

Version 7.0
Although most charities and NGOs are legitimate, terrorist organizations have
used them as vehicles to fund their illicit activities. Charities, in particular those
organized as private foundations, have also been used to commit tax evasion.
In addition, those engaged in bribery and corruption might use fake charities
to give the illusion that corporate payments are for charitable purposes rather
than for bribing government officials.

While researching charities and NGOs, be sure to search the relevant

registration authorities to confirm their exempt status and their annual tax
return filings. Also, consult websites that provide unbiased evaluations of
charities and NGOs. It is likely that larger organizations will have a list of
approved websites to conduct this research.

Military organization and goods risks

Military organizations as parties to a transaction and military goods and
services pose specific financial crime risks to organizations.

Military organizations include:

• Armed forces

• Government-owned or -controlled:

o Military research facilities

o Defense manufacturers

• Private-sector defense suppliers

Military goods and services are articles, services, and technology that
jurisdictions use for national defense. Because of their potential threat to
international security and human rights, these items, along with dual-use
goods, are routinely subject to embargoes and export controls. Dual-use
goods are those with both military and civilian uses.

Military goods and services include:

• Firearms and ammunition

• Missiles

• Tanks

• Aircraft

Certified Anti-Money Laundering Specialist Page 135

Version 7.0
• Biological and chemical agents

• Nuclear weapons

• Defense services, data, and technology

Military-related financial crime risks include bribery and corruption, arms

embargo and export control evasion, and financing of terrorism and weapons
of mass destruction (WMD).

Governments own or control many military organizations. Government

officials, who are politically exposed persons (PEP) by definition, often oversee
or manage these organizations. Therefore, military organizations pose a
higher risk for bribery and corruption.

An arms embargo is a type of international sanction that bans a targeted

jurisdiction from importing or exporting military or dual-use goods and
services. Export controls are laws and guidelines that regulate the trade of
critical items for reasons of foreign policy and international security. They
apply to specific items, including military goods and services, and require
exporters to obtain a license to sell these items.

Evading arms embargoes and export controls can be profitable to individuals

and favorable to the national interests of sanctioned jurisdictions. Therefore,
military goods and services pose high risk for evasion of these controls.

Trade involving military goods and services also poses the risk of supplying
terrorist organizations with weapons and state-based actors with materials
that promote the development and proliferation of WMDs.

Red flags related to military organizations and goods include:

• Links to a high-ranking military official

• Purchasing military or dual-use goods without a license

• Trade transactions involving high-risk jurisdictions or unclear final

destinations

Certified Anti-Money Laundering Specialist Page 136

Version 7.0
Providing financial services to embassies,
foreign consulates, and missions
Foreign embassies, foreign consulates, and missions are commonly seen in
host countries.

An embassy is usually located in the host country's capital city and contains
the office of the foreign ambassador, the diplomatic representatives, and their
staff. It handles political and economic matters between the two countries,
facilitating communication and negotiation.

Consulates act as branches of embassies and are typically located in major

cities of the host country. They provide various administrative and
governmental functions, such as issuing visas and handling immigration
matters, similar to what an embassy provides but on a smaller scale.

A foreign mission refers to a group of people that conducts diplomatic

business in a foreign country to serve the interests of their home country. A
foreign mission can include embassies and consulates.

These organizations require access to financial services to meet their daily

financial responsibilities. Services can range from operational expenses, such
as payroll, rent, and utilities, to intergovernmental and intragovernmental
transactions, such as commercial and military purchase payments. Some
banks also offer ancillary services or accounts to government personnel,
including embassy staff, their families, and former foreign officials.

Each of these governmental relationships poses different levels of risk to the

bank because the individuals involved are usually classified as PEPs in most
host countries. A PEP is an individual in a prominent political function, or their
immediate family or close associates, who could be at higher risk for
involvement in bribery and corruption.

Additionally, embassy, foreign consulate, and mission accounts can pose a

higher risk in certain circumstances, including:

• Accounts held in jurisdictions designated as higher money laundering or

corruption risk by FATF or other regulatory bodies.

• Substantial cash transactions, which might indicate potential illicit activities.

Certified Anti-Money Laundering Specialist Page 137

Version 7.0
• Account activity that is not consistent with the account’s purpose, or
transactions that do not align with anticipated activities, such as unusual
amounts or types of transactions.

• Accounts directly funding personal expenses of foreign nationals,

including, but not limited to, expenses for education fees, which might mix
official and personal finances.

• Official embassy business conducted through personal accounts, raising

concerns about the transparency and legitimacy of transactions.

Drug-related businesses risks

Money laundering risks linked to drug-related businesses, particularly those
involving substances such as cannabis and marijuana, present challenges for
regulatory authorities, financial institutions, and the businesses themselves.

These enterprises, even when engaged in the legitimate production, sale, and
distribution of drugs for pharmaceutical purposes, can still encounter serious
risks due to their ties to illicit activities. The dual-use nature of these
substances—permitted for medical or recreational purposes but also
associated with illegal activities—complicates the detection and prevention of
money laundering. A major complication for financial institutions in banking
cannabis businesses in some countries is that these businesses may be legally
permitted at the state level but not at the federal level.

Drug-related products with legitimate pharmaceutical applications, such as

CBD oils or medical marijuana, continue to pose a risk of diversion to the illegal
market. Consequently, the production, trade, and distribution of these drugs
often occur within a heavily regulated environment.

Governments impose sanctions on specific regions, entities, or countries

involved in the drug trade in an attempt to thwart the proliferation of illegal
drugs and related criminal activities. Pharmaceutical companies engaged in
legitimate production also need to navigate strict import/export controls and
international restrictions. Sanctions-related risks emerge when participating in
cross-border transactions with regions or countries subject to sanctions or
embargoes.

Transactions in drug-related businesses can be highly complex, often

involving multiple parties and jurisdictions along a convoluted chain of

Certified Anti-Money Laundering Specialist Page 138

Version 7.0
production, distribution, and sale. For instance, cannabis can be cultivated in
one area, processed in another, and sold to consumers in yet another, with
numerous intermediaries involved at each stage. This multi-layered approach
can obscure illicit sources of funds. As a result, financial institutions might
struggle to identify suspicious transactions, as they can be dispersed across
different locations and stages of the business. Additionally, a high volume of
transactions or transfers, sometimes involving shell companies or fictitious
business partners, further complicates the tracking of illicit activities.

Certified Anti-Money Laundering Specialist Page 139

Version 7.0
Global AFC Frameworks,
Governance, and Regulations
After completing this learning experience, you will be able to:

• Describe the AFC guidance from international bodies.

• Explain the major AFC regulations and how they can impact your
organization.

• Explain how organizations use reports and guidance from different

authorities and collaborate with various agencies.

Certified Anti-Money Laundering Specialist Page 140

Version 7.0
Global AFC Standards and
Guidance

Introduction

Introduction: Global AFC standards and

guidance
This module covers key global AFC frameworks and guidelines that shape
compliance standards worldwide. FATF-style regional bodies, such as
MONEYVAL, help implement FATF’s 40 Recommendations, which set global
AML/CFT standards. FATF’s reports and activities measure effectiveness, and
its guidance helps assess risks.

You will learn about reports on high-risk jurisdictions issued by international

bodies and how these reports impact financial institutions' risk management
programs. International bodies such as the UN, OECD, Basel Committee on
Banking Supervision, Egmont Group, and Wolfsberg Group provide further
AFC standards. The G20, Transparency International, and the Tax Justice
Network focus on corruption and tax justice. Applying this knowledge to your
organization's compliance processes and risk assessments ensures
compliance with international standards, mitigates the risk of money
laundering and terrorism financing, and safeguards the global financial
system.

Certified Anti-Money Laundering Specialist Page 141

Version 7.0
Case example: Implementing AFC standards
at FinTrust
Amina is a manager at FinTrust, a financial institution in the US. She is going to
deliver a training session to a new graduate trainee, Drew.

Drew tells Amina about a situation in which a high-net-worth customer from

Russia applied for an account and the bank rejected the application. He asks
what FinTrust’s protocols are for such situations.

Amina tells Drew that when a customer from a sanctioned jurisdiction applies
for an account, compliance personnel at FinTrust must act immediately. They
perform enhanced due diligence, screen for PEPs, and enhance monitoring
for unusual transactions. These controls lower the risk of unknowingly
facilitating money laundering or violating sanctions.

Amina explains that some international bodies establish standards or

recommendations that help ensure coordinated and strong controls against
financial crime. Generally, most jurisdictions will then tailor and implement
these standards into their respective laws and regulations before FinTrust
incorporates them into its program.

Amina explains to Drew that financial crime has been a growing concern for
decades, and the global fight against transnational crime took a major step
forward with the Palermo Convention in 2000. This UN treaty addressed
organized crime, money laundering, and corruption, encouraging
governments to adopt stricter financial crime controls. She also mentions that
the terrorist attacks of September 11, 2001, exposed new vulnerabilities. They
revealed how terrorist organizations exploited the financial system to move
illicit funds undetected. In response, FATF expanded its mission to include
terrorism financing. Additionally, the US enacted the USA PATRIOT Act,
introducing stricter KYC rules, enhanced transaction monitoring, and
increased information sharing between banks and regulators. The EU and the
UN Security Council followed suit with similar measures, strengthening law
enforcement cooperation and intelligence sharing.

Today, multiple international organizations, such as FATF, Basel Committee on

Banking Supervision, and Wolfsberg Group, continue to shape financial crime
compliance standards. They issue recommendations that influence banking
operations worldwide, from CDD to transaction screening for sanctions

Certified Anti-Money Laundering Specialist Page 142

Version 7.0
violations. Amina emphasizes that ignoring these standards can lead to severe
consequences for FinTrust, including regulatory fines, reputational damage, or
even loss of access to the global banking system. Regulatory bodies such as
the OFAC, SEC, and OCC can impose multi-million-dollar penalties, cease-
and-desist orders, and operational restrictions. In more serious cases, senior
executives and compliance officers might face criminal prosecution, asset
forfeitures, and even imprisonment for willful violations.

Key takeaways

• Knowing the evolution of AFC regulations helps ensure compliance and

protect the financial system.

• Understanding how international AFC standards impact your AFC controls

is essential.

• Noncompliance can lead to:

o Regulatory fines and reputational damage.

o Loss of access to the global banking system.

o Penalties and operational restrictions.

o Criminal prosecution and imprisonment.

Certified Anti-Money Laundering Specialist Page 143

Version 7.0
Financial Action Task Force

Financial Action Task Force

The G-7 established the Financial Action Task Force (FATF) in 1989 as an
international organization to coordinate efforts to combat money laundering.
Its original membership included 15 countries and the EU, and it now includes
nearly 40 countries as well as a global network of regional groups. Within a
year of its founding, FATF issued its original 40 Recommendations setting forth
guidance and a comprehensive action plan for fighting money laundering
worldwide.

In the wake of the September 11 terrorist attacks in the US, FATF issued eight
Special Recommendations on terrorist financing to supplement the original
Recommendations. FATF eventually added a ninth Special Recommendation.

In addition to setting standards through FATF Recommendations, FATF

accomplishes its work through:

• Assessing implementation: FATF conducts periodic formal evaluations and

other assessments to determine whether jurisdictions have fully and
effectively implemented its standards. If FATF identifies deficiencies, it
implements and monitors action plans and publicly reports progress.

• Monitoring methods and trends: FATF continuously monitors how criminals

and terrorists raise, use, and move funds, and publishes reports to raise
awareness of the latest techniques and trends. Over 200 countries and
jurisdictions have committed to meeting FATF standards, including many
that are not full members of the organization.

• Identifying high-risk jurisdictions: Where FATF has determined that a

jurisdiction has failed to implement its standards, FATF can designate it as a
jurisdiction under increased monitoring on the "grey list" or a high-risk
jurisdiction on the "black list." FATF designations on the grey and black lists
can have severe consequences since inclusion on these lists might lead to
isolation from the global financial system.

Certified Anti-Money Laundering Specialist Page 144

Version 7.0
FATF-style regional bodies
FATF-style regional bodies (FSRB) are autonomous regional organizations that
assist in implementing FATF’s standards. These bodies closely align with FATF
objectives and have similar forms and functions but operate independently of
FATF. FSRBs are also considered FATF associate members. In setting
standards, FATF depends on input from the FSRBs. However, FATF remains
the only standard-setting body.

FSRBs ensure global AML/CFT efforts remain effective by identifying and

addressing threats to the financial system, facilitating regional cooperation,
assisting with mutual evaluations, and providing technical assistance to their
members.

Each FSRB adopts and implements FATF’s 40 Recommendations against

money laundering and terrorist financing. The FSRBs work with their
respective members to identify regional issues, share their experiences, and
develop solutions. Note that the number of members belonging to each FSRB
might vary based on political decisions and alliances.

Each FSRB has slightly different objectives. However, a common objective is to

ensure member compliance with relevant international AML/CFT standards.
To meet their objectives, FSRB's functions can include:

• Evaluating AML/CFT measures by conducting assessments and issuing

recommendations.

• Strategizing priorities such as improving financial sector supervision,

enhancing private sector compliance, and increasing effectiveness in
convictions and asset confiscations.

• Publishing reports identifying AML/CFT typologies impacting FATF

members.

• Collaborating with global institutions to strengthen AML/CFT frameworks.

Certified Anti-Money Laundering Specialist Page 145

Version 7.0
FATF 40 Recommendations
The FATF Recommendations are among the most important resources that
FATF uses to provide guidance and coordination in the fight against financial
crime. FATF expects its members to implement the Recommendations in
their respective jurisdictions and assesses them on the extent of
implementation and the effectiveness of their programs. FATF also offers
guidance and best practices to jurisdictions on how they should implement
the Recommendations.

The 40 Recommendations and 9 Special Recommendations address a wide

range of topics, from high-level guidance to issues concerning specific
sectors and topics. FATF groups the Recommendations into seven broad
categories:

• AML/CFT policies and coordination

• Money laundering and confiscation

• Terrorist financing and financing of proliferation

• Preventive measures

• Transparency and beneficial ownership

• Powers and responsibilities of competent authorities and other institutional

measures

• International cooperation

FATF intends for their member jurisdictions to implement the

Recommendations in the form of legally binding law or regulation, which they
can tailor to reflect their respective circumstances and legal structures. As a
result, institutions receive the Recommendations as legal and regulatory
requirements established within the jurisdictions in which they operate.

To assess member jurisdictions’ compliance with the Recommendations,

FATF conducts periodic mutual evaluations through formal reviews by
AML/CFT authorities from other jurisdictions. The resulting mutual evaluation
reports are public documents that provide an in-depth assessment of a
member jurisdiction’s compliance with each Recommendation. For each
Recommendation, FATF gives a rating for technical compliance and
effectiveness. FATF then requires member jurisdictions to address any

Certified Anti-Money Laundering Specialist Page 146

Version 7.0
deficiencies and subjects them to post-assessment monitoring to ensure
they address their issues. Deficiencies can result in a member jurisdiction’s
designation on the grey or black lists. These types of designations are likely to
result in financial institutions flagging the member jurisdiction as high risk in
their internal risk assessments.

FATF Recommendations 1-8

FATF Recommendations 1 to 8 ensure that member jurisdictions implement
comprehensive legal and regulatory frameworks to combat money
laundering, terrorist financing, and the proliferation of weapons of mass
destruction (WMD). These recommendations fall into three groups.

Recommendations 1 and 2 advise jurisdictions to assess and understand their

money laundering and terrorist financing risks and take a risk-based approach
to implementing measures that effectively mitigate these threats. A risk-
based approach ensures that responses are proportionate to the identified
risks. Additionally, national cooperation and coordination are essential,
requiring jurisdictions to establish AML/CFT policies informed by risk
assessments. Jurisdictions should also designate an authority or mechanism
responsible for implementation. Effective mechanisms should facilitate
coordination and collaboration among relevant authorities.

Recommendations 3 and 4 advise jurisdictions to criminalize money

laundering, ensuring that the offense applies to all serious crimes and
encompasses a broad range of predicate offenses. Additionally, jurisdictions
should implement measures that empower competent authorities to identify,
trace, freeze, seize, and confiscate criminal property and assets of equivalent
value. These measures ensure effective asset recovery and the prevention of
illicit financial gains.

Recommendations 5 to 8 advise jurisdictions to criminalize terrorist financing

in line with the Terrorist Financing Convention, ensuring it covers the financing
of terrorist acts, organizations, and individuals, even in the absence of a direct
link to a specific act. Jurisdictions should also implement targeted financial
sanctions in compliance with UN Security Council resolutions; this includes
freezing the assets of designated persons or entities without delay to combat
the financing of terrorism. Similarly, jurisdictions should apply targeted
financial sanctions to prevent and disrupt the financing of the proliferation of
WMDs. Additionally, jurisdictions should identify nonprofit organizations at risk
Certified Anti-Money Laundering Specialist Page 147
Version 7.0
of terrorist financing abuse and implement proportionate, risk-based
measures to protect them while ensuring that legitimate activities remain
unaffected.

FATF Recommendations 9-23

FATF Recommendations 9 to 23 seek to ensure the effectiveness of member
jurisdictions' measures to detect and prevent illicit financial activities.

Recommendation 9 advises jurisdictions to ensure that financial institution

secrecy laws do not inhibit the implementation of FATF Recommendations.

Recommendations 10 and 11 require financial institutions to conduct CDD

when initiating business relationships, processing occasional transactions
above a set threshold, suspecting money laundering or terrorist financing, or
questioning the accuracy of previously obtained customer identification data.
Financial institutions should also retain transaction records and CDD
information for at least five years to ensure timely compliance with requests
from relevant authorities.

Recommendations 12 to 16 provide additional measures for specific

customers and activities. For instance, financial institutions should identify
PEPs, obtain senior management approval to establish a business relationship
with a PEP, and verify their sources of wealth and funds. Financial institutions
should assess respondent institutions’ AML/CFT controls before initiating a
correspondent relationship. Money or value transfer service providers should
be licensed and monitored. Financial institutions should assess risks from new
technologies and ensure accurate originator and beneficiary data in wire
transfers.

Recommendations 17 to 19 advise jurisdictions to allow financial institutions to

rely on third-party CDD if it meets certain criteria. Financial institutions should
implement AML/CFT programs, facilitate the sharing of information for
AML/CFT purposes, and apply enhanced due diligence to business
relationships and transactions with persons and institutions from jurisdictions
FATF identifies as higher risk.

Recommendations 20 to 23 discuss the obligation to report suspicious

transactions. Financial institutions should report suspicious transactions to the
relevant Financial Intelligence Unit (FIU). Laws should protect financial
institutions and their employees from liability and prohibit them from

Certified Anti-Money Laundering Specialist Page 148

Version 7.0
disclosing suspicious transactions. Designated nonfinancial businesses and
professions (DNFBP) should implement internal controls, report suspicious
transactions, and be subject to regulatory and supervisory measures to
ensure compliance with AML/CFT requirements.

FATF Recommendations 24-40

FATF Recommendations 24 to 40 outline key measures to strengthen
transparency, institutional oversight, and global cooperation in AML/CFT
efforts.

Recommendations 24 and 25 advise jurisdictions to assess the risk of misuse

of legal persons and legal arrangements. Jurisdictions should also ensure
competent authorities can access accurate, up-to-date beneficial ownership
information on legal persons and trusts, requiring trustees to obtain and
maintain such data for transparency and compliance. Jurisdictions should not
permit legal persons to issue new bearer shares or bearer share warrants and
should take measures to prevent the misuse of these types of stocks and
documents.

Recommendations 26 to 35 advise jurisdictions to ensure financial institutions

are properly regulated and supervised to implement FATF Recommendations
effectively. Supervisors should have sufficient authority, resources, and
independence to monitor compliance, conduct inspections, and impose
sanctions. Jurisdictions should subject DNFBPs to licensing, registration, and
supervision by competent authorities or self-regulatory bodies. Jurisdictions
should establish an FIU to analyze suspicious transaction reports and support
law enforcement investigations. Authorities should have powers to track,
freeze, and seize criminal assets, enforce cross-border currency controls, and
collect AML/CFT statistics. Jurisdictions should have clear guidelines,
feedback, and proportionate sanctions in place to ensure compliance and
enforcement.

Recommendations 36 to 40 advise jurisdictions to swiftly adopt and fully

implement the Vienna, Palermo, and Terrorist Financing Conventions, along
with other relevant international agreements. Jurisdictions should provide
broad mutual legal assistance for money laundering and terrorist financing
cases, ensuring efficient processes for handling such requests. Jurisdictions
should take rapid action to identify, freeze, seize, and confiscate criminal
assets at the request of foreign authorities. Additionally, they should ensure
Certified Anti-Money Laundering Specialist Page 149
Version 7.0
extradition for money laundering and terrorist financing, including prosecuting
nationals if extradition is not possible. Authorities should facilitate international
cooperation through information exchange and joint investigations to combat
financial crimes effectively on a global scale.

FATF 11 Immediate Outcomes

Mutual evaluation reports of member jurisdictions focus on two areas:
technical compliance with the FATF Recommendations and the effectiveness
of the jurisdiction's overall program. FATF measures and rates effectiveness
using 11 Immediate Outcomes (IOs), with each IO receiving an effectiveness
rating of low, moderate, substantial, or high. For jurisdictions that FATF rates as
having low or moderate effectiveness in IOs, FATF provides key
recommended actions and tracks the jurisdiction's progress in meeting the
recommendations.

FATF’s IOs are not meant to be a checklist, but rather a starting point to assist
assessors in determining the effectiveness of a jurisdiction's AML/CFT
framework. FATF expects assessors to use their judgment and experience in
determining their ratings.

The table below lists the area of focus and specific outcomes associated with
each of the 11 IOs:

IO # Area of Focus Outcomes

1. Risk, policy, and • A deep understanding of money laundering and

coordination terrorist financing risks

• Authorities implementing targeted measures and

coordinating responses, ensuring proactive threat
mitigation

Certified Anti-Money Laundering Specialist Page 150

Version 7.0
2. International Effective collaboration with foreign counterparts
cooperation enhancing the ability to track and disrupt
transnational financial crimes by:

• Sharing intelligence

• Enforcing cross-border legal actions

3. Supervision Strong oversight ensuring that financial and nonbank

institutions comply with AML/CFT regulations,
reducing vulnerabilities in the financial system

4. Preventive DNFBPs implementing preventative measures,

measures including:

• Conducting due diligence

• Monitoring transactions

• Reporting suspicious activity to authorities

5. Legal persons Transparency in corporate structures:

and
• Preventing criminals from using shell companies
arrangement
and trusts to conceal illicit financial activities

• Enabling authorities to trace ownership and hold

bad actors accountable

5. Financial Analysis and use of financial intelligence to help law

intelligence enforcement:

• Identify patterns

• Detect criminal networks

• Initiate investigations to combat financial crimes

effectively

Certified Anti-Money Laundering Specialist Page 151

Version 7.0
7. Money Holding offenders accountable through prosecution
laundering and sanctions leading to:
investigation
• Deterring future financial crimes
and
prosecution • Strengthening the credibility of the legal
framework

8. Confiscation Recovering illicit assets leading to:

• Disrupting criminal enterprises

• Removing the financial incentive for crime

• Reinforcing the rule of law

9. Terrorist Taking legal action against those financing terrorism,

financing which:
investigation
• Weakens terrorist networks
and
prosecution • Prevents the funding of violent activities

10. Terrorist Restricting terrorists' financial access and preventing

financing the exploitation of NPOs, which ensures resources do
preventive not reach entities that support violence and
measures and extremism
financial
sanctions

11 Proliferation Cutting off financial support for weapons

financial proliferation, which:
sanctions
• Reduces global security threats

• Prevents the use of funds to develop or distribute

weapons of mass destruction

Certified Anti-Money Laundering Specialist Page 152

Version 7.0
FATF mutual evaluation
FATF mutual evaluations are peer reviews between FATF member
jurisdictions that result in thorough reports that analyze AML procedures and
their effectiveness. A typical report provides an in-depth description and
analysis of a jurisdiction’s legal and regulatory framework for preventing
criminal abuse of its financial system. The report also includes
recommendations for jurisdictions to strengthen their capabilities. Mutual
evaluations are strict, meaning each jurisdiction is only deemed compliant
when it can prove the same to other FATF members.

FATF mutual evaluations have two basic components. The main component is
effectiveness and is the focus of an on-site visit to the assessed jurisdiction.
During the visit, the assessment team collects evidence demonstrating that
the jurisdiction’s measures are operational and deliver the right results.

The second component is technical compliance. The assessed member must

provide information on its laws and regulations to combat money laundering
and the proliferation of weapons of mass destruction. The goal of technical
compliance has been the main focus of FATF. However, numerous money
laundering scandals demonstrated that technical compliance was insufficient,
and the main focus was shifted to AML effectiveness.

Expectations about FATF mutual evaluations differ from jurisdiction to

jurisdiction, based on AML and other financial crime risks. The organization has
developed an elaborate assessment methodology to ensure consistent, fair
assessments. A complete mutual evaluation takes an average of 18 months.

Certified Anti-Money Laundering Specialist Page 153

Version 7.0
The mutual evaluation process has seven stages.

• Getting started:

o Assessor training: Training for the experts who will perform assessment

o Jurisdiction training: Training for representatives of the evaluated

jurisdictions

o Selection of assessors: Selection of the experts that form the

assessment team

• Technical review: Assessment team analyzes the jurisdiction’s laws and

regulations

• Scoping note: Assessment team identifies areas of focus for the on-site
visit

• On-site visit: Assessment team travels to the jurisdiction and reviews the
effectiveness of AML regulations

• Draft MER: Finalize mutual evaluation report

• FATF plenary adoption:

o Plenary discussion: FATF plenary discusses the findings in the report

and votes on the ratings

Certified Anti-Money Laundering Specialist Page 154

Version 7.0
 o Final quality review: All jurisdictions review the report before publishing

• Publication and follow-up: Jurisdiction addresses issues and begins

strengthening its AML measures

FATF high-risk and noncooperative

jurisdictions
FATF identifies high-risk and noncooperative jurisdictions through a
comprehensive review process. FATF’s International Cooperation Review
Group oversees this process and assesses a jurisdiction's AML/CFT measures
to identify threats, vulnerabilities, and risks.

FATF reviews jurisdictions for many reasons it deems indicative of

noncooperation. Specifically, FATF will review a jurisdiction when it:

• Does not participate in an FSRB.

• Delays or does not allow an FSRB to publish mutual evaluation results.

• Is nominated by a FATF member or an FSRB that identifies money

laundering, terrorist financing, or proliferation financing risks or threats.

• Achieves poor results in its mutual evaluation, such as:

o Having 20 or more noncompliant or partially compliant ratings for

technical compliance.

o Receiving ratings of noncompliant or partially compliant on three or

more of Recommendations 3, 5, 6, 10, 11, and 20.

o Having a low or moderate level of effectiveness for 9 or more of the 11

IOs, with a minimum of two lows.

o Having a low level of effectiveness for 6 or more of the 11 IOs.

FATF provides 25 criteria that help identify relevant detrimental rules and
practices that are inconsistent with the 40 Recommendations. The criteria are
categorized into four broad areas:

• Loopholes in financial regulations

• Obstacles raised by other regulatory requirements

Certified Anti-Money Laundering Specialist Page 155

Version 7.0
• Obstacles to international cooperation

• Inadequate resources for preventing and detecting money laundering

activities

Based on these criteria, FATF officially identifies noncooperative jurisdictions

and territories in two public documents it publishes three times a year. The
Jurisdictions Under Increased Monitoring list is called the "grey list." It identifies
jurisdictions with strategic deficiencies in their AML/CFT systems that are
actively working with FATF to address these issues. The High-Risk Jurisdictions
Subject to a Call for Action list is called the "black list." It identifies jurisdictions
with significant AML/CFT deficiencies, prompting all FATF members to apply
enhanced due diligence (EDD) and potentially take countermeasures against
them.

Impact of FATF mutual evaluation reports

on jurisdictions
After the plenary discussion and final quality review are complete, FATF
publishes the mutual evaluation report. Jurisdictions that perform poorly on
evaluations risk placement on FATF’s grey list or black list. A poor evaluation
can lead to increased scrutiny from international banks, reputational damage,
and economic consequences such as higher transaction costs and reduced
foreign investment.

After jurisdictions receive the ratings on Recommendations, they should

address the shortcomings FATF identified in the mutual evaluation report.
FATF encourages these jurisdictions to enact new—or amend existing—
regulations or laws to strengthen their AML/CFT regime. FATF also
encourages financial institutions, law enforcement agencies, and regulatory
bodies to enhance their compliance frameworks to meet FATF standards.
These enhancements lead to greater investment in technology, training, and
personnel for detecting and preventing financial crimes. Additionally,
jurisdictions often strengthen national FIUs and cross-border cooperation
mechanisms.

According to FATF’s website, all jurisdictions are subject to post-assessment

monitoring. This monitoring can include regular reports of improvements for
jurisdictions that are already largely compliant and actively addressing the

Certified Anti-Money Laundering Specialist Page 156

Version 7.0
remaining few shortcomings. Additionally, FATF can issue public warnings
against a jurisdiction that makes insufficient progress to address key
deficiencies.

The United Arab Emirates (UAE) offers an example of the strength of the
mutual evaluation report process. FATF placed the UAE on the grey list in 2022
and removed it from the list in 2024. The removal was due to the UAE
successfully amending its legislation to close loopholes, criminalize money
laundering, and improve financial transparency. Specifically, the UAE achieved
its removal from the grey list by:

• Updating its guidelines for financial institutions and DNFBPs.

• Engaging in an ongoing legal and regulatory communications campaign,

highlighting new and updated requirements.

• Increasing the frequency of its assessments.

• Increasing the frequency and size of sanctions to penalize AML/CFT

failures.

• Strengthening beneficial ownership regulations.

• Creating a dedicated court to hear cases involving financial crime.

• Adopting a new penal code.

• Creating a new platform to streamline the reporting of suspicious activities.

Note that the impacts from a mutual evaluation are not limited to the national
level. Changes in laws and regulations would also have an impact on regulated
organizations that operate in relevant jurisdictions. Therefore, regulated
organizations should implement control frameworks and resources.

Certified Anti-Money Laundering Specialist Page 157

Version 7.0
FATF guidance for risk assessment
Recommendation 1 of FATF standards requires jurisdictions to identify, assess,
and understand their money laundering and terrorist financing risks and
implement measures to ensure effective risk mitigation. To achieve this, FATF
promotes a risk-based approach, enabling jurisdictions to enhance efficiency
by prioritizing high-risk threats, optimizing resource allocation, improving
compliance flexibility, strengthening AML/CFT measures, and adapting to
evolving financial crimes.

There is no universal approach to assessing risks. FATF states that risk

assessments may be undertaken at various levels beyond the national level,
and with differing purposes and scope, though the basic obligation of
assessing and understanding money laundering and terrorist financing risks
rests on the jurisdiction itself. Therefore, jurisdictions should tailor the national
risk assessment process based on their capacity, risk exposure, and context.

To better assist jurisdictions, FATF provides a six-step best-practice

framework in which jurisdictions should conduct:

1. An environmental scan to evaluate economic, political, and legal factors.

2. An analytical scan to collect and analyze money laundering and terrorist

financing data.

3. An analysis of threats to identify key money laundering and terrorist

financing actors and methods.

4. An analysis of vulnerabilities to assess weaknesses in financial systems.

5. A risk assessment to assign risk levels and develop mitigation plans.

6. Horizon scanning to monitor emerging trends and future threats.

According to FATF’s 2024 guidance on national risk assessments, sectoral and

thematic risk assessments help authorities develop typologies to understand
how bad actors could exploit specific sectors for money laundering and
terrorist financing. The results of sectoral and thematic risk assessments
complement those of the national risk assessment.

Enterprise-wide risk assessments ensure that organizations systematically

identify and assess money laundering and terrorist financing risks across all

Certified Anti-Money Laundering Specialist Page 158

Version 7.0
operations. These assessments strengthen compliance, internal controls, and
regulatory alignment while optimizing risk management.

Supranational risk assessments are conducted by a group of jurisdictions,

while subnational risk assessments are conducted by a particular sector,
region, or operational function within a jurisdiction. For example, the EU and
FSRBs conduct supranational and subnational risk assessments. Typically,
these organizations conduct subnational risk assessments in collaboration
with relevant local stakeholders. The primary goals of both assessments are
to:

• Allow targeted mitigation strategies based on local vulnerabilities and

provide a comprehensive regional perspective.

• Facilitate information sharing and enhance threat detection.

• Develop and promote standardized methodologies or recommendations.

Certified Anti-Money Laundering Specialist Page 159

Version 7.0
AFC guidance from leading
international organizations

United Nations AFC guidance

The UN is a global organization consisting of many Member States. The UN’s
agenda includes maintaining global peace and security, providing
humanitarian assistance, upholding human rights, and maintaining
international law. While the UN promotes international cooperation, it is not a
world government and does not make laws.

The UN’s Office on Drugs and Crime (UNODC) assists member states in
combating the threat of money laundering, terrorist financing, and other
financial crimes. The agency also implements the UN program on terrorism
and assists countries in criminal justice reform and in combating transnational
organized crime and corruption. The UN Office of Counter-Terrorism
(UNOCT) includes CFT resources through programs at its Counter-Terrorism
Centre.

The Global Programme Against Money Laundering (GPML) is an initiative by

the UN General Assembly. It assists Member States in developing robust AML
programs including comprehensive legal frameworks, institutional
infrastructure, and technical skills to combat money laundering and terrorist
financing. The GPML is also responsible for coordinating national, regional, and
international cooperation on AML issues.

The UN Vienna 1988 Convention addressed drug trafficking and defined

money laundering offenses. The UN encourages cooperation of regulators
across borders and sectors. This includes enhanced information sharing to
close information gaps and identify fraud and illicit financial activity. As part of
its risk management initiative, the UN Charter gives the UN Security Council
the authority to impose various sanctions.

The UNODC also published a comprehensive study using real cases that
demonstrate how international cooperation was used to fight organized

Certified Anti-Money Laundering Specialist Page 160

Version 7.0
crime and money laundering. The study is also used for sharing lessons
learned and recommendations for greater collaboration among jurisdictions.

In addition, UNODC published step-by-step guidance for member jurisdictions

to request legal assistance with drug-related cases to provide the widest level
of mutual assistance in fighting transnational crime networks.

UNOCT provides guidance and capacity building for the implementation of

the UN's Global Counter-Terrorism Coordination Compact and assists
Member States in building capacity to address the threat of terrorism.

Case study: The 1999 Convention and UNSC

resolutions for CFT
On March 11, 2004, a series of coordinated bombings struck Madrid’s
commuter train system, killing 193 people and injuring over 2,000. The
bombers planted 10 explosive devices in backpacks across four trains during
the morning rush hour, causing devastation and panic.

Spanish authorities initially suspected the paramilitary group Euskadi Ta

Askatasuna, given its history of separatist violence. However, forensic
evidence pointed toward Islamist extremists inspired by al-Qaeda.

The 1999 International Convention for the Suppression of the Financing of

Terrorism and key UNSC resolutions played a crucial role in addressing the
Madrid train bombings. These resolutions shaped global counter-terrorism
financing efforts, intelligence-sharing, and legal measures that helped track
and disrupt the perpetrators’ networks.

• The 1999 Convention and Resolution 1373 (2001), adopted after 9/11,
requires Member States to criminalize terrorist financing and to enact
asset freezing measures. This enabled Spanish authorities in 2004 to track
financial transactions and money flows linked to the bombers.

• Resolution 1267 (1999) establishes a sanctions regime against individuals

and entities associated with al-Qaeda and the Taliban. Post-attack
investigations into the attackers’ links to these organizations resulted in the
freezing of assets and the disruption of support networks using various
authorities.

Certified Anti-Money Laundering Specialist Page 161

Version 7.0
The attack influenced global counterterrorism policies. It simultaneously
highlighted the effectiveness of measures at the time and the need for
additional measures to keep up with the evolving nature of the threat. Spain
strengthened counterterrorism laws, improved intelligence-sharing, and
increased cooperation with EU security agencies. The UN has passed the
following resolutions since these attacks:

• Resolution 1624 (2005) emphasizes countering extremist ideology and

recruitment.

• Resolution 2396 (2017) calls for biometric data collection, advance

passenger information and passenger name record data-sharing, and
monitoring foreign terrorist fighters.

• Resolution 2462 (2019) reinforces the obligation for states to prevent

terrorism financing through banks, charities, and informal networks, a
concept already being implemented post-9/11.

Key takeaways

• The international counterterrorism framework facilitates intelligence-

sharing, financial tracking, and legal actions that can dismantle terrorist
support networks.

• Having a strong framework enables countries to track financial

transactions and freeze assets linked to terrorists.

• UNSC resolutions lead nations to strengthen laws, enhance intelligence-

sharing, and increase cooperation with regional security agencies.

• Resolutions need ongoing adaptation to keep up with the evolving nature

of terrorism threats.

Certified Anti-Money Laundering Specialist Page 162

Version 7.0
World Bank and International Monetary
Fund AFC guidance
The World Bank is an international organization that provides funding, policies,
and technical assistance to developing countries. The International Monetary
Fund (IMF) keeps track of the global economy while seeking to maintain the
stability of the global monetary system and lend funds to member countries.
The World Bank and IMF have cooperated since the early 2000s in efforts to
combat money laundering and terrorist financing. They require jurisdictions
that benefit from their programs to have effective AML/CFT controls. They
work closely with FATF to implement FATF standards and incorporate FATF
compliance in their Financial Sector Assessment Program reviews of member
jurisdictions. The World Bank and IMF have Observer status with FATF.

Their role in combating money laundering and terrorist financing includes four
main areas:

• Raising awareness

• Developing a universal assessment methodology

• Building institutional capacity

• Researching and analyzing different aspects of the global economy

The World Bank and IMF provide a wide range of resources to address money
laundering and terrorist financing. They jointly publish the Reference Guide to
Anti-Money Laundering and Combating the Financing of Terrorism, which is
the primary AML/CFT resource from these organizations. This guide provides
an overview of relevant global and regional bodies, preventive measures, and
the role and functions of national FIUs. It also includes a detailed section on
terrorist financing. Guidance is generally aimed at the jurisdictional level, not
individual institutions.

In addition to their joint guidance, each institution also provides its own
resources to assist in combatting financial crime. The World Bank publishes ad
hoc reports in areas such as trade finance, training, and risk assessments.

IMF publishes periodic reviews of its AML/CFT strategy, accompanied by

extensive background papers addressing specific topics. It also provides
publications on emerging issues such as beneficial ownership and virtual
assets, and hosts live and recorded roundtables regularly. Additionally, it

Certified Anti-Money Laundering Specialist Page 163

Version 7.0
administers the AML/CFT Thematic Fund for Capacity Development, a global
initiative to assist countries in strengthening their AML/CFT regimes.

Organisation for Economic Co-operation

and Development AFC guidance
The Organisation for Economic Co-operation and Development (OECD) is an
intergovernmental organization founded in 1961. It works closely with
policymakers, stakeholders, and citizens to establish evidence-based
international standards for a variety of policy issues.

The OECD consists of three sections:

• The Council is its decision-making body. It is composed of one

representative from each member country plus the EU and is chaired by
the Secretary-General.

• The Substantive Committees propose solutions, develop standards, assess

data, and review policy actions. There are more than 300 such
committees.

• The Secretariat is made up of more than 3,500 employees who carry out
the work of the OECD. They include economists, lawyers, scientists,
political analysts, digital experts, statisticians, and other specialists.

In November 1997, the OECD adopted the Convention on Combating Bribery

of Foreign Public Officials in International Business Transactions. The
Convention requires signatory countries to establish legislation that
criminalizes the bribery of foreign public officials in international business
transactions. It also establishes an open-ended, peer-driven monitoring
mechanism to ensure the thorough implementation of international
obligations. It is the first and only international anti-corruption instrument
focused on the “supply side” of the bribery transaction: the person or entity
offering, promising, or giving a bribe.

The OECD Working Group on Bribery in International Business Transactions

evaluates and makes recommendations on a jurisdiction’s implementation
and enforcement of the Convention and related instruments. The Working
Group issues reports that detail a jurisdiction’s achievements and challenges,

Certified Anti-Money Laundering Specialist Page 164

Version 7.0
including enforcement of foreign bribery offenses. The reports also
document the jurisdiction’s progress since its last evaluation.

Many organizations utilize the OECD's guidance and resources as a reference

to identify risks from various areas. The OECD discusses a range of topics,
including:

• Digital currencies, such as cryptocurrencies.

• Beneficial ownership.

• Transnational organized crime.

• Tax crime.

• Risks of corruption, conflict financing, and money laundering linked to gold

flows.

• Main areas of weakness and potential areas for action to combat money
laundering, tax evasion, and foreign bribery.

• Identifying, freezing, and returning stolen assets.

Basel Committee on Banking Supervision

AFC guidance
The Basel Committee on Banking Supervision (BCBS) was established by the
G-10 countries in 1974 as the primary global standard setter for bank
regulation and as a forum for global cooperation on banking supervision. Its
mandate is to enhance the global banking system through strengthening
banking regulation, supervision, and practices. It does not have enforcement
authority, but relies on its members’ commitment to achieve its mandate.

BCBS members include banking supervisory authorities and central banks

from 28 member countries.

BCBS issues:

• Standards to incorporate into local legal frameworks.

• Guidelines for implementing the standards in areas where they are

considered desirable for banks’ safety, soundness, and conduct,
particularly internationally active banks.

Certified Anti-Money Laundering Specialist Page 165

Version 7.0
• Sound practices that describe actual observed practices, to promote
common understanding and improve supervisory or banking approaches.

In 1988, the BCBS issued a statement of principles, called Prevention of

Criminal Use of the Banking System for the Purpose of Money Laundering.
These principles are still useful for AML/CFT as they focus on:

• Customer identification.

• Compliance with laws.

• Conformity with high ethical standards and local laws and regulations.

• Full cooperation with national law enforcement to the extent permitted

without breaching customer confidentiality.

• Staff training.

• Recordkeeping and audits.

This statement was followed in 1997 by the issuance of Core Principles for
Effective Banking Supervision. This document included provisions regarding
KYC rules. BCBS periodically updates the principles. However, the key
elements of a KYC program remain unchanged and include:

• Customer identification.

• Risk management.

• Customer acceptance policy.

• Ongoing monitoring.

In 2014, the BCBS issued guidelines titled Sound Management of Risks Related
to Money Laundering and Financing of Terrorism. They were updated in 2020.
The guidelines:

• Support banks and supervisors in implementing the FATF

Recommendations concerning AML/CFT.

• Advocate for banks to implement risk analysis and governance

arrangements.

• Describe three lines of defense in a bank’s AML efforts.

o First line: Include business units that identify, assess, and control the
risks of their business.

Certified Anti-Money Laundering Specialist Page 166

Version 7.0
 o Second line: Include AML compliance and internal controls.

o Third line: Include internal audit functions.

These guidelines provide banks with a foundation for their AML frameworks
and controls.

Egmont Group AFC guidance

The Egmont Group is an international network of national FIUs that facilitates
cooperation and intelligence sharing among its members to combat money
laundering, terrorist financing, and other financial crimes. Established in 1995,
the group is made up of several organizational groups. The governing body,
entitled Heads of Financial Intelligence Units, makes consensus-driven
decisions. This group is supported by other entities, including the Egmont
Committee, Regional Groups, Working Groups, the Egmont Secretariat, and
the Center of FIU Excellence and Leadership.

The Egmont Group’s role is to operationalize AML/CFT strategy. Their policies

and guidance focus on improving cooperation and increasing the level of trust
between jurisdictions to allow for the secure sharing of sensitive information.
The Egmont Group’s key functions are:

• Information sharing, which enables FIUs to share intelligence on suspicious

financial activities.

• Capacity building, which provides training and technical assistance to

enhance FIU capabilities.

• Collaboration, which promotes cooperation between FIUs, law

enforcement agencies, and international organizations.

• Standard-setting, which develops guidelines to improve the efficiency and

effectiveness of financial intelligence operations, including promoting the
operational autonomy of FIUs.

The Egmont Group has produced a set of governing documents to lay the
foundation for future work and to help standardize international cooperation
and information exchange among FIUs. They include:

• Egmont Charter (2013): Outlines the statement of purpose, composition,

structure, and budget for the Egmont Group.

Certified Anti-Money Laundering Specialist Page 167

Version 7.0
• Egmont Principles for Information Exchange (2013): Documents concepts
and practices for bilateral and multilateral information exchange between
FIUs.

• Operational Guidance for FIUs (2013): Outlines the FIU operations in

international cooperation, information exchange, and other tasks in a
binding document for all members.

The Egmont Group regularly produces guidance and information documents,

many of which include case studies compiled from information received from
multiple jurisdictions. These help AML professionals identify suspicious
activities and determine whether to report them.

Wolfsberg Group AFC guidance

The Wolfsberg Group is an association of global banks that develop policies
and guidance for managing financial crime risk. The group first came together
in 2000 at the Château Wolfsberg in Switzerland, as part of a collaborative
effort with representatives of Transparency International. The group is made
up of senior financial crime compliance personnel from member banks,
representing the US, the UK, Switzerland, Germany, France, the Netherlands,
Italy, Spain, and Japan.

The Wolfsberg Group issues guidelines to assist members in managing their

risks, helping them make sound decisions about clients to protect their
operations from criminal abuse. Note that the group has no enforcement
powers; therefore, its publications are designed to be adapted to its
members’ needs and serve as guidance notes for financial institutions
depending on their organizational risk, regulatory standards, and business
profile.

In 2000, the Wolfsberg Group published the Wolfsberg Anti-Money

Laundering Principles for Private Banking. The Wolfsberg Group routinely
revises these principles to outline best practices for financial institutions to
detect and mitigate risks associated with high-net-worth clients, PEPs, and
offshore entities.

Key provisions include:

• KYC: Banks should verify client identities and assess their risk profiles.

Certified Anti-Money Laundering Specialist Page 168

Version 7.0
• Due diligence: Banks should apply enhanced scrutiny for high-risk
customers, particularly PEPs.

• Source of wealth and funds: Banks should investigate and document how
clients acquired their wealth.

• Ongoing monitoring: Banks should conduct continuous reviews of

transactions to detect suspicious activities.

In 2006, the Wolfsberg Group published Guidance on a Risk Based Approach

for Managing Money Laundering Risks. It emphasizes that financial institutions
should allocate resources based on the level of risk posed by a customer,
transaction, or jurisdiction.

In 2014, the Wolfsberg Group published Wolfsberg Financial Crime Principles

for Correspondent Banking. Since its publication, the Wolfsberg Group has
updated the principles that establish best practices for financial institutions
engaging in cross-border banking relationships. The best practices include:

• Considering 11 specific risk indicators when conducting due diligence. This

includes assessing the risk of correspondent relationships, considering
factors like jurisdiction, ownership structure, and regulatory compliance.

• Applying stricter scrutiny to high-risk relationships, such as those involving

shell banks or offshore financial centers.

International Organization of Securities

Commissions AFC guidance
The International Organization of Securities Commissions (IOSCO) is the
global standard setter for financial market regulation. It has more than 200
members from 130 jurisdictions, including governmental bodies, supernational
and subnational regulators, self-regulatory organizations, and securities
exchanges.

IOSCO's principles guide regulatory standards. They form the basis for the IMF
and World Bank’s securities sector evaluation.

Certified Anti-Money Laundering Specialist Page 169

Version 7.0
IOSCO's three main objectives are:

1. Enhancing investor protection through cooperation and enforcement.

2. Ensuring fair and efficient markets by providing transparent access to

market information.

3. Promoting financial stability by managing systemic risks and facilitating

international information exchange during instability.

IOSCO supports its members with technical assistance, education, and

training.

IOSCO published the Anti-Money Laundering Guidance for Collective

Investment Schemes in 2005. It provides AML guidance specifically for
collective investment schemes such as mutual funds and exchange-traded
funds. The guidance outlines policies, procedures, and client identification
measures to mitigate the risk of money laundering in the industry.

In 2003, the BCBS, International Association of Insurance Supervisors (IAIS),

and IOSCO published a joint note detailing initiatives to combat AML/CFT. The
note provided an overview of common AML/CFT standards across the three
sectors and assessed gaps or inconsistencies in approaches. It also examined
the relationships between institutions and their customers, focusing on
vulnerable products or services.

In 2023, IOSCO issued Policy Recommendations for Crypto and Digital Asset
Markets. The report includes 18 policy recommendations designed to support
greater consistency with regulatory frameworks. They also address market
integrity and investor protection concerns within the cryptoasset markets.
The 18 recommendations cover six areas:

1. Conflicts of interest arising from vertical integration of activities and

functions

2. Market manipulation, insider trading, and fraud

3. Cross-border risks and regulatory cooperation

4. Custody and client asset protection

5. Operational and technological risk

6. Retail access, suitability, and distribution

Certified Anti-Money Laundering Specialist Page 170

Version 7.0
AFC guidance from other
organizations

G-20 Anti-Corruption Working Group AFC

guidance
The G-20 was founded in 1999 as an informal forum for finance ministers and
central bank governors of the most industrialized and developing economies.
The G-20’s membership includes 19 countries, plus the EU and the African
Union. Its original focus was economic and financial stability-related issues, but
it has since expanded to include other issues, such as anti-corruption. After
the 2007 global financial crisis, G-20 participation was upgraded to include
heads of state or government, and leaders now meet regularly.

The G-20 Anti-Corruption Working Group (ACWG) was set up in 2010. Its
primary goal is to recommend ways the G-20 can contribute to international
anti-corruption efforts. ACWG actively works with the World Bank, the OECD,
UNODC, IMF, and FATF. The World Bank and UNODC are also involved in the
ACWG through the Stolen Assets Recovery Initiative (StAR). StAR plays an
advisory role on asset recovery, AML/CFT, transparency and beneficial
ownership, and income and asset disclosures.

As of 2025, the G-20 ACWG Action Plan was focused on:

• Strengthening the public sector by promoting transparency, integrity, and

accountability.

• Increasing efficiency of asset recovery measures.

• Enhancing and mobilizing the inclusive participation of the public sector,

private sector, civil society, and academia to prevent and combat
corruption.

• Enhancing whistle-blower protection mechanisms.

The G-20 has authored several documents that provide essential guidance on
anti-corruption measures, financial transparency, and international

Certified Anti-Money Laundering Specialist Page 171

Version 7.0
cooperation. They outline strategies for combating illicit financial activities,
recovering stolen assets, and enhancing regulatory frameworks across
jurisdictions to strengthen governance and promote integrity in both public
and private sectors. These include:

• Country-specific beneficial ownership guides.

• International cooperation.

• Recovery of the proceeds of corruption.

• Combating money laundering.

• Enhancing asset disclosure.

• Tackling foreign bribery.

• Prevention of corruption in the public sector.

• Strengthening anti-corruption.

• Promoting business/government collaboration.

Transparency International AFC guidance

Transparency International (TI) is a non-governmental organization
committed to stopping corruption and promoting transparency,
accountability, and integrity at both national and international levels. Founded
in 1993, TI operates in approximately 100 countries. TI advocates for policies
that hold powerful people and organizations accountable. It conducts
research to understand the causes of corruption and initiates innovative,
scalable, evidence-based projects that provide solutions to prevent and stop
corruption.

TI has two featured priorities:

• Political integrity: Ensuring political power is held accountable

• Dirty money: Identifying and closing loopholes in the global financial system
that allow for corruption and money laundering

Other AFC priorities include:

• Asset recovery and theft of public money.

• Business integrity.

Certified Anti-Money Laundering Specialist Page 172

Version 7.0
• Extractive industries.

• Foreign bribery enforcement.

• Grand corruption.

• Judiciary and law enforcement.

• Whistleblowing.

The TI Corruption Perceptions Index (CPI) is a globally recognized ranking that

assesses perceived levels of public sector corruption in jurisdictions
worldwide. Established in 1995, the CPI scores approximately 180 jurisdictions
on a scale from 0 (highly corrupt) to 100 (very clean), based on expert
assessments and business surveys. Each jurisdiction's score is calculated using
data from 13 possible sources measuring factors such as bribery, misuse of
public office, and weak anti-corruption measures. The CPI ranks countries
based on their scores, indicating each country’s level of perceived corruption
compared to other countries in the index. The index provides valuable insights
for policymakers, investors, and organizations by highlighting governance
challenges and accountability gaps. The CPI helps raise awareness and
encourages reforms to strengthen transparency worldwide, making it a key
tool in the fight against corruption.

TI’s Bribe Payers Index (BPI) ranks the leading exporting countries according
to their propensity to bribe. TI’s annual Global Corruption Report combines the
CPI and the BPI and ranks each country by its overall level of corruption. The
lists help financial institutions determine the risk associated with a particular
jurisdiction.

Certified Anti-Money Laundering Specialist Page 173

Version 7.0
Basel Institute on Governance AFC
guidance
The core mission of the Basel Institute on Governance is to contribute to
global efforts to prevent and combat corruption and strengthen governance.
It is an independent organization and an associated institute of the University
of Basel. Its staff are mostly practitioners with years of anti-corruption
prevention or law enforcement experience.

The Institute’s main areas of expertise include:

• Asset recovery assistance, capacity building, and policy guidance.

• Anti-corruption research, training, and assessments.

• Anti-corruption engagement with the private sector.

• Countering corruption that impacts the environment.

• Technical assistance for public finance management.

The International Centre for Asset Recovery (ICAR), established in 2006, is a

specialized division of the Basel Institute on Governance. It works through four
main lines of intervention:

• Case advice, mentoring, and facilitation of international cooperation

• Capacity building and training

• Institutional development and legal and policy advice

• Global policy dialogue and innovation

The Basel AML Index is an independent ranking and risk assessment tool that
evaluates a country's vulnerability to money laundering and related financial
crimes and its capacity to counter these threats. The Index does not measure
the actual amount of money laundering activity. Developed by the Basel
Institute through ICAR, the Index helps policymakers, regulators, and
researchers understand vulnerabilities and enhance AML efforts worldwide. It
assigns risk scores to jurisdictions using a composite methodology, with 17
indicators in five domains in line with key factors considered to contribute to a
high-risk score. The five domains are:

• AML/CFT and counter-proliferation financing framework quality.

Certified Anti-Money Laundering Specialist Page 174

Version 7.0
• Corruption and fraud risks.

• Financial transparency.

• Public transparency and accountability.

• Legal and political risks.

The Index uses data sources including FATF mutual evaluation reports, US
State Department International Narcotics Control Strategy Report, and
Transparency International.

Tax Justice Network AFC guidance

The Tax Justice Network (TJN) is an independent, advocacy-focused
organization dedicated to exposing and combating global tax avoidance,
evasion, and financial secrecy. Launched in 2003 in the British Houses of
Parliament, it researches tax havens, offshore finance, and illicit financial flows.
TJN promotes policies for greater transparency and fairer tax systems.

TJN publishes the Financial Secrecy Index, the Corporate Tax Haven Index,
and the State of Tax Justice annual report to highlight jurisdictions that enable
tax abuse. Its work influences policymakers, AFC professionals, journalists, and
activists in the fight against global economic inequality. These indices can be
part of a financial institution’s risk-based approach to customer transactions.

The Financial Secrecy Index ranks 141 jurisdictions based on the amount of
financial secrecy associated with each jurisdiction. The ranking examines how
much financial secrecy a jurisdiction allows and the number of financial
services it provides to residents of other jurisdictions. The higher a jurisdiction
ranks, the bigger its role in enabling wealthy individuals and criminals to hide
and launder money. The index is published every two years.

The Corporate Tax Haven Index ranks 70 jurisdictions whose tax policies allow
multinational corporations to underpay their corporate income tax. The higher
a country ranks, the greater the risk of corporate tax abuse in that jurisdiction.

The State of Tax Justice annual report shares the amount of tax that
jurisdictions lose each year related to corporate tax abuse and private tax
evasion. According to the 2023 report, jurisdictions will lose US$4.8 trillion to
tax havens over the next 10 years.

Certified Anti-Money Laundering Specialist Page 175

Version 7.0
An organization might incorporate TJN indices to customer risk assessments
to assess the risk of a customer engaging in tax evasion or financial crime
based on their country of residence or business operations. Higher rankings in
these indices indicate jurisdictions with greater financial secrecy or tax haven
characteristics, suggesting increased risk levels for customers associated with
them.

Certified Anti-Money Laundering Specialist Page 176

Version 7.0
AFC Regulations and Regimes

Introduction

Introduction: AFC regulations and regimes

In this module, you will be introduced to the regulatory environment that
impacts the daily work of AFC professionals. In addition to learning who some
of the major regulators are and what regulatory requirements they impose,
you will learn how regulators assess risk, provide guidance, and cooperate
with each other and with law enforcement to enforce AML/CFT laws. This
material provides the context for understanding how regulatory requirements
flow from international guidance to national legislation and finally to
operational requirements within covered entities, impacting you as an AFC
professional.

Student note: Regulatory framework

elective courses
This module will cover the key global AFC rules and regulations. We will cover
the various jurisdictions at a high level. For a detailed overview and analysis,
please refer to our AML regulatory framework courses to learn more about
the regulatory landscape of a specific jurisdiction.

Certified Anti-Money Laundering Specialist Page 177

Version 7.0
Case example: Drafting policies for an AFC
department based in APAC

Hiroshi is working for a newly incorporated financial institution based in the

Asia-Pacific (APAC) region and was asked to set up policies and procedures
for the AFC department. One of his tasks is to identify relevant reports and
guidance papers that would impact AFC controls.

To begin, Hiroshi must understand the financial crime risks his organization will
face. He asks himself if his organization is exposed to corruption, fraud, money
laundering, or sanctions risks. He also begins listing the laws and regulations
that combat these risks, including CDD and other AML standards.

During Hiroshi's research, he identifies several guidance papers that could

apply to his work. Because his organization will be active in cross-border
transactions, he needs to consider regulations and standards within the APAC
region as well as other jurisdictions. Hiroshi references the AFC regulations in
both the US and EU because some of the cross-border transactions involve
those jurisdictions. And because his organization conducts transactions in
virtual assets, he also considers regulations related to this sector.

Additionally, since cross-border transactions involve customers’ data, Hiroshi

must account for data-related regulations in his organization's policies and
procedures. For example, he remembers that the EU’s General Data
Certified Anti-Money Laundering Specialist Page 178
Version 7.0
Protection Regulation sets a higher data standard than those of most of the
APAC jurisdictions. Similarly, the Chinese Data Security Law prohibits
organizations from transferring certain commercial data out of China.

Hiroshi's research does not stop there. He also considers emerging

compliance topics such as the environmental, social, and governance
framework and the use of AI in AFC efforts.

Once Hiroshi has identified the relevant regulations and regulatory authorities
to include in his work, he determines which business products and services
these controls will affect. In his proposed policies, he states that continuously
reviewing and monitoring relevant guidance, enforcement actions, and
proposed policy changes from relevant sources are the keys to success.
Hiroshi also mentions that his organization should incorporate the results of
ongoing regulatory reviews into other AFC processes as appropriate,
including the enterprise-wide risk assessment, training plan, and new business
due diligence processes.

Key takeaways

Your organization’s policies and procedures should:

• Consider the key financial crime risks it will face.

• Implement the relevant AFC regulations from other jurisdictions such as

the US and EU.

• Consider other AFC areas such as data protection or environmental, social,

and governance factors.

• Enforce a thorough risk assessment prior to the launch of a new product,

service, or technology.

Certified Anti-Money Laundering Specialist Page 179

Version 7.0
US AML/CFT regulatory
landscape

Bank Secrecy Act

The Bank Secrecy Act (BSA) is the US’s most important AML regulation. The
US implemented it in 1970 in response to criminals using US banks and the
financial system for money laundering and other illicit activities.

The BSA introduced significant recordkeeping and reporting obligations for

US banks and financial institutions. For instance, the BSA required banks to
collect information on customers and their transactions. These obligations
helped ensure that law enforcement and supervisory agencies received the
financial information and evidence they needed for their investigations and
prosecutions. In 2001, the US extended the scope of the BSA to include
counter-terrorist financing obligations introduced by the USA PATRIOT Act.

The BSA introduced several reporting requirements:

• Currency transaction reports

• Suspicious activity reports

• Foreign bank account reports for US citizens holding foreign accounts

• Currency and monetary instrument reports for cash purchases of

monetary instruments

The BSA requires obliged entities to develop, implement, and maintain an

effective AML program based on five pillars:

• Incorporate policies, procedures, and internal controls reasonably

designed to assure compliance with regulatory requirements.

• Designate an AML officer responsible for the day-to-day activities of the

program.

• Provide education and training of employees concerning their

responsibilities under the program.

Certified Anti-Money Laundering Specialist Page 180

Version 7.0
• Ensure independent audit to monitor and maintain an adequate program
with a risk-based frequency.

• Develop an ongoing CDD program using a risk-based approach.

The BSA extends to non-US banks, MSBs, and cryptocurrency firms that deal
with US customers or utilize the US financial system. It requires US-based
branches of foreign banks to comply with BSA requirements, as well as MSBs
or cryptocurrency firms that engage in transactions with US customers.
Foreign financial institutions that maintain correspondent bank accounts with
US banks are subject to some BSA requirements, including recordkeeping and
the obligation to provide records in response to requests from US authorities.

USA PATRIOT Act

In 2001, the US enacted the Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA
PATRIOT Act). This Act introduced significant AFC regulatory obligations that
have influenced global financial regulations. It strengthened AML/CFT
measures, impacting financial institutions worldwide.

Key global obligations derived from the USA PATRIOT Act include the
following topics.

• CDD and KYC: Financial institutions must verify customer identities, monitor
transactions, and assess risks associated with business relationships. This
requirement has influenced global AML frameworks, such as the FATF
Recommendations.

• Jurisdictions of primary money laundering concern: Under section 311, the

US Department of the Treasury can designate foreign jurisdictions,
institutions, or transactions as money laundering risks, prompting actions
by financial institutions. Designating a jurisdiction or financial organization
forces banks to halt financial dealings with the designee.

• EDD for foreign correspondent banking: Section 313 prohibits relationships

with shell banks and Section 312 mandates EDD for correspondent
accounts held by foreign financial institutions, affecting cross-border
banking practices. Section 312 also applies to private banking accounts for
non-US persons.

Certified Anti-Money Laundering Specialist Page 181

Version 7.0
• Forfeiture from US correspondent account: This Act permits the US
government to seize funds from a correspondent account in the US that a
foreign bank has opened and maintained. The owner of the funds may
contest the seizure.

• Information sharing: Section 314 allows banks to cooperate with each

other, law enforcement, and international agencies to combat financial
crime. It provides institutions with safe harbor liability protections for
sharing information.

• Records relating to correspondent accounts for foreign banks: This Act

allows the US government to request the production of various types of
records, provides subpoena authority for correspondent accounts of
foreign banks, and requires foreign banks to designate a registered agent
in the US.

The Anti-Money Laundering Act of 2020

The main focus of the Anti-Money Laundering Act of 2020 (known as the AML
Act in the US) was to modernize US banking laws and regulations for AML
compliance. The act also broadens the use of AML practices to further
national security and intelligence goals through greater transparency and
enforcement measures. This included the creation of a national Beneficial
Ownership database, which will be updated with ownership information for
entities required to register. Additional rules, such as which financial
institutions can access the database and how that information may be used,
are anticipated in the future.

For example, the act expands AML compliance to include jurisdiction over
activities in cryptocurrencies such as Bitcoin, as well as art and antique
dealers. The AML Act also includes new investigative powers regarding foreign
financial institutions, while creating new criminal penalties for hiding
transactions related to senior foreign political figures.

The AML Act represents a strategic update to US banking law by including

new financial technologies as well as national security priorities in AML
compliance.

For example, the AML Act requires shell companies and other previously
unregulated legal entities to disclose their beneficial owners and register

Certified Anti-Money Laundering Specialist Page 182

Version 7.0
ownership structures with FinCEN. The act also extends protection for
whistleblowers who alert authorities of AML regulatory violations. The goal is to
broaden investigative powers to outline connections between entities like
shell companies and their relationships with correspondent banks around the
globe.

The AML Act also updates existing AML regulations to include cryptocurrency
exchanges. They are considered to be money services businesses and have
the same licensing and reporting requirements.

Another goal of the AML Act is to transform SARs from a simple reporting
requirement to a tool for intelligence gathering. SARs are now expected to
provide a “high degree of usefulness” for law enforcement and national
security agencies. Additionally, there are provisions to facilitate cross-border
sharing of SARs within financial institutions.

The AML Act also requires the development of further regulations to enhance
strategic priorities regarding:

• Corruption and fraud.

• Cybercrime.

• Terrorist financing.

• Transnational criminal activity.

• Drug trafficking.

• Human trafficking.

• Nuclear proliferation financing.

Pursuant to the AML Act, FinCEN has issued several notices of proposed
rulemaking to further implement the AML Act. These include:

• The requirement to maintain risk-based AML/CFT programs, such as

mandatory risk assessment processes.

• The incorporation of national priorities in institutions’ AML/CFT programs.

Additional rulemaking to further implement the AML Act and its legislative
objectives will likely continue.

Certified Anti-Money Laundering Specialist Page 183

Version 7.0
Financial Crimes Enforcement Network
The Financial Crimes Enforcement Network (FinCEN) is a bureau within the US
Department of the Treasury. Its director reports to the Under Secretary for
Terrorism and Financial Intelligence. FinCEN’s mission is to protect the
financial system from illicit activities, combat financial crimes, and enhance
national security.

The US Congress designates FinCEN as the central authority that collects,

analyzes, and disseminates financial transaction data to support law
enforcement, regulatory agencies, and policymakers. FinCEN’s analysis of
data specifically plays a crucial role in combating AML and CFT as it assists in
tracking fraud, tax evasion, narcotics trafficking, and terrorist financing.

FinCEN operates under the Bank Secrecy Act, which was amended by the
USA PATRIOT Act. The Bank Secrecy Act and its amendments grant FinCEN
the authority to issue regulations, enforce compliance, and oversee AML
programs in financial institutions. For instance, FinCEN sets the standards for
what constitutes suspicious activity and ensures that financial institutions
properly file reports that could prove useful in criminal, tax, and counter-
terrorism investigations. Additionally, FinCEN manages the collection,
processing, storage, dissemination, and protection of Bank Secrecy Act data.
It partners with law enforcement in searching for information to investigate
and prosecute entities involved in financial crime.

As the US FIU, FinCEN collaborates globally with over 100 FIUs within the
Egmont Group, sharing financial intelligence to detect illicit financial flows. It
also maintains a government-wide access service for financial crime data,
helping federal, state, local, and international partners.

FinCEN’s key functions include:

• Issuing and enforcing AML/CFT regulations.

• Supporting law enforcement in investigations and prosecutions.

• Managing and protecting Bank Secrecy Act data.

• Coordinating with foreign FIUs on cross-border financial crime.

• Identifying financial crime risks and assisting with resource allocation.

Certified Anti-Money Laundering Specialist Page 184

Version 7.0
Other US regulators
US financial regulators work collectively to ensure the financial system’s
stability, integrity, and efficiency. The Office of the Comptroller of the
Currency (OCC), Federal Reserve System (FRS), Federal Deposit Insurance
Corporation (FDIC), and Securities and Exchange Commission (SEC) create a
framework that safeguards financial institutions and consumers, mitigating
risks that could threaten economic stability. They enforce compliance,
promote transparency, and protect investors and depositors, while ensuring
trust in financial markets.

The OCC is an independent bureau within the US Department of the Treasury

responsible for chartering, regulating, and supervising all national banks,
federal savings associations, and US branches of foreign banks. It ensures that
financial institutions operate safely and soundly, provide fair access to financial
services, treat customers fairly, and comply with laws and regulations.

The FRS serves as the central bank of the US, working to ensure financial
system stability by minimizing and containing systemic risks. It conducts
several types of examinations to promote the safety and soundness of
financial institutions while enhancing the efficiency and security of payment
and settlement systems. Additionally, the FRS provides services to the banking
industry and the US government, facilitating US dollar transactions and
payments.

The FDIC is an independent agency established by Congress to uphold

stability and public confidence in the US financial system. It fulfills this mission
by insuring deposits, supervising financial institutions for safety, soundness,
and consumer protection, and ensuring that financial institutions can be
restructured or liquidated in an orderly manner if they fail.

The SEC oversees all aspects of the securities industry, ensuring investor
protection, fair, orderly, and efficient markets, and capital formation. The
president, with the Senate’s advice and consent, appoints up to five
commissioners to lead the agency.

By overseeing banking operations, managing systemic risks, insuring deposits,

and regulating securities, these regulators collectively foster a resilient and
well-functioning financial industry. If a financial institution is found in violation of
US laws and regulations related to financial crime, these regulators can

Certified Anti-Money Laundering Specialist Page 185

Version 7.0
impose civil monetary penalties, forfeiture of proceeds, limitations on future
business activities, and criminal charges against the bank or its officers.

Case study: US regulatory enforcement

actions
Between 2023 and 2024, Wells Fargo & Company, parent company of Wells
Fargo Bank, N.A., and hereafter called Wells Fargo, faced significant
enforcement actions from three major US regulatory bodies: the Federal
Reserve Board, the SEC, and the OCC. These enforcement actions addressed
various compliance deficiencies and misconduct within the bank's operations.

In March of 2023, the Federal Reserve Board imposed a US$67.8 million fine on
Wells Fargo for providing a trade finance software platform to a foreign bank.
The foreign bank used the platform to conduct transactions involving parties
subject to US sanctions. The Federal Reserve Board concluded that Wells
Fargo had insufficient policies and procedures to ensure compliance with US
sanctions laws, leading to transactions that violated these regulations.

In August of 2023, the SEC charged two non-bank affiliates of Wells Fargo,
Wells Fargo Clearing Services LLC and Wells Fargo Advisors Financial Network
LLC, for overcharging more than 10,900 investment advisory accounts,
amounting to over US$26.8 million in excessive fees. The SEC's investigation
revealed that certain financial advisers had agreed to reduce advisory fees for
clients, but did not enter the reductions into the billing system. Consequently,
the financial advisers charged the clients higher fees than agreed upon. Wells
Fargo consented to pay a US$35 million civil penalty to resolve the issue on
behalf of its affiliates.

In September of 2024, the OCC issued an enforcement action against Wells

Fargo, identifying deficiencies in the bank's financial crimes risk management
and AML controls. The OCC's formal agreement highlighted issues in areas
such as suspicious activity reporting, currency transaction reporting, CDD, and
customer identification programs. While the OCC did not impose monetary
penalties, the agreement required Wells Fargo to obtain OCC approval before
expanding into new products or services in areas of moderate or high risk.

Certified Anti-Money Laundering Specialist Page 186

Version 7.0
Key takeaways

Regulatory enforcement actions:

• Underscore the critical need for banks to enhance their internal controls,
compliance policies, and risk management.

• Span multiple agencies and regulated entities.

• Include financial penalties for compliance failures and operational

restrictions due to risk management deficiencies.

Office of Foreign Assets Control

The US Department of the Treasury created the Office of Foreign Assets
Control (OFAC) in 1950. It is the successor to the Office of Foreign Funds
Controls. OFAC is responsible for administering and enforcing economic and
trade sanctions based on US foreign policy and national security goals against
foreign jurisdictions and regimes, terrorists, international narcotics traffickers,
entities engaged in the proliferation of WMDs, and other threats. Its legal
authority comes from a combination of US laws, executive orders, and
regulations.

OFAC sanctions programs prohibit transactions with persons and

organizations that appear on one of several lists that OFAC issues periodically
and may require the blocking of their assets within US jurisdiction. OFAC
sanctions lists primarily include:

• Jurisdiction-based sanctions: These sanctions are brought against entire

jurisdictions and prohibit nearly all types of transactions, such as the
sanctions against North Korea, Iran, and Cuba.

• List-based sanctions: These sanctions identify and target specific entities

and individuals involved in illicit activities or who pose a threat to US national
security. They include those on the Specially Designated Nationals and
Blocked Persons (SDN) List, Consolidated Sanctions List, and Foreign
Sanctions Evader List.

• Secondary sanctions: These sanctions are directed at non-US persons for

transactions and other specific dealings with counterparties subject to
certain OFAC sanctions, such as those with Iranian and Russian SDNs.

Certified Anti-Money Laundering Specialist Page 187

Version 7.0
• Sectoral sanctions: These sanctions are applied against entire sectors of an
economy, such as energy, finance, or defense, rather than specific
individuals or entities.

To enforce its sanctions programs, OFAC relies on collaboration with the

private sector. Failure to comply with OFAC sanctions can result in civil and
criminal penalties, including multimillion-dollar fines against organizations and
imprisonment of individuals.

Certified Anti-Money Laundering Specialist Page 188

Version 7.0
EU AML/CFT regulatory
landscape

History of AML regime in Europe

The EU is a political and economic union of jurisdictions. Note that Norway,
Iceland, and Liechtenstein are not part of the EU but are members of the
European Economic Area (EEA). Although members of the EEA do not take
part in the EU’s legislative process, they are required to comply with the EU’s
AML/CFT legislation, which can be issued as a regulation or a directive. A
regulation is a legal act that is immediately applicable in each member state. A
directive is a legal act that sets principles and goals. National legislators must
transpose, or incorporate into their legislation, EU directives by a certain
deadline to make them binding.

Since 1991, the EU has used directives to establish its AML/CFT regime. The
first AML directive (1AMLD) primarily applied to banks and required member
states to criminalize money laundering. Since then, the EU has amended the
AMLDs, with the 2AMLD in 2001, 3AMLD in 2005, 4AMLD in 2015, and 5AMLD in
2018.

Many of the EU’s provisions to the AMLDs were to address previous

challenges. For example, some member states did not transpose the AMLDs
in their national legislation in a timely manner or in full compliance. These
factors resulted in lapses, such as banks failing to comply with core
requirements and deficiencies in consolidated supervision for cross-border
entities. This fragmentation between entities reduced the effectiveness of
supervision and cooperation among authorities and resulted in AML breaches.
Therefore, the EU passed the 5AMLD to strengthen the obligation for
cooperation between AML and banking supervisors. The AMLD amendments
also aimed to strengthen existing regulations and expand regulatory scope to
include entities such as NBFIs, DNFBPs, and cryptoasset service providers.

Until 2018, member states differed on the predicate offenses for money
laundering. This led the EU to pass Directive 2018/1673, or the “AML Criminal
Law Directive,” which establishes minimum rules concerning the definition of

Certified Anti-Money Laundering Specialist Page 189

Version 7.0
criminal offenses and penalties for money laundering. In 2024, the EU
amended Directive 2018/1673 to ensure that violations of EU restrictive
measures constitute a criminal offense. The EU also introduced the EU AML
Single Rulebook, also known as the EU AML package, which includes the
6AMLD. For the first time, this framework combined a regulation with a
directive to increase its level of harmonization and effectiveness within
member states.

EU AML package
In 2024, the EU adopted a package of AML legislation known as the “Single
Rulebook.” The package consists of:

• Directive (EU) 2024/1640, also called 6AMLD.

• Regulation (EU) 2024/1624, also called AMLR.

• Regulation (EU) 2024/1620, also called AMLA-R.

• Regulation (EU) 2023/1113, also called FTR.

6AMLD builds on previous AMLDs, such as Directive (EU) 2015/849 (4AMLD).

The 6AMLD requires financial institutions and other obligated entities to
implement comprehensive CDD procedures, maintain central registers of
beneficial ownership information, and conduct risk assessments on state and
supranational levels. 6AMLD enhances the role of FIUs and strengthens
cooperation between national FIUs and other AML authorities. The EU requires
its member states to transpose 6AMLD provisions into law.

The goal of AMLR is to harmonize CDD and risk assessment requirements

across member states. This regulation sets a €10,000 limit for cash-based
transactions and strengthens rules on PEPs, beneficial ownership, and
beneficial owner disclosure obligations for firms in developing nations
purchasing high-worth vehicles and real estate assets. AMLR requires obliged
entities to assess all AML staff for skills, good repute, honesty, and integrity. It
also strengthens rules on SARs and penalties for violations. AMLR expands the
perimeter of obliged entities to include soccer agents, professional football
clubs, and investment migration operators. Provisions relating to the football
sector, the creation of a single access point to real estate information, and the
interconnection of bank account registers go into effect after the majority of
provisions in AMLR.

Certified Anti-Money Laundering Specialist Page 190

Version 7.0
AMLA-R establishes an EU Anti-Money Laundering Authority (AML Authority,
known as AMLA in Europe), which is responsible for the direct supervision of
selected obliged entities in the financial sector. These obliged entities are
selected based on the high residual risk profile. Additionally, AMLA-R
coordinates supervision of NCAs and drafts level-2 regulations and guidelines.
The majority of AMLA-R went into effect in July 2025.

FTR implements FATF’s recommendations on cryptoassets and prohibits

anonymous cryptoasset accounts and transactions. FTR is a recast of the
Regulation (EU) 2015/847 on information accompanying transfers of funds.
Together with the Markets in Cryptoassets Regulation (MiCA), FTR went into
effect in December 2024.

The role of AML Authority

Prior to 2021, the EU’s AML regime was made up of a series of directives that
member states were expected to implement. Because the members states
did not apply the rules in a coherent manner across the EU, the AML regime
faced fragmentation in supervision and enforcement.

To mitigate these issues, the EU established a framework whose cornerstone

is an EU Anti-Money Laundering Authority (AML Authority). This authority
ensures the harmonized implementation of rules and coordination among
AML and financial sector supervisors.

The AML Authority is mandated to:

• Develop and update the EU’s AML Single Rulebook. This contains a set of
rules that harmonize AML requirements applicable in the EU and EEA.

• Directly supervise up to 40 high-risk financial institutions. The AML Authority

ensures the selected entities comply with the Single Rulebook. The AML
Authority conducts onsite inspections and imposes corrective measures
for remediating deficiencies. Additionally, this authority imposes penalties if
appropriate or in all cases involving serious, repeated, or systematic
breaches. The AML Authority operates through joint-supervisory teams led
by an AML Authority staff member and with participation from NCA
personnel.

• Monitor national competent authorities to ensure consistent application of

the Single Rulebook. The AML Authority provides guidance, support, and

Certified Anti-Money Laundering Specialist Page 191

Version 7.0
 training to national competent authorities. The AML Authority has the
authorization to identify and act in cases of systematic failures regarding
supervision. Such cases could involve breaches resulting from the
improper application of national law transposing EU directives. Note that
the AML Authority is not the EU FIU; rather, it plays a vital role in supporting
and coordinating within the FIU's network.

• Conduct regular assessments of money laundering and terrorist financing

risks within the EU. The AML Authority identifies emerging threats and
vulnerabilities, providing recommendations to mitigate these risks.

• Facilitate information sharing between national competent authorities and

FIUs. The AML Authority acts as a central hub for collecting and
disseminating information. In this respect, the AML Authority manages the
EU central database of information on deficiencies in financial institutions.
The AML Authority also maintains information on remedial measures that
supervisors impose.

The AML Authority is expected to commence direct supervision, with its

headquarters in Frankfurt, Germany.

Markets in Cryptoassets Regulation

The Markets in Cryptoassets Regulation (MiCA), also known as MiCAR, has
instituted the EU’s legislative framework governing the transparency,
disclosure, authorization, and supervision of issuers and virtual asset service
providers (VASP) since December 2024. The European Commission created
MiCA to address the risks that unregulated cryptoassets pose to investors and
financial markets. Key provisions focus on cryptoassets that existing financial
services legislation did not previously regulate. For instance, MiCA covers the
issuance and trading of cryptoassets other than electronic money tokens
(EMT) and asset-referenced tokens (ART).

MiCA provisions set forth how VASPs should handle the custody,
administration, operation, and exchange of cryptoassets. For example, MiCA
regulates how VASPs receive and execute transactions on behalf of clients
and conduct advice or portfolio management.

MiCA restricts the issuance of EMTs to licensed entities such as banks and
electronic money institutions that are already subject to the EU’s AFC regime.

Certified Anti-Money Laundering Specialist Page 192

Version 7.0
To issue ARTs, MiCA requires the party to obtain a license. Generally, the EU
only grants licenses to firms established in the EU because the regulation
makes few exceptions. The firm should have qualified shareholders and
directors that are of good repute and do not have convictions of financial
crime offenses. The firm should also have an effective AFC program. If the
firm’s business model exposes the firm or the sector to serious financial crime
risks or demonstrates deficiencies in the AFC program, the relevant
regulatory body should reject the license.

When receiving a request for admission to trading, VASPs must assess the
reliability of the technical solutions, the reputation of the issuer and its
development team, and the potential risks linked to the cryptoasset. VASPs
should reject admission to trading cryptoassets with inbuilt anonymization
functions unless they can identify the token holders and their transaction
history.

MiCA establishes rules against market abuse, thus prohibiting insider trading
and market manipulation. VASPs must have controls to prevent and detect
market abuse and immediately report reasonable suspicions about an order
or transaction to the relevant regulatory authority.

Certified Anti-Money Laundering Specialist Page 193

Version 7.0
Other regional AML/CFT
regulatory landscapes

Local AML regulations and cross-

jurisdictional impact
An international financial institution often experiences complex operating
environments. One of the operational challenges is the implementation of its
AML program in all its locations. In this context, the interplay between a global,
group-wide AML program and the local AML regulations is vital.

For example, the Bank Secrecy Act, which is the primary AML law in the US,
requires compliance from US branches of foreign financial institutions. This
means foreign financial institutions must ensure that their group-wide policies
meet the Bank Secrecy Act’s minimum standards. This presents a challenge
because AML standards vary across jurisdictions.

To address potential differences in regulations, international financial

institutions often attach jurisdiction-specific addenda to their group-wide AML
policy. If a jurisdiction in which a financial institution operates has a higher AML
standard than its home jurisdiction, the financial institution should document
this in the addendum. For example, from 2012 to 2018, Hong Kong had a more
stringent beneficial ownership identification rule of 10%, while the US’s rule
was 25%. As a result, all international US banks operating in Hong Kong
documented the higher standard in a Hong Kong-specific addendum.

Information sharing within an international financial institution is another key to

the success of its AML mandate. Nevertheless, an international financial
institution might encounter challenges pertaining to banking secrecy and data
protection laws, such as FATF’s Private Sector Information Sharing guidance
document. FATF’s Recommendation 18 stipulates that where local applicable
laws and regulations permit, a financial institution should apply the principles in
the Recommendations to its branches and subsidiaries abroad. The financial
institution should have a balanced approach between its global, group-wide
policy and its multiple local addenda. To ensure the financial institution

Certified Anti-Money Laundering Specialist Page 194

Version 7.0
achieves this balance, it should abide by its management oversight and
governance obligations.

UK AML regulations
The UK’s AML/CFT regulatory landscape has changed following the UK’s exit
from the EU in January 2020. Because it is not part of the EU or the EEA, the UK
is not obligated to continue following the EU AMLDs, most recently the 6AMLD.

In the current landscape, the UK remains a member of FATF and implements

legislation that meets FATF’s AML/CFT global standards. The key legislation
includes:

• Proceeds of Crime Act 2002.

• The Terrorism Act 2000.

• Money Laundering, Terrorist Financing and Transfer of Funds (Information

on the Payer) Regulations 2017.

The following are major authorities in the UK responsible for issuing guidance,
investigating money laundering offenses, and enforcing AML regulations.

• The Financial Conduct Authority (FCA) regulates and supervises the

conduct of financial services firms in the UK. The FCA sets standards,
promotes competition, and prevents serious harm to customers within the
financial services sector. The body was established in April 2013, taking over
from the Financial Services Authority. Its primary focus is on the conduct of
all financial firms, ensuring they treat customers fairly and act in a
responsible manner.

• The Prudential Regulation Authority (PRA) is part of the Bank of England,

and it is the prudential regulator of approximately 1,500 banks, building
societies, credit unions, insurers, and major investment firms. The body was
established in 2013 following a structural change resulting from the
Financial Services Act 2012. Its primary focus is on the safety and
soundness of financial institutions, particularly banks, insurers, and large
investment firms. The PRA works closely with the FCA to ensure a sound
financial services environment in the UK.

Certified Anti-Money Laundering Specialist Page 195

Version 7.0
• His Majesty's Revenue and Customs (HMRC) is a supervisory body for
money laundering regulations. The HMRC’s objective is to work with other
enforcement agencies and government departments to tackle economic
crime and help businesses protect themselves from criminal attacks.

• The Office of Financial Sanctions Implementation (OFSI) is part of HM

Treasury and is responsible for implementing UN and EU financial
sanctions. It was established in March 2016 and works to improve
understanding, implementation, and enforcement of financial sanctions in
the UK.

• The UKFIU operates independently within the National Economic Crime

Command (NECC) as an integral part of the National Crime Agency (NCA).
It receives, analyzes, and disseminates intelligence submitted through
SARs to share with law enforcement agencies. The NCA has the power of
arrest and can seek warrants and court orders. Additionally, it can freeze
and confiscate assets it suspects are involved in money laundering,
terrorism financing, or other criminal activities.

Australia AML regulations

• Legislation includes AML/CTF Act 2006 and AML/CTF Amendment Act
2024.

• The amendments introduce several provisions, including:

o Extending AML/CFT obligations to DNFBPs.

o Granting AUSTRAC enhanced enforcement powers.

o Amending tipping off provisions.

o Emphasizing the risk-based approach.

• Legislation requires entities to comply with the new obligations by 2026.

The primary legislation governing AML/CFT in Australia is the Anti-Money

Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act 2006).
This act requires reporting entities to implement and maintain an AML/CFT
compliance program. This program includes risk assessment, internal controls
for CDD and regulatory reporting, employee training, and independent
reviews.

Certified Anti-Money Laundering Specialist Page 196

Version 7.0
Australia recently passed the AML/CTF Amendment Act 2024, which is a
significant enhancement of its AML/CFT framework. The purpose of the
amendments is to ensure Australia’s laws align with FATF’s international
standards and continue to effectively deter, detect, and disrupt money
laundering as well as terrorism financing and proliferation financing. The
AML/CTF Amendment Act 2024 introduces several key provisions, including:

• Extending AML/CFT obligations to DNFBPs, such as real estate agents, legal

professionals, accountants, and dealers in precious metals and stones. This
includes the obligations to identify and verify customers, conduct ongoing
monitoring, and report suspicious activities to AUSTRAC.

• Granting AUSTRAC enhanced enforcement powers, including the ability to

impose higher penalties for noncompliance, issue remedial directions, and
pursue civil and criminal actions against entities that breach AML/CFT
obligations.

• Amending tipping off provisions to facilitate greater information sharing

between regulatory bodies, law enforcement agencies, and international
counterparts.

• Emphasizing the risk-based approach, allowing entities to tailor their

AML/CFT measures based on the level of risk identified. This approach
ensures that resources are allocated effectively to mitigate higher-risk
areas.

Reporting entities will be required to comply with many of the new obligations
by March 2026.

AUSTRAC is the principal regulatory authority responsible for overseeing the

AML/CFT regime in Australia. It acts as both a national FIU and a regulatory
agency, collecting and analyzing financial transaction reports, monitoring
compliance with AML/CFT obligations, and enforcing regulatory actions
against noncompliant entities.

The Australian Sanctions Office (ASO) within the Department of Foreign

Affairs and Trade (DFAT) administers Australia's sanctions regime,
implementing and enforcing UNSC sanctions and Australian autonomous
sanctions. DFAT coordinates with AUSTRAC and other regulatory bodies to
ensure that entities comply with sanctions obligations.

Certified Anti-Money Laundering Specialist Page 197

Version 7.0
Singapore AML regulations
Singapore's National AML Strategy was updated in October 2024 and outlines
its approach to combat money laundering risks, emphasizing a three-pillar
framework of prevention, detection, and enforcement. Singapore follows a
risk-based approach to AML/CFT compliance. This approach requires
financial institutions and DNFBPs to implement CDD, enhanced due diligence
for high-risk clients, ongoing transaction monitoring, and suspicious
transaction reporting.

The key legislation governing AML/CFT in Singapore includes:

• The Corruption, Drug Trafficking and Other Serious Crimes (Confiscation

of Benefits) Act 1992: Criminalizes money laundering and mandates
reporting of suspicious transactions.

• The Terrorism (Suppression of Financing) Act 2002: Addresses the

criminalization and prevention of terrorism financing.

Singapore's major regulators include:

• Monetary Authority of Singapore: Regulates financial institutions, DNFBPs,

and non-profit organizations, and issues AML/CFT guidelines, and
supervises compliance.

• Commercial Affairs Department of the Singapore Police Force:

Investigates financial crimes, including money laundering and fraud.

• Accounting and Corporate Regulatory Authority: Oversees corporate

entities and enforces AML/CFT obligations on corporate service providers.

• Casino Regulatory Authority and Gambling Regulatory Authority: Monitor

AML/CFT compliance in the gaming sector.

Additionally, DNFBP sectors are regulated for AML/CFT by their licensing

authority, registration authority, or self-regulatory body. Precious stones and
metal dealers other than pawnbrokers are not considered part of these
DNFBP sectors.

The Suspicious Transaction Reporting Office (STRO) is the FIU of the

jurisdiction. STRO is part of the Singapore Police Force and responsible for
receiving and analyzing financial intelligence.

Certified Anti-Money Laundering Specialist Page 198

Version 7.0
In addition to the legislation, the following are also useful resources for AFC
professionals:

• Monetary Authority of Singapore notices and guidelines: Set compliance

obligations for obligated entities

• AML/CFT Industry Partnership guidelines and best practice papers: Enable

the financial sector, regulators, law enforcement agencies, and other
government entities to collaboratively identify, assess, and mitigate
emerging risks. This self-regulatory approach is effective in delivering
benefits to customers and strengthening the commercial and investment
banking industry.

Hong Kong (China) AML regulations

The Hong Kong Special Administrative Region of China (HKSAR) has been a
member of FATF since 1991. It is also a founding member of the Asia-Pacific
Group.

The main legislation of HKSAR’s AML/CFT regime is the Anti-Money

Laundering and Counter-Terrorist Financing Ordinance. This legislation
outlines the framework for AML and is coupled with other laws and regulations
combating financial crimes. These laws and regulations include the Organized
and Serious Crimes Ordinance, the Drug Trafficking Ordinance, the Theft
Ordinance, the United Nations Ordinance, and the United Nations Sanctions
Ordinance.

The Anti-Money Laundering and Counter-Terrorist Financing Ordinance

provides a risk-based approach framework in CDD, ongoing monitoring, and
recordkeeping. Regulations and guidance from relevant regulatory authorities
supplement this legislation. It obligates financial institutions and DNFBPs to
comply with its CDD requirements. Failure to do so could be a criminal offense
that results in imprisonment or fines. Financial institutions include banks,
securities brokerages, money services businesses, insurance companies, and
payment companies.

In the HKSAR, several regulators oversee financial institutions and DNFBPs to

ensure the adequacy and effectiveness of the AML framework. Regulators
include the Hong Kong Monetary Authority, the Securities and Futures
Commission, the Insurance Authority, the Customs and Excise Department,

Certified Anti-Money Laundering Specialist Page 199

Version 7.0
and the Company Registry. Additionally, the Joint Financial Intelligence Unit is a
regulator that collects suspicious transaction reports, analyzes them, and
refers the criminal intelligence to law enforcement agencies and authorities
for further investigation and prosecution. It is the FIU of Hong Kong.

China AML regulations

China revised its AML Law, which took effect on January 1, 2025. This revision
reflects China’s commitment to aligning with international standards,
particularly the FATF Recommendations, while addressing emerging risks in
digital finance and cross-border crime.

This revised AML Law expands the scope of the previous regime, both in
terms of predicate offenses and in terms of sectors covered by the law. In
doing so, the revisions aim to provide flexibility to address evolving risks. In
terms of predicate offenses, the revised law now applies to any criminal
activity. Additional sectors covered by the law include law firms, real estate
agencies, and dealers in precious gems. Importantly, the revised law has
extraterritorial application, extending the jurisdiction to include activities that
occur outside of China, but which are deemed to pose a threat to China or its
citizens.

Under the AML Law, obliged entities must abide by enhanced compliance
obligations such as implementing enhanced internal controls, conducting
CDD, and reporting suspicious transactions. The revised law emphasizes
ongoing monitoring and mandates simplified CDD for low-risk clients to
balance compliance and service efficiency. This law strengthens enforcement
and escalates penalties for noncompliance, with large fines for severe
violations.

In conjunction with tightening oversight, the AML Law safeguards legitimate

financial activities and personal privacy. The provisions restrict excessive risk
measures, ensure data protection, and allow judicial redress for entities
affected by unjustified account freezes.

The People’s Bank of China is the primary supervisory body under the State
Council. This body oversees AML enforcement, coordinates
interdepartmental efforts, and conducts financial monitoring through the
Anti-Money Laundering Monitoring and Analysis Center. Sector-specific
regulators, such as the China Banking and Insurance Regulatory Commission

Certified Anti-Money Laundering Specialist Page 200

Version 7.0
and the China Securities Regulatory Commission, collaborate with the
People’s Bank of China to enforce AML compliance in their respective
industries. Additionally, the Ministry of Public Security investigates and
prosecutes money laundering and terrorist financing offenses.

Japan AML regulations

Japan’s AML/CFT framework aligns with FATF’s Recommendations and
evolving financial crime risks. The framework includes the Act on Prevention
of Transfer of Criminal Proceeds, the Act on Punishment of Organized Crimes
and Control of Crime Proceeds, and the Foreign Exchange and Foreign Trade
Act.

According to Japan’s AML/CFT legislation, financial institutions and DNFBPs

must adhere to CDD requirements, report suspicious transactions, and
implement internal risk-based AML programs. Additionally, the legislation
requires enhanced due diligence for high-risk customers, including PEPs.
Compliance failures can result in administrative penalties or criminal sanctions.

In addition to these requirements, financial institutions must conduct ongoing

monitoring of customer transactions to detect unusual patterns and regularly
update risk assessments to reflect emerging threats. Obliged entities are also
encouraged to invest in technological solutions such as artificial intelligence
and machine learning to improve transaction monitoring and fraud detection.

Recent updates to these legislations include strengthening digital asset

regulations, increasing oversight of money transfer service providers, and
enhancing transparency in beneficial ownership reporting. Japan is also
focusing on international cooperation, working closely with FATF and other
global regulators to improve its AML/CFT measures.

The primary regulators overseeing AML/CFT compliance in Japan are the:

• Financial Services Agency, which supervises financial institutions and

ensures compliance with AML/CFT laws.

• National Police Agency, which investigates financial crimes and works in

coordination with other agencies.

• Japan Financial Intelligence Center, which is the FIU of Japan, receives and
analyzes suspicious transaction reports and shares intelligence with
domestic and international authorities.

Certified Anti-Money Laundering Specialist Page 201

Version 7.0
Additionally, the Japanese government established an Inter-Ministerial Council
for AML/CFT/CPF Policy to coordinate and advance the government’s
AML/CFT and weapons proliferation efforts. In April 2024, the Council
formulated a National AML/CFT/CPF Action Plan and monitors progress on
the Action Plan as part of its work.

South Korea AML regulations

South Korea’s AML framework primarily focuses on three laws.

The Financial Transaction Reports Act guarantees independence and

autonomy of the Korea FIU. According to this law, the FIU is the primary
authority for collecting, analyzing, and disseminating financial transaction
information. This act provides a legal framework for financial companies to
report suspicious transactions and high-value cash transactions to the FIU.
After financial companies file reports of suspicious transactions, the FIU may
share relevant information with law enforcement for further action.

The Proceeds of Crime Act criminalizes money laundering and establishes

legal measures to punish and prevent the concealment of criminal proceeds.
Under Article 3 of this law, any person who disguises the acquisition or
disposition of criminal proceeds, disguises the origin of criminal proceeds, or
conceals criminal proceeds is subject to imprisonment and fines. Article 8
provides requirements for the confiscation of criminal proceeds, and Article
10 provides requirements for the confiscation of property of equivalent value
to criminal proceeds.

The Act on Prohibition Against the Financing of Terrorism and Proliferation of

Weapons of Mass Destruction, also known as the Terrorist Financing
Prohibition Act, took effect in 2008. It implements the International
Convention for the Suppression of the Financing of Terrorism and the UNSC
resolution related to the prevention of the proliferation of WMDs. Additionally,
this act imposes obligations on financial institutions to prevent the financing of
terrorism by identifying and reporting suspicious transactions and freezing
assets.

The history of South Korea’s AML/CFT regime started with the establishment
of the Korea FIU and the enactment of the Financial Transaction Reports Act
and the Proceeds of Crime Act in 2001.

Certified Anti-Money Laundering Specialist Page 202

Version 7.0
South Korea established the Financial Services Commission in 2008. While the
Commission oversees the broader financial market regulation, the Korea FIU
acts as its primary agency for AML/CFT matters. As an agency under the
Commission, the FIU analyzes suspicious transaction reports and shares
information with law enforcement agencies. Under the Commission, the
Financial Supervisory Service examines and supervises financial institutions to
ensure compliance with AML obligations. It collaborates with the FIU to
enhance the effectiveness of South Korea's AML framework.

United Arab Emirates AML regulations

The UAE aligns its regulatory approach with FATF requirements, including the
FATF Recommendations, to strengthen oversight, risk-based monitoring, and
enforcement mechanisms.

Federal Decree No. 20 of 2018, as amended by Decree-Law No. 26 of 2021, is a

fundamental pillar of the UAE’s AML/CFT regulatory framework. This decree
defines AML offenses, enforcement mechanisms, and penalties for
noncompliance. It stipulates the establishment of a committee dedicated to
AML/CFT objectives. It also requires an independent FIU to receive and
investigate all reports submitted by financial institutions and other corporate
establishments.

Cabinet Decision No. 10 of 2019, as amended by Decision No. 24 of 2022, raises

the effectiveness of the legal and institutional AML/CFT framework. It
establishes AML compliance obligations, risk-based due diligence measures,
and regulatory oversight.

As part of their compliance obligations, all regulated entities, including financial

institutions and DNFBPs, must conduct CDD and KYC. These efforts include
verifying customer identity, beneficial ownership, risk classification, and
source of funds. Additionally, financial institutions and DNFBPs must monitor
transactions and report suspicious activity to the UAE FIU in compliance with
AML regulations. Financial institutions and DNFBPs must implement sanctions
screening programs in line with UN, UAE, and FATF sanctions lists.

According to the 2024-2027 National Strategy for AML/CFT, the UAE aims to
strengthen risk-based supervision, enforcement measures, and international
cooperation to support their FATF Mutual Evaluation set for 2025 to 2027.

Certified Anti-Money Laundering Specialist Page 203

Version 7.0
The UAE’s regulators and their roles are as follows:

• The Central Bank of the UAE oversees financial institutions including banks,
exchange houses, money service providers, and insurance companies.

• The UAE FIU’s main responsibilities include receiving and analyzing

suspicious activity reports, conducting risk assessments, providing
feedback to enhance AML/CFT procedures, and disseminating data.

• The Securities and Commodities Authority, Dubai Financial Services

Authority, and Abu Dhabi Global Market regulate capital markets, securities
firms, and financial free zones.

• The Executive Office for AML/CFT coordinates AML policies, strategic

planning, and international cooperation.

Certified Anti-Money Laundering Specialist Page 204

Version 7.0
Other AFC regulations that
impact organizations

Major ABC regulations

Anti-bribery and corruption (ABC) compliance is an important area of AFC
compliance because corruption remains a major source of criminal proceeds
and is a key predicate offense for money laundering. Most jurisdictions
criminalize bribery and corruption through domestic legislation, yet only a
fraction of them have enacted ABC laws and regulations. The US, UK, and
France have their own legislative frameworks on ABC. All three frameworks
have extraterritorial reach.

In 1997, the US enacted the Foreign Corrupt Practices Act (FCPA). Under this
law, it is illegal for all US persons and certain foreign securities issuers to make
payments to foreign government officials to assist them in obtaining or
retaining business. Since 1998, it has also applied to foreign firms and persons
who, directly or indirectly, cause acts of corruption within the US. In effect
since July 2024, the Foreign Extortion Prevention Technical Corrections Act
complements the FCPA by criminalizing the acceptance of bribes by foreign
officials and their agents. Unlike the UK and French legislation, the FCPA’s
bribery provisions generally exempt facilitation payments if they are made
solely to expedite a routine official action that would occur even without the
payment.

In 2011, the UK enacted the Bribery Act 2010. This act sets out the five key UK
bribery offenses. It also introduced strict liability for commercial entities that
engage in bribery through associated persons, unless the entity can
demonstrate it has sufficient anti-bribery safeguards. According to the UK
government’s statutory guidance, these safeguards must include
proportionate procedures, senior management commitment, risk
assessment, due diligence, communication that includes training, and
monitoring and review.

In 2016, France enacted their anticorruption law known as Sapin II, named
after the minister who initiated the law. For large companies and public

Certified Anti-Money Laundering Specialist Page 205

Version 7.0
entities, Sapin II introduced an obligation to have an anticorruption program
meeting specific criteria. This law also established the French Anticorruption
Agency to oversee anticorruption efforts in both the private and public
sectors. This agency can impose administrative penalties and refer findings to
the National Financial Prosecutor’s Office. Additionally, Sapin II created a novel
mechanism for resolving corruption cases through deferred prosecution
agreements.

Major sanctions regimes

The UN uses sanctions to promote international peace and security. This
power is based on Article 41 of Chapter VII of the UN Charter. Article 25 further
states that Member States are obligated to “accept and carry out the
decisions of the Security Council.” After the Security Council passes a
resolution, the UN establishes a sanctions committee to monitor the
implementation and effectiveness of a sanctions regime. The UN also
maintains the United Nations Security Council Consolidated List, which
includes all persons and entities that are subject to UN sanctions.

In the EU, sanctions are referred to as restrictive measures. The European

External Action Service has responsibility for preparing new sanctions
measures and the Council of the EU must approve them. The EU implements
all sanctions that the UN Security Council enacts. The EU transposes UN
sanctions into EU law by means of Council Decisions and Council Regulations.
As such, the EU member states are responsible for enforcing sanctions and
adopting national legislation to implement them.

The US has a relatively comprehensive sanctions framework. Both the

executive and legislative branches of the US government can introduce
sanctions. Due in part to the importance of the US dollar to the world
economy, US sanctions can have a broad impact. US sanctions are a
compliance concern for organizations all over the world.

Congress has the power to impose sanctions and has delegated broad
powers to the president to impose sanctions through the International
Emergency Economic Powers Act and the Trading with the Enemy Act. Under
these acts, the president imposes sanctions by executive order. Congress can
introduce sanctions regimes by passing a sanctions bill. OFAC is the main US
regulatory authority that administers and enforces economic and trade
sanctions, based on US foreign policy and national security goals.
Certified Anti-Money Laundering Specialist Page 206
Version 7.0
The UK’s Foreign, Commonwealth and Development Office is responsible for
setting the UK’s sanctions policy and has obligations to report to Parliament.
The Office of Financial Sanctions Implementation applies and administers
financial sanctions. It also grants licenses that allow activities prohibited by
financial sanctions. The Financial Conduct Authority requires regulated firms
to protect themselves from being misused for financial crime; the
requirement includes compliance with UK financial sanctions.

Other sanctions regimes

Along with the major sanctions regimes, organizations might need to comply
with other sanctions regimes. This depends on their own geographical
footprint as well as jurisdictional exposure stemming from the activities of
their customers, suppliers, and other third parties.

Since 2020, China has established a domestic framework for autonomous,

meaning non-UN, sanctions. In 2021, it adopted the Anti-Foreign Sanctions
Law. The Ministry of Foreign Affairs and the Ministry of Economy co-share
responsibility for sanctions administration and enforcement.

Japan enforces autonomous sanctions against North Korea and regularly

aligns itself with other G-7 jurisdictions by adopting sanctions in the name of
international peace and stability. An example of this cooperation is Japan’s
sanctions against Russia. The Ministry of Finance maintains a list of all
sanctioned persons and can license certain prohibited activities, alongside the
Ministry of Economy, Trade and Industry.

In South Korea, the Financial Services Commission is the principal regulator in

charge of economic and financial sanctions, namely in relation to terrorist
financing. It also has extensive licensing authority. Similar to Japan, South
Korea has implemented autonomous sanctions against Russia in coordination
with its Western allies.

Canada implements autonomous sanctions under the Special Economic

Measures Act and the Justice for Victims of Corrupt Foreign Officials Act, also
known as the Sergei Magnitsky Law. The Minister of Foreign Affairs is
responsible for administering and enforcing sanctions and may issue permits
or certificates to authorize prohibited activities or transactions.

Similar to Canada, Australia implements autonomous sanctions through the

Autonomous Sanctions Act and the corresponding Autonomous Sanctions

Certified Anti-Money Laundering Specialist Page 207

Version 7.0
Regulations. The Department of Foreign Affairs and Trade maintains a
consolidated list of all persons and entities subject to targeted financial
sanctions.

In addition to UN sanctions, which are implemented through the United

Nations Act and the Monetary Authority of Singapore Act, Singapore applies
targeted financial sanctions against designated individuals and entities under
the Terrorism (Suppression of Financing) Act.

Certified Anti-Money Laundering Specialist Page 208

Version 7.0
Other laws and regulations that
impact organizations

Data security and privacy

Financial institutions have a high duty to care for—and often a legal obligation
to ensure the security and privacy of—customer data. Your customer data
must be stored securely and should only be shared with others who need to
know and have the requisite permission and authority to view it. In many
jurisdictions, it is prohibited by law for data collected for one purpose to be
used for another purpose, such as marketing. Once it has served its purpose,
data must be securely destroyed. Many jurisdictions have rules and regulations
about how long data should be retained. Your organization will have a policy
on data categorization, how long data should be stored, and when data should
be destroyed.

Many jurisdictions have specific national privacy or data security laws,

including laws and regulations that apply to financial institutions. One of the
strictest is the EU GDPR for how organizations protect EU citizens' personal
data and privacy.

These laws place challenging requirements on financial institutions that collect

data. Data privacy laws may place restrictions on the transfer of personal data
outside the jurisdiction unless certain conditions are met. These conditions are
intended to ensure that protections outside the jurisdiction are equivalent to
those in the home jurisdiction. As a result, financial institutions must ensure
that they have met the conditions to allow for the transfer of data without
violating the laws affected if a data breach occurs.

The data that is collected is comprehensive and often purposeful. Care must
be taken to ensure physical data is properly protected. It should not be left on
an employee’s desk overnight. When stored electronically, data must be
entered into your organization’s approved databases in accordance with
policy. Some organizations prohibit the use of desktop folders. Most
organizations also prohibit the use of USB sticks for storing data, as these are

Certified Anti-Money Laundering Specialist Page 209

Version 7.0
easily lost. Data should not be retained indefinitely and must be destroyed in
accordance with your organization’s destruction policy.

Digital Operational Resilience Act

Digitalization has deepened interconnections and dependencies within the
financial sector and with third-party service providers. In this context,
information and communications technology (ICT) risk has increased as illicit
actors frequently exploit ICT infrastructures to attack financial institutions.
Considering the relevance of digital resilience, the EU passed the Digital
Operational Resilience Act (DORA). The goal of this regulation is to strengthen
the cybersecurity of EU’s financial services sector. It applies to all financial
institutions as of January 2025.

DORA sets requirements in the following areas:

• ICT risk management: Financial institutions should implement a robust

control system coordinated by an independent ICT risk control function.
This body is responsible for setting the data operational resilience strategy,
which includes determining the appropriate risk tolerance level. A
management body then approves this tolerance level. These bodies
should make the necessary arrangements to ensure continuity of critical
AFC functions and include a secondary processing site.

• Incident reporting: Financial institutions should promptly report significant

ICT incidents to the designated competent authorities.

• Resilience testing: Financial institutions should conduct yearly vulnerability

assessments, while the designated competent authorities are responsible
for conducting threat-led penetration tests every three years. The financial
institution utilizing a third-party service is primarily responsible for
remediating vulnerabilities it identifies during end-to-end testing.

• Third-party risk management: Financial institutions should conduct ex-ante

due diligence - meaning a preventative review before taking action - and
ongoing monitoring of vendors. They should prohibit dealing with vendors
that have insufficient security standards. To mitigate concentration risk,
financial institutions should establish an exit strategy from vendor services
related to critical AFC functions, such as sanction screening and
transaction monitoring. Additionally, critical ICT third-party service

Certified Anti-Money Laundering Specialist Page 210

Version 7.0
 providers are subject to EU-level supervision and obliged to establish a
subsidiary in the EU.

• Information sharing: Financial institutions can regularly share information

regarding threats and vulnerability intelligence to prevent the
materialization of incidents. Information sharing enables other financial
institutions to effectively contain impacts of financial crimes and recover
faster.

By meeting DORA’s enhanced cybersecurity and risk management

requirements, financial institutions reduce the risk that criminals and terrorists
will exploit digital vulnerabilities to launder money through their accounts.

EU General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a law the EU has adopted to
safeguard the privacy and data protection rights of individuals living in its
jurisdiction. Unlike directives, the GDPR is a legislative act that applies directly
and uniformly across all member states without a need for national legislation.
The GDPR builds upon previous EU privacy and data protection law through its
legal structure, scope, accountability requirements, and enforcement
mechanisms. The EU extended the GDPR to apply to the entire EEA, which
consists of the EU member states plus Norway, Iceland, and Liechtenstein,
through procedures established between the EU and EEA.

To fall within the scope of the GDPR, an organization must fall into one of two
categories: the organization is established in the EU and EEA, or offers goods
or services to, or monitors the behavior of, data subjects in the EU and EEA. If
the organization is established in the EU and EEA, it must apply GDPR rights
and protections to the personal data of data subjects irrespective of their
location. If the organization is not established in the EU or EEA, it is required to
apply GDPR rights and protections to the personal data of data subjects
located in the EU and EEA. The regulation clearly defines data collectors and
data processors, who have different duties in handling personal data.

Key provisions of the GDPR include the following:

• Strengthen data protection rights: Individuals, or data subjects, have rights

regarding the use of their personal data, including access, correction,
deletion, portability, and rectification.

Certified Anti-Money Laundering Specialist Page 211

Version 7.0
• Implement strict cross-border transfer requirements: Data transfer
mechanisms must be in place when there is a transfer of personal data
outside the EU and EEA to a jurisdiction whose data protection practices
have been deemed inadequate by the European Commission.

• Increase accountability of in-scope organizations: Organizations are

required to notify the relevant supervisory authority of a breach without
undue delay, appoint a data protection office in certain circumstances,
create and maintain appropriate data protection impact assessments.

• Introduce a two-tier fining system that is based on types of infringement:

Less serious infringements result in lower fines; these include any violation
of the articles governing controllers and processors, certification bodies,
and monitoring bodies. More serious infringements result in higher fines;
these include violations of articles governing key principles of the right to
privacy and the right to be forgotten.

• Modernize the approach to privacy and personal data protection: The

GDPR's intent is to be technology-neutral, meaning it applies to the
processing of personal data regardless of the specific technology that
organizations use.

• Provide lawful reasons for obtaining and processing personal data:

Organizations must inform data subjects that one or more of the following
lawful reasons exist: consent, contractual obligation, legal obligation, public
interest, vital interests, or legitimate interests.

The GDPR and the balance between privacy

and transparency
The GDPR applies to all data processing activities. These include activities
where an organization processes personal data to comply with other
regulations it is subject to, such as data gathering for AML purposes.

AML obligations require organizations to obtain and process the personal data
of relevant data subjects when performing KYC tasks. These tasks can include
gathering ultimate beneficial ownership information and customer
identification information such as the full name and date of birth of individual
directors. The GDPR applies to all organizations that use personal data and are

Certified Anti-Money Laundering Specialist Page 212

Version 7.0
established in the EU or that fall within the extraterritorial scope of the law.
Therefore, organizations must adhere to AML obligations and the GDPR.

The GDPR obliges organizations to provide data subjects with a variety of

rights regarding their personal data. These rights can include a right of access,
a right to deletion, and the right to be informed, also referred to as
transparency. The GDPR requires organizations to inform data subjects about
why and how the organization will use their personal data. Articles 75 and 76 of
Regulation (EU) 2024/1624 of the European Parliament and of the Council also
reference these requirements and state the permissible instances where
organizations or other obliged entities may share or process relevant personal
information for AML compliance purposes.

For organizations to lawfully obtain and process personal data, they need at
least one lawful reason. The GDPR provides a list of lawful grounds available for
processing standard forms of personal data, such as ID and proof of address
information. Additionally, the GDPR states exemptions for the processing of
special and sensitive forms of personal data. This data can include information
on race, ethnicity, or political beliefs, as determined from an organization’s
KYC information. This data can also include criminal convictions and offenses.
The AML regulation states that organizations can use these forms of personal
data under the condition that they apply appropriate transparency measures.

Note that data subject rights are not absolute. The offense of tipping off under
AML law will impact the extent to which an organization can share certain
details of its processing activities with a relevant data subject.

Consumer protection and inclusive banking

Consumer protection regulations safeguards private individuals against
deceptive, unfair, or harmful practices in the marketplace. Regulations provide
dispute resolution and redress mechanisms for consumers. Addressing
consumer risks is key to promoting trust in the financial market and ensuring
stability.

While global regulatory approaches to consumer protection vary, they

commonly create frameworks to ensure fairness, transparency, and
accountability. For example, the US achieves this through the Consumer
Financial Protection Act, and the UK through the Consumer Rights Act 2015.
The EU has a variety of laws that protect consumer rights and promote

Certified Anti-Money Laundering Specialist Page 213

Version 7.0
market fairness, including the Consumer Credit Directive, Mortgage Credit
Directive, Payment Service Directive, Markets in Financial Instruments
Directive, and Markets in Crypto Assets Regulation.

AFC compliance initiatives indirectly increase consumer protection by

countering the laundering of proceeds from offenses targeting consumers
such as fraud and ransomware. In addition, compliance with AFC regulations
strengthens consumer confidence in the security and integrity of the financial
system.

Inclusive banking participates in consumer protection. It ensures that all

individuals have access to affordable financial services, such as savings
accounts, loan products, and insurance. Inclusive banking focuses on
vulnerable individuals, minorities, and marginalized individuals. It helps
promote financial literacy and reduces exclusion, therefore improving
economic opportunities for a broader community. In addition, it counters de-
risking, a phenomenon where financial institutions terminate or restrict
business relationships with customers or sectors to avoid risk. FATF has
conducted various initiatives to promote financial inclusion by preventing
overreach and abuse of the FATF standards regarding customer due
diligence.

Governments and financial authorities promote inclusive banking through

policies. In the US, federal and state laws address fairness and inclusion in
specific financial products and services. Additionally, the Financial Conduct
Authority in the UK oversees inclusive banking regulations, ensuring that
financial institutions offer accessible and affordable services.

AI regulations
Jurisdictions have introduced AI regulations due to the rapid adoption and
advancement of AI across numerous industries, along with concerns
regarding the transparency, accountability, privacy, and safety of AI use. In
2021, the FATF published Opportunities and Challenges of New Technologies
for AML/CFT, which notes that using new technologies could favor the
customer experience. However, the publication also mentions that
organizations should consider the risks and unintended consequences of
digitalization when adopting and implementing tools. Additionally, in industries
where AI is unregulated, regulators identify risks such as biased decision-
making, data misuse, and violations of fundamental rights.
Certified Anti-Money Laundering Specialist Page 214
Version 7.0
While AI regulations vary, jurisdictions typically emphasize transparency by
requiring disclosure of how and when they use AI. They emphasize
accountability by stating their governance frameworks and oversight in the AI
decision-making process. This emphasis on transparency and accountability
ensures the jurisdiction’s ethical AI development and usage. Additionally,
some jurisdictions adopt a risk-based approach in which they categorize AI
systems and models according to their potential risks. The higher the risks that
jurisdictions identify, the stricter their obligations are. Lastly, while there is no
universal AI framework, international bodies such as the Financial Stability
Board have called for the harmonization of AI regulations.

AI regulations around the world

In 2025, the US issued Executive Order 14179, Removing Barriers to American

Leadership in Artificial Intelligence, which directs government agencies to
encourage innovation rather than regulation, rescinding a previous blueprint
that set forth five principles for AI governance.

The EU AI Act and other complementary laws, such as the EU Digital Services
Act, form part of the EU’s digital strategy to regulate the digital landscape and
ensure the safe and ethical use of technology. The first of its kind, the EU AI
Act specifically targets the development and deployment of AI models and
systems within the EU. It seeks to achieve this by categorizing AI models and

Certified Anti-Money Laundering Specialist Page 215

Version 7.0
systems into varying levels of risk and imposing corresponding regulatory
requirements. Emphasizing human oversight, transparency,
nondiscrimination, and accountability, this Act applies to AI systems and tools
in service in the EU regardless of where the deployer or provider is located.
The UK has opted for a principles-based approach for AI, although the UK has
proposed bills that would codify AI principles if passed and signed into law. In
2023, the UK government issued a white paper outlining general principles but
left flexibility on how they would apply the principles in specific sectors.

Regarding other jurisdictions, AI approaches vary. China has AI regulations that

align with its national development plan, including the deep synthesis
provisions that focus on the use of AI to create “deep fake” content. Hong
Kong relies on sector-specific guidelines with a particular focus on ethical and
privacy concerns. Its principles are laid out in its 2024 Ethical Artificial
Intelligence Framework. This guideline is issued by the Hong Kong Monetary
Authority and applies only to banks, not all financial institutions. Japan relies on
existing sector-specific laws together with AI governance guidelines. As
outlined in its AI Strategy 2022, Japan’s AI initiatives emphasize safe and
human-centric innovation, focusing on industrial transformation, ethical AI
governance, and international collaboration. In 2025, the government’s AI
Policy Study Group issued an interim report that emphasized the role of
business rather than government in the governance of AI. Singapore’s AI
initiatives focus on developing a trusted, inclusive, and progressive AI
ecosystem, guided by its National AI Strategy 2.0 to drive innovation,
safeguard ethics, and boost economic transformation.

ESG regulations
“Environmental, social, and governance” (ESG) refers to a framework
organizations use to steer their business practices in accordance with the
objectives of sustainable development. “Environmental” refers to an
organization’s impact on the planet. “Social” refers to an organization’s
relationship with various stakeholders, including employees, customers, and
communities within which they operate. “Governance” refers to how factors
such as leadership, board composition, and transparency govern an
organization.

The UN has established a number of initiatives to advance ESG goals on a

global basis. A widely known initiative is its Sustainable Development Goals,

Certified Anti-Money Laundering Specialist Page 216

Version 7.0
which provide a framework of 17 objectives to address poverty, inequality, and
environmental threats while promoting peace and prosperity. All UN Member
States adopted the goals, and many organizations align their strategies with
them. Other ESG-related UN initiatives include the UN Guiding Principles on
Business and Human Rights, the UN Environment Program Finance Initiative,
and the UN Global Compact, an initiative to encourage businesses to support
a wide range of ESG priorities.

Although ESG regulations vary across jurisdictions, trends include increased

mandatory disclosure, accountability, and transparency in organizational
practices. The scope of ESG ranges from climate change to corporate
governance to human rights. ESG considerations intersect with AML/CFT with
respect to:

• Environmental crime: This includes, for example, noncompliance with anti-

pollution rules to achieve economic benefits or the exploitation of illegal
mining. Financial crime such as bribery and corruption of local officials
might be involved as part of the enterprise.

• Social impact: This includes the exploitation of forced labor and corruption
to achieve business objectives.

• Governance and compliance: This includes governance failures that result

in a failure to prevent financial crime within organizations; regulatory
enforcement actions all over the world have demonstrated their impact.

ESG and AML/CFT regulations are converging as global regulatory

frameworks continue to evolve to include sustainable business practices and
financial crime prevention. Strong governance frameworks under ESG
regulation help prevent and deter corruption, fraud, and other illicit financial
activity. In addition, ESG’s emphasis on social responsibility can help identify
certain threats to human rights that might have links to financial crimes. For
example, money laundering often involves the proceeds of human trafficking
and modern slavery. By integrating ESG principles into AML/CFT compliance,
organizations are better suited to identify and mitigate such risks.

Both ESG and AML/CFT compliance frameworks depend on a risk-based

approach to enable effective compliance and risk mitigation. For ESG
regulation, organizations should identify, assess, and manage risks particular to
the elements of ESG, such as environmental impact, social responsibility, and
organizational governance integrity. The risk-based approach helps

Certified Anti-Money Laundering Specialist Page 217

Version 7.0
organizations prioritize resources, focus, and efforts on high-risk areas, such
as industries with very high carbon emissions or locations vulnerable to human
rights violations.

Similarly, AML/CFT regulations require organizations to assess and manage

risks particular to money laundering and terrorist financing. The adoption of a
risk-based approach enables organizations to prioritize resources on high-risk
clients, jurisdictions, and services, ensuring that compliance levels are
proportionate to the level of risk. Both ESG and AML/CFT frameworks require
ongoing due diligence, monitoring, and responsiveness to emerging risks.

Certified Anti-Money Laundering Specialist Page 218

Version 7.0
Use of Guidance and AFC
Cooperation

Introduction

Introduction: Use of guidance and AFC

cooperation
This module covers guidance and other types of documents that public
authorities produce. It considers how financial institutions can incorporate this
type of information into their AFC programs. This includes looking at the
central role that government-produced risk assessments have in jurisdictions.
Guidance from public authorities plays a key role in communicating priorities
and ensuring uniform approaches to financial crime threats. The information
in this module will help you understand their role as you perform your duties.

The module also covers how cooperation takes place in AFC frameworks. This
includes cooperation between public authorities, such as regulators, national
FIUs, and law enforcement. It examines how some jurisdictions have
developed innovative forms of cooperation in public-private partnerships and
how cooperation within the private sector can assist organizations in
addressing financial crime.

Certified Anti-Money Laundering Specialist Page 219

Version 7.0
Case example: Using typology reports to
enhance AML controls
Law enforcement authorities in Isabella's jurisdiction have noted an increase in
money laundering via cryptoassets and the banking sector. Authorities believe
that criminals are recruiting individuals as money mules.

Law enforcement sets up a working group to address this trend. The group
includes the FIU, regulator, and representatives of the bank and virtual assets
sectors. The group's aim is to produce better intelligence to detect those
involved in this activity and improve controls in the private sector.

Isabella's organization is invited to join the group. She obtains agreement from
senior management.

Law enforcement issues a typology report via the group, explaining how the
suspected money laundering happens. The report indicates that students
open accounts with VASPs and move the proceeds of crime to and from
these accounts via their local bank accounts. The group requests that
participant organizations consider this information, review their data to
confirm the typology, and identify customer activity that aligns.

Isabella reviews her organization's client population and confirms a large

number of student accounts. There are more accounts than she can review
manually, so she works with the internal data team to identify ways to
segment this population further. She is able to identify accounts that are
behaving unusually using this strategy. She also identifies accounts that
mention the name of a VASP or a particular cryptoasset in payment
references or via customer communication.

Isabella reports this trend to senior management, then prepares and files
SARs, ensuring that the FIU knows these reports are being submitted because
of the public-private partnership. She also reports her findings to the working
group and confirms that their typology appears to be sound.

Isabella also presents the findings to a senior internal committee along with
recommendations for better protecting the organization from this activity in
the future. Her recommendations include changes to the KYC and client risk
profile parameters as well as adjustments to transaction monitoring
processes.

Certified Anti-Money Laundering Specialist Page 220

Version 7.0
Key takeaways

Considering how to use reports and guidance from different authorities

requires a structured approach in which you:

• Understand the expectations and requirements of the authorities issuing

the documents.

• Consider how to apply the reports efficiently and effectively.

• Use the acquired knowledge to better meet AML/CFT requirements.

Certified Anti-Money Laundering Specialist Page 221

Version 7.0
Using the reports and guidance
from different authorities

Using AFC reports, guidance notes, and

policy papers
National and international authorities produce reports and documents that
can be useful in managing and improving an AFC program. There are three
main types of documents: AFC reports, official guidance notes, and policy
papers.

AFC reports explain how the AFC regime, or parts of it, operates. For example,
national FIUs often produce annual reports that include statistics and other
information, such as case studies on the level and nature of reporting from
different sectors.

Threat and risk reports are another useful type of document. Typologies,
which describe how particular instances of financial crime have operated, are
produced by national FIUs, law enforcement bodies, and other government
agencies. Red flags or indicator documents explain what you should look for
when detecting financial crime. Some governments, national FIUs, and law
enforcement authorities also produce strategic intelligence or strategic
analysis reports. These reports take a broad view of a financial crime type or
trend, drawing on multiple sources to provide an understanding of threats.

Certified Anti-Money Laundering Specialist Page 222

Version 7.0
Using reports, guidance notes, and policy
papers in your AML/CFT controls

Reports, guidance notes, and policy papers vary in how they can be used for
improving AML/CFT controls. Organizations take the following steps to assess
the guidance from these sources and apply it to their AML/CFT controls.

Review the document in question to identify information relevant to the

business’s sector, products, geography, customer base, and delivery
channels. Some information in these documents might not be relevant and
can be disregarded. Assess whether appropriate controls already exist.

For areas where appropriate controls do not exist, conduct further analysis to
understand the impact of introducing such controls. Distinguish simple
changes, with minimum business impact, from more substantial changes that
could require resources to deliver, such as internal IT and product resources.
Some changes can impact customer experience or have cost implications,
which your organization needs to understand and plan for.

Consult with all relevant stakeholders before making a change. Ensure

approval for the change from the appropriate person, such as the money
laundering reporting officer. Depending on the scope and impact of the
change, your organization may need to implement a communication plan and
training.

Your organization should document that it has applied information from an

external report and changed its controls, policies, or procedures. Your
organization can document changes to policies and procedures within the
change log or elsewhere. This allows others, including regulators, to
understand why a control exists and allows your organization to demonstrate
compliance. The enterprise-wide risk assessment (EWRA) could need
adjusting to reflect newly identified risks. For example, imagine that a relevant
authority issues a report describing a product as high risk and your

Certified Anti-Money Laundering Specialist Page 223

Version 7.0
organization provides this product. The EWRA should reflect this, refer to the
source document, and show how your organization has applied controls to
mitigate this risk.

Case example: Terrorist financing red flags

A regulator issues a report describing new information on how a major
terrorist group finances itself. The report contains a list of red flags to look for.

The money laundering reporting officer (MLRO) considers how the bank can
incorporate the list of red flags into its AML/CFT controls. The bank’s home
regulator issued the document, and while the bank is not legally required to
implement the guidance, the regulator expects that the bank will consider it.
The MLRO conducts a review of the bank’s existing controls and processes to
determine which areas are impacted. She then analyzes whether appropriate
controls are in place and whether any gaps need to be addressed.

One red flag identifies the use of import/export companies with a connection
to certain jurisdictions.

The bank has numerous import/export companies as clients. It has EDD

procedures in place to provide extra scrutiny of such companies. The MLRO
reviews the bank’s procedures to assess alignment with the red flag. She finds
that the bank asks all its import/export companies for extra information at
onboarding and subjects them to an annual review. The bank requires that
clients importing or exporting to certain higher risk jurisdictions provide
additional documentation to support this activity. However, the new red flag
refers to an additional jurisdiction that is not on the bank’s list.

The MLRO consults with risk management and other stakeholders regarding
any changes to the risk profile or operations that may arise from the new red
flag. She then informs relevant business areas that the procedures need
updating to include this additional jurisdiction. The MLRO also assesses the
number of cases likely to be generated and ensures affected teams are
aware and adequately resourced before making the change. She determines
that no additional training is required at this time but informs the training team
that future training should reflect the new information.

In addition, the MLRO commissions a retrospective review of existing clients

who trade with the jurisdiction to determine previously unidentified risk and
whether additional action is required. When all actions are completed, she

Certified Anti-Money Laundering Specialist Page 224

Version 7.0
ensures that the change is reflected in appropriate documentation within the
financial institution.

Key takeaways

• Be proactive in reviewing red flags and indicators in reports, guidance

notes, and policy papers.

• Review red flags against existing controls, policies, and procedures.

• Plan and communicate implementation of change in response to reports,

guidance notes, and policy papers.

National, sectoral, and thematic risk

assessments
A national risk assessment (NRA) is a document that a jurisdiction produces to
identify and evaluate money laundering threats and vulnerabilities, determine
risk levels, and develop strategies to respond to risks. NRAs should be
comprehensive documents, drawing on a wide range of data.

FATF Recommendation 1 requires jurisdictions to identify, assess, understand,

and mitigate the money laundering, terrorist financing, and proliferation
financing risks they face. Jurisdictions can consolidate and articulate their
knowledge of these risks using an NRA. FATF encourages all jurisdictions to
produce an NRA, and EU jurisdictions are legally obliged to produce a risk
assessment via the fourth EU AML directive.

FATF has produced guidance for conducting NRAs. In addition, international

organizations such as the World Bank and the Council of Europe have
produced detailed methodologies that jurisdictions can use and adapt to
produce an NRA. Alternatively, jurisdictions might decide to develop their own
methodology.

NRAs analyze risk in a number of ways, including focusing on emerging

sectors or areas of increasing risk. Jurisdictions can produce sectoral risk
assessments (SRAs) or thematic risk assessments to supplement the NRA and
to highlight these issues. Whereas SRAs focus on specific sectors, such as the
gaming industry, thematic assessments look at issues such as the risk that
emerging technologies pose. A jurisdiction might conduct a separate SRA or

Certified Anti-Money Laundering Specialist Page 225

Version 7.0
thematic risk assessment if new risks arise or in response to new regulations
for a sector. As with NRAs, international organizations provide methodologies
to help jurisdictions create SRAs and thematic risk assessments.

FATF Recommendation 2 requires jurisdictions to implement policies that

align with the identified risk. Jurisdictions should also produce action plans to
mitigate the risks identified in the NRA, SRA, or thematic risk assessment,
which can be public or confidential documents. Public risk assessments and
action plans provide organizations with information about risk levels the
government applies to their sector and other sectors, along with other high-
level information about risk and the government’s priorities for addressing it.

Case study: SRA on decentralized finance

In 2023, the US government published an illicit finance risk assessment on
decentralized finance (DeFi) services. DeFi services are virtual asset protocols
and services that users can access without the involvement of intermediaries,
using blockchain technology. Many jurisdictions have conducted SRAs on
virtual assets. As a new area of regulation, the risks can be quite specific.

The US Treasury produced the document because it had identified illicit

finance risks associated with virtual assets, including misuse of DeFi services
for money laundering purposes. Its 2022 NRAs found that illicit actors had
misused DeFi services and that many of these services did not have mitigation
measures in place.

The document provides an overview of DeFi’s market structure and how

these services work, assesses the threats and vulnerabilities of DeFi services,
and discloses the most significant areas of risk. It includes recommended
actions to mitigate the illicit finance risks associated with DeFi services. The
recommendations include that:

• The US government strengthens AML/CFT supervision of virtual asset

activities.

• The Treasury assesses possible enhancements to the US AML/CFT

regulatory regime as applied to DeFi services.

The approach is in line with FATF recommendations, which require policy and
strategy in a jurisdiction to respond to the articulated risk.

Certified Anti-Money Laundering Specialist Page 226

Version 7.0
When published, SRAs can provide organizations with information on the
government’s view of risk and how to respond.

Key takeaways

Sectoral risk assessments:

• Describe and assess the AML/CFT risks of a particular sector in detail.

• Complement and supplement an NRA.

• Can provide organizations with information on the government’s view of

risk and response plans.

Certified Anti-Money Laundering Specialist Page 227

Version 7.0
Cooperation between authorities

Roles of regulators, law enforcement, and

FIUs
A regulator’s role is to set detailed rules, ensure they are followed, and ensure
that the preventative controls in the private sector are effective. Regulators
authorize regulated businesses via licenses and registrations and then
undertake risk-based supervision of these organizations to ensure
compliance and identify noncompliance. Regulators have a range of tools to
ensure compliance, up to and including issuing fines and enforcement actions
for serious cases.

Law enforcement undertakes investigations to bring money launderers to

justice, take away their assets, and achieve other disruptive effects. Law
enforcement investigators work with prosecution authorities to bring court
proceedings. The relationship between law enforcement and prosecution
authorities varies significantly between jurisdictions, depending on the legal
system in each jurisdiction.

Asset recovery is an important part of AML/CFT systems. Law enforcement

and prosecution authorities use asset recovery as a mechanism to ensure that
crime does not pay.

Depending on their location, law enforcement agencies have varying scopes

of authority for addressing different types of crime. For example, local police
have different responsibilities compared to national or federal agencies. Some
law enforcement agencies might also have other responsibilities. For
example, tax authorities can be responsible for investigating tax crime as well
as setting tax policy.

National FIUs receive, analyze, and disseminate financial intelligence. They

produce strategic analysis that is used to understand trends, typologies, and
threats. They also produce operational analysis that law enforcement uses to
investigate and disrupt money laundering, terrorist financing, and predicate
offenses.

Certified Anti-Money Laundering Specialist Page 228

Version 7.0
In some cases, the same organization can be both a regulator and an FIU, and
FIUs can also be part of law enforcement agencies. There are many different
models, but the main point is that the agencies cooperate and share
information when it pertains to each other’s functions. These agencies should
also share information with their international counterparts to handle cross-
border money laundering and terrorist financing. There are various channels
for information sharing, depending on whether it is intelligence, evidence, or
regulatory information.

Case study: J5-US law enforcement

collaboration
International cooperation among public sector authorities is key to fighting
transnational financial crime. Law enforcement, regulators, and national FIUs
develop strategic partnerships as well as cooperate at a case level.

The Joint Chiefs of Global Tax Enforcement, or J5 partnership, is one such

strategic partnership. It comprises the tax authorities of Australia, Canada, the
Netherlands, the UK, and the US. The partnership recognizes that tax crime
and money laundering operate across borders, or transnationally.

Through the J5, the authorities work together to investigate those who enable
transnational tax crime and money laundering and those who benefit from it.
They also collaborate to reduce the threat that cryptocurrencies and
cybercrime pose to tax authorities.

The J5 has been instrumental in many important cases, including one in which
it helped defeat an international boiler-room scheme.

The prosecution alleged that a US citizen ran, and conspired with others to
run, a boiler-room operation from overseas locations that sold investors nearly
US$2 million in securities that they never received. The defendant and others
targeted their victims repeatedly by phone, pretending to be licensed brokers
at real Manhattan brokerages. They then used high-pressure tactics to pitch
stocks at alleged discount prices.

The bad actors used emotional manipulation to persuade victims to send

funds up to hundreds of thousands of US dollars to shell company accounts in
New York, Hong Kong, and Singapore. Victims used their savings and took out
loans and mortgages. The group established sham companies and then

Certified Anti-Money Laundering Specialist Page 229

Version 7.0
opened US bank accounts in the names of those companies to receive and
launder the victims' payments.

The judge in the case praised the work of the US agencies that investigated
the case and also their partnership with the J5. Through such collaboration, a
US citizen was sentenced to 10 years in prison for defrauding investors around
the world of almost US$2 million and laundering the proceeds.

Key takeaways

International cooperation among public sector authorities is vital because:

• Financial crime operates across borders.

• It enables authorities to work together, share intelligence, and develop joint

approaches.

• It leads to the enforcement of law and the disruption of serious criminal

groups.

Cooperation between regulatory

authorities
In some cases, multiple regulators supervise a single organization. This occurs
when an organization offers a range of regulated products or operates across
international or domestic borders. Therefore, regulators coordinate when
conducting regulatory examinations and other activities.

Regulators clarify their area or scope of authority so that examinations and

supervisory activities do not overlap. All parties need to be clear about their
respective responsibilities. Regulators coordinate at a policy level to ensure
there are no gaps that create opportunities for noncompliance. They
compare risk assessments and risk-based approaches to ensure integrated
supervision.

Regulators also share information. Coordinating scheduled work allows for

complementary scheduling among regulators. Regulators might consider
joint examinations for areas that warrant it to reduce the impact on an
organization.

Certified Anti-Money Laundering Specialist Page 230

Version 7.0
If an examination identifies issues or weaknesses, the regulator informs any
other relevant regulators. In some instances, regulators can pursue joint
action, resulting in combined enforcement action.

Regulators cooperate both within a jurisdiction and internationally. Many

financial institutions have international footprints. Problems or risks in one
jurisdiction might warrant scrutiny from regulators in another jurisdiction. In
Europe, AML/CFT colleges are permanent structures that enhance
cooperation between different regulators that supervise cross-border
institutions. In addition, the EU’s new AML Authority will coordinate supervision
among EU regulators and undertake direct supervision for the most high-risk
entities.

Law enforcement and FIU AFC cooperation

FATF requires that jurisdictions have FIUs to receive, analyze, and disseminate
financial intelligence. National FIUs produce strategic analysis, which looks at
trends and patterns, and operational analysis, which focuses on specific
targets.

Operational analysis provides law enforcement with intelligence it can use for
investigations into money laundering, terrorist financing, and predicate
offenses. The intelligence can ultimately lead to disruptions, including arrests,
prosecutions, convictions, and asset recovery.

National FIUs disseminate intelligence packages to law enforcement based on

their operational analysis. The level of analysis varies depending on the issue
and the FIU. Sometimes FIUs undertake detailed work, checking multiple
sources and applying a range of techniques. Sometimes the FIU disseminates
intelligence that is less refined. For example, the FIU may choose to conduct
limited additional checks on an urgent issue such as terrorism finance to
disseminate information as quickly as possible.

FIUs obtain SARs and other information from reporting entities and a range of
other domestic sources. FIUs have access to other FIUs internationally. Under
FATF standards and principles set by the Egmont Group of FIUs, FIUs are
expected to disseminate financial intelligence to each other, either
spontaneously or on request. FIUs can incorporate this data into operational
analysis relating to cross-border money laundering and disseminate it to law
enforcement for action.

Certified Anti-Money Laundering Specialist Page 231

Version 7.0
Often, the material that FIUs disseminate to law enforcement is for
intelligence use only, meaning that it usually cannot be used directly as
evidence in court proceedings.

Case study: Law enforcement and FIU

cooperation
Cooperation between national FIUs and law enforcement results in law
enforcement action. In one example, the French FIU, TRACFIN, issued an alert.
Together with a complaint by the Directorate General of Public Finance, this
led to a large investigation into money laundering.

The focus of the investigation was a group that laundered €200 million and
evaded €3 million in income tax.

In France, the police led the investigation. However, Eurojust coordinated

international activity because the case had significant cross-border focus.
Eurojust is an EU body that coordinates national authorities' work in
investigating and prosecuting transnational crime from EU member states
and other jurisdictions.

The investigation involved coordination of eight European countries: Denmark,

Germany, Estonia, Spain, France, Latvia, Lithuania, and Switzerland. It involved
coordinated searches and property and asset seizures within and outside of
France. Europol supported the investigation. Europol is an EU agency that
analyzes crime trends in the EU, supports member states’ investigations, and
coordinates law enforcement activity that requires an international approach.

Europol estimated that the value of seized assets in the EU was approximately
€3.5 million, in the form of financial assets, property, luxury vehicles, and other
assets.

In another example of cooperation between a national FIU and law

enforcement, the FBI worked closely with FinCEN to analyze SARs submitted
by an individual whom the FBI was investigating. The FBI suspected the
individual was an illicit international arms dealer who had provided funding and
technology related to WMDs, including ballistic missile technology, to Iran.
Based on over 40 reports, the FBI determined that the illicit arms dealer had
accessed the US financial system, laundering approximately US$8.5 million
through multiple banks in New York. The investigators used the information to

Certified Anti-Money Laundering Specialist Page 232

Version 7.0
identify over 20 front companies and bank accounts associated with the
dealer’s network. The government was able to seize US$6.5 million in assets
from the bank accounts and place 17 front companies on OFAC and
Commerce Department watch lists. Through its cooperation with FinCEN and
financial institution FIUs, the FBI placed the leader of the network on its most
wanted list, and the network was no longer able to operate.

Key takeaways

• Cooperation between FIUs and law enforcement results in law

enforcement action.

• Addressing money laundering requires cooperation and information

sharing both domestically and internationally.

• International bodies such as Eurojust and Europol have an important role in

coordinating such activity.

Partnership requirements and mutual legal

assistance treaties
Due to the increasingly global nature of crime, the mechanism of mutual legal
assistance is a critical tool to support criminal investigations and proceedings
between jurisdictions. Mutual legal assistance is a framework of conventions
and agreements between jurisdictions to assist in obtaining information and
evidence that cannot be shared between law enforcement agencies. Mutual
legal assistance treaties (MLATs) provide a legal basis for transmitting
evidence that can be used for prosecution and judicial proceedings. Requests
pursuant to an MLAT are made via a mutual legal assistance request, or MLAR.
This assistance is typically requested by courts or prosecutors and is therefore
also referred to as judicial cooperation. MLATs may be supplemented by
memoranda of understanding to streamline procedures and outline protocols
for joint investigations.

In cases where no MLAT is in place, requests are made by a formal

international letter of request, also known as commissions rogatoires in civil
law jurisdictions and letters rogatory elsewhere. These requests are managed
centrally by specific government departments.

Certified Anti-Money Laundering Specialist Page 233

Version 7.0
Mutual legal assistance can be used, for example, to obtain evidence related
to the freezing or confiscation of assets from the proceeds of crime that have
been moved and hidden overseas.

Legal assistance can be denied by either jurisdiction due to political or security

reasons, or if the offense is not equally punishable in each jurisdiction.
Depending on how the MLAT has been written, certain jurisdictions might not
recognize specific crimes from the requesting state. For example,
agreements between the US and the Caribbean do not cover US tax evasion,
so they are ineffective when applied to Caribbean jurisdictions, which are
often tax havens.

The European Investigation Order (EIO) is an EU measure that facilitates the

mutual legal assistance process among participating EU member states. The
EIO is based on mutual recognition; that is, the executing authority must, in
principle, recognize and ensure execution of the request of the other
jurisdiction. Since the UK’s withdrawal from the EU on January 31, 2020, it can
no longer accept EIOs.

As a private sector investigator, you might not be aware of mutual legal

assistance requests, because their content is not disclosed outside of
government departments or enforcement agencies without the authority of
the requesting jurisdiction. You might receive a request for information from a
law enforcement agency without fully understanding whether it relates to a
local or international investigation.

Certified Anti-Money Laundering Specialist Page 234

Version 7.0
Cooperation involving the private
sector

Public-private partnership
In recent years, organizations have realized that greater collaboration
between the public and private sectors can help fight financial crime. The
AML/CFT system mandates several ways that the sectors must interact, such
as via the SAR system, responding to court orders, and through supervisory
activity. While such interaction is important, a deeper collaboration can be
even more effective.

Many jurisdictions have developed public-private partnerships (PPP) as

vehicles for collaboration. PPPs most commonly exist as a means of sharing
information, both public-to-private and private-to-public, though the type of
collaboration can vary. In some jurisdictions, the public and private sectors
come together to agree on common priorities and even to shape policy and
strategy.

PPP models vary depending on factors such as the jurisdiction’s appetite to

collaborate and legal framework. Successful PPPs have a clear purpose,
effective governance, and well-developed channels for engagement and
communication. PPPs commonly use operational components including
focused working groups, joint analysis teams, and training or capacity building.

Conversely, some factors can inhibit the success of a PPP, including:

• Lack of commitment and resources on either the public or private sector

side.

• Unclear aims.

• Unclear or restrictive law or legal interpretation.

• Absence of clearly established communications channels.

To counter these obstacles, jurisdictions should provide clear terms of

reference and secure buy-in from key participants before establishing a PPP.

Certified Anti-Money Laundering Specialist Page 235

Version 7.0
Appropriate memorandums of understanding, policies, and procedures
provide certainty and allow trust to develop. Jurisdictions can address privacy
issues and regulatory concerns by establishing clear legal frameworks for
information sharing. PPPs can establish clear and secure communication
channels to help ensure adequate engagement between parties.

Taking part in a PPP is generally voluntary. While it can be extremely beneficial

in terms of identifying and managing risk and ensuring shared priorities, PPP
activity is not an alternative for organizations’ compliance with mandated
obligations.

Case study: AUSTRAC Fintel Alliance

investigation
AUSTRAC, the Australian FIU and AML regulator, established the Fintel Alliance
as a public-private partnership in 2017. Its goals are to increase the financial
sector’s resilience to criminal exploitation and support law enforcement
investigations.

The Fintel Alliance includes major banks, remittance service providers, and
gambling operators, as well as law enforcement and security agencies from
Australia and overseas. Working together, the Fintel Alliance develops shared
intelligence and delivers innovative solutions to detect, disrupt, and prevent
serious crime and national security matters.

In 2024, the Fintel Alliance supported one of the most complex law
enforcement investigations in Australian history. The Australian Federal Police
(AFP) led the investigation into seven members of an alleged money
laundering syndicate. The syndicate operated a prominent, multi-billion-dollar
registered remittance business in Australia. The AFP alleged that in addition to
providing remittance services for law-abiding customers, the business
offered a system for organized criminals to covertly transfer crime proceeds
across borders. The AFP accused the syndicate members of coaching
criminal customers in creating fake business paperwork to launder at least
AU$229 million in the previous three years.

The Fintel Alliance and private industry partners provided collaborative

financial analysis to support this case. They tracked transactions across
international borders and digital environments to identify suspicious

Certified Anti-Money Laundering Specialist Page 236

Version 7.0
transactions linked to crime. Their analysis enabled the AFP to fully identify and
comprehensively dismantle the transnational syndicate’s financial structures.

The AFP filed charges and obtained restraint orders over a significant value of
assets in connection with the alleged offenses. AUSTRAC took regulatory
action against one digital currency exchange and six remittance businesses
associated with the charged individuals. The outcome of this case highlights
the combined strength of AUSTRAC’s financial intelligence expertise,
regulatory authority, and strategic partnership with law enforcement.

Key takeaways

Public-private partnerships can be used to:

• Enable collaboration between the public and private sectors in fighting

financial crime.

• Support law enforcement investigations by sharing information.

• Provide intelligence and analysis that leads to disruption of financial crime.

Private sector collaboration

Money launderers and terrorists actively seek to avoid detection by spreading
their activities across multiple financial institutions to avoid triggering an alert
in any one institution. For this reason, it is important that private sector entities
collaborate with each other to spot patterns that are only evident when
looking across institutions.

Organizations can collaborate via established industry bodies like trade

associations, or through bespoke AML entities. Some groups collaborate to
produce guidance. For example, the Wolfsberg Group develops frameworks
and guidance for financial crime risk management. Another example is the
Joint Money Laundering Steering Group, an umbrella body through which the
UK financial sector produces government-approved guidance.

Other groups collaborate to share industry best practices, such as best

practices for suspicious activity reporting. Many of these groups include
representatives from public sector bodies or collaborate closely with them.
Such groups might also share typologies and information on risks.

Certified Anti-Money Laundering Specialist Page 237

Version 7.0
Information sharing is an important form of private-to-private sector
collaboration. Some jurisdictions have introduced legislation that enables this
type of sharing. In these jurisdictions, organizations may share data on
customers, activity, and transactions. This can be highly impactful, resulting in
better quality SARs and preventing customers who have been exited by one
organization for AML/CFT concerns from opening an account at another.

Organizations may also come together to develop or share capabilities, such

as KYC utilities. These joint platforms allow organizations to pool their
resources and expertise and improve the accuracy of their KYC procedures.

Compliance officers can and should engage in informal collaboration. Sharing

perspectives and experiences with peer organizations can help benchmark
controls against those of comparable organizations and identify and adopt
best practices. Any such discussion should be compliant with local data
privacy laws and with the organization’s own requirements regarding the
protection of confidential or commercially sensitive information.

Private sector information sharing

Private sector information sharing provides organizations with information

they would not otherwise have, creating opportunities to identify and mitigate
risk. For example, if Bank A suspects money laundering from a customer, it

Certified Anti-Money Laundering Specialist Page 238

Version 7.0
might offboard them. However, that customer can then easily open an
account with Bank B and continue laundering money. Information sharing
prevents this and other typologies, leading to better prevention and detection
of money laundering and terrorist financing.

There are various methods of sharing information in the private sector, often
developed via public-private partnerships. USA PATRIOT Act Section 314b is
one of the oldest examples. 314b allows financial institutions to share
customer or transactional information with each other to assist with AML/CFT
compliance. It provides participating organizations with a safe harbor from
legal liability. US organizations widely use 314b to identify money laundering
and terrorist financing and help decide whether to maintain an account.

In the UK, the Economic Crime and Corporate Transparency Act 2023
provides the legal means for two regulated organizations to share information
with each other. Like Section 314b in the US, the act exempts such disclosures
from civil liability and confidentiality obligations.

Other examples of private-to-private sector sharing exist globally. For

example, in Singapore, COSMIC is a digitally secure platform that allows
financial institutions to share information. When a customer exhibits “red flags”
indicating potential financial crime concerns, financial institutions can share
information if certain thresholds are met.

In the EU, Article 75 of Regulation (EU) 2024/1624 allows organizations to take

part in cross-border information sharing partnerships, if their national
supervisor approves it. Organizations may share information about customer
identity, business relationships, transactions, and customer risk factors.

Organizations looking to join private-to-private sector information sharing

arrangements should carefully consider their obligations under local data
protection legislation and customer confidentiality requirements within their
organization. National supervisor approval under Article 75 requires the
partnership to carry out a data protection impact assessment before
processing personal information. If proceeding, organizations should assign
appropriate resources and develop policies and procedures to govern the
activity. The potential benefits are significant. Appropriate private-to-private
information sharing can considerably enhance an AML/CFT program.

Certified Anti-Money Laundering Specialist Page 239

Version 7.0
Building an AFC Compliance
Program
After completing this learning experience, you will be able to:

• Describe the components of a risk management program and the

associated duties.

• Describe the types of risk assessment and how the enterprise-wide risk
assessment (EWRA) impacts AFC control.

• Describe the customer journey, from KYC, screening, customer risk

assessment (CRA), transaction monitoring, and continuous monitoring, or
periodic review, to offboarding.

• Describe the process of transaction monitoring, from alert generation to

investigation.

• Describe the procedures for concluding an investigation, filing a suspicious

activity report (SAR), and communicating with law enforcement agencies
(LEA) and the best practices for offboarding and de-risking.

Certified Anti-Money Laundering Specialist Page 240

Version 7.0
Components of an AFC
Program

Introduction

Introduction: Components of an AFC

program
A robust AFC program protects organizations from financial crimes, legal
infractions, and reputational damage. To succeed, organizations have to
identify the risks they face in doing business and manage those risks carefully.

An AFC program includes risk assessment, control evaluation, identifying

weaknesses, building effective controls, and ongoing testing and monitoring
to meet legal and regulatory obligations.

Studying the components of an AFC program gives learners an overview of

each element and its relevance and purpose in meeting obligations. It also
shows how the components work together to build a robust defense against
financial crime.

Case study: Systemic BSA failures at a

Canadian bank
In 2024, FinCEN assessed a US$1.3 billion penalty against the US subsidiaries of
Toronto Dominion (TD) Bank for violations of the Bank Secrecy Act (BSA). TD
Bank, one of the largest banks in the US, faced the largest ever fine imposed
on a depository institution. The TD Bank enforcement action, Order 2024-02,
uncovered significant deficiencies in the bank’s risk management framework.

TD Bank failed to maintain an adequate BSA/AML compliance program, had

insufficient risk assessment and CDD, inadequate transaction monitoring
Certified Anti-Money Laundering Specialist Page 241
Version 7.0
systems, and deficient suspicious activity reporting processes. The authority's
announcement stated that, for over a decade, the bank’s AML program was
underfunded and lacked the necessary resources to report suspicious peer-
to-peer transactions. These transactions, which were linked to human
trafficking, allowed millions of dollars in funnel account activity to go
undetected. TD Bank also failed to detect illicit activities by its own employees,
including one who facilitated narcotics money laundering in a high-risk
jurisdiction in exchange for bribes.

In addition to the financial penalty, TD Bank faced a FinCEN-mandated four-

year independent monitorship to oversee its remediation efforts. The Office
of the Comptroller of the Currency (OCC) and the Federal Reserve reached
parallel settlements with the bank.

The enforcement actions mandated comprehensive improvements to its risk

management program, enhanced board oversight requirements,
independent testing and validation, and regular progress reporting to
regulators. The remediation also included an Accountability Review which
could lead to disciplinary actions, such as dismissal for current employees
found responsible for violations, or recoupment of prior compensation for
former employees.

This case demonstrates how risk management deficiencies can lead to

substantial regulatory consequences and organizational impact and potential
personal consequences for engaging in or failing to escalate suspicions. It also
highlights the importance of the three lines of defense model in maintaining
clear segregation of duties, while collaborating to identify and mitigate risks.
Organizations invest in robust financial risk management programs to avoid
significant penalties, reputational damage, and extensive remediation efforts.

Key takeaways

• Strong risk assessment, CDD processes, transaction monitoring, suspicious

activity reporting, and adequate resource allocation are critical.

• Consequences of risk management deficiencies can include significant

penalties, mandatory program improvements, enhanced regulatory
oversight, and reputational damage.

Certified Anti-Money Laundering Specialist Page 242

Version 7.0
AFC program

AFC program components

An AFC program systematically identifies, assesses, measures, manages,
monitors, and mitigates risks that could impact an organization's objectives.
This program is critical in maintaining stability, compliance, and operational
effectiveness. Large organizations, such as financial institutions, manage
several risks, such as:

• Operational risk arises from inadequate internal processes, people,

systems, or external events. A subset of this is model risk, caused by
decision-making errors due to inadequate model validation.

• Credit risk arises from potential losses from borrower default.

• Market risk is caused by market fluctuations that affect investments.

• Legal and compliance risk arises when there is a failure to comply with laws
and regulations, leading to legal action or penalties.

• Treasury and capital risk involves risks in managing an organization's cash,

investments, and funding. Liquidity risk refers to the organization’s ability to
meet financial obligations.

• Reputational risk results from negative publicity or public perception.

• Conduct risk arises when the actions of an organization or personnel harm

consumers, stakeholders, or communities.

Financial crime includes money laundering, terrorist financing, sanctions

violations, proceeds from fraud, tax evasion, and other predicate crimes.
Financial crime risk spans multiple categories. For example, when financial
crime controls fail, the organization might face legal and compliance issues,
reputational damage, poor conduct, and operational risk.

Key elements of the AFC program include the risk appetite statement, risk
tolerance, policies and procedures, controls, and independent testing. The risk
appetite statement defines the risk level the organization is willing to operate
within to achieve its objectives. It guides behaviors, decision-making, and risk

Certified Anti-Money Laundering Specialist Page 243

Version 7.0
management practices. The board approves the risk appetite statement in
alignment with the strategic business objectives.

Risk tolerance specifies the risk levels within the overall risk appetite. It
represents the quantitative and qualitative limits for specific risk categories,
establishing boundaries for business activities, including financial crime risk.

Policies and procedures are guidelines on managing risks. Policies interpret

laws and regulations, and provide the framework while procedures are the
step-by-step instructions on how to implement the policies.

Controls are the actions to mitigate risks and ensure adherence to policies
and procedures. Effective internal controls help detect and prevent financial
crime activities.

Independent testing involves an internal audit function or a specialist third

party that assesses the effectiveness of the AFC program and ensures that
the policies and procedures are followed.

Pillars of an AFC compliance program

According to FinCEN, the five pillars of an AML program include:

• Internal policies, procedures, and controls: Framework supporting the

program.

• Designated AML compliance officer: Individual responsible for overseeing

the program.

• Ongoing employee training: Regular training on AML policies, procedures,

and risk awareness.

• Independent audit: Periodic testing and evaluation of the program's

effectiveness.

• CDD: Processes to verify customer identity and assess risk.

Other organizations, such as FATF and regulators from multiple jurisdictions,

have similar expectations in place.

The first pillar of an effective AML program is a system of internal policies and
controls that ensure ongoing compliance with AML regulations. These
controls should align with the organization's risk profile and be documented in
writing. They must clearly define AML responsibilities—from senior executives

Certified Anti-Money Laundering Specialist Page 244

Version 7.0
to employees responsible for customer onboarding. AML policies should also
include escalation procedures for escalating concerns to senior management
and the board of directors.

The second pillar requires a designated compliance officer who oversees the
AML process. The designated compliance officer is responsible for managing
the program. Compliance officers must have the appropriate experience and
knowledge.

The third pillar mandates regular, ongoing AML training for employees.
Regulations and laws change frequently, and so do financial criminal tactics
and sophistication. Training should cover internal controls and clearly explain
employees’ roles and responsibilities within the AML program.

The fourth pillar is an independent audit function that tests whether internal
AML policies are adequate and effective. Independent audit functions must
have sufficient knowledge and experience to understand and analyze the
AML program. The purpose of independent testing is to confirm whether the
program is operating as expected, with effective internal controls.

The fifth pillar, CDD, requires organizations to identify and verify the identity of
customers. Organizations must also conduct ongoing transaction monitoring
to identify and report suspicious transactions. The organization must
understand the potential AML risks presented by its clients.

Certified Anti-Money Laundering Specialist Page 245

Version 7.0
Three lines of defense

Three lines of defense

The three lines of defense is a risk governance model that allocates risk
management responsibilities across the enterprise. It provides clear role
definitions and includes a built-in check-and-challenge process.

The first line of defense (LOD), the front line, consists of customer-facing
employees who implement AFC policies and procedures, promote
compliance, and perform CDD.

The second line, AFC compliance, includes the money laundering reporting
officer (MLRO) and is responsible for risk and control functions, developing
policies, managing and monitoring activity, and ensuring staff training and
compliance. The second line performs compliance monitoring and testing,
including monitoring the effectiveness of controls operated by the first line.

The third line, internal audit, independently reviews risk management and
control effectiveness applied by the first two lines.

First line of defense AFC function

The first line of defense (LOD) is critical in a financial institution’s risk
management framework. It includes front-line functions that are responsible
for directly managing customers and risks in their day-to-day operations.
Each organization structures itself differently based on its legacy, size, and
complexity. The first line is composed of the following functions, which might
be named or organized differently:

• Business development engages with clients and creates sales

opportunities. This function should be aware of the risks associated with
onboarding new clients, support the due diligence process, and escalate
any identified red flags.

• Business support provides resources and operational support to enable

smooth client interactions and transactions. This function ensures that staff

Certified Anti-Money Laundering Specialist Page 246

Version 7.0
 have access to the necessary systems to perform their jobs effectively.
Business support functions might sometimes perform initial due diligence.

• Product development creates and launches new financial products,

assesses potential financial crime risks, and ensures compliance with
regulatory requirements.

• Product support ensures existing products remain compliant with

regulations and meet client needs without introducing unnecessary risk.

• Operations functions execute and process transactions, implementing

operational procedures to detect and report suspicious activities internally.

• First-line risks and controls identify, assess, and manage risks arising from
frontline operations, setting up internal controls and procedures to ensure
compliance according to the organization's policies.

In the first line, risks and control functions aligned with business units typically
monitor transactions, review suspicious alerts, and perform regular control
assurance reviews. These positions are typically established in consultation
with the second LOD.

Risk management structures may vary by institution size and type. For
example, transaction monitoring may fall under the first or second LOD.
Teams often escalate complex cases and alerts that cannot be ruled out to
the second line’s financial intelligence unit (FIU) for further investigation.
Industries such as gaming, gambling, and law firms might place these controls
in the second LOD. Larger financial institutions tend to maintain more defined
separation between lines.

Within the first line, the front office is responsible for client-facing operations
and revenue-generating business development. Because office personnel
are the first point of contact for clients, they are critical in managing client
relationship risks.

The middle office supports the front office by managing risk and compliance
frameworks within the first LOD. It acts as a liaison among various internal
stakeholders, ensuring that front office activity risks are communicated and
managed effectively.

In this framework, the front office manages client relationship risks, while the
middle office handles internal operational and processing risks. Both offices

Certified Anti-Money Laundering Specialist Page 247

Version 7.0
implement controls designed and overseen by the second line, assessing risk
and escalating suspicious activities or control breaches.

This structure ensures risk ownership begins at the point of origination, with
proper oversight and clear escalation channels.

Second line of defense AFC function

The second LOD refers to an organization’s risk management and regulatory
compliance functions. It oversees and monitors the first LOD to ensure
adherence to policies, regulations, and risk management practices. The
second line typically includes multiple risk and compliance functions beyond
financial crime. In this unit, the second line specifically refers to the AFC
second LOD, unless otherwise indicated. This role focuses on compliance with
financial regulations, including AML and CFT practices, rather than broader risk
management. The second line:

• Provides oversight by monitoring and reviewing AFC compliance and risk

management implementation, ensuring controls identify and mitigate risks.

• Promotes objectivity by remaining independent from business units and

providing unbiased assessments and recommendations on compliance
issues.

• Facilitates governance by ensuring the organization's risk appetite aligns

with regulatory expectations and promotes corporate governance.

• Practices independence by remaining separate from business lines, with

direct reporting to senior management, and supported by adequate
authority, resources, and unrestricted access to information. This
independence ensures compliance and risk management practices are
implemented objectively, without influence from profit-generating
activities.

There are various roles and titles across jurisdictions that ensure AFC
compliance and risk management. Regardless of the title, the responsibilities
include drafting and maintaining AFC policies, AFC program oversight,
reporting suspicious activities to the relevant FIU, implementing policies and
procedures pertinent to the second line, ensuring staff are trained, and liaising

Certified Anti-Money Laundering Specialist Page 248

Version 7.0
with law enforcement and regulators. In the EU and UK, the MLRO oversees
the organization’s AML compliance program.

In the US, the BSA/AML officer ensures compliance with the BSA and related
AML regulations.

In Canada, the chief anti-money laundering officer (CAMLO) is the primary

compliance officer responsible for AML/CFT functions within financial
institutions. This role ensures compliance with the Proceeds of Crime (Money
Laundering) and Terrorist Financing Act (PCMLTFA).

Other jurisdictions have different titles and roles related to AML/CFT

compliance, but the core responsibilities align closely. These roles emphasize
money laundering prevention, detection, and reporting.

Role of money laundering reporting officer

An MLRO oversees an organization’s AML program, files SARs to the relevant
FIU, and ensures implementation and compliance with AML strategies and
policies. MLROs are accountable for AFC staff training and awareness, and can
face legal consequences, including fines or imprisonment, for failures in
compliance or duties.

Role of quality control and quality assurance

Both the first and second lines of defense typically perform quality control
(QC) and quality assurance (QA). QC focuses on inspecting the quality of
outputs, while QA evaluates how effective the organization's processes are,
especially in compliance and risk management.

For example, in the first line of defense operations team, it is considered best
practice to automate tasks such as identification and verification checks,
screening, and risk scoring. A KYC file created during onboarding usually
consolidates the customer's details and risk rating. A second person conducts
a four-eyes check to ensure accuracy. The QC function might include a
sample of files to confirm that KYC documentation's quality is consistent and
acceptable. If quality declines, teams should fix poor outputs and provide
additional training and support to the staff involved.

Certified Anti-Money Laundering Specialist Page 249

Version 7.0
The QA function checks whether procedures accurately reflect the relevant
policies and whether those procedures are implemented as intended, from
start to finish.

Compliance monitoring and testing is a second line of defense responsibility

that provides assurance to the MLRO or BSA officer. It helps confirm that AFC
compliance controls across both the first and second lines are functioning as
expected. This function can examine output QC and provide assurance that
the process is well designed and operating effectively.

Financial crime functions' structure

The second line of defense in AFC consists of various functions, each
specializing in distinct compliance and risk management areas. Each function
has specific structures, roles, and responsibilities. How an organization
structures its second-line AFC function depends on its size, complexity,
geographic reach, and legacy. The following is a list of typical AFC functions
found within the second line of defense.

• The AML advisory function guides AML policies, procedures, and best
practices. The function interprets regulatory requirements and supports
business units in implementing compliant AML frameworks.

• The sanctions advisory function monitors and assesses sanctioned entities

and individuals across relevant jurisdictions. This function oversees the
sanctions program, ensures compliance with international sanctions
regulations, advises on the handling transactions with sanctioned parties,
and manages licenses and exemptions.

• The transaction monitoring (TM) function monitors transactions in real time

or through batch processing to identify suspicious activity. This function
reviews alerts generated by TM systems and ensures appropriate
investigations are initiated. In larger organizations, the first line of defense
operations function investigates basic alerts, or Level 1 and Level 2 alerts.
Second-line functions handle alert investigations that have escalated.

• In some organizations, the data analytics function sits within the transaction
monitoring function. This function identifies financial crime risk patterns
and trends. They develop analytical models to detect anomalies and flag
fraudulent or suspicious transactions.

Certified Anti-Money Laundering Specialist Page 250

Version 7.0
• The model risk management function is responsible for overseeing the
validation and governance of AFC models, including transaction
monitoring systems. Such systems evaluate the effectiveness of these
models to ensure accuracy and compliance with regulatory standards.

• The investigation function conducts in-depth investigations of suspicious

activities identified by transaction monitoring or reported by employees.
This function gathers evidence, analyzes information, and prepares SARs
plus internal and external reports.

• The policies management function develops, maintains, and updates AFC

policies and procedures to ensure compliance with evolving regulations.
This function collaborates with other departments to implement policies,
manage document control, and change management.

• The regulatory reporting and liaison function files the required regulatory
reports, such as SARs and currency transaction reports (CTR). This
function liaises with regulatory authorities to ensure accurate, timely
submissions and acts as a point of contact for regulatory audits and
inquiries.

• The compliance testing function conducts periodic QA of AFC controls

and reviews testing to assess their effectiveness. This function identifies
compliance gaps and recommends corrective actions.

• The MLRO/BSA officer oversees the AML program, reports suspicious

activities to authorities, and ensures AML regulations compliance. This role
coordinates with various functions to maintain organizational compliance.

• Global organizations have a subsidiary management function that ensures

subsidiaries comply with parent company policies and jurisdiction-specific
regulations. This function provides support, guidance, and audits to assess
AFC programs in subsidiaries.

Each of these functions plays a critical role in ensuring that the second line of
defense AFC structure proactively identifies, assesses, and mitigates financial
crime risks. By collaborating, they maintain a strong compliance framework
that meets regulatory requirements and protects the integrity of the financial
system.

Certified Anti-Money Laundering Specialist Page 251

Version 7.0
Compliance monitoring and testing
Compliance monitoring and testing assess the effectiveness of organizational
processes, particularly in terms of compliance and risk management. This
function is meant to ensure that policies and procedures are properly
executed and continuously improved. Its primary responsibilities include
reviewing the execution of policies and procedures and identifying any gaps
and improvement areas across both the first and second lines.

QA audits actions to ensure alignment with guidelines and regulatory

requirements. These reviews confirm that departments follow internal
controls and risk management strategies, identifying any deviations from
expected practices.

QA serves as a checks-and-balances function, seeking gaps or deficiencies in

policies and procedures execution. This helps mitigate risks from insufficient
adherence to standards. Through periodic assessments and audits, QA
identifies trends that signify underlying issues, which may require policy
adjustments or additional staff training.

QA monitors backlogs of tasks or cases that should be resolved within specific

timelines. It evaluates whether these backlogs indicate process inefficiencies
or resource constraints. Analyzing performance data against benchmarks
allows QA to determine whether processes are effective or need
reengineering to improve efficiency.

QA maintains thorough documentation of audit, assessment, and review

findings. This documentation serves as a compliance record and a resource
for continuous improvement. Regular reports to leadership highlight trends,
compliance gaps, and corrective actions, providing decision-making
information.

QA helps identify areas needing improvement and guides the development of

targeted staff training programs.

QA promotes communication between departments on compliance issues,

procedural discrepancies, and best practices. This collaborative environment
enables departments to share insights and develop strategies to improve
processes.

Certified Anti-Money Laundering Specialist Page 252

Version 7.0
QA plays a critical role in enhancing organizational integrity and efficiency.
Specifically, QA functions aim to:

• Enhance compliance: By verifying adherence to regulations and internal

policies, QA helps avoid legal penalties and reputational damage.

• Improve efficiency: By identifying operational inefficiencies to streamline

processes, QA optimizes resource allocation and improves service
delivery.

• Boost accountability: By introducing oversight to foster a culture of

accountability. QA helps employees understand the importance of their
roles within the broader context of compliance.

• Drive continuous improvement: The iterative nature of QA assessments

supports ongoing improvements, ensuring that policies remain relevant
and effective in managing emerging risks.

Case example: Financial crime functions'

structure at Global Finance, Corp.
Global Finance Corp (GFC), a regional bank with business activities overseas,
appointed a consultant to guide the streamlining of its AFC function structure.
The bank faced significant regulatory scrutiny and wanted to improve its
ability to detect and prevent money laundering and financial crime risks. The
existing structure was disorganized, with overlapping responsibilities and
unclear communication channels.

The consultant analyzed GFC's second line of defense, which included several
functions performing specific tasks, but lacking strong collaboration
mechanisms. Different business segments face different risks, so the required
controls also differ. For example, corporate banking is more complex than
retail banking and therefore requires more human intervention. The
consultant proposed a revised structure with clear roles, responsibilities, and
communication channels for various functions, including:

• AML advisory

• Sanctions advisory

Certified Anti-Money Laundering Specialist Page 253

Version 7.0
• Transaction monitoring and review, including model risk management and
data analytics

• Investigation

• Policies management

• Regulatory reporting and liaison

• Compliance testing

• MLRO officer

• Regional, jurisdictional, and subsidiary management

The new structure aimed to foster better collaboration, reduce regulatory

risks, and improve financial crime risk management efficiency. In addition to
the revised structure, the consultant recommended regular communication
sessions among functions to remain aligned on objectives and share insights
on emerging financial crime trends.

After the GFC restructuring, the consultant worked with a recently acquired
money services business (MSB) that struggled with regulatory compliance
and operational inefficiency. MSBs and payment service providers (PSP) often
handle higher volumes of smaller transactions, which require a more
automated approach to monitoring than corporate banks.

In a preliminary meeting with the MSB’s leadership, the consultant identified

the complexities of managing compliance in the international remittance
business. The consultant recognized the challenges of navigating various
regulatory environments across countries and proposed a new structure for
the MSB’s financial crime functions, including:

• AML compliance officer: Oversee AML compliance program and ensure

adherence to AML regulations across all jurisdictions where the MSB
operates.

• Risk assessment: Conduct customer and transaction risk assessments,

identify high-risk clients and transactions, and apply enhance due diligence
(EDD).

• Transaction monitoring: Monitor transactions for suspicious activity, review

alerts, and ensure proper follow-up on potential issues.

Certified Anti-Money Laundering Specialist Page 254

Version 7.0
• Sanctions compliance officer: Ensure adherence to sanctions regulations,
manage relationships with sanctioned entities, and oversee compliance
measures.

• Training and awareness: Conduct staff AML/CFT training, ensuring they

understand their responsibilities under AML/CFT regulations and the
reporting structures for suspicious transactions.

• Internal audit: Assess compliance program effectiveness, conduct regular

audits, and report findings to the board.

• Regulatory liaison: Serve as the point of contact for regulatory bodies,

ensure timely submission of required reports, and facilitate communication
with regulators.

The consultant advised the MSB to implement this structured approach to

enhance its compliance workflow and establish a culture of accountability and
awareness for financial crime risks. By focusing on regulatory engagement,
internal training, and transaction monitoring, the MSB significantly improved its
management of risk. The consultant also ensured that the MSB’s policies,
procedures, and processes aligned with the principles of the organization's
AFC program.

Both the international bank and the MSB benefited from the consultant's
expertise in restructuring their compliance frameworks. They enhanced their
second line of defense capabilities by adopting a proactive approach to
financial crime risk management that was aligned with regulatory
expectations. This strategic improvement enabled sustainable growth and
fortified their positions within the financial industry.

Certified Anti-Money Laundering Specialist Page 255

Version 7.0
Key takeaways

• Clear roles, responsibilities, and communication improve compliance

functions structures.

• A structured, collaborative approach to functions enhances financial crime

risk management and regulatory compliance.

• Financial institutions benefit from a proactive, streamlined function

framework, fostering efficiency, accountability, and sustainable growth in
navigating complex regulatory environments.

Third line of defense AFC function

The third LOD in a financial institution's risk management framework is the
internal audit function. This line operates independently of the first two lines.
The first line handles risk ownership and operational management, while the
second line focuses on advisory, policy, and compliance monitoring. The third
line’s primary purpose is to objectively assess the effectiveness of the
organization’s AFC risk management, governance, and control processes.

The independent audit function is the fourth pillar of an AML program. This
function verifies and validates the organization’s compliance efforts. In a
robust AML program, the independent audit function reports directly to the
audit committee or board of directors. This ensures that the findings are
independent and not influenced by any other priorities.

The independent audit function acts as a cross-check on the effectiveness of

the first and second lines of defense. Independent auditors assess operational
and compliance frameworks to ensure the organization’s controls align with
regulatory requirements and function effectively.

Each LOD has different responsibilities and performs specific checks. The first
line focuses on daily execution accuracy, with responsibilities including
frontline operational management. The checks and controls in this line
include:

• QC checks to ensure procedures and guidelines are followed.

• QA checks to evaluate the effectiveness of processes and systems

operated by the first line.

Certified Anti-Money Laundering Specialist Page 256

Version 7.0
• Control testing to assess the design and operational effectiveness of
controls.

The second LOD focuses on framework effectiveness. This line includes

compliance functions, ensuring adherence to laws, regulations, and internal
policies. The checks in this line include:

• Compliance monitoring: Ongoing oversight to ensure adherence to

policies and regulations.

• Testing procedures: Regular compliance tests to verify whether the first

line has implemented policies effectively and if controls operate as
intended.

• QA checks: Evaluate the effectiveness of processes and systems operated

by the second line.

The third line focuses on systematic issues and governance. The independent
audit function carries out its role through:

• Independent audits: Assess the effectiveness and efficiency of the first-

and second-line controls. Auditors ensure that the AML program meets
regulatory requirements and industry standards, identifying and
communicating deficiencies.

These distinct checks at each LOD are critical for maintaining an effective risk
management system. Collectively, they ensure:

• The first line’s operational systems execute policies and follow procedures.

• The second line’s compliance functions follow policies, participate in

investigations, verify procedure effectiveness, and provide oversight.

• The third line’s independent audit reviews risks and controls, offering an
unbiased opinion on the control environment’s effectiveness.

In smaller organizations that lack the resources for an internal audit team, or
when there are skill or resource limitations, external auditors might perform
the independent audit function. When well executed, this external
perspective enriches the audit process and provides an unbiased assessment
of the AFC compliance program and risk management effectiveness. By
maintaining these checks and balances at each LOD, organizations can

Certified Anti-Money Laundering Specialist Page 257

Version 7.0
identify weaknesses and enhance their AFC compliance programs, mitigating
financial crime risks.

Liaising with internal audit

To prepare for audits and maintain effective control programs, AFC
professionals should communicate and collaborate with their internal audit
team on a regular basis. Liaising with internal audit helps to:

• Confirm and align review scope: Engaging with internal audit clarifies the
aspects of the AFC program that will be under review and facilitates
sharing of risk assessments. This ensures mutual understanding of
expectations and objectives, allowing the teams to focus on the most
critical areas.

• Prepare for the review: Coordinating with internal audit ensures adequate
preparation. This includes gathering necessary documentation, ensuring
relevant stakeholders are available, and addressing preliminary questions.
Preparation minimizes disruptions and improves the audit process. For
example, business practices such as regular risk and control self-
assessments (RCSA) allow functions to self-identify deficiencies and
implement action plans. Data from RCSA exercises also serve as valuable
inputs for internal audits.

• Plan actions after review: After the audit, ongoing communication helps
develop actionable plans in response to the results. By discussing
recommendations and prioritizing actions, the AML compliance team can
implement improvements promptly.

• Identify areas for improvement: A strong working relationship with internal

audit fosters an environment where feedback is valued. Regular interaction
helps identify areas needing improvement in compliance controls and
operational processes, leading to proactive enhancements before issues
escalate.

• Ensure effective control programs: Close collaboration with internal audit

ensures that control programs function as intended.

Despite these benefits, the relationship between the compliance team and
internal audit can sometimes feel adversarial. This tension arises from the

Certified Anti-Money Laundering Specialist Page 258

Version 7.0
built-in checks and challenges that characterize the three lines of defense
model.

This structured challenge protects the organization from potential risks.

Understanding the different roles each line of defense plays might help
alleviate some of these tensions.

To maximize the organization’s resources and enhance control effectiveness,

the three lines of defense should collaborate and coordinate. Independent
tests should complement each other to provide comprehensive coverage of
control programs and avoid redundancy through:

• Joint planning sessions: Facilitating discussions among the three lines to

align audit schedules, review scopes, and testing methodologies ensures
that each function is aware of the others' activities and can assess different
aspects of the control framework. For example, if a first-line quality
assurance review is examining politically exposed persons (PEP)
treatment, it might be a better use of resources for the second- and third-
line testing to focus on other high-risk areas rather than repeating the
same test at the same time.

• Sharing insights and findings: Open communication about audit findings

helps identify identifying control gaps, enabling better analysis and
remediation strategies.

• Leveraging expertise: Each line of defense brings unique perspectives and

expertise that enhance organizational resilience.

Functions of board of directors and

management oversight
The board of directors plays a critical role in the governance and oversight of
a financial institution’s AFC program. It approves the risk appetite, the scope,
objectives, and responsibilities of the AFC compliance function.

To demonstrate commitment to compliance and managing financial crime

risks, the board must endorse the AFC program. This endorsement
emphasizes AFC initiatives throughout the organization and fosters a culture
of compliance. The board should establish a dedicated AML or risk
management committee with knowledgeable members to monitor

Certified Anti-Money Laundering Specialist Page 259

Version 7.0
implementation, review policies, and ensure adequate resources for
compliance.

In addition, the board provides strategic direction for the AFC program,
aligning it with the organization’s risk appetite. It assesses emerging risks and
AFC control effectiveness, guiding management on any necessary
adjustments. Ultimately, the board is accountable for the program's
effectiveness and must ensure that any deficiencies are addressed promptly.

The board and senior management play complementary roles in the

effectiveness of an AFC program. Their collaboration, supported by a strong
governance structure, is critical for mitigating financial crime risks and
ensuring organizational integrity.

Business and operational leaders are ultimately responsible for implementing

and overseeing the AFC program. They execute the program, ensure policies
and procedures are integrated into operational areas, and communicate all
expectations to the staff.

Senior managers, often through risk management committees, are expected

to monitor compliance with AFC policies and regulations. They must ensure
regular reports on the program’s status, including risk assessments and any
significant incidents, are submitted to the board and relevant committees.
Management committees might review and approve reports on key
performance and risk indicators, high-risk onboarding and exits, and
compliance assessments, ensuring accuracy and transparency.

Senior managers are responsible for any failures in the AFC program,
addressing compliance deficiencies, ensuring that corrective actions are
implemented, and reporting progress to the board.

A robust governance structure is essential for an effective AFC program. Key

benefits include clarity of roles and responsibilities, enhanced accountability,
effective oversight and monitoring, promoting a culture of compliance, and
adaptability to regulatory changes.

Certified Anti-Money Laundering Specialist Page 260

Version 7.0
Second LOD's AFC role and its interaction
with the front office
The second line of defense (LOD) serves as an oversight function within an
organization’s governance framework. Although the second line operates
independently from the front office, effective collaboration with the first line is
essential to foster a culture of compliance.

Key aspects of this interaction include:

• Education and training: The second line approves training on regulatory

requirements, risk management practices, and staff responsibilities,
ensuring client-facing staff are equipped to identify risks and comply with
AFC policies. External specialist providers or internal teams might develop
the training.

• Advisory role: The second line offers guidance on best practices, emerging
risks, and compliance obligations, allowing front office staff to make
informed decisions.

• Risk awareness: The second line emphasizes the front office’s role as risk
owners through policies and procedures. This helps staff to become more
vigilant and to understand their part in managing client relationship and
transaction risks.

An established culture of compliance offers several benefits, including:

• Informed decision-making: When front office staff understand their risk

ownership responsibilities and are well-supported to manage risk, they can
make informed decisions that help protect the organization from the
threat of financial crime.

• Ownership of risk: Supporting front office personnel to understand

financial crime risks throughout the client journey ensures that they take
ownership of and manage those risks effectively.

• Prevention of issues: Second line and front office collaboration helps

prevent compliance violations and associated reputational and financial
risks.

Certified Anti-Money Laundering Specialist Page 261

Version 7.0
Organizations often use responsible, accountable, consulted, and informed
(RACI) matrices to clarify roles and responsibilities in risk ownership. These
matrices define the relationships between teams, including those between
the first and second lines. The RACI framework assigns specific roles, outlines
who is responsible for managing risks, and who should be consulted or
informed in risk-related decision-making. The RACI matrix reinforces the front
office’s role in identifying, assessing, and managing risks.

While the second line provides advice, guidance, and oversight, final decisions
regarding client onboarding or relationship termination usually lie with the
front office risk owners or relevant committees. In practice, committees with
quorums that include both first- and second-line leaders often make business
decisions about regulatory obligations related to business activities. The
second line should ensure that front office staff are equipped with the
necessary tools to make informed choices, thus reinforcing collaborative
decision-making.

Second LOD's interaction with other

functions
The second line of defense AFC team interacts with various risk management
and non-risk management functions to ensure effective risk oversight and
regulatory compliance. These interactions maintain the organization's
integrity and align functions with risk management strategies. Key functions
include:

• Legal: Assists with interpreting regulations, handling compliance issues,

and managing potential legal liabilities, such as reporting requirements and
client offboarding in suspected money laundering cases.

• Training and human resources (HR): Develops and implements materials

on staff compliance, AML regulations, and internal policies to embed a
culture of compliance, especially in the front office. In larger organizations,
the learning and development team within HR might be responsible for
training employees on compliance and risk management policies. They
ensure staff understand their roles in mitigating risks, including those
related to AML/CFT. HR ensures employees are trained in compliance and
risk management policies, and understand their roles in mitigating risks,

Certified Anti-Money Laundering Specialist Page 262

Version 7.0
 including those related to AML/CFT. HR may address employee
accountability and disciplinary measures after a compliance breach.

• Vendor management: Conduct due diligence and risk assessments,

ensuring third-party vendors comply with AFC policies and do not pose
additional risks.

• Data integrity and privacy: The privacy team may help the second-line AFC
team in drafting data protection impact assessments and advise on
personal data handling and retention periods during suspicious activity
investigations. For new procedures involving personal data for AML/CFT
checks, the AFC team may need legal endorsement to navigate
compliance. If an organization processes customer identification data for
AML/CFT compliance while also following the EU’s General Data Protection
Regulation (GDPR), it must balance both requirements. The organization
should work closely with its legal team to ensure lawful processing, data
minimization, and proper handling of customer consent during CDD.

• General compliance: Aligns broader compliance activities with financial

crime risk assessments and mitigations, ensuring consistency in risk
thresholds, compliance requirements, and monitoring efforts.

• Credit risk: Assesses credit requests and gathers data about a client's
creditworthiness. Offboarding clients might require considering loan
recovery.

• Reputational risks: Evaluates a client’s reputational concerns and the

potential impacts to mitigate risks. If reputational risk does not directly
involve AFC, decisions may be jointly made with, or escalated to, the
second-line risk teams to determine the best course of action.

• Operational risk: Evaluates risks that organizations might encounter in day-

to-day operations. Some organizations also manage fraud risk
assessments as part of their operational risk management.

Certified Anti-Money Laundering Specialist Page 263

Version 7.0
Establishing a culture of compliance
A strong culture of compliance is critical to the development and ongoing
administration of an effective AFC program. The ultimate responsibility for the
compliance program belongs to the board of directors. A culture of
compliance determines how seriously an institution takes its obligations
regarding AFC compliance. Organizations must determine whether the
organization put forth sufficient effort to mitigate compliance risks through its
processes, staff, technology, training, communication, and independent
testing.

The Financial Crimes Enforcement Network (FinCEN), part of the US

Department of Treasury, provided guidelines to establish and identify a culture
of compliance. Leadership must actively support and understand compliance
efforts, including the filing of suspicious activity reports. Leadership should
consistently remind staff that compliance requirements should be prioritized
over commercial interests. Leadership should initiate this perspective in
hopes that it will spread throughout the organization. This is called the “tone
from the top.”

Compliance staff should be empowered to implement the organization’s AFC

policies and share information across job functions.

In a culture of compliance, accountable parties escalate, receive, and respond

to compliance concerns effectively. A culture of compliance displays the core
pillars of an AFC program. It ensures that the AFC functions have sufficient
staff, appropriate and approved processes, proper training, and the necessary
tools to work effectively. These actions show management’s support for
compliance functions.

A culture of compliance has a strong and independent testing function. It also

has management that responds quickly to findings of risk with meaningful
change. These traits show that an organization prioritizes compliance.

Certified Anti-Money Laundering Specialist Page 264

Version 7.0
Risk Assessment

Introduction

Introduction: Risk assessment

In this module, we will analyze what a risk assessment is and discuss the
various types and fundamental components. We will explore inherent risk,
assess the effectiveness of control measures, and determine residual risks.

Assessing risk levels and threats improves decision-making, helps allocate

resources effectively, and ensures compliance. The risk assessment process
is the foundation of a strong risk management program. Understanding the
risk assessment process will equip and guide you in developing AFC risk
assessments, and other risk assessments, to effectively mitigate risks and
ensure compliance with the regulatory expectations.

Case study: Failure to update an EWRA at a

wealth management firm
The Monetary Authority of Singapore (MAS) took enforcement
action against Swiss-Asia Financial Services Pte Ltd (SAFS), imposing a S$2.5
million penalty for AML/CFT violations. The wealth and fund management firm
failed to update its enterprise-wide risk assessment (EWRA), despite rapid
business expansion over a three-year period. This exposed SAFS to new and
increased risks of financial crime.

MAS uncovered the following AML/CFT breaches:

• Failure to conduct EWRA updates: SAFS did not reassess its risk
framework despite a significant increase in assets under management and
onboarding of high-risk clients. A static risk model exposed the firm
to undetected financial crime risks.

Certified Anti-Money Laundering Specialist Page 265

Version 7.0
• Weak customer due diligence controls: The firm onboarded high-risk
customers without conducting enhanced due diligence, failing to verify
sources of wealth or screen ultimate beneficial owners against watchlists.

• Inadequate transaction monitoring controls: The firm’s transaction

monitoring system lacked risk segmentation and failed to flag suspicious
transactions, leading to missed red flags and delayed suspicious activity
reports.

• Management oversight failures: Senior management failed to ensure that

AML/CFT controls kept pace with business expansion. The firm lacked risk-
based governance and experienced internal audit failures.

The breaches had a negative impact on the firm’s business and its managers.
For example, in addition to imposing the S$2.5 million fine, MAS required the
firm to enhance its AML compliance program and conduct independent risk
reviews. The resulting reputational damage caused client withdrawals and
investor concerns, which impacted revenue and business growth. Senior
management was officially reprimanded, highlighting the need for executive
accountability in AML/CFT oversight.

The financial crime EWRA lies at the heart of understanding financial crime
risks of the organization. If the risk assessment misses key risks or is not
repeated as the risk profile of the organization changes, repercussions can be
felt in multiple control failures. Poor EWRA could lead to weaker due diligence
controls and poor management oversight if the risks are not understood,
documented, and managed.

Key takeaways

• To remain effective, AML/CFT frameworks must evolve alongside business

growth.

• Weak financial crime risk assessment can expose companies to more than
financial crime risk. The consequences can include financial losses,
reputational damage, and significant management oversight to ensure
remediations are carried out.

• Regulators require all entities with AML obligations to maintain robust, risk-
based AML governance.

Certified Anti-Money Laundering Specialist Page 266

Version 7.0
Types of risk assessment

The importance of risk assessment in AFC

FATF Recommendation 1 states, “Countries should identify, assess, and
understand the money laundering and terrorist financing risks for the country,
and should take action, including designating an authority or mechanism to
coordinate actions to assess risks, and apply resources, aimed at ensuring the
risks are mitigated effectively.”

Risk assessments and the risk-based approach (RBA) are important for
understanding and analyzing risks. Taking necessary measures to mitigate
risks minimizes their effects on a country or entity. The FATF Interpretive Note
to Recommendation 1 also highlights the importance of the RBA.

Risks can vary in their nature, scale, and impact. An RBA requires countries and
financial institutions to prioritize risks and apply appropriate measures based
on their level of exposure. Not every risk applies to every institution.
Understanding these factors will allow financial institutions to make informed
decisions to balance risk and reward.

Certified Anti-Money Laundering Specialist Page 267

Version 7.0
Three main types of risk assessments are national risk assessments (NRA),
sectoral risk assessments (SRA), and enterprise-wide risk assessments
(EWRA).

NRAs identify national-level money laundering and terror financing threats and
risks. These assessments review sectors and areas with higher risks. Financial
institutions are required to apply enhanced measures to mitigate these risks.

SRAs are performed by national authorities, supervisory bodies, regulators,

and international organizations. These assessments identify, assess, and
analyze money laundering and terror financing risks specific to an industry or
sector.

EWRAs analyze and evaluate money laundering and terror financing risks
identified within an organization. These assessments are tailored to the
specific organization conducting the assessment and consider customer
characteristics, jurisdictions, products, and delivery channels. The process
begins by establishing inherent risks, assessing the effectiveness of controls,
computing the residual risk, and obtaining a clear action plan on mitigating the
highest risks. Business leaders can use the EWRA to assess potential risks and
estimate the cost to serve. This helps them make informed decisions about
whether to expand or pursue new ventures.

For example, when entering high-risk areas, the business unit’s EWRA helps
evaluate the financial and operational impact, enabling leaders to understand
the costs involved to be compliant. EWRAs should include consideration of the
risks identified in the NRAs and SRAs for any jurisdiction in which they do
business or plan to do business. NRAs and SRAs help organizations manage
internal risks by using insights from national and sector-specific risk
assessments. By conducting these risk assessments, organizations can:

• Allocate resources efficiently by making informed decisions based on risk

levels.

• Manage risks associated with customers, jurisdictions, products, and

delivery channels by applying targeted measures according to regulatory
expectations.

• Enhance AFC controls by identifying vulnerabilities and exposures and

safeguarding institutions against regulatory enforcements.

These risk assessments should be interrelated to foster an effective, risk-

based AFC framework.

Certified Anti-Money Laundering Specialist Page 268

Version 7.0
Types of risk assessment within an
organization
There are different types of risk assessments within organizations. The
assessments vary, depending on the individual entity type, but their aim is to
identify, assess, and mitigate various risks and apply appropriate controls. The
purpose of the AFC risk assessments is to help organizations ensure
compliance, enhance risk management, and maintain healthy, sustainable
businesses.

One main risk assessment is an EWRA, which assesses all types of risk an
organization faces. We will focus on the AFC portion of the EWRA, which
considers financial crimes—money laundering, terrorism financing, sanctions,
tax evasion, and bribery and corruption.

The anti-bribery and corruption (ABC) risk assessment aims to prevent,

detect, and report bribery and corruption while identifying areas of higher risk.
In 2023, the Wolfsberg Group updated its Anti-Bribery and Corruption
Compliance Programme Guidance, which helps entities mitigate ABC risks.
The security risk assessment focuses on security threats and risks that could
affect both the physical and digital assets of an entity.

The operational risk assessment focuses on risks derived from the failures of
internal processes, disruptions of integrated systems, internal or external
events, and staff misconduct. It concentrates on business and operational
continuity. It helps entities to identify, assess, and mitigate these risks, and
apply measures to sustain a continuing business, while minimizing disruptions.
Fraud risks can be part of the operational risk assessment in some
organizations. With examiners increasingly requesting to see results of the
fraud risk assessment, execution may be centralized with AML risk
assessment.

The customer risk assessment (CRA) helps entities understand the AML/CTF
risks inherent in a particular business relationship with a customer.

Based on the type of organization and risk exposure, an organization may

need to carry out specific risk assessments, such as assessing exposure to
proliferation financing.

In 2020, FATF revised its Recommendation 1 and its Interpretive Note,

requiring countries and obliged entities to identify, assess, understand, and
Certified Anti-Money Laundering Specialist Page 269
Version 7.0
mitigate their proliferation financing risks. FATF also published guidance in
June 2021 to assist countries and obliged entities to conduct effective
proliferation financing risk assessments. Proliferation financing refers to the
transfer and export of nuclear, chemical, or biological weapons, their delivery
means, and related materials. Non-proliferation risk refers to contributing to
the proliferation of these weapons of mass destruction (WMD) wittingly or
unwittingly. Managing non-proliferation risk is important because it poses a
significant threat to international peace and security.

The risk-based approach

A risk-based approach (RBA) is the process of identifying, assessing, and
understanding the ML/TF risks to which organizations are exposed and taking
appropriate measures to mitigate those risks effectively. The concept of an
RBA emerged when FATF published the first version of guidance for an RBA in
2007.

Every organization has its own risk appetite, which determines the type of
customers it will accept, the product types it will offer, and the jurisdictions
and channels in which it will operate.

Once the organization establishes its risk appetite, it establishes boundaries

for its business. For example, a payment processor may decide it is not in a
position to offer its service in jurisdictions with elevated risk of sanctions. The
risk appetite statement is codified in policies and procedures.

In conducting a CRA, each customer is categorized and risk rated. For

example, an individual customer with a regular job and salary who opens a
savings account is considered low risk, assuming the source of funds can be
corroborated and there is no relevant, negative news. A PEP is considered
higher risk. Products, jurisdictions, and channels also present varying risk
levels.

A customer representing higher risk may be subject to enhanced due

diligence and heightened monitoring, thereby allowing the organization to
allocate resources effectively by classifying customers based on their
potential financial crime risk. These decisions determine the level and
frequency of customer research and updates to customer profiles. Risk
assessment has become more important as the fight against financial crime

Certified Anti-Money Laundering Specialist Page 270

Version 7.0
has evolved, with regulators emphasizing the need for a risk-based approach
in all customer interactions.

Accurately judging a customer’s potential involvement in financial crime is an

important prerequisite for the RBA. Organizations should conduct due
diligence on business operations, industries, customer characteristics, and
geographic exposure to obtain adequate, complete, and truthful customer
information for analysis.

An RBA focuses effort with the greatest need and impact. It requires the full
commitment and support of senior management, and the active cooperation
of all employees.

Adopting a risk-based approach requires a risk management process to

handle financial crime. This process encompasses recognizing the risks,
assessing them, and developing control strategies to mitigate and monitor
them.

The risk appetite statement

Risk appetite is the level of financial crime risk acceptable to an organization,
within the parameters of its business and strategic goals. The organization’s
risk appetite statement (RAS) must be approved by the board of directors
and periodically reviewed to consider any changes in the business and
relevant risk factors.

The organization’s risk appetite might change over time. For example, an
organization seeks a merger with another entity that has been traditionally
involved in higher risk activities. This situation implies the newly formed
organization’s risk appetite has changed and will now include higher risk
activities. The board of directors sets the risk appetite statement and
tolerance levels. Business executives are accountable for managing risk limits
within their business units.

To implement a risk appetite framework, you must determine the types of risk
the organization is willing to accept to meet its strategic objectives, set its risk
tolerance level, and create a risk appetite statement.

The risk appetite statement should be easy for all stakeholders to understand.
The information in the statement should be positive. It should include key

Certified Anti-Money Laundering Specialist Page 271

Version 7.0
background information and assumptions, strategic and financial plans, and
quantitative measures that translate into risk limits.

Over time, the organization might periodically reassess its risk exposure and
adjust its risk appetite statement. For example, a potential new customer
might raise an organization’s risk exposure. The organization can choose to
reject the customer, limit access to certain products or services, or place
enhanced risk controls on the customer’s account. The organization might
use the same risk appetite statement to review customers who no longer
meet the organization’s risk appetite.

Risk limits allocate the organization’s overall risk appetite to appropriate

business units with specific risk categories and concentrations for each.

Lastly, the organization needs to conduct regular independent assessments

to make sure internal risk controls, risk management, and risk governance are
effective and functioning properly.

Preparing a risk appetite statement

According to the Financial Stability Board in the US, the RAS is a formal
document, developed by an organization’s senior management and approved
by the board of directors. It establishes risk limits while supporting the
organization’s business objectives. This prospective document defines what
types of risks the organization is willing to accept, mitigate, or avoid based on
its strategic targets, regulatory environment, and expectations.

To prepare an effective RAS, an organization should have a structured

approach to:

• Drive the decision-making process with top-down board leadership and

bottom-up feedback from all levels of management.

• Identify unique risks to the organization and assess the effects, actively
consulting with risk management teams.

• Decide the extent to which these risks can be accepted.

• Define clear thresholds or limits.

• Draft the RAS with senior management and seek approval from the board.

Certified Anti-Money Laundering Specialist Page 272

Version 7.0
• Regularly monitor and update the RAS.

• Ensure that all business units are aware of the RAS, including updates.

An effective RAS allows informed decision-making and helps the organization

reach its strategic objectives while mitigating and managing risks effectively.

Regulatory expectations and legal obligations help determine the acceptable

level of risks in the RAS. Financial institutions should not accept risks that
violate applicable AML/CFT laws or sanctions regimes. For example, if a
potential customer resides in a Category I jurisdiction, that jurisdiction might
have strategic AML/CFT deficiencies, and countermeasures might apply. If
the applicable laws require financial institutions to seek permission from the
regulator before entering any business relationships, the RAS must carefully
address customer acceptance or business relationships with those
jurisdictions.

A financial institution’s RAS might include zero appetite statements. Zero

appetite means the financial institution refuses to take on certain risks related
to specific customer types, products, services, or sectors. For example, a
financial institution might declare it will not accept customers from countries
under strict EU, UN, or OFAC sanctions. By avoiding certain risks, the
organization minimizes exposure to high-risk areas.

Certified Anti-Money Laundering Specialist Page 273

Version 7.0
Enterprise-wide risk assessment

Enterprise-wide risk assessment

EWRAs, sometimes called bank-wide risk assessments, institutional risk
assessments, or financial crime risk assessments, help organizations evaluate
their overall risk exposure to financial crime, including money laundering (ML),
terrorist financing (TF), proliferation financing, sanctions evasion, tax evasion,
bribery, corruption, and fraud. The EWRA provides a standardized way to
measure and track risks, ensuring they are mitigated across all operations,
products, and services.

Organizations conduct EWRAs periodically and whenever there is material

change in the organization’s business structure, its regulatory environment, or
if a money laundering or wider financial crime trend is identified. The
organization's AFC risk assessment team typically leads the EWRA, although in
smaller organizations it might be the governance or advisory team. The results
of an EWRA are reported to the MLRO, or equivalent, and the relevant
stakeholders, such as senior managers and department heads. The MLRO
uses these results in the ongoing evaluation and determination of the
organization’s financial crime risk appetite.

The EWRA should use a broad range of public and private information sources
to assess risk comprehensively. It should review all customer types,
jurisdictions, products, delivery channels, transactions, and the operating
environment, including staff education and training on the financial crime risk
the organization needs to manage. Additionally, it should review prior risk
alerts as identified by the alert management systems, particularly those that
result in a true match, which should be further analyzed for residual risk.

A risk assessment should place particular focus where:

• The probability of the risk occurring and its impact are greatest.

• The risk exceeds the organization’s appetite.

• Controls are ineffective.

• Systems or controls have changed.

Certified Anti-Money Laundering Specialist Page 274

Version 7.0
In global organizations, the EWRA should be conducted in a flexible,
coordinated manner and based on a common methodology. Subsidiaries or
branches should be allowed to include the specific risk dynamics and relevant
local elements of their own operations. The parent organization should
incorporate input from all subsidiaries and branches in the group-wide risk
assessment.

Determining inherent risks

Inherent risk is the level of financial crime risk in place before an organization
applies any mitigation controls.

Inherent risk is the starting point of most risk assessments. Once an

organization establishes inherent risk, it considers the likelihood and impact of
that risk occurring, typically using a matrix to understand the highest risks.

The process for determining inherent risk varies depending on the

organization and its risk assessment framework. While the process may begin
with a qualitative understanding of the risk, it is important to back it up with
quantitative data to establish relevance. Generally, the following steps are
recommended to determine an organization’s inherent risk.

First, identify and gather relevant information. Collect data on customers,

jurisdictions, products, and channels, including customer profiles, country risk
assessments, product specifications, and channel characteristics. At this point
in the risk assessment process, it is important to understand national and
sectoral risk assessments that apply to the industry sector and jurisdictions in
which the organizations operate.

Next, analyze and assess the risk factors associated with each category. For
customers, risk rating generally considers their industry, transaction volume,
corruption index, and geographic location. Determining jurisdiction risk might
involve assessing political stability, the regulatory environment, and sanctions
status. To determine product risk, consider the complexity, potential misuse,
or attractiveness of the product for illicit activities. To assess channel risk, you
might evaluate vulnerabilities in the delivery or communication channels.

Categorize inherent risk using the inherent risk matrix. The level of risk
increases in tandem with the probability and severity of the risk materializing.
If there is high probability of the risk, and its impact is high, the inherent risk is
also high.

Certified Anti-Money Laundering Specialist Page 275

Version 7.0
Applying a risk-based approach refers to prioritizing risks that have high
probability and severe impact. This does not mean an organization will not
address other risks. It just means the organization will apply more resources,
effort, and investment to building controls for the highest risks. The inherent
risk assessment process should clearly prioritize the highest risks for the
organization. A scoring mechanism may be used to identify the top risks.

Inherent risk matrix and key

Certified Anti-Money Laundering Specialist Page 276

Version 7.0
Control effectiveness
Controlling risk is critical to the overall success of an institution. Financial crime
risk assessments help to develop control strategies to mitigate and monitor
the identified risks. Some examples of these control strategies are policies
and procedures, training, four-eyes checks, and segregation of duties. These
controls fall into three categories: preventive, detective, and corrective.

The internal control framework refers to the set of standards, processes, and
structures that provide the basis for carrying out internal control across the
organization. This framework should align with the organization's risk appetite.

A risk assessment begins by identifying inherent risks the organization may be

exposed to if there are no controls. The organization categorizes the inherent
risks based on the probability and impact of them occurring. This helps to
prioritize the highest risks.

Control activities in financial crime prevention include preventive, detective,

and corrective controls. Preventive controls involve measures to prevent
financial crime from occurring and include robust due diligence,
recordkeeping, and record retention. Detective controls involve measures to
detect financial crime as soon as possible after it has occurred, such as
identifying and reporting suspicious activity to the appropriate authorities.
Corrective controls involve measures to remediate instances of financial
crime after they have been detected, such as exiting a customer relationship
and performing reviews to understand if any risks were missed.

Organizations assess the effectiveness of controls in multiple ways. Initially,

the teams operating the controls carry out these assessments by
demonstrating adherence to key performance indicators, key risk indicators,
and service level agreements. Once the controls are in operation, the teams
assess their effectiveness and identify remedial actions to ensure they remain
effective.

Assurance functions within the business or compliance lines monitor the

effectiveness of controls by testing whether team members have properly
observed and applied all policies, procedures, and controls. The internal audit
team may also carry out assessments for critical controls.

Certified Anti-Money Laundering Specialist Page 277

Version 7.0
Measuring control effectiveness
The formula for calculating residual risk is: inherent risk minus control
effectiveness equals residual risk (inherent risk – control effectiveness =
residual risk). AML/CFT measures, policies, procedures, systems, and controls
might be already in place or still under development. Organizations should
evaluate these control measures to determine their effectiveness in reducing
inherent risks. The effectiveness depends on proper application, functionality,
and consistency throughout the organization.

In conducting a risk assessment, once an organization identifies inherent risks,

it must apply control measures to mitigate them to an acceptable level of
residual risk. Control measures are designed to reduce the inherent AML/CTF
risk with customers, jurisdictions, products, and delivery channels to a level
consistent with the organization’s risk appetite statement.

For example, if the inherent risk of onboarding PEPs is high, the organization
might implement EDD, request source of funds and source of wealth
verification, and increase business relationship monitoring. If these controls
are judged to be effective, the result may be lowered to medium or low
residual risk.

To measure the effectiveness of control measures, an organization should

perform both quantitative and qualitative assessments. Quantitative
assessments use measurable data, such as:

• Backlogs of alerts that have not been reviewed.

• Transaction volumes from high-risk jurisdictions.

• Percentage of staff completing mandatory AML/CFT training.

Qualitative assessments gather expert opinions on control effectiveness. They

might identify if:

• The suspicious transaction reporting procedure is not aligned with recent

AML/CFT regulations.

• Screening procedures have weaknesses identified in a regulatory audit.

• File samples show inconsistency in applying EDD measures.

Control measures should be assessed for both design and operational

effectiveness. Design effectiveness evaluates whether the control is
Certified Anti-Money Laundering Specialist Page 278
Version 7.0
appropriately built for mitigating inherent risk. For example, if the control is
intended to perform EDD for PEPs, design effectiveness ensures the process
outlines all salient requirements identified in the policy in performing EDD and
reporting results. If there are gaps or flaws in the process design, the control
must be redesigned. Design effectiveness can be tested before and after a
control is live.

Operational effectiveness determines if the control is functioning as intended.

For example, if two out of ten KYC files examined lack sanction screening
results, this indicates an operational failure caused by human or system error.
The organization must analyze and correct the root cause of the error to avoid
recurrence. In this instance, the organization might need to redesign the QC
process, as the missing screening results were not captured. Additional
training might be needed if human error is identified. To measure operational
effectiveness successfully, the control needs to operate for a sufficient period
of time. For example, if a control operates monthly, a minimum of three to six
months of data would be needed to establish whether the control is operating
effectively.

Residual risks action plan

Residual risk is computed based on an understanding of the inherent risk and
the effectiveness of the control mitigating that risk. Once an organization
understands its residual risks, it can determine whether the risk is within its
tolerance levels or if an action plan is required to mitigate those risks. For
example, if a traditional financial institution realizes it has many customers
making transfers to cryptoasset service providers in high-risk jurisdictions and
no additional controls exist, the residual risk is high. The organization will need
to develop a control to mitigate this risk, so the residual risk is within risk
appetite. This may include a process of prohibiting transactions to certain
known, unlicensed providers, or increasing the monitoring where the risk is
high, even if it is within a licensing regime.

To develop a residual risks action plan, the organization must understand

where the inherent risk originates and how mitigation measures can control
the risk. The organization should identify which risks existing AFC controls
cannot mitigate. It should then evaluate whether other control measures, such
as reducing transaction limits or limiting the number of products offered,
would minimize the risks. Ideally, the action plan would include a response

Certified Anti-Money Laundering Specialist Page 279

Version 7.0
strategy, such as additional monitoring or limiting transaction, in case the risk
escalates.

The action plan consists of actions that the organization needs to implement
across a range of residual risks. Some actions may address more than one
residual risk. A comprehensive plan would identify business owners,
operational owners, due dates, and a process and frequency for reviewing
and evaluating the risks associated with specific products or customer
segments and their impact on the organization. The plan would document
who in the organization will be sponsoring the plan, and in which governance
forum involved parties would report and escalate issues.

Third-party tools to conduct risk

assessment
Organizations need to conduct a risk assessment to understand the types of
risk and their potential impacts. The risk assessment process involves collating
qualitative and quantitative data about risks, such as the number of wire
transfers sent internationally or to high-risk jurisdictions. This data helps
determine inherent risk, control strength, and the remaining residual risk. The
company can then determine what steps it needs to take to mitigate risk and
align to its risk appetite.

Many organizations develop or purchase risk assessment tools. Sometimes

organizations combine multiple internal and third-party tools. These tools can
be used to quickly upload data, verify accuracy, look for gaps, and calculate
risk scoring.

Risk calculation involves assigning a scoring methodology, such as relative

weighting, to the risks and controls of an organization. A company using an
internal or third-party risk assessment tool must input inherent risk and control
strength correctly to ensure that residual risk is correctly calculated. For
example, if a particular control is assessed as working correctly, it could inflate
the overall control strength, which would incorrectly decrease the residual
risk.

An internal or third-party risk assessment tool might be leveraged for data

collation prior to those calculations, to weight and validate the calculations’
formulas, look for data gaps, and complete the overall calculation. Whether
automated or manual, the tool must be tailored to the institution so that it not
Certified Anti-Money Laundering Specialist Page 280
Version 7.0
only includes the correct calculations but can be refined to include risks
unique to that organization. Some companies take a hybrid approach and
manage higher-risk products or client assessments themselves while relying
on third-party tools to automate their lower-risk products.

Reporting results of risk assessment

While risk assessments are critical to evaluating the health of a financial
institution’s compliance programs, it is equally important to report the
information to senior management and other stakeholders. They need to
review the report comprehensively to understand its meaning. Their efforts
include reviewing whether risk levels have remained the same, decreased, or
increased. These stakeholders are also responsible for using the report to ask
questions, or even to challenge an organization’s compliance programs. The
results of the risk assessment, and feedback from senior management, have
an impact on policies, procedures, systems, resources, staffing, and training.

Risk assessments are vital for organizations to understand their unique risk
profiles. However, the true value of an end-to-end risk assessment depends
on its outcomes. To determine where changes need to be made, all
stakeholders from an institution need to review and discuss the risk
assessment’s outcomes. This includes senior management, compliance and
operational branches, business lines, and internal auditing.

Risk assessment teams have three main reporting responsibilities:

• Present the report, its methodology, and supporting data to stakeholders.

• Ensure the report and its supporting data are clear and understandable.

• Respond to questions and challenges from stakeholders about

methodology, procedures, data, and outcomes of the report.

This process aids an organization’s ongoing AFC efforts because it identifies

where risks are weak or strong. Risk assessment reporting should be more
than an administrative exercise. The risk assessment should identify clients,
products, and services that might exceed the organization’s risk appetite. A
good risk assessment report will also recommend compensating control
enhancements, which include new controls or enhanced existing controls to
compensate for any weaknesses. Senior management can meaningfully

Certified Anti-Money Laundering Specialist Page 281

Version 7.0
utilize the report to determine where to attribute staffing, resources,
technology, and training to further mitigate risk.

Certified Anti-Money Laundering Specialist Page 282

Version 7.0
The importance of continuous
risk assessment

Continuously assessing financial crime risk

Financial crime risks are dynamic and constantly evolving. Criminals will always
attempt to move illicit funds through the financial sector undetected. They will
use new technologies and trends, regardless of the controls that
organizations establish. Criminals continuously search for loopholes to exploit
and test the resilience of AFC frameworks.

Organizations must reevaluate risks whenever there is a material change to

their business. This could include higher-risk product offerings, entering a new
market, or changes in jurisdictions where the organization operates.
Continuously assessing financial crime risk helps organizations adapt to
evolving ML/TF techniques and threats, monitor transactions to detect
patterns and significant changes, respond to emerging geographical risks,
and meet regulations and international standards.

FATF and regulatory bodies promote a proactive approach to risk

management and reassessing risks as required. This approach, and regular
risk assessments, enable organizations to divert their resources to high-risk
areas to mitigate them effectively.

In addition to conducting overarching enterprise-wide risk assessments

regularly, organizations manage risk continually through CRAs.

Organizations should conduct a CRA for every customer they onboard before
establishing a business relationship with that customer. They should also
review the CRA regularly and whenever there are changes in a customer’s
behavior and risk profile. These changes might include:

• Transaction pattern deviations.

• Requests for new products or services.

• Reluctance to provide information or documentation.

• Increased exposure to high-risk jurisdictions.

Certified Anti-Money Laundering Specialist Page 283
Version 7.0
• Changes in the customer’s sector.

• Changes in how the organization operates, such as changing product lines

or shifting to online business operations.

CRAs enable organizations to detect changes in customer behavior and

reassess risks. For example, if an organization detects that a customer plans to
extend its sales to high-risk jurisdictions, it might need to introduce enhanced
measures such as increased third-party screening, request additional
documentation, or increase transaction scrutiny.

Product and channel risk assessments enable organizations to detect

deviations from the intended use of their products, helping to identify new
threats or risks. Some risks might not be clear at product launch, but might be
identified through ongoing monitoring. For example, during COVID-19,
organizations shifted to digital channels. This required aligning existing face-
to-face channel controls to address emerging fraud risks, such as digital
identity fraud, cross-border wire transfers, and new ways of verifying the
authenticity of documentation.

These risk assessments help organizations continuously assess financial crime

risks and enable them to take a holistic, proactive approach to manage and
reassess risks as needed.

Certified Anti-Money Laundering Specialist Page 284

Version 7.0
Customer risk assessment versus
enterprise-wide risk assessment
The CRA evaluates potential ML/TF risks associated with individual customers
and business relationships. In contrast, the EWRA analyzes ML/TF risks that the
organization as a whole faces.

Customer risk assessment Enterprise-wide risk assessment

Assesses individual customer and Assesses organizational risk exposure

business relationship risk exposure

Uses KYC information to assess risk at Identifies inherent risks and assesses
onboarding and ongoing due controls
diligence to update the risk

Determines whether EDD is needed Determines residual risk to guide the

design of the control and allocate
resources

According to FinCEN’s Joint Statement on the Risk-Based Approach to

Assessing Customer Relationships and Conducting Customer Due Diligence,
customer relationships present varying levels of financial crime risks.
Organizations conduct CRAs to identify risk factors, assign risk ratings to
customers, create risk profiles, and decide which level of CDD to apply. The
CRA considers information collected through KYC processes, such as
documents, customer business activity, and requested products. Higher-risk
customers might require EDD, while lower-risk customers might qualify for
simplified due diligence (SDD) in some jurisdictions. Due diligence
requirements vary depending on the jurisdiction.

The EWRA identifies inherent risks, assesses controls, and determines the
residual risk that the organization faces. The process helps organizations
design their AML/CFT framework, guides policy and procedure development,
allocates resources toward higher-risk areas, and improves decision-making.

Certified Anti-Money Laundering Specialist Page 285

Version 7.0
Product risk assessment
A product risk assessment helps organizations identify and understand the
risks and threats associated with their financial products. It assesses how
criminals might use these products to launder illicit funds. After identifying and
assessing these risks and threats, organizations can implement measures to
mitigate them.

To identify and understand risks, organizations should consider factors,

including:

• Inherent product characteristics: Features or attributes such as cross-

border wire payments, third-party payments, anonymity, remote access,
third-party access, unusual complexity and structure, minimal transaction
oversight, and cash-intensive nature.

• Transactional patterns of the product: Recurring behaviors and trends

such as rapid movements, high volumes, frequent transactions,
involvement of high-risk or sanctioned jurisdictions, and use by high-risk
customers in high-risk sectors.

Each product should receive a risk score based on the AML/CFT risks it
presents. A clear, documented definition of each product and its risks helps
organizations assess them appropriately. Identified risks affect the EWRA and
the RAS. For example, if many products are deemed high-risk, this raises the
overall EWRA risk score, prompting additional controls or measures. If a
product’s risk assessment score exceeds the RAS, the organization might
cease offering it.

A product risk assessment is also very useful in designing controls such as

transaction monitoring to ensure adequate coverage of all products.

Although the product risk assessment process might vary, depending on the
organization’s size, it typically includes:

• Product development: Designs the product and provides specifications.

• IT: Provides necessary technological infrastructure.

• Operations: Provides insights about product usage patterns

• Compliance: Identifies control measures and ensures compliance.

• Legal: Provides legal assistance on applicable laws.

Certified Anti-Money Laundering Specialist Page 286

Version 7.0
Compliance officers play an active role in overseeing the product risk
assessment. They identify risks, assess relevant controls, and assign
appropriate risk scores.

Because risk assessment is an ongoing process, organizations should review

both new and existing products regularly. For new products, the assessment
should be conducted before they are offered to customers. Once the
product becomes available, it should be reviewed periodically and whenever
significant product changes occur. A clear and well-structured risk
assessment helps identify vulnerabilities and exposures.

Sometimes, organizations might notice previously unidentified risks for a new

or existing product. For example, a new prepaid card might show high
volumes of rapid transactions from high-risk customers. This might require
revisiting the product risk assessment and setting thresholds for the number
of transactions, volumes, or restricting the product to certain customer
sectors.

Certified Anti-Money Laundering Specialist Page 287

Version 7.0
Design Your AFC Program and
Controls

Introduction

Introduction: Design your AFC program and

controls
An AFC program is the cornerstone of financial crime risk management,
ensuring that organizations prevent, detect, mitigate, and report illicit financial
activities. Global standard setters and national regulatory bodies recommend
or mandate risk-based AML programs. Key program components
include CDD, EDD, ongoing monitoring, transaction reporting, risk
assessments, and governance oversight. Institutions must regularly update
policies to address evolving threats, regulatory changes, and emerging
technologies, such as AI-driven financial crime detection. A globally aware
AFC program fosters compliance, resilience, and financial integrity,
safeguarding institutions against money laundering, terrorist financing, and
sanctions violations.

Certified Anti-Money Laundering Specialist Page 288

Version 7.0
Case study: Lack of governance at a
Canadian bank
In December 2023, the Financial Transactions and Reports Analysis Centre of
Canada (FINTRAC) imposed a CA$7.475 million fine on Royal Bank of Canada
(RBC) for non-compliance with the Proceeds of Crime (Money Laundering)
and Terrorist Financing Act.

The regulator discovered AML/CFT deficiencies during its compliance

examination in 2022. Key failures included:

• RBC failed to file 16 SARs, despite reasonable grounds to suspect that

transactions were linked to money laundering activities. In other cases,
SARs were filed in a way inconsistent with prescribed regulatory standards.

• RBC lacked adequate documented governance for developing, updating,

and implementing AML/CTF policies and procedures.

• RBC had incomplete procedures for identifying suspicious activity and

filing STRs. In addition, the bank kept inconsistent guidance on SAR filings
that did not incorporate FINTRAC’s “reasonable grounds” threshold.

This case illustrates how weak oversight can create gaps in key financial crime
controls. Due to inadequate governance, RBC failed to develop, update, and
implement appropriate policies and procedures. The bank did not file SARs as
required by law. It suffered financial consequences and reputational damage
from the enforcement action. AML policies must be dynamic and risk-based.
Financial institutions must continuously update governance frameworks to
align with evolving AML/CFT risks.

To ensure strong AML/CFT governance, boards of directors and senior

leadership must actively oversee AML compliance. AML/CFT policies should
be regularly reviewed and updated to reflect new regulatory requirements.
Regular, independent audits and testing should be done to ensure
governance structures remain effective.

Certified Anti-Money Laundering Specialist Page 289

Version 7.0
Key takeaways

• Weak governance might lead to compliance failures and regulatory fines.

• Regulators expect dynamic, risk-based AML policies.

• Senior leadership must be directly involved in oversight of AML programs.

• Periodic audits ensure governance effectiveness and prevent regulatory

breaches.

Certified Anti-Money Laundering Specialist Page 290

Version 7.0
Governance and oversight

Need for AFC policies and procedures

Policies and procedures are essential guidelines on managing risks for an AFC
compliance program. In general, policies translate legal and regulatory
requirements as applicable to the organization. Procedures are the step-by-
step instructions on how to implement policies. Policies and procedures
generally include requirements for oversight at senior levels.

Drafting AFC policies and procedures

AFC policies and procedures form the core of an organization’s AFC
compliance framework, ensuring effective risk management, adherence to
regulations, and operational integrity. These policies must be clear, risk-based,
and adaptable to evolving business models while aligning with global and
jurisdictional AFC standards.

What are AFC policies and procedures?

• Policies establish the principles, objectives, and regulatory obligations for

AFC compliance. They translate legal and regulatory requirements into
business-specific commitments.

• Procedures provide detailed, step-by-step implementation guidance to

ensure policies are applied consistently across different business units and
jurisdictions. Separate procedures are often written for a policy to tailor its
execution to various business units and jurisdictions.

Why are AFC policies and procedures important?

• Policies and procedures ensure regulatory compliance. Institutions

typically choose to align their policies with FATF Recommendations, Basel
Committee on Banking Supervision (BCBS) guidelines, national AML laws,
and regulatory expectations.

Certified Anti-Money Laundering Specialist Page 291

Version 7.0
• Policies ensure comprehensive coverage. They should cover all products
and services, including future offerings, to prevent compliance gaps.

• To follow a risk-based approach, policies must be tailored to institutional

risk exposure, customer profiles, and geographic risk factors.

• To demonstrate proper governance and accountability, a structured policy

framework ensures clear roles, responsibilities, and oversight mechanisms
for compliance management.

Organizations should maintain a clearly defined protocol to identify when a

new policy must be adopted, as well as the process for drafting, approving,
and updating it.

Good policies should include provisions for addressing any exceptions or

exemptions and should clearly assign responsibilities to specific people or
roles. They should also provide a schedule for reviewing the policy, typically on
an annual basis, and stipulate events that would trigger an ad hoc review and
update. Examples include the introduction of a new product or the
occurrence of a relevant regulatory event. Detailed implementation guidance
is provided in procedures, which are typically tailored to specific business units
or other entities. In this way, changes in procedures can be made quickly to
reflect changes that do not impact the entire organization.

How are AFC policies designed and implemented?

• Using a risk-based approach, organizations should customize policies

based on customer, product, and transaction risks.

• To ensure jurisdictional compliance, multinational organizations must align

policies with country-specific laws, while maintaining global AFC principles.
This may result in implementing higher standards in some jurisdictions to
maintain global consistency.

• To govern exceptions and dispensations, deviations from policy must be

documented, justified, and approved by governance bodies. Where
appropriate, dispensation may be provided for a specific time. Any known
gaps in implementing policies must be documented and addressed within
a reasonable period. A record of issues and policy violations may be
centrally maintained for effective governance and oversight.

Certified Anti-Money Laundering Specialist Page 292

Version 7.0
• When implementing new policies, organizations typically include a
transition period, such as six months, to allow for:

o Gap analysis and business risk assessment.

o System, procedural, and process updates

o Training and staff education.

By developing clear, enforceable, and adaptable AFC policies, financial

institutions strengthen compliance, mitigate financial crime risks, and ensure
operational resilience.

Maintaining effective AFC policies and

procedures
Regulated organizations are required to maintain written AFC policies and
procedures that mitigate and manage the risks of money laundering and
terrorist financing. Organizations should regularly review and update these
policies and procedures, typically on an annual basis, although the nature of
the risks the organization is encountering should drive the frequency.

Organizations should also conduct reviews in response to events that might

change their risk profile, such as a new business or jurisdiction, or the results of
an audit or regulatory examination. Failure to update policies on a continuous
basis might result in a failure to address new risks until the next scheduled
review.

Additionally, organizations need to maintain awareness of emerging issues

and regulatory activity. This “horizon scanning” is particularly important
because the AFC environment is highly dynamic. It could take many months
or even years to implement new processes. Proactive horizon scanning helps
organizations plan, resource, and implement new policies in a timely and
effective manner.

The development and approval of policies should include the participation of

legal counsel, other internal stakeholders, and external experts where
appropriate. Once approved, policies and procedures should be accessible to
all employees on an ongoing basis. Organizations should approve, document,
and promptly communicate to their staff any changes to policies and
procedures.

Certified Anti-Money Laundering Specialist Page 293

Version 7.0
AFC policies and procedures should be tailored to the specific risk profile, risk
appetite, and size of the organization. Global organizations should conduct
gap analyses as part of their review and horizon scanning processes to ensure
the policy covers relevant local regulations in the jurisdictions in which they
operate. This may also require regional or local policies and procedures to
reflect the local laws, regulations, and risks, as long as they do not conflict with
the organization's global policy.

Governance committees and their

functions
Governance committees provide strategic oversight, decision-making
authority, and accountability in an organization’s financial crime compliance
framework. They ensure that AFC policies and procedures are aligned with
regulatory requirements and risk management objectives, while supporting
effective escalation, review, and enforcement processes.

Governance committees must be structured based on an organization’s risk

profile, regulatory obligations, and operational needs.

Each committee must operate under a terms-of-reference document, which

outlines its mandate, responsibilities, and authority. The committee must
formally record meeting minutes for regulatory audits and internal
governance reviews. Meeting minutes typically include decisions made,
objections raised, and how the objections were dealt with.

Examples of key committees include the:

• Board risk committee: This committee is typically led by one or more board
members. It provides strategic oversight of AFC risks, ensuring policies
align with global and jurisdictional regulations. The terms and the chair may
escalate items for the board’s attention.

• AML governance committee: This committee may be led by the second

line and oversees enterprise-wide AML/CFT risk management, internal
controls, and AML/CFT program effectiveness. It considers progress in
reviewing alerts, volumes, and categories of alerts that resulted in SARs,
results of audits and assurance reviews, and emerging risks.

Certified Anti-Money Laundering Specialist Page 294

Version 7.0
• High-risk customer review committee: This committee assesses
onboarding and ongoing due diligence for PEPs, correspondent banks, and
other high-risk clients. It is typically led by business leaders, with AFC
compliance teams forming part of the quorum.

• Sanctions oversight committee: While AFC committees typically include

sanctions oversight, there may be a need for a separate committee based
on the organization’s risk exposure. It ensures compliance with global
sanctions programs, watchlist screening, and escalation procedures.

Quora for governance committees typically include:

• Board members or senior executives to provide strategic oversight and

resource allocation for AFC compliance.

• The chief compliance officer, MLRO, or their delegates to lead AFC policy
execution, risk assessments, and regulatory engagement.

• The first line of defense risk owner and operational leaders who implement
AFC policies in daily operations.

• The second line of defense to provide independent oversight, policy

enforcement, and risk assessments (in addition to the MLRO, if needed).

• The third line of defense to report independent audits and ensure

compliance effectiveness, where appropriate, while maintaining
independence.

By ensuring structured, well-documented, and effective governance

committees, financial institutions strengthen AFC compliance, regulatory
engagement, and risk management oversight.

During regulatory exams, the robustness of the governance structure

demonstrates the strength of the AML programs. Examiners may request
terms of reference and inputs via papers and meeting minutes, and present
them as evidence of the effectiveness of the AFC program.

Certified Anti-Money Laundering Specialist Page 295

Version 7.0
Internal reporting to governance
committees
Internal reporting to governance committees is a critical function of an
institution’s AFC compliance framework. It ensures that senior leadership has
accurate, timely, and data-driven insights to support decision-making, risk
management, and regulatory compliance. Internal reports help identify
financial crime risks, assess control effectiveness, and maintain regulatory
accountability.

Internal reporting enhances risk oversight and ensures compliance by

enabling governance committees to proactively address financial crime
threats and regulatory obligations. In addition, these reports inform customer
risk-ratings, policy revisions, and AFC resource allocation. By ensuring
regulatory and audit readiness, internal reports demonstrate an organization’s
commitment to transparency and compliance monitoring.

Internal AFC reports usually contain:

• Key risk indicators (KRI) are quantitative and qualitative metrics assessing
AFC risks, including suspicious transaction volumes and trends, due
diligence review backlog, and monitoring system deficiencies.

• Key performance indicators (KPI) are measures of AFC control

effectiveness, such as SAR filing timelines, false positive reduction rates in
screening, and alert resolution times.

• Regulatory and compliance updates should include summaries of new AFC

regulations, enforcement trends, and emerging risks, to ensure that
policies remain aligned with current legal obligations. Horizon scanning for
emerging risks and trends is particularly important because it requires
considerable lead time and resource planning.

• Regulatory examination reports, audit findings, and internal risk

assessments: Reports on regulatory examination preparation and findings,
internal and external audit outcomes, identified compliance gaps, and
corrective action tracking.

• High-risk customer and transaction reports include assessments of

onboarding decisions and due diligence. In some cases, committees might

Certified Anti-Money Laundering Specialist Page 296

Version 7.0
 express opinions on whether to onboard or exit a particular customer
based on risk profiles and other factors.

By ensuring structured, transparent, and risk-focused internal reporting,

financial institutions improve governance accountability, regulatory
compliance, and financial crime risk mitigation.

Regulatory reporting for AFC compliance

Regulatory reporting is a critical obligation for financial institutions worldwide,
ensuring compliance with AFC laws, financial transparency, and risk mitigation.
Each jurisdiction typically enforces unique reporting rules, filing deadlines, and
disclosure requirements. Non-compliance can lead to severe financial
penalties, reputational harm, and regulatory enforcement actions.

Types of AFC regulatory reports include, but are not limited to:

• Ongoing reports: These include suspicious activity reports and current

threshold reports, which are required when suspicion or certain thresholds
are triggered.

• Periodic reports: These include annual MLRO reports and other regular
reports for which regulatory bodies mandate cadence, format, and
deadlines.

Ongoing reports include, but are not limited to:

• SARs: These are required when a transaction appears unusual, lacks an

economic rationale, or raises AFC concerns. Deadlines vary globally.

• CTRs: These reports are mandated for cash transactions above country-
specific thresholds. For the US, the requirement is any cash transaction
that exceeds US$10,000 in a single day. The EU and Middle East have
varying limits.

• Sanctions reports: These are filed when a customer, transaction, or entity is

linked to a sanctioned individual, organization, or country based on UN,
OFAC, EU, or national sanctions lists.

• Cross-border transfer reports: These are required for tracking international

transactions exceeding defined thresholds to monitor illicit financial flows,
trade-based money laundering, and terrorist financing.

Certified Anti-Money Laundering Specialist Page 297

Version 7.0
• Beneficial ownership reports: These are enforced in many jurisdictions to
expose hidden ownership structures and shell company misuse.

Jurisdiction-specific examples of regulatory reports include, but are not

limited to:

• European Union:

o Markets in Financial Instruments Directive II (MiFID II) transaction reports:

Describe financial transactions for market integrity monitoring.

o 6AMLD Reports: Focus on uniform definitions of predicate offenses and

extended liability across member states.

• United States:

o FinCEN Form 8300: Reports cash payments exceeding US$10,000

received in trade or business.

o FinCEN 314(a) request: Enables information sharing between financial

institutions and law enforcement.

• United Kingdom:

o REP-CRIM report: Describes criminal activities detected within the

financial institution.

o Annual MLRO’s report: Summarizes the organization’s AFC compliance

activities, highlighting trends, risks, and mitigation measures.

Regulatory reporting requirements include, but are not limited to:

• Accuracy and completeness: Reports must contain detailed, verifiable data

to prevent errors, regulatory scrutiny, and reporting breaches.

• Timeliness: Filing deadlines differ globally, and institutions must ensure swift
and precise submission.

• Confidentiality and anti-tipping off: Disclosure of SAR details is strictly

prohibited to prevent interference with law enforcement investigations.

By aligning regulatory reporting processes with jurisdictional requirements,

institutions strengthen financial integrity, regulatory cooperation, and financial
crime prevention efforts.

Certified Anti-Money Laundering Specialist Page 298

Version 7.0
Responding to regulator requests
Responding to regulator requests is a crucial element of an organization’s AFC
compliance program, underscoring the need for transparency, collaboration,
and accountability. Effective engagement with regulators helps to avoid
penalties, while demonstrating a culture of compliance that fosters long-term
trust and credibility. It is also a key part of the cooperative effort between
regulators and industry to combat money laundering, terrorism financing, and
other financial crimes.

Regulators may conduct routine examinations or targeted investigations,

assessing whether institutions adhere to local and global AFC mandates. In
some cases, a monitorship may be imposed following serious compliance
breaches, requiring the institution to correct shortcomings under strict
regulatory supervision. By cooperating fully and addressing identified gaps
promptly, organizations reduce reputational and operational risks.

Jurisdictions often grant regulators special provisions to obtain relevant

records and information. For example, in the UK, Section 166 of the Financial
Services and Markets Act 2000 allows regulators to demand data on
customer files, transactions, or risk management processes. Organizations
must maintain accurate records and structured governance to quickly
comply with such requests and demonstrate robust AFC controls.

Best practices for engaging with regulators include the following:

• Preparedness and data integrity: Keep customer due diligence files,

transaction logs, and audit trails up to date, facilitating timely and accurate
submissions.

• Designated liaison: Centralize regulator interactions under a head of

compliance or similar role, ensuring efficient and consistent
communication.

• Timely and transparent responses: Provide complete information before

deadlines, proactively disclosing potential delays or challenges to build
regulatory trust.

• Remediation and monitoring: Develop corrective action plans, report

progress, and strengthen AFC frameworks to prevent repeat findings.

Certified Anti-Money Laundering Specialist Page 299

Version 7.0
By responding promptly to regulator requests, organizations reinforce AFC
commitments, mitigate compliance risks, and maintain strong supervisory
relationships that bolster financial integrity.

Certified Anti-Money Laundering Specialist Page 300

Version 7.0
Implementation of AFC program
and controls

Controls across the customer lifecycle

A well-structured control framework supports AFC compliance, ensuring that
financial institutions effectively identify, assess, and mitigate financial crime
risks at every stage of the customer lifecycle. With evolving global regulations
and emerging financial crime threats, institutions must use controls to assess
risk, meet their obligations, and protect financial integrity.

The customer lifecycle consists of the following controls:

1. Identity and verification as part of KYC/CDD at onboarding:

• Identity verification: Validate customer identity through government-

issued documents, biometric authentication, and technological
onboarding solutions.

• Risk profiling: Assess customer risk based on transaction behavior,

industry type, and jurisdictional exposure to assign a risk rating.

Certified Anti-Money Laundering Specialist Page 301

Version 7.0
 • Beneficial ownership review: Investigate complex corporate structures
to identify ownership and control.

2. Screening at onboarding:

• Sanctions screening: Cross-check customer details against applicable

lists, such as those from the UN, OFAC, EU, and local authorities. If a true
match is confirmed, onboarding cannot proceed.

• PEP screening: Identify whether the customer is a PEP—or a relative or

close associate of a PEP.

• Adverse media checks: Flag potential reputational risks and legal

controversies linked to the customer.

3. EDD for high-risk customers:

• Source of wealth and funds verification: Ensure high-risk clients have

legitimate financial sources.

• Additional EDD measures: Apply relevant additional measures based on

products offered and their associated risks.

4. Transaction monitoring and payment screening:

• Ongoing control that analyzes a customer’s historical activity to detect

unusual or complex patterns that could indicate money laundering or
tax evasion.

• Geopolitical and sanctions compliance: Flag payments linked to high-

risk jurisdictions or restricted entities.

5. Ongoing screening:

• Batch screening: Performed on an ongoing basis, typically daily, to

ensure that any changes to sanctions lists are checked against the
organization’s list of clients.

• PEP and adverse media screening: Repeated on an ongoing basis to

identify and declassify PEPs and to identify any new adverse media
against existing clients.

6. Investigations and regulatory reporting:

• Ongoing controls: Begin when concerns are raised during a KYC

refresh, when alerts are triggered through transaction monitoring, or
when front office staff identify suspicious behavior.

Certified Anti-Money Laundering Specialist Page 302

Version 7.0
 • Escalation and case management: Depending on the organization’s
procedures, the case may need to be escalated to the second line.

• SAR filing: Report suspicious activities to the appropriate FIU.

7. Periodic review and ongoing due diligence:

• Scheduled KYC refreshes: Conduct mandatory data updates based on

risk levels and evolving regulatory expectations.

• Continuous risk assessments: Adjust customer profiles and transaction

limits based on information or behavioral shifts.

• Ongoing risk monitoring: Apply continuous surveillance and deeper

transaction scrutiny to mitigate exposure.

• Dynamic risk management: Sophisticated processes, such as perpetual

KYC, involve continuously monitoring data to identify changes and
trigger a KYC refresh.

8. Customer offboarding and exit strategy:

• Risk-based account closure: Based on reporting obligations, the

organization might need approval to offboard customers due to
suspected illicit activity or noncompliance risks. Exits based on a
mismatch in risk appetite should be reviewed and decided on a case-
by-case basis.

By implementing dynamic, risk-based measures and leveraging advanced

technologies, financial institutions enhance AFC controls and align with
international AFC obligations.

Certified Anti-Money Laundering Specialist Page 303

Version 7.0
Onboarding AFC controls

The KYC process

With evolving global regulatory frameworks, financial institutions must
implement risk-based due diligence to prevent financial crime. The KYC
process is a core requirement in AFC compliance, ensuring financial
institutions identify, verify, and assess customer risks before establishing or
maintaining business relationships.

For specific customer profiles, such as PEPs, high-net-worth individuals, and

customers from high-risk jurisdictions, a pre-KYC onboarding committee
might assess suitability before formal identification. The committee typically
includes compliance experts, risk managers, legal advisors, and business unit
leaders, who collectively evaluate jurisdictional risks, business activities, and
strategic fit. The outcome determines whether customers proceed to full KYC
and what level of due diligence—standard or enhanced—is required. This step
ensures efficient resource use, early risk mitigation, and regulatory alignment
by filtering out unsuitable clients early in the process.

Certified Anti-Money Laundering Specialist Page 304

Version 7.0
KYC at onboarding

The typical KYC/CDD process consists of the following steps:

• Identity and verification (ID&V):

o Identification is the collection of personal and business details, including

name, date of birth, nationality, address, tax identification number, and
company registration data.

o Verification is the authentication of provided information using

government-issued documents, biometric authentication, AI-driven
verification tools, and forensic analysis of identification records.

o Organizations must understand and obtain information, as appropriate,

on the purpose and intended nature of the customer’s relationship with
the organization.

o Enhanced regulations require organizations to determine the ultimate

beneficial owners (UBOs) of corporate accounts.

• Screening is conducted prior to onboarding to determine risk:

o Sanctions screening is when customer details are cross-checked

against UN, EU, OFAC, and national sanctions lists to detect high-risk
entities.

Certified Anti-Money Laundering Specialist Page 305

Version 7.0
 o Adverse media monitoring is conducted to identify links to financial
crime, corruption, and fraudulent activities.

o PEP screening is when organizations determine whether the individual

or beneficial owner is a PEP, or the relative or close associate of a PEP.

• Risk assessment:

o Customers may be assessed for risk and assigned low-, medium-, or

high-risk status based on industry type, jurisdictional exposure, and
transaction behaviors. More advanced approaches may provide a risk
score from 1 to 100, allowing for a more nuanced application of the risk-
based approach.

o Customers deemed high risk are typically examined more deeply

through enhanced due diligence. Customers deemed standard risk,
which includes low and medium risk, also undergo a due diligence
process.

• EDD:

o EDD involves verifying source of wealth and source of funds more

deeply, examining and verifying any claims through supporting
documentation.

• Potential rejection:

o If, upon conducting due diligence, the organization is not comfortable

with the level of risk a client presents, it might request additional
documentation. Ultimately, if additional information also does not
suffice, the organization might reject the customer to protect itself.

• Ongoing due diligence, screening, monitoring, and KYC refresh:

o In addition to due diligence at onboarding, organizations apply risk-

based KYC refresh cycles periodically based on customer category and
jurisdictional requirements. These refreshes ensure that the
organization is noting any changes in the customer’s or business’s
circumstances and updating the risk rating appropriately. If the refresh
presents a higher degree of risk, enhanced due diligence may be
triggered.

o Organizations also conduct screening for sanctions, PEPs, and adverse

news on an ongoing basis. The organization must screen each

Certified Anti-Money Laundering Specialist Page 306

Version 7.0
 transaction the customer carries out to detect any sanctions exposure.
If it detects such exposure, the organization blocks payments and
escalates to establish further steps.

o Monitoring transactions for patterns of suspicion allows the organization

to detect anomalous behaviors, trigger alerts, and adjust risk profiles
dynamically. Traditionally, organizations have used rules-based systems.
Now, they may either complement or replace such systems with AI-
based systems to achieve better efficiency and effectiveness.

By adopting a comprehensive, risk-based KYC framework, financial institutions

enhance AFC compliance, mitigate financial crime risks, and align with
evolving international regulatory obligations.

Customer risk assessment

A customer risk assessment (CRA) is a compliance process that determines
the financial crime risk posed by a customer. A CRA evaluates multiple risk
factors to determine the appropriate level of monitoring and scrutiny required
for each customer.

Key risk elements include:

• Customer profile: Include natural person or legal person, ownership

structure, nature of business, industry, and presence of PEPs.

• Jurisdiction: Consider whether a customer is from or conducts business

in high-risk jurisdictions, as identified in FATF grey and black lists or the lists
from OFAC, the EU, and local regulators.

• Product: Consider how the products or services the customer uses could
be misused for financial crime. Examples include correspondent banking,
private wealth management, cryptocurrency, and trade finance.

• Delivery channel: Consider whether the customer is onboarded in person

or online. Transactions conducted without face-to-face interaction tend to
be higher risk.

• Transactional behavior: Identify deviations from expected transaction

patterns, unexplained high-volume cross-border transactions, or the use
of complex payment structures.

Certified Anti-Money Laundering Specialist Page 307

Version 7.0
The CRA follows a structured approach to ensure risk factors are accurately
measured and classified. The steps include:

• Data collection: Gather KYC and CDD information, including customer

identity, business activities, beneficial ownership, and transaction purposes.

• Risk scoring: Assign weighted risk scores based on jurisdictional,

transactional, and behavioral factors.

• Risk classification: Group customers into risk categories—such as low,

medium, or high-risk—which guide monitoring intensity.

• Approval process: Senior compliance officers review high-risk customer

profiles before final onboarding or continued engagement.

Typically, CRAs are conducted at these phases in the customer lifecycle:

• Initial CRA: Conducted at onboarding to establish a customer’s baseline risk

profile. For new customers, transaction patterns are typically unknown at
onboarding.

• Ongoing CRA: Triggered by material changes, such as a shift in business

activity, ownership, or jurisdiction, or by suspicious activity reported

• Periodic CRA: Scheduled reviews based on risk level, with high-risk

customers assessed more frequently.

Certified Anti-Money Laundering Specialist Page 308

Version 7.0
By implementing a robust CRA framework, financial institutions enhance
financial crime detection, regulatory compliance, and risk management
strategies.

KYC for a natural person

The KYC process for a natural person is a critical element of AFC compliance,
ensuring that financial institutions accurately verify a customer’s identity,
assess risk exposure, and monitor financial activities. The process consists of
the customer identification program (CIP) and additional due diligence. As
global regulations evolve, financial institutions benefit from adopting
advanced identity verification methods, risk-based monitoring, and beneficial
ownership transparency measures to strengthen compliance frameworks.

CIP is the first step in KYC, requiring financial institutions to collect and verify
the identity of individual customers. Core requirements for verifying a natural
person’s identity include:

• Full legal name, as per government-issued ID

• Date of birth, confirming age and identity legitimacy

• Nationality and residential address, confirming proof of residence

• Government-issued identification, such as a passport, national ID, or

driver’s license

• Tax Identification Number (TIN), Social Security Number (SSN), or

equivalent

The requirements for identifying a customer vary by jurisdiction. CIP ensures

that only legitimate customers access financial services, while reducing
identity fraud and financial crime risks.

CDD assesses the customer’s risk level, financial behavior, and expected
transactions, including, but not limited to:

• Employment and income information.

• Source of funds and transaction activity.

• Account’s purpose and expected activity.

Certified Anti-Money Laundering Specialist Page 309

Version 7.0
CDD is mandatory for all customers, with ongoing monitoring to ensure
compliance with evolving AFC regulations.

EDD is typically required for high-risk customers, such as PEPs or individuals

operating in high-risk jurisdictions. EDD includes, but is not limited to:

• Comprehensive source of wealth and funds verification.

• Enhanced transaction monitoring and more frequent reviews.

• Additional adverse media screening.

• More frequent sanctions screening against UN, EU, and OFAC watchlists.

By implementing dynamic, risk-based KYC controls, financial institutions

enhance AFC compliance, mitigate illicit finance risks, and uphold regulatory
obligations.

KYC for a legal person

The KYC process for a legal person ensures that financial institutions verify
corporations, partnerships, trusts, and other legal entities to prevent financial
crime. KYC for legal persons consists of CIP, CDD, and EDD for high-risk
entities.

The CIP establishes the legal entity’s identity by collecting and verifying:

• Registered business name and legal entity type, such as a corporation,

partnership, trust, or others.

• Business Registration Number (BRN) and jurisdiction of incorporation.

• Tax identification number (TIN) or equivalent.

• Principal place of business and contact information.

• Certified articles of incorporation, business license, or trust deeds.

CIP is the cornerstone of any AFC compliance program to help ensure that
only legitimate legal entities gain access to financial services, thereby
reducing financial crime risks including fraud, and exploitation by illicit financial
networks.

Certified Anti-Money Laundering Specialist Page 310

Version 7.0
CDD assesses the entity’s structure, ownership, and transaction patterns,
including:

• Nature of business and industry classification.

• Expected transaction volumes and financial activities.

• Identification and verification of beneficial owners (BO) and ultimate

beneficial owners (UBO).

• Verification of directors, senior management, and authorized signatories.

CDD is mandatory and varies based on entity risk, jurisdictional requirements,

and regulatory expectations.

Legal persons that pose a higher financial crime risk require EDD, which
includes:

• Complex corporate structure analysis, such as multiple layers of owners, or

offshore holdings.

• Source of funds and source of wealth verification.

• PEP and sanctions screening for beneficial owners and directors, is

required for all customers.

• More frequent monitoring and ongoing transaction reviews.

A holding company with opaque ownership and nominee shareholders would

face greater scrutiny than a locally registered company with a clear
ownership structure. Companies in certain industries, such as MSBs, arms
manufacturers, mining companies, gaming and gambling organizations,
correspondent banks, and high-value asset dealers, might encounter higher
financial crime risks.

Through the embedding and implementation of a risk-based approach to

KYC processes, financial institutions can manage and mitigate financial crime
risks more effectively, ensure adherence to regulations, and demonstrate
strong overall AFC compliance to investors and customers.

Certified Anti-Money Laundering Specialist Page 311

Version 7.0
Additional onboarding controls for high-risk
scenarios
Regulatory frameworks such as FATF Recommendations, EU AML Directives,
and FinCEN regulations require a risk-based approach to onboarding,
ensuring that higher-risk customers undergo additional scrutiny before
gaining full access to financial services.

Customers might be classified as high-risk based upon:

• Geographic risk: Operating in or transacting with sanctioned jurisdictions or

high-risk countries identified by OFAC, EU, or other regulators

• Industry risk: Engaging in cash-intensive or high-risk businesses such as

money services, cryptocurrency exchanges, gambling, arms trading, and
luxury goods

• PEPs: Individuals with heightened bribery and corruption exposure due to

public office roles

• Complex ownership structures: Entities with offshore holdings, nominee

directors, or unclear UBO

• Adverse media: Customers linked to adverse media reports, undergoing

legal proceedings, regulatory fines, or financial crime investigations

Financial institutions might apply temporary or permanent restrictions.

Temporary controls might be applied until EDD is completed, such as limited
account functionality. Permanent controls would be applied continuously for
customers that have been labeled high-risk.

Examples of these restrictions include:

• An additional source of funds and wealth verification that requires detailed

documentation of financial sources before transacting further.

• Transaction and product restrictions, such as limiting high-risk products,

services, and transaction volumes.

• Senior management approval, such as mandating compliance committee

or board approval before account activation.

Certified Anti-Money Laundering Specialist Page 312

Version 7.0
• Extended review and monitoring periods to include longer compliance
review timelines and heightened transaction monitoring.

• Regular audits and compliance meetings scheduled between the

customer and financial institution to oversee and ensure the customer’s
internal controls, systems, and reporting of compliance issues are
adequate and effective.

By integrating risk-based onboarding controls, financial institutions enhance

compliance, reduce regulatory exposure, and safeguard financial integrity.

Function of quality control

Quality control (QC) is a critical function within an AFC compliance framework.
It ensures accuracy, consistency, and regulatory adherence in KYC, CDD, and
transaction monitoring outputs. By detecting errors, inconsistencies, and
potential non-compliance, QC strengthens the risk-based approach required
by regulators.

QC might be confused with quality assurance (QA). Although QA and QC both

enhance compliance efficiency, they serve different purposes. The purpose
of QA is to ensure that policies and procedures are properly executed and
that processes are continuously improved. QC ensures that outputs meet the
required standards.

For example, examining PEP files (the output) to ensure all requisite data
points are accurately captured would be part of the QC function. Examining
the PEP due diligence process, the underlying procedures, and the actions
(the process) would be part of the QA function.

The primary objectives of QC in AFC compliance include:

• Error detection and correction by identifying incomplete, incorrect, or

outdated KYC records.

• Adherence to regulations by ensuring compliance with global and

jurisdictional AFC requirements.

• Output standardization by enforcing uniform KYC, risk assessment, and

documentation standards.

Certified Anti-Money Laundering Specialist Page 313

Version 7.0
• Training and continuous improvement by enhancing staff competency
and highlighting any weaknesses.

To enhance QC effectiveness, financial institutions should:

• Conduct regular KYC reviews by systematically auditing customer files and

risk assessments.

• Consider automation by utilizing the latest tools and technologies, such as

AI, to flag inconsistencies and missing data.

• Establish independent QC teams to ensure unbiased oversight of outputs.

• Enhance internal reporting by tracking QC trends, common deficiencies,

and corrective actions.

By implementing structured QC mechanisms, financial institutions reduce

compliance risks, improve regulatory adherence, and strengthen financial
crime prevention efforts.

Certified Anti-Money Laundering Specialist Page 314

Version 7.0
Ongoing AFC controls

Ongoing due diligence

Ongoing due diligence is a process that ensures financial institutions regularly
update customer risk assessments, monitor customer transactions, and
identify suspicious behavior to maintain compliance with AFC regulations.
Unlike the customer due diligence undertaken at onboarding, ongoing due
diligence is an evolving process that responds to risk changes, financial crime
threats, and regulatory developments. Ongoing due diligence consists of
several critical monitoring mechanisms, including periodic KYC reviews,
trigger event reviews, real-time payment screening, batch screening,
perpetual KYC, and advanced compliance technologies.

Periodic KYC reviews take place at regular intervals, based on the customer’s
risk level. Financial institutions must review and update customer information,
ownership structures, business activities, and risk classifications. For example:

• High-risk customers are typically reviewed annually.

• Medium-risk customers are typically reviewed every two to three years.

Certified Anti-Money Laundering Specialist Page 315

Version 7.0
• Low-risk customers are typically reviewed every three to five years.

Trigger event reviews might occur whenever significant changes impact a

customer’s risk profile. Examples of trigger events include:

• Business restructuring, changes in ultimate beneficial owners, relocation to

a high-risk jurisdiction, or establishing new trading partners in high-risk
jurisdictions.

• Unusual transaction behavior, such as unexpected high-value deposits, or

rapid movement of funds.

• Emerging adverse media reports, regulatory sanctions, or criminal

investigations.

• Static data changes, such as an address change or relocation of

headquarters.

Transaction monitoring and screening mechanisms can be used for the

following:

• Real-time payment screening analyzes transactions to detect sanctions

violations and high-risk counterparties before the transactions are
completed.

• Batch screening involves the continuous checking of customer databases

against sanctions lists (such as the OFAC, UN, and EU lists), regulatory
enforcement notices, and negative media sources. It is designed to detect
changes that might have occurred after customers were onboarded.

Advanced compliance technologies can enhance ongoing due diligence via

the use of technology. For example:

• Perpetual KYC involves the use of data-driven triggers to update customer

risk profiles in real time, reducing reliance on periodic refreshes.

• Automated AI risk detection uses machine learning to enhance anomaly

detection, predictive compliance modeling, and real-time risk
management.

Certified Anti-Money Laundering Specialist Page 316

Version 7.0
Payment screening
Payment or transaction screening is the process of verifying transactions,
both incoming and outgoing, to prevent financial crime. It is a primary financial
crime control for organizations that facilitate the transfer of funds for their
customers, or on behalf of another entity. Organizations are required to
perform payment screening to prevent sanctions breaches and the financing
of terrorism.

Each entity handling the transaction in a payment chain is required to conduct

payment screening. The originating bank is the organization sending the
funds. The beneficiary bank is the organization receiving the funds on behalf
of its customers. Both organizations screen the payment against any relevant
lists.

Payment screening identifies the risk of individuals, entities, or jurisdictions for

payments an organization sends or receives. Payments carry varying levels of
risk that depend on several factors, such as jurisdiction and purpose of
payment.

A compliance officer must determine which transactions to accept based on

the organization’s risk appetite.

Payments are typically structured messages of data containing complete

information about the payment. Such information might include financial

Certified Anti-Money Laundering Specialist Page 317

Version 7.0
institutions involved, sending and receiving parties, amounts, dates,
currencies, address, and free text information. Each payment has multiple
messages. One message carries the transfer of funds information. The other
transaction messages are used to request and send instructions through the
payment network.

Payment screening is usually an automated, real-time process. This means

the system screens payments as they are initiated and before they are
completed. If the system identifies any preset match, the transaction will be
held, investigated, and, if necessary, blocked.

Payment screening systems, such as the one shown, match transactions

against list data. The matching configuration is based on message types and
fields within a message. The system compares entity names on the list to the
entity names on the transaction. Similarly, the system matches bank identifier
codes (BIC) on the sanctioned list against the sending and receiving BIC in the
payment message. The message type might identify the nature of the
payment. This could change the configuration. For example, if it is a trade
finance transaction, you would screen against dual-use goods lists as well as
additional high-risk vessel data.

Certified Anti-Money Laundering Specialist Page 318

Version 7.0
Batch screening
Batch screening is a critical process and component in AFC compliance,
allowing financial institutions to systematically review customer databases
against updated sanctions lists, PEP lists, and adverse media sources. Unlike
real-time transaction monitoring, batch screening is conducted at scheduled
intervals to detect newly sanctioned individuals, evolving high-risk customers,
and emerging financial crime threats.

Batch screening is essential for:

• Identifying emerging risks: Customers previously classified as low risk

might become high risk due to sanctions, criminal investigations, or political
exposure.

• Regulatory compliance: Financial institutions must comply with AFC

obligations outlined by FinCEN, OFAC, the EU AML Directives, or other
relevant regulatory bodies.

• Preventing financial crime: Batch screening helps identify links to money

laundering, terrorist financing, and fraud, ensuring institutions do not
inadvertently facilitate illicit transactions.

Batch screening follows a structured, automated process using compliance

software:

• Data extraction: Retrieving customer identities, identification numbers, and

associated business relationships from internal databases.

• List matching: Comparing customer details against international sanctions

databases, such as lists from the UN, EU, OFAC, and others; watchlists; and
adverse media sources.

• False positive resolution: Screening algorithms flag potential matches,

requiring manual verification by compliance teams. AI-driven technology
systems might risk-rate matches, offering a prioritized list.

• Escalation and reporting: High-risk entities are subjected to enhanced due

diligence, and where necessary, suspicious activity reports are filed with
FIUs if money laundering or other financial crime concerns arise. Sanctions
violations will be reported to the relevant regulatory bodies. Those
customers would typically be offboarded in accordance with the

Certified Anti-Money Laundering Specialist Page 319

Version 7.0
 organization's exit policy, subject to the necessary approvals and special
licenses for specific transactions linked to sanctioned individuals and
entities.

• AI-driven screening solutions: When appropriately tested and

implemented, an AI-driven system can provide improved accuracy,
reducing false positives and enhancing detection of hidden risks.

• Perpetual batch screening: Replaces periodic updates with continuous

real-time monitoring for faster risk detection.

• Jurisdictional mandates: Many regulators now require ongoing screening

to ensure compliance with AFC frameworks.

Politically exposed persons screening

PEPs are at heightened risk of involvement in bribery and corruption schemes
because of their access to public funds and legal tenders. For this reason,
screening customers to identify PEPs along with relatives and close associates
of PEPs, is a critical control in an anti-financial crime framework.

Different jurisdictions and regulatory bodies classify PEPs into the following
categories:

• Foreign PEPs include officials in foreign governments, such as heads of

state, senior politicians, military leaders, judicial officials, and high-ranking
members of state-owned enterprises.

• Domestic PEPs include officials who hold a high public office within the
country of an organization’s operation.

• International organization PEPs are executives and board members of

global entities, such as the UN, International Monetary Fund, and World
Bank.

FATF guidance provides that foreign PEPs should always be considered high
risk and subject to enhanced due diligence. For domestic and international
organization PEPs, FATF recommends that a risk assessment be conducted to
determine their level of risk and the appropriate level of due diligence.

Note that some jurisdictions extend PEP classifications to family members and
close associates because of their potential indirect involvement in financial

Certified Anti-Money Laundering Specialist Page 320

Version 7.0
crimes. However, PEP classifications vary globally. Additionally, some
jurisdictions classify individuals as PEPs for life, while others set an expiration
period after leaving office. Financial institutions should establish clear review
procedures that determine when to lift a PEP classification.

Many organizations select a third-party vendor to provide information about

potential PEPs. When this happens, organizations should follow appropriate
outsourcing procedures, because the outsourcing organization continues to
own the risk.

Regardless of whether PEP screening is done in-house or via a vendor, the

following areas should be considered:

• When to screen: In most jurisdictions, PEP screening must be done before

the customer becomes active, and customers should be rescreened on an
ongoing basis to check whether their PEP status has changed.

• Who to screen: Consider which parties to screen, particularly if customers

are corporate entities with multiple beneficial owners and associated
parties.

• Alert processing: Have a clear procedure and a team in place to clear the
PEP alerts. Consider the tolerance for false positives during this process.
There should also be a sign-off process for higher-risk PEPs.

• Testing: Implement a formal, ongoing testing process to ensure the

system continues to operate effectively and with QA checks.

• Other controls: Include enhanced due diligence processes on PEPs at

onboarding and throughout the customer life cycle. Consider what other
controls are needed for PEPs, such as specific transaction monitoring
rules.

Certified Anti-Money Laundering Specialist Page 321

Version 7.0
Adverse media checks
Adverse media checks—also known as negative news screening—
identify publicly available information linking individuals or entities to financial
crime risks. With the increasing de-escalation of fact-checking on social
media platforms, and the rise of automated software-as-a-service screening
solutions, financial institutions must take a risk-based approach to adverse
media screening, ensuring accurate and credible risk assessments.

Financial institutions must conduct adverse media screening to:

• Identify emerging risks: Customers might pose higher financial crime risks
or reputational risks due to negative media exposure, criminal allegations,
or regulatory investigations.

• Ensure compliance with global AFC regulations: FinCEN, the EU AML

Directives, and other regulatory bodies require financial institutions to
implement continuous media monitoring for high-risk customers.

• Strengthen risk-based AFC frameworks: Adverse media findings can

influence customer due diligence, enhanced due diligence, and ongoing
transaction monitoring.

It is important to note that not all negative media findings warrant an

increased risk rating.

Organizations must assess the following information:

• The credibility of the source: Reliable sources include regulatory reports,

major financial publications, and law enforcement notices. Unverified social
media posts and low-quality blogs should be carefully evaluated.

• The relevance to AFC risks: Does the media report indicate financial crime
violations?

• The timeframe: Older cases might hold less relevance, especially if legal
outcomes exonerated the individual or entity. However, if the allegations or
case relate to a senior manager or an individual that held a regulated role,
this must be considered.

• Any follow-up actions: Were legal proceedings dismissed? Were

regulatory fines settled? Were there any consequences for the individual

Certified Anti-Money Laundering Specialist Page 322

Version 7.0
 such as personal fines, imprisonment, or travel bans? Risk assessments
should reflect post-incident changes.

Challenges in automated adverse media screening solutions include:

• Social media misinformation: The decline in platform-driven fact-

checking increases the likelihood of false or misleading reports.
Organizations must agree to and prioritize verified sources.

• False positives and algorithmic bias: Automated screening tools

require refined filtering and compliance oversight to avoid
misidentification. If you determine that a match is not a true match, you
must document it and note the reason.

• Evolving regulatory expectations: Some jurisdictions now mandate real-

time monitoring instead of static or periodic adverse media screening
checks.

Certified Anti-Money Laundering Specialist Page 323

Version 7.0
Other due diligence requirements
that help to mitigate risks

Know your employee and vendor

Organizations need to address risks from employees who might commit
financial crimes or collaborate with criminals. A robust employee due diligence
program, also known as a know your employee (KYE) program, lowers those
risks. A know your vendor (KYV) program helps assess the risk of third-party
vendors. Vendors might offer items of value to influence the actions of your
employees, which leads to bribery and corruption risks.

Fraud can be committed by employees or vendors. To mitigate or control those

risks, organizations should have robust due diligence and monitoring programs at
onboarding and throughout the lifetime of the relationship.

Background checks are necessary for all new employees in accordance with
local employment laws and data protection laws. This might include contacting
former employers, conducting credit checks, sanctions and PEP screening, and
adverse media checks. While most organizations conduct these checks during
onboarding, checking to confirm compliance with policies and procedures
throughout the lifetime of the employee offers further assurance to
organizations.

Vendors might introduce fraud, data privacy, and security risks if they enter a
relationship with the organization with the intention to defraud or if the vendor
has incapable systems. During onboarding, organizations conduct due diligence
measures that typically include screening the organization and persons acting on
its behalf. For example, directors should be screened against sanctions, PEPs,
and adverse media lists using open-source intelligence, such as search engines.

To detect fraudulent activity or potential conflicts of interest, it is recommended

that organizations screen vendor staff names and dates of birth. If vendors
provide IT services that require access to the organization's IT infrastructure, the
organization should conduct a cybersecurity check to confirm compliance with
its policies.

Certified Anti-Money Laundering Specialist Page 324

Version 7.0
Transaction Monitoring and
Investigation

Introduction

Introduction: Transaction monitoring and

investigation
Transaction monitoring (TM) systems are the technological frameworks that
help financial institutions detect suspicious transaction patterns.

In this module, we will explore industry best practices and expectations for TM
systems. You will gain skills to evaluate transaction monitoring alerts and
understand the various types of investigations that might follow. This module
will also cover best practices in data analysis and documentation, equipping
you to conduct thorough AML investigations, and understand system tuning.

Case example: AML control failures at a UK

Bank
In 2021, the UK’s Financial Conduct Authority (FCA) fined National Westminster
Bank (NatWest) nearly £264.8 million for significant failures in its AML controls.
The fine was issued for failing to adequately monitor the activity of Fowler
Oldfield, a jewelry business involved in buying and selling gold.

Fowler Oldfield became a NatWest customer in 2011 when it was a small,

family-owned company. When NatWest took on Fowler Oldfield as a
customer, the bank initially thought it would not handle cash from the
business. However, between November 2012 and June 2016, Fowler Oldfield
deposited approximately £365 million with the bank, including £264 million in

Certified Anti-Money Laundering Specialist Page 325

Version 7.0
cash. In 2013, the customer began making large cash deposits, continuing this
practice for the duration of the relationship.

NatWest failed to monitor Fowler Oldfield’s activity on a risk-sensitive basis.

Weaknesses in NatWest’s automated transaction monitoring included:

• The bank’s system mislabeled cash deposits as check deposits, which

prevented these transactions from being monitored with more stringent
cash-specific monitoring rules. The “Security Blanket” monitoring rule
failed to detect suspicious activity because of mislabeling.

• For most of the relationship, NatWest had no check-specific monitoring

rules for high-risk customers, allowing millions of pounds in cash
transactions to go unmonitored.

• At times, the bank turned off monitoring alerts because too many alerts
were being generated.

Although bank staff raised and investigated several transaction monitoring

alert reviews to the AML investigations team, none of the investigations
prompted changes in Fowler Oldfield’s behavior and business model. The
investigations addressed repeated concerns that were fragmented because
the teams worked across multiple offices and did not share information.
Independent assessments had previously identified concerns, including issues
with customer risk ratings and risk assessments, lack of subject matter
expertise within the first line of defense, and insufficient differential
monitoring for high-risk customers.

Although NatWest was not complicit in money laundering, the court

emphasized that its failures were instrumental in facilitating illicit transactions.
This case marked the FCA's first criminal prosecution for AML violations and
highlighted the need for robust transaction monitoring systems and
adherence to risk-sensitive ongoing monitoring protocols.

Certified Anti-Money Laundering Specialist Page 326

Version 7.0
Key takeaways

• Ensure robust risk-sensitive transaction monitoring, especially for high-risk

customers.

• Correctly label transactions to avoid missed suspicious activities.

• Continuously update monitoring systems to adapt to changing customer

behavior.

• Avoid severe penalties and regulatory scrutiny through strong AML

controls.

Certified Anti-Money Laundering Specialist Page 327

Version 7.0
Transaction monitoring

Transaction monitoring controls

Organizations apply transaction monitoring controls to manage ongoing risks.
Transaction monitoring systems generate alerts when customer activity or
behavior is beyond normal parameters for the customer profile. The alerts are
reviewed to assess whether unusual behavior can be explained or if it is
potentially suspicious.

Transaction monitoring controls are typically automated, but staff can still
raise alerts manually, when needed. Traditionally, rules-based systems were
used. However, organizations are increasingly adopting AI-based controls to
improve suspicious activity detection.

A manual alert might be, for example, a report raised by the front office when
a cash deposit is made in a bank branch. However, an automated control
might be more targeted and more specific—for example, identifying and
alerting on all transactions in a particular currency for citizens of a particular
jurisdiction. This might be needed where currency control restrictions are
applied.

A threshold is criteria for behavior. A TM system might be applied to monitor

customer account activity, assessing transactions to and from customers, or
checking accounts, with specific thresholds for different types of customer
accounts.

An organization might choose to use one monitoring system or separate

systems to monitor transactions. Transactions completed by larger
customers, such as corporations or financial institutions, might be monitored
by the same system, but using different scenarios and thresholds.

Certified Anti-Money Laundering Specialist Page 328

Version 7.0
Transaction monitoring versus payment
screening
Organizations use transaction monitoring and payment screening to prevent
and detect financial crime and ensure regulatory compliance. While these two
processes are often confused, they differ in timing and scope.

Transaction monitoring is the continuous observation of customer

transactions after onboarding to identify unusual or illicit activity and the risk it
might have to the organization. It helps detect complex patterns that might
indicate money laundering, tax evasion, or other financial crimes. For example,
large transactions, frequent transfers, or transactions involving high-risk
jurisdictions might trigger alerts for further investigation.

If unusual or suspicious activity is detected and confirmed as potential money

laundering, a SAR must be submitted.

Sanctions, PEP, and adverse media screening occur before onboarding and
continue on an ongoing basis. Transactions monitoring begins only after
onboarding.

Transaction monitoring detects unusual or suspicious activity during or after

transactions occur. Payment screening identifies high-risk individuals and
entities, including the institution’s customers and the transaction
counterparties, before transactions are completed.

There are several types of screening, including:

• Name screening identifies individuals who might be at higher risk for

involvement in financial crime. It screens customers’ names against
watchlists including sanctions lists. It occurs prior to onboarding and on an
ongoing basis through batch screening.

• Payment or transaction screening reviews payments made and received

by customers. It reviews payments made to or from parties on sanctions
lists. If a match is detected, it is stopped and held until investigations are
complete.

• Adverse media screening reviews negative news about a customer,

beneficial owner, shareholder, or associated party, such as regulatory fines
or investigations.

Certified Anti-Money Laundering Specialist Page 329

Version 7.0
• PEP screening reviews customer names, payment details, adverse media,
and connections to PEPs.

Technology solutions for transaction

monitoring
Organizations are actively seeking and implementing solutions that generate
more useful alerts that reduce wasteful efforts caused by false positives. They
continuously improve their ability to manage financial crime risk by assigning
resources to mitigate genuine threats to the business. For example, intelligent
contextual analysis operates on a binary rule to check if a transaction exceeds
a threshold and meets additional criteria. These criteria might include changes
from a customer’s past behavior compared to their history and their peers, or
if the customer is transacting in a higher-risk industry sector.

Network analysis detects patterns among beneficiaries and others in a

customer's network, helping uncover connections that might otherwise go
unnoticed. These tools can automatically analyze transactions and identify
hidden links between customers without manual intervention. This saves a
significant amount of time by eliminating the need to manually track and trace
related transactions. These automated systems can check vast amounts of
data instantly. They can identify connections between corporate accounts
based on common data features, such as email domains, phone numbers, and
addresses. Manual checks of this data would be time consuming and labor
intensive. Technology developments in AI have improved this process,
equipping compliance staff with better tools in the fight against financial
crime.

AI-powered transaction monitoring is revolutionizing how organizations

prevent and detect fraud. By leveraging advanced algorithms and machine
learning techniques, these systems analyze vast amounts of transaction data
in real time. This helps organizations identify suspicious patterns and behaviors
that might indicate fraud or money laundering.

As transaction monitoring technologies evolve, AFC professionals should stay

informed about advances in AI, machine learning, and data analytics. These
professionals benefit from collaborating with IT, attending industry
conferences, and participating in training programs. Actively monitoring

Certified Anti-Money Laundering Specialist Page 330

Version 7.0
technology developments will help them adopt effective solutions, enhance
detection, and adapt to emerging fraud and money laundering risks.

Implementing AI solutions comes with its own risks. These solutions must be
tested with diverse data sets to help eliminate bias. They should also be
explainable, transparent, and relevant to the organization’s specific context.
With proper care and diligence, AI can support effective financial crime risk
management.

Transaction monitoring system tuning

TM system tuning is the process of refining and adjusting parameters and
thresholds of specific detection logic rules, or scenarios. Scenarios are
designed to detect suspicious activities and abnormal transaction behaviors,
such as money laundering, fraud, or other illicit activities. Tuning is important
because it:

• Ensures the TM system effectively detects suspicious activity.

• Reduces false positives.

• Ensures efficient resource use.

• Allows organizations to manage changes in financial crime and in their

business operations.

• Ensures regulatory compliance.

Tuning involves four key components: scenario setting, customer

segmentation, threshold setting, and frequency.

Scenario setting involves creating, modifying, or removing detection rules and

scenarios based on previous experiences with suspicious activity and actual
incidents. Threshold setting defines the minimum level of activity required for
a transaction to trigger an alert. For example, the threshold for reporting a
CTR might be any currency transaction that exceeds US$10,000. Adjusting
thresholds refines sensitivity and accuracy. Reducing the number of false
positives is a key goal in setting thresholds to make the most efficient use of
resources. The frequency determines how often tuning should occur. The
frequency might also be influenced by changes in business strategy,
anomalies, regulatory updates, or market changes. Tuning should be dynamic,
with special assessments triggered by significant events or trends.

Certified Anti-Money Laundering Specialist Page 331

Version 7.0
To perform a tuning exercise, analysts consider and consolidate several data
points:

• Configuration: This refers to information related to the rule, including the

creation date, purpose, typology or scenarios it attempts to identify,
established thresholds, and alert frequency. Changes in the nature of the
business, products offered, and associated risks can also affect relevant
scenarios and system configurations.

• Alert productivity and conversion rates: These include the volume,

frequency, and materiality of the alerts, or how many alerts result in
investigations and suspicious activity reports.

• Trends of customer transaction patterns: Historical transaction data can

reveal anomalies and trends that suggest emerging risks, allowing
organizations to adjust detection criteria.

• Industry information and law enforcement guidance: This includes

information from peer institutions on emerging risks and the effectiveness
of different monitoring strategies. Similarly, guidance, advisories, and
feedback shared by law enforcement agencies and regulatory bodies can
inform tuning efforts.

• For both new and existing scenarios, above-the-line (ATL) and below-the-
line (BTL) testing are used to evaluate and fine tune TM rules. ATL testing
examines transactions that should be flagged by the system. BTL testing
looks at transactions that fall below the threshold and would not be
flagged. Both methods help identify potential false positives and false
negatives, and support the optimization of rule parameters.

Certified Anti-Money Laundering Specialist Page 332

Version 7.0
Alert generation

Typical scenarios that would generate an

alert
Transaction monitoring scenarios analyze factors such as industry size,
jurisdiction, and customer activity to set alerts. Scenarios can range from basic
to more complex.

Traditionally, scenarios were simple, focusing on limited or specific

information to generate alerts. For example, one rule identified all transactions
above a specific monetary amount. Currently, organizations use technologies,
such as AI and machine learning, to implement scenarios that create more
meaningful alerts based on complex and voluminous data sets. If a customer’s
activity deviates from the expected pattern, an alert is more likely to be
generated.

Some examples of frequently used transaction monitoring scenarios include:

• Structured transactions that are broken up into smaller amounts to avoid

detection

• Large cash transactions that exceed a specific threshold, usually

US$10,000

• Large deposits, such as transactions that exceed the customer’s previous

peak transaction value

• High-turnover transactions or high-velocity remittance: Transactions that

exceed the value or velocity of the customer’s peer group of customers

• Excessive use of a particular channel compared to what is expected for

that customer type, such as high use of cash over electronic payments

• Round trip transactions: A sent remittance returned as a received

remittance immediately or shortly afterward

• One to N parties or N parties to One: A remittance sent to multiple parties,

or vice versa, without a logical explanation

Certified Anti-Money Laundering Specialist Page 333

Version 7.0
Procedures for alerts review
In larger organizations, the process for reviewing transaction monitoring alerts
typically involves multiple levels of review and information gathering. Smaller
organizations might use a one-touch system, where a single analyst handles
the alert from generation through the submission of a SAR.

When multiple levels of reviews are used, Level 1 review—or the initial review
stage—occurs when a TM system generates an alert. An analyst examines the
alert’s validity by evaluating various data points, including the alert's nature,
transaction type, customer profile, account history, and previous alert history.
This analysis helps determine if the activity aligns with expected customer
behavioral patterns. If the activity appears abnormal or exceeds accepted
thresholds, the alert escalates to Level 2 review for further investigation. If not,
the analyst can dismiss it as a false positive, and document sufficient rationale
for arriving at that conclusion.

During the Level 2 review, or investigation stage, analysts perform a detailed

analysis of the alert and data from the initial review to establish whether the
unusual behavior could indicate a financial crime. This stage typically includes:

• Analyzing transaction patterns and frequency.

• Assessing the source and destination of funds.

• Reviewing KYC information and the customer risk profile.

• Gathering additional records, such as communication logs between the

customer and institution, and any prior investigations related to the
customer or account.

• Conducting open-source research to include social media, news articles,

public records and notices, alerts, or guidance issued by law enforcement
and regulatory agencies, to inform their opinion on the escalated activity.

Analysts then determine whether the activity is suspicious, providing a robust

rationale based on the data collected.

Highly suspicious cases or those that involve numerous transactions or

sensitive situations should be escalated to Level 3 review, or the complex
analysis stage. Senior analysts or compliance officers conduct this
comprehensive assessment, which might include cross-department

Certified Anti-Money Laundering Specialist Page 334

Version 7.0
collaboration, complex risk assessments, and intricate analysis of transaction
networks.

Throughout this process, analysts meticulously document each step and, if

required, file SARs with regulatory authorities, ensuring they include all
pertinent information and rationale. Following the filing, ongoing monitoring is
critical to mitigate further issues and identify additional criminal activities.
Analysts often recommend enhanced customer monitoring or account
restrictions as preventive measures.

Other sources of investigation

AML investigations might originate from a wide range of sources beyond
transaction monitoring systems. These sources include internal and external
referrals, requests for information from counterparties or correspondent
banks, negative news, regulatory findings and recommendations, and law
enforcement requests.

Internal referrals, can come from various departments—such as fraud,

correspondent banks, branches, digital, and telephony teams—which are well-
positioned to identify suspicious activities. Internal hotlines and whistleblower
complaints also serve as sources for AML investigations.

External referrals come from sources outside the organization—such as

concerned citizens and business partners—through their customer-facing
employees or other channels.

Requests for information (RFI) from counterparties or correspondent banks

are formal requests for clarification, data, or additional details that can arise
from multiple contexts, such as customer due diligence and transaction
monitoring.

For example, in the US, Sections 314a and 314b of the USA PATRIOT Act allow
financial institutions and government agencies to share potential money
laundering information. They allow access to a broader information network,
enhancing the ability to detect suspicious activities and initiate reviews.
Receiving such a request can trigger an additional internal investigation.

Ongoing negative news screening programs and systems can identify

information that prompts reviews and generates investigative leads.

Certified Anti-Money Laundering Specialist Page 335

Version 7.0
Regulatory findings and recommendations can help identify additional risks
and initiate reviews.

Law enforcement agencies (LEA) may use legal instruments that require
financial institutions to provide documents or information for investigations.
These instruments include:

• Court orders: A judge may direct the institution to release account

information or transaction records related to an ongoing investigation.

• Subpoenas: Legal requests compel the organization to produce specific

communications or records relevant to a case.

• Search warrants: These court-issued permissions allow law enforcement

agencies to search premises and documents. Information gathered from
search warrants could also be sources of potentially suspicious activity.

• Other: Direct inquiries from law enforcement can prompt a financial

institution to investigate activities possibly linked to criminal activities.

Given the high likelihood of materiality and sensitivity, these investigation

sources must be handled with extra care. It is particularly important to avoid
tipping off a potential subject of an investigation. In some cases, tipping off is a
felony that can result in criminal charges against the employee. For this
reason, organizations should have robust procedures for the management of
investigations that minimize the risk of information leaks.

Certified Anti-Money Laundering Specialist Page 336

Version 7.0
Investigations

Steps applied to an investigation

Before escalating an investigation to confirm and report suspicion, an analyst
is expected to understand the nature of the suspicion and determine whether
there is a possible explanation for the transaction. Any patterns of previous
transactions from the same account or customer should also be reviewed.
Information gathered during onboarding, along with historical transaction
data, can provide helpful context. Finally, all research should be clearly
documented, indicating what information—if any—is missing.

Information gathering
Gathering sufficient information is important to determine an alert’s validity
and/or conduct investigations. Employees responsible for reviewing and
investigating alerts should use both internal and external information to make
decisions.

Internal information is data maintained by the organization and accessible to

the reviewer. Key internal data points include:

• KYC data: Customer’s profile, risk factors, and historical behavior.

• Transaction data: Context for the alert with detailed records of past
transactions.

• Alert and investigation history: Insights from previous alerts concerning the
same customer or transaction pattern.

• Account history and activity: Account usage and trends that help
distinguish between typical and unusual behavior.

External information is data that exists outside the organization. It provides

additional context to the internal information and can help identify red flags.
External information sources include:

• Open sources: News articles, public records, and other online resources.

Certified Anti-Money Laundering Specialist Page 337

Version 7.0
• Social media profiles: Information from social media that might provide
additional context about a customer or related parties.

• Partners and collaborating institutions: Information shared by financial

partners might reveal suspicious connections or transactions.

• Law enforcement agencies: Cooperation with regulatory bodies and law

enforcement might provide critical information about known fraudulent
activities or networks.

• Request for information (RFI): A formal process used by financial

institutions to gather more details about transactions that have triggered
alerts and might indicate suspicious activity. It supports the detection and
investigation of potential financial crime and plays a key role in the
feedback loop between correspondent and respondent institutions.

Analysts review both internal and external information sources holistically to

reach a determination on any next steps.

When documenting an alert investigation, clearly record the searches that

were performed, the relevant information that was identified or missing, and
the key data points that support the decision to either dismiss or escalate the
alert. It is necessary to include the source of information, the date it was
accessed or provided, and—when available—the source’s contact information
for follow-up. This documentation ensures an adequate audit trail and
supports or facilitates future investigations if the alert is escalated or
reopened.

How much research is reasonably enough?

Regulators often use the term “reasonable.” Conducting in-depth research
might uncover additional red flags. In evaluating an organization’s policies,
processes, and procedures, regulators usually don’t judge based on a single
incident. They investigate whether the overall program is reasonably effective
at identifying risk.

There is often no clear answer as to when there is enough information.

However, it might be said that the work is “reasonable” if, based on the
content, documentation, and steps followed, another person would find the
conclusions justifiable.

Certified Anti-Money Laundering Specialist Page 338

Version 7.0
According to FATF, financial institutions must use a risk-based approach and
take reasonable measures to verify the identity of the beneficial owner. For
legal persons and arrangements, this should include understanding the
ownership and control structure of the customer.

The AML program should establish minimum standards for the enterprise that
are reasonably designed to comply with all applicable laws and regulations. It
may be supplemented by the policies and procedures of various lines of
business or legal entities that address specific areas, such as private banking,
trade finance, cash handling, institutional banking, wealth management, or
investigations. Compliance programs should also include corporate
governance and overall management of money laundering and terrorist
financing risks.

As an example, having on file primary, verified documentation for all ultimate

beneficial owners holding 10% or more of your customer could be considered
reasonable by your organization. However, an online search of public media
that reports ownership only, and is not verified, would be considered
insufficient. It would not pass the reasonable due diligence test.

In theory, no financial institution can reasonably be expected to detect all

wrongdoing by customers, including money laundering. But if a financial
institution develops systems and procedures to detect, monitor, and report
the riskier customers and transactions, it will increase its chances of staying
out of harm’s way from criminals and government sanctions and penalties.

Communication channels and tipping off

Analysts responsible for transaction monitoring alert reviews and AML
investigations might require information that is not available through internal
data or publicly available sources. This information could be related to unusual
customer transactions, changes in KYC data, the customer’s business invoices
or operation documentation, or other relevant data. Relationship managers or
front line staff can obtain this information by contacting the customer,
organizational partners, such as other financial institutions, or correspondent
branches. Relationship managers and front line staff are best positioned to
conduct customer outreach and communicate findings to analysts. Staff must
remember to maintain confidentiality and avoid tipping off the customer.

Certified Anti-Money Laundering Specialist Page 339

Version 7.0
Before conducting outreach, the analyst should ensure that the requested
information is critical for making an informed determination, and not available
internally or externally. If both conditions are met, analysts should consider the
best outreach methods and plan accordingly. During outreach, anyone who
communicates with the customer should consider:

• Confidentiality: Ensure that sensitive information is shared securely and

only with authorized parties.

• Clarity and precision: Be clear and precise to avoid misunderstandings or

misinterpretation.

• Professionalism: Maintain a professional tone in all communications, for

credibility and to reflect the organization’s standards.

• How to avoid tipping off: Tipping off occurs when an investigator

intentionally or unintentionally alerts the subject of an investigation that
their activities are being monitored, particularly with suspicions of money
laundering or financial crimes. Tipping off is prohibited under AML
regulations and can have severe consequences including criminal liability,
regulatory sanctions, and reputational damage.

• Compliance with regulations: Adhere to legal and regulatory guidelines,

such as data protection laws, that govern communications involving
sensitive information.

• Documentation: Record all communications, dates, times, and the content

discussed for accountability and audit purposes.

Communicating with customers

At times it will be necessary to engage with customers to gather additional
information for due diligence or investigative purposes. Customer-facing
employees, such as relationship managers, typically conduct these meetings,
as they might already have a relationship with the customer.

Some jurisdictions require advanced notification to customers that the

organization will collect information. Even if not required, providing this notice
is advisable, as it helps reduce the impression that the organization is asking
unnecessary questions. It is also advisable to tell the customer how the data
will be used. Customers are often wary of giving out personal information

Certified Anti-Money Laundering Specialist Page 340

Version 7.0
because they believe it will be used for marketing, resold, or otherwise
compromised. There is a difference between anonymity and discretion.
Discretion is good, and commonly sought by customers, so assure them that
the organization will treat their data with care and in adherence with relevant
data regulations.

Having good interpersonal skills and engaging in a conversational manner is

more likely to put the customer at ease, as opposed to making the meeting
feel like an interrogation. The staff member should allow the customer to
speak freely. Using a template and script ensures that all required information
is collected with an appropriate level of detail. However, it is important for the
staff member to remain alert to customer responses that might require
follow-up or clarification.

If the staff member puts the customer at ease, but that customer is
uncooperative, this might raise suspicions. While not every uncooperative
customer is laundering money, many violations could have been prevented
had suspicions been raised earlier.

Finally, ensure the meeting provides enough reliable detail to verify the
information through other sources. Record the details of the meeting in
writing as soon as possible to ensure a complete and accurate record.

Investigating someone inside the

organization
Investigating someone in the organization requires consideration of a number
of factors: confidentiality, protection of the organization and the employee,
engagement of other stakeholders, proper recordkeeping, and preservation
of evidence. The role of the investigator is to collect, collate, assess, and
preserve evidence relating to the allegations and present a case to the
appropriate department for formal consideration. Depending on the
allegations and scope of the investigation, there might be a need to interview
witnesses, such as coworkers and supervisors, and the suspected employee.
All actions taken must be within the law and the organization’s policies.

Allegations will guide the steps to be taken for the investigation. Creating an
investigation plan sets the goal of the investigation and the evidence required
to reach that goal, scope and limitations, and potential sources of information.

Certified Anti-Money Laundering Specialist Page 341

Version 7.0
To protect the organization and the employee, the person in charge of the
investigation might need to engage the HR department, because suspending
the employee until the conclusion of the investigation might be an
appropriate action. If there is a need to secure emails, voice recordings, or
systems access logs, the investigator will need the support of the IT
department.

Witness statements often form the basis of the investigation. A witness

statement is a version of the events given by that witness, and care must be
taken not to lead the witness.

All employee interviews must be conducted within the law and the
organization’s policies. There might be a requirement to have an independent
third party or an HR representative present. Preparing an interview plan will
assist with structuring the interview and serve as a question guide to achieve
the goal. Interviews should be conducted in a sensitive manner; the
investigator is not there to judge.

Confidentiality and proper recordkeeping are the fundamental elements of a

successful investigation.

Analysis of information
Throughout the transaction monitoring alert review and AML investigation
processes, analysts and investigators collect and document data from internal
and external sources. However, investigators must go beyond merely
gathering and recording this information. They analyze the data to transform it
into actionable intelligence and insights.

By examining transaction histories, customer profiles, and regulatory alerts,

analysts can validate suspicions and decide if further investigation, reporting,
or action is warranted. During the investigation, investigators must seek to
understand relationships and cash and fund flows.

Investigators identify and map relevant relationships between individuals and

entities, such as customers, counterparties, beneficial owners, relatives and
beneficiaries, and parent companies and subsidiaries. Network analysis helps
visualize complex relationships and transaction flows. It allows AFC
professionals to represent connections graphically, identify behavioral
patterns, and clarify complicated relationships associated with money
laundering.

Certified Anti-Money Laundering Specialist Page 342

Version 7.0
Analyzing cash and fund flows helps assess transaction legitimacy and identify
potential illicit activity. This process involves tracing the movement of funds
across accounts and financial institutions. Key considerations include:

• Transaction patterns: Evaluate the frequency, volume, and timing of

transactions to identify unusual spikes or deviations from expected
behavior, especially large transactions to high-risk jurisdictions.

• Source and destination of funds: Determine where funds originate and

where they are sent. Ensure that sources align with the customer’s profile
and business.

• Layering transactions: Identify complex transaction layering that might

obscure the fund trail.

• Integration with external information: Combine cash flow findings with

external data, such as public records or sanctions lists, for context and
validation.

Visualizing cash flows and relationships can help analysts comprehend

transaction dynamics and detect irregularities that may require further
scrutiny.

During in-depth analysis, investigators might discover that the case is more
complicated than expected. New information may be discovered that reveals
previously unknown or overlooked networks or patterns. Identifying these
connections can significantly reshape the investigation and uncover broader
networks of suspicious activity. In such cases, analysts should promptly consult
their AFC compliance team to determine how to proceed with the new
information and avoid unnecessary delays. Early engagement ensures clarity
and direction, strengthens the investigation, and establishes a clear path to
meet regulatory timelines.

Certified Anti-Money Laundering Specialist Page 343

Version 7.0
Suspicious activity escalation process
If investigators have completed the research and identified risk indicators that
cannot be mitigated, they might need to escalate this customer for additional
investigation. Depending on the jurisdiction and organizational policies, the
end result might be filing a SAR to the FIU. Based on the organization's
processes, one or more additional people might review the research before
choosing whether to file a report with authorities. The internal process used to
escalate findings is important—and can have legal and regulatory
consequences. It is important to know the policy and process well.

Throughout their research, investigators have been relying on the work and
support of others. Some might have done previous research, perhaps when
preparing a customer profile or researching previous transaction alerts. Some
might have provided the information they personally know about the
customer. Investigators filtered, organized, and prioritized. They relied on all of
those sources and adequately documented the case.

Now others will collaborate in the decision regarding next steps.

Because each jurisdiction and organization is unique, the roles of people

involved and the processes they use will differ. Failing to follow the process
carefully can lead to legal and regulatory consequences. So, ask, learn, and
move thoughtfully.

One potential next step is to file an internal escalation report. This has many
names. Some call it an unusual activity report (UAR). Some call it an internal
SAR. But language is important, especially in jurisdictions where any unusual
activity must be reported to authorities. So, learn the correct report name for
the organization and use only that name. Don’t be casual in referring to
something as "unusual" or "suspicious", especially when documenting. Some
jurisdictions have timing requirements for when a financial institution should
file a SAR based on when it was determined to be suspicious.

Based on the investigative results, the MLRO might file a SAR with the
country’s FIU, so law enforcement can gain access to the information.

Certified Anti-Money Laundering Specialist Page 344

Version 7.0
Documenting your research
To demonstrate that an organization has undertaken appropriate research to
prevent financial crime, it is important to create an audit trail. This means
documenting all steps the team has taken to demonstrate compliance efforts
to auditors and the supervisory authorities. Include how any inaccuracies or
false matches were resolved. Some of this will be straightforward, as one
source may be older and therefore less reliable than another source. Save
documentation as PDFs, printed out, or collected in some other manner
according to the organization’s record retention policy. Thorough
documentation provides a record to support your organization’s risk-based
approach. So, even if you fail to capture every relevant piece of information,
the process itself is defensible. Once documented, your research should be
properly and securely stored to respect privacy laws and data security.

Internal auditors, regulators, and law enforcement might review the

documented findings, and law enforcement might use them in court.

It is important to document the research at the time it is performed. A search

today might turn up very different results than a search performed in several
months, when a decision is being questioned. Even those searches that do not
produce target or relevant matches should be documented with appropriate
date and time stamps.

Document the search strings, logic, and keywords. Sometimes the method
and logic behind generating search results can be as important as the results
themselves. Documentation will help demonstrate that the team has followed
a risk-based approach.

Be aware of data privacy laws and data security protocols. Tools, databases,
and methods for research that may be acceptable for one organization may
not be acceptable in another organization or jurisdiction. A process should be
in place to document the research as information is collected, so nothing is
lost or forgotten. Developing research notes and a standard template
increases the likelihood that all required information will be captured.

Certified Anti-Money Laundering Specialist Page 345

Version 7.0
Decision to file a SAR
A SAR is a document that obliged parties must file with their FIU when they
detect suspicious or potentially illicit activity. Filing SARs is a key part of an
organization’s AFC program and a vital element in combating money
laundering and terrorism financing.

The MLRO, nominated officer, or equivalent is usually the individual responsible

for overseeing the organization's AFC compliance program and making the
final decision on SAR filing. Before deciding to file a SAR, the organization
might need to conduct further research to obtain additional information. This
need becomes evident during the SAR review process. The MLRO, or
designated secondary reviewer, reads the SAR and might raise questions for
the investigator. This ensures the SAR narrative is cohesive and sufficiently
robust. Therefore, MLROs and investigation teams should create internal
investigation and review timelines that allow for feedback and additional
research.

Jurisdictions have reporting rules and deadlines for submitting reports. For
example, in the US, FinCEN requires SARs to be filed within 30 calendar days of
the initial alert. If the initial detection does not identify a suspect and further
investigation is required, an additional 30 calendar days might be permitted.
However, for high-risk activities, expedited filing requirements might apply,
necessitating immediate reporting.

When financial institutions detect complex or interconnected suspicious

activities, they might need to file multiple SARs. This can occur for several
reasons, including:

• Multiple instances: A single individual or entity might be engaged in several

distinct suspicious transactions that do not fit into a single SAR. Each
transaction might raise separate red flags that warrant individual reporting.

• Coordinated activities: A network or group of individuals or entities might

be involved in a larger scheme, with each participant executing different
parts of the operation. Financial institutions might need to file separate
SARs for each individual or entity to capture the full scope of the
investigation, especially if the activities are detected at different times.

Certified Anti-Money Laundering Specialist Page 346

Version 7.0
• Different jurisdictions: When suspicious activities span state, national, or
international borders, financial institutions might need to file multiple SARs
under the specific laws of each relevant jurisdiction to ensure appropriate
regulatory oversight.

Certified Anti-Money Laundering Specialist Page 347

Version 7.0
Concluding Investigations and
Coordinating with Law
Enforcement

Introduction

Introduction: Concluding investigations and

coordinating with law enforcement
Concluding investigations and liaising with law enforcement are critical tasks
in combating financial crime. In this module, you will learn how to finalize
investigations by preparing clear, comprehensive SARs and understanding the
nuances in communicating with the FIU and law enforcement agencies.
Reporting suspicious activity helps maintain compliance with AFC regulations
and enhances the effectiveness of a financial institution’s AFC efforts. By
applying these practices, you will help ensure that your organization becomes
a proactive partner in detecting, preventing, and disrupting financial crimes.

Case study: Failure to file report

In March 2023, the Federal Financial Supervisory Authority of Germany (BaFin),
fined Deutsche Bank AG €170,000 for failing to submit suspicious transaction
reports (STR) on time. The administrative order was final and binding.

Banks are required to investigate and promptly report suspicious transactions

linked to money laundering or terrorist financing to the FIU. BaFin discovered
that Deutsche Bank delayed filing STRs, which hindered law enforcement's
ability to detect and prevent crime, prolonging illicit operations. The regulator

Certified Anti-Money Laundering Specialist Page 348

Version 7.0
emphasized that the timely submission of STRs allows authorities to act
quickly and forward information to law enforcement agencies.

BaFin also stated that the bank's failure to submit STRs promptly has serious
implications for the integrity of the financial sector and the broader efforts to
combat illicit financial activities. This delay gave criminals the advantage of
time and allowed illicit funds to flow through the financial system undetected,
ultimately enabling more of the illicit profits to be laundered. BaFin’s
enforcement action against Deutsche Bank highlights the real-world
consequences of noncompliance. Timely reporting is a matter of compliance
and is critical for preventing financial crime at its source.

Under FATF Recommendation 20, financial institutions (FI) must investigate

and report any suspicious transactions when there are reasonable grounds to
suspect the funds are proceeds of criminal activity or linked to terrorist
financing. This reporting is done in good faith and does not equate to criminal
liability. FATF’s Interpretive Note to Recommendation 20 specifies that all
suspicious transactions, including attempted transactions, should be reported
regardless of the transaction amount.

The Wolfsberg Group’s Statement on Effective Monitoring for Suspicious

Activity highlights the need for closer collaboration between government
agencies and financial institutions in the STR filing process. As financial crime
typologies evolve, emerging technologies and new transaction methods
create additional challenges, making strong cooperation more important than
ever.

Key takeaways

• Timely investigation and reporting of suspicious transactions help combat

financial crime.

• Delayed STRs cause serious consequences for financial institutions, hinder

law enforcement, and enable criminals to launder funds.

• Noncompliance with STR reporting requirements can lead to financial

penalties.

• Strong cooperation between banks and authorities is essential to address

emerging threats, technologies, and typologies that require vigilance.

Certified Anti-Money Laundering Specialist Page 349

Version 7.0
Concluding an investigation and
suspicious activity reporting

Protecting the organization during an

investigation
Investigations by law enforcement, prosecutors, or regulatory authorities
involving an organization can occur for various reasons. They can be against
customers or employees of the organization or against the organization itself.
They might result from fraud by its employees. More often, they occur
because the organization has a weak or failing AFC program. Such failures
increase the risk of money laundering, terrorist financing, and sanctions
evasion.

To mitigate these risks, the organization must establish and maintain strong
policies and procedures.

Organizations must identify and clearly communicate the roles and

responsibilities related to investigations. This means when there is an external
investigation into the organization or its customers, everybody should know
what to do. It is important to respond quickly and completely to any law
enforcement requests. Failure to do so could cause unnecessary risk or
damage to the organization.

It is also important to know when to engage external legal counsel, such as in

large, important, or serious investigations. Investigations performed by the
organization and any internal documentation would not fall under the
attorney-client privilege. Investigations conducted by external legal counsel,
however, would protect the organization under attorney-client privilege.

The organization should have a clear process and governance for establishing
ad-hoc committees overseeing the organizational response to external
investigations. The committees should comprise stakeholders, such as
personnel working in the areas of legal, audit, risk, and compliance.

Certified Anti-Money Laundering Specialist Page 350

Version 7.0
The organization should also ensure there are clear reporting lines and
processes for escalation, as well as a process for internal and press
communications. This planning will help to avoid chaos.

Larger organizations might conduct mock dawn raids, which are

unannounced inspections, to ensure that the process, communication, and
escalation lines are working.

Duty to report
If an organization suspects that a customer is committing financial crime, it
has a duty to report it to the authorities. In many countries, there is a personal
liability to report financial crime, and there are legal penalties of fines and
imprisonment for failing to do so. However, an organization will have clearly
defined policies and procedures to ensure reporting is clear and factual and
to protect the relevant employees. Around the world, organizations appoint
officers to be responsible for AFC programs and to report suspicions of
financial crime. The title might be chief compliance officer, anti-bribery and
corruption officer, AML officer, money laundering reporting officer, principal
officer, chief anti-money laundering compliance officer, or a title reflective of
the jurisdiction.

In many countries, there are legal consequences for individuals who fail to
report financial crime or are suspected of financial crime. These range from
heavy fines to imprisonment. In some jurisdictions, an individual can be
prosecuted for “willful blindness,” which will be judged on the circumstances
surrounding the transaction and the defendant’s conduct. Courts define willful
blindness as the “deliberate avoidance of knowledge of the facts” and have
held that willful blindness is the equivalent of actual knowledge of the illegal
source of funds or of the intentions of a customer in a financial crime
transaction.

It is important that organizations implement policies and procedures to enable

staff to report their suspicions to an assigned compliance officer. Staff must
be properly trained in these procedures to ensure that both they and your
organization meet the duty to report requirement. The assigned compliance
officer will be responsible for assessing the information and deciding what
actions must be taken. The process might stop following the escalation of the
potentially suspicious activity because the compliance officer considers the
activity or explanation to be sufficient. If the facts indicate an external report
Certified Anti-Money Laundering Specialist Page 351
Version 7.0
must be made, the most usual action is the submission of a suspicious activity
report to the relevant authority in the jurisdiction. Reporting within agreed
timelines ensures that the individual and the organization effectively discharge
their responsibilities. Some jurisdictions may require unusual activities to be
reported, in addition to those that are deemed suspicious.

Regulations related to suspicious activity

reporting
The regulations for filing a suspicious activity report (SAR) or suspicious
transaction report (STR) vary by institution and jurisdiction, but there are
common regulations throughout that call for investigators to follow timelines
and limit information access. SAR filing must be timely and effective. As soon
as the alert is generated, the investigation can start. Once an activity is
deemed suspicious, the reporting timeline begins, and a SAR must be filed
within the timelines set by the regulator. The information included in the SAR
does not need to demonstrate the occurrence of illegal activity, but it does
need to demonstrate the reason for identifying the activity as suspicious. A
SAR should not be shared outside the financial institution and required law
enforcement agencies, as this could compromise the investigation. Even
within a financial institution, SARs should be handled with care, as not
everyone should have access to such information.

SAR regulations vary by jurisdiction, but all have similar laws and requirements.
Common regulations call for investigators to recommend a SAR upon
suspicion of criminal activity, use factual information to support suspicions,
and avoid "tipping off" or disclosing a SAR to the customer or other
unauthorized parties. In Europe, the EU AML directives align with FATF
recommendations. In the US, the obligation to file a SAR derives from the Bank
Secrecy Act. You should recommend a SAR as soon as you suspect, or know,
that a person is engaged in money laundering, terrorist financing, or other
criminal activity. In the US, a SAR must be filed within 30 calendar days of the
detection of suspicious activity, with the possibility of a 30-calendar-day
extension in cases where no suspect can be identified.

However, each jurisdiction has its own reporting requirements, which vary
from “when reasonably possible” to a specific number of days after suspicion
has been established. The information in a SAR must be appropriate,

Certified Anti-Money Laundering Specialist Page 352

Version 7.0
complete, and factual. You should include information about the customer,
services offered by the institution, transaction activity, rationale for suspicions,
and any supporting evidence. You do not need to supply complete evidence
to demonstrate the crime occurrence, but you do need evidence to support
why the activity has been deemed suspicious. Regulations prohibit financial
institutions from disclosing a SAR, or any information that would indicate a SAR
was filed, to anyone except certain law enforcement agencies. Disclosing the
SAR or its contents to a customer would result in a prohibited offense called
"tipping off." Failure to file a SAR can lead to substantial penalties for the
financial institution, including fines, regulatory restrictions, or even
imprisonment. Make sure you follow the regulations in your jurisdiction, as
regulations vary.

Suspicious activity report structure

The suspicious activity report (SAR) is the primary method of communicating
suspicious activity to law enforcement. Completing the SAR requires
gathering information about all parties involved, including names, birthdates,
addresses, tax identification numbers or national identification numbers, and
phone numbers. Include dates and documentation of the suspicious activity,
reports from branch staff, video from automated teller machines, and images
of relevant paper items.

The SAR form requires information about:

• The filing institution

• The suspicious activity location, such as the branch

• The regulator

• A point of contact for law enforcement’s use during an investigation

The narrative—a written description of the suspicious activity—is the most

important part of the SAR. It includes the introduction, background,
transaction, and conclusion paragraphs.

The organization will develop policies, processes, and procedures for filing
SARs consistent with the requirements set by the FIU and its regulator.
Compliance with these standards and accurately completing all required
fields are crucial for communicating to law enforcement the suspicious
transactions and possible criminal activities you identified and investigated.
Certified Anti-Money Laundering Specialist Page 353
Version 7.0
The SAR form begins with a request for the report type—initial or continuing—
along with steps for submitting it. The organization will likely provide an internal
control number, which is useful for law enforcement reference and for
locating the file in the database later or filing SARs for continuing activity. The
form also requires demographic information about the subjects involved. If
the subject is unknown, communicate that fact in the SAR form and narrative
paragraph.

The organization should provide information regarding the primary regulator

and the location of the activity—whether in a branch, home office, automated
teller machine, or multiple locations. The SAR should include the name and
contact information for the primary case investigator on the form and in the
narrative.

The person completing the SAR should indicate any contact with law
enforcement. If the organization files a SAR after receiving a subpoena or
judgment, the SAR should specify the issuing law enforcement agency.

The most important component of the SAR is the narrative, which answers the
who, what, where, when, why, and how of the case. The introductory
sentence, or impact statement, is designed to compel an action or response
from law enforcement and is key to the narrative.

Case example: SAR for a family trust

The downtown branch of North Bank detects unusual activity in the Citizen
Family Trust account, including large withdrawals totaling millions of US dollars
over a three-week period. The purpose of these transactions is unclear and
inconsistent with the customer’s typical activity. The large, rapid withdrawals
combined with a high-risk source of funds, or windfall, suggest possible
money laundering. The declared source of wealth and account behavior show
inconsistencies. There have been no previous SAR filings at this institution for
this customer.

The MLRO gathers information to include in the initial SAR:

• Customers’ names and birthdates: Lola Citizen 03/25/1965; Malik Citizen

01/15/1964

• Addresses, phone numbers

• Tax identification numbers

Certified Anti-Money Laundering Specialist Page 354

Version 7.0
• The account opening date: March 3, 2000

• Declared wealth and funds: Windfall, lottery, gambling

• Names of the controlling persons: Lola Citizen 50%; Malik Citizen 50%

• Business relationship: Building wealth

The MLRO notes that both account holders are on the boards of directors of
local companies.

The next section of the SAR requests information about the dates and
amounts of the unusual transactions. The MLRO indicated two dates in the
past three weeks, with withdrawals totaling US$4.3 million and US$6.6 million,
respectively. These withdrawals were significantly larger than the typical
transactions expected from a family trust, which is usually unregulated. The
MLRO also includes her name and contact information as the primary case
investigator on the form.

The MLRO’s analysis suggests the activity might involve structuring or illicit
fund placement, with the high-risk source of funds raising additional concerns.
Furthermore, there is no clear rationale for the withdrawals, especially with the
customers nearing retirement age. The large transactions contradict the
stated goal of “building wealth,” leading the MLRO to suspect potential money
laundering.

To support the SAR filing, the MLRO attaches relevant documentation,

including transaction records, customer identification information, and
internal review notes. These attachments are clearly labeled to provide
necessary evidence for the SAR. The narrative is written in plain English,
avoiding jargon, and directly addressing the key questions of who, what,
where, when, why, and how. The MLRO clearly states the internal control
number for law enforcement reference and confirms that there has been no
prior contact with law enforcement about this account. The impact statement
might compel law enforcement to take action regarding the suspicious
activity in the Citizen Family Trust account.

Before presenting the SAR to the SAR review committee, the MLRO ensures
the narrative is written with clear headings and bullet points to make it easy to
understand.

The MLRO adheres to legal considerations by maintaining strict confidentiality

and ensuring that account holders are not tipped off. The SAR is submitted to
FinCEN’s online portal within the standard 30-day deadline.
Certified Anti-Money Laundering Specialist Page 355
Version 7.0
A clear, well-structured SAR supports compliance and strengthens the
financial institution's ability to prevent and detect financial crime. Law
enforcement relies on clear intelligence to investigate illicit activities.

Key takeaways

When submitting a SAR:

• Provide clear communication, evidence-based analysis, and strict

compliance protocols to support investigations.

• Use headings, bullet points, and logical sequencing to simplify complex

details.

• Write in plain English and highlight contradictions, such as stated goals

versus transactions, to justify concerns.

• Submit reports promptly and avoid tipping off.

Maintaining an account after unusual

activity
After filing a suspicious activity report (SAR), financial institutions must decide
whether to maintain or close the impacted account. The decision is made
based on the financial institution’s risk appetite and tolerance, and in
accordance with its own standards and guidelines. However, a law
enforcement directive may request that an account remain open for further
investigation.

In addition to complying with law enforcement, it is critical to consider the

customer's risk rating after a SAR has been filed. If the customer is identified
as a high-risk customer, it is imperative for the financial institution to perform
enhanced customer due diligence and consider enhanced monitoring. If the
financial institution chooses to continue the business relationship, it must
comply with all applicable legal and reporting requirements.

After filing a SAR, the financial institution's next steps include actions related to
regular review and enhanced monitoring of the account, legal restrictions, and
changes in the relationship with the customer.

Certified Anti-Money Laundering Specialist Page 356

Version 7.0
If an account remains open after submitting a SAR, the financial institution
should monitor the account for any additional suspicious activity by
performing a regular review of its transactions. The financial institution should
also ensure it is taking appropriate enhanced measures to manage the risks of
other accounts being used for illegal activities by the same customer. The
financial institution may need to perform enhanced due diligence by updating
account information related to purpose and expected activity. In some
circumstances, extra measures may be introduced, such as approval from
senior management before executing transactions. You must also be aware
of—and adhere to—any restrictions placed by law enforcement agencies.

Some relationships are difficult to terminate, such as credit lines, mortgage

loans, automobile loans, and large business loans. In some jurisdictions, you
cannot terminate a customer relationship or certain products, such as open-
ended guarantees, without approval from the customer. In many instances,
financial institutions have no other option but to maintain the account and
care for the lending relationship. However, they can still prevent the customer
from opening new accounts and ensure that any principal and interest
payments are not proceeds of crime.

Reasons and consequences for not filing a

SAR
Financial institutions use several methods to detect unusual activity, including
transaction monitoring alerts, negative media reports, and manual methods,
such as information-sharing requests, warrants, and subpoenas. When they
detect unusual activity, they must examine the case facts and decide whether
to file a suspicious activity report (SAR). If a SAR is filed, they must then decide
how to handle the customer’s accounts. Documenting the rationale for the
decision to not file a SAR is just as important as documenting the decision to
file a SAR. Failure to file a SAR in the presence of suspicious activity can lead to
severe fines and penalties for institutions and individuals.

For several reasons, a financial institution might decide not to file a SAR after
reviewing an alert. For example, there might be insufficient evidence to
support a suspicious activity claim. Financial institutions routinely receive
subpoenas and other legal orders related to civil and criminal matters. A
request for information typically triggers a customer review, but does not

Certified Anti-Money Laundering Specialist Page 357

Version 7.0
automatically result in a SAR, because there might not be enough supporting
information.

When making a risk-based decision on whether to file a SAR, a financial

institution should analyze facts of the case and compare them with regulatory
guidelines. If the analysis reveals suspicious activity, the financial institution
next determines if it meets regulatory guidelines for filing a SAR. The findings
and reasons for the decision to file or not file should be thoroughly
documented.

Falsely filing a SAR, or knowingly providing inaccurate information in a SAR, is

the same as not complying with regulations. In most jurisdictions, anyone who
willfully violates SAR filing regulations is subject to a criminal fine, prison
sentence, or both. As an example, GWFS Equities Inc. (GWFS), a US-based
registered broker-dealer, was penalized when it violated federal regulations
regarding SAR filing. GWFS failed to report required information about the
suspicious activity and criminals involved in a cybercrime attack on customer
accounts. GWFS was fined US$1.5 million and required to implement remedial
actions on its processes and procedures.

Follow-up action when no SAR is filed

Reporting suspicious activity is critical for an effective AFC program. In cases
where a SAR is not filed, organizations must still adhere to internal procedures
to ensure compliance and mitigate risks.

When deciding not to file a SAR, the financial institution must have a clear
process for evaluating unusual activity, including an escalation procedure.
Document the rationale for not filing a SAR in detail. This includes describing
the activity that prompted the review, the steps taken to analyze it, the
reasoning behind the decision not to file, and any supporting documents, such
as transaction records or memos. This documentation will allow regulators to
understand the decision.

A trigger-event KYC review should be conducted to reassess the customer's

risk profile based on recent changes, such as updated customer information,
unusual transaction patterns, negative news, or changes in ownership.
Thoroughly document the review and actions taken. The customer’s CRA
should be reperformed and further risk mitigants considered if there is a
change in the customer’s risk profile. This process should also be

Certified Anti-Money Laundering Specialist Page 358

Version 7.0
documented. Additionally, update the client file with all investigation-related
documentation. Ongoing monitoring should track customer activity for further
unusual or suspicious behavior.

Even if a SAR is not filed, future events might require a review of the client's
transaction history and investigation records. This could occur if there is future
suspicious activity by the same customer, during regulatory reviews assessing
the institution's AFC compliance program, or as part of government or law
enforcement inquiries requesting information. Proper record keeping ensures
that the organization can readily provide necessary information to regulators
and law enforcement.

By keeping thorough and organized records, organizations demonstrate their

commitment to compliance and mitigating potential penalties. All records
should be easily accessible and retrievable. Not filing a SAR does not absolve
the organization of its AFC compliance obligations. Organizations must
continue to follow internal procedures to maintain a strong compliance
program.

Defensive suspicious activity reports

Suspicious activity reporting is the foundation of the AFC reporting system.
The primary goal of a suspicious activity report (SAR) is to provide law
enforcement with actionable intelligence about suspected money laundering,
terrorist financing, and other crimes. It is critical that SARs be as accurate and
effective as possible.

A defensive SAR is a report is filed “just in case,” to cover an organization if, in

the future, the identified activity meets the regulatory criteria for requiring a
SAR. Due to the high number of SARs filed each year, filing defensive SARs can
unduly burden law enforcement agencies and impede their ability to quickly
act on genuine suspicious activity. Defensive SARs can also hinder an
organization’s ability to identify and report suspicious activity.

Organizations file millions of SARs each year. The burden on law enforcement
to review every SAR and act accordingly is high. SARs that have been fully
investigated and expose suspicious activity are critical to identifying and
prosecuting criminals.

Organizations file defensive SARs for several reasons, including staffing

shortages, avoiding regulatory scrutiny, and lacking time to perform the

Certified Anti-Money Laundering Specialist Page 359

Version 7.0
necessary research to make an informed decision. Regulators often view
defensive SARs as a temporary fix to avoid regulatory scrutiny, without
considering the full effect on law enforcement.

Defensive SARs are a sign of weakness or deficiencies in an AFC compliance

program. If an organization lacks sufficient time or a complete understanding
of the business model necessary to properly monitor and research a
customer activity, as a best practice, the organization should consider its
business risk appetite and the relationship with the customer. Simply filing
defensive SARs ignores compliance program deficiencies and negatively
affects the organization and law enforcement.

Certified Anti-Money Laundering Specialist Page 360

Version 7.0
Working with law enforcement
agencies

Communicating with law enforcement for

an investigation
Organizations often communicate with law enforcement authorities during
AFC investigations.

These interactions might include:

• Seeking guidance or support during an investigation.

• Responding to law enforcement requests for information.

• Cooperating in broader law enforcement investigations.

• Referring cases to law enforcement after completing the organization’s

investigation.

Most organizations designate a specific person to serve as the point of

contact with law enforcement. Organizations should have written procedures
that address how to communicate with law enforcement when responding to
formal requests for information.

Law enforcement must submit written requests, which might come in

different forms. The most formal requests are subpoenas, or court orders,
which specify deadlines by which records must be produced, unless an
extension is granted. Deadlines typically range from a few days to several
weeks, depending on the agency, complexity, jurisdiction, and order type. In
urgent cases, law enforcement might issue a search warrant requiring
immediate compliance. Failure to comply with a court-ordered request can
result in substantial civil and criminal penalties.

When communicating with law enforcement, all communication must be

clear, concise, and fully documented, as it could be used as evidence in court.
Organizations should maintain accurate records of all communications
consistent with applicable recordkeeping requirements. Wherever possible,

Certified Anti-Money Laundering Specialist Page 361

Version 7.0
communications should be in writing. If communication is verbal, document
the key points in written notes as soon as possible after the conversation.

Responding to law enforcement requests

Financial institutions (FI) are routinely required to respond to requests from
FIUs and law enforcement for more information on transactions and account
ownership. Such requests include court subpoenas, production orders, and
specific inquiries related to new or ongoing investigations. Law enforcement
might request that an FI keep a particular account open and monitor it for
investigative purposes. These requests demand high levels of confidentiality,
urgency, and accuracy.

Proper response protocols are particularly important:

• Appropriate compliance ensures responses are proportionate and justified

within legal frameworks.

• Information integrity ensures the accuracy and sensitive handling of

disclosed information.

Upon receipt of a law enforcement request, the FI should make an initial

assessment. The FI’s nominated or designated officer typically conducts this
assessment. This officer is usually an employee from one of the compliance
teams who has been specifically assigned to this task. The purpose of the
assessment is to understand the legality, urgency, and relevance of the
request. It is crucial to ensure the FI's response is proportionate and justifiable,
aligning with both legal obligations and operational capabilities.

Some FIs might have teams that deliver different aspects of the requested
intelligence, such as intelligence analysis or suspicious activity reports (SAR).
They should coordinate their activities strategically and tactically to maintain
the confidentiality and integrity of the information and ensure all disclosures
meet legal compliance standards.

Additionally, the designated officer must develop effective relationships with

legal teams, recordkeeping, and other departments likely to be involved in
responding to a law enforcement agency's request. These relationships
ensure transparency and accountability and decrease the FI’s response time.
This is especially the case when dealing with complex law enforcement
requests that might require coordination from many facets of the

Certified Anti-Money Laundering Specialist Page 362

Version 7.0
organization. An integrated approach emphasizes both compliance and
responsiveness while maintaining the confidentiality and integrity of customer
data throughout the process.

How law enforcement case investigators

read a SAR
If an AFC program were a factory, suspicious activity reports (SAR) would be
its most important product and law enforcement would be its main customer.
SARs can be used to initiate an investigation or enhance an ongoing
investigation. Law enforcement and the intelligence community use these
reports to respond to illicit activity and gather intelligence useful in preventing
future occurences. SAR data contains critical details to identify suspects,
networks, jurisdictions, and, most importantly, the movement of illicit funds.
SARs offer an abundance of direct and indirect access to evidence of money
laundering and the illicit activity that fuels it. However, SARs cannot be used as
evidence.

The most important purpose of SARs is to assist law enforcement and analysts
in collecting information and intelligence on potential illegal activity. The
phrase “follow the money” routinely proves to be true. These reports are
invaluable in initiating new cases, enhancing ongoing investigations, and
developing broader financial intelligence activity monitoring. The SAR form
data and narrative are critical for law enforcement and analysts to leverage in
the field. Once they access the relevant database, they can effectively search
names, identifiers, data, filing and subject entities, and vital narrative
information. Law enforcement will look at these reports to identify what the
illicit activity was, where and when it occurred, what products were used to
facilitate the activity, and—most importantly—why it is considered suspicious.
They can also search a SAR database to see if a suspect is mentioned in other
SARs, which institution filed, and where the illicit money might have gone.
Based on the pattern of activity—who, what, where, when, how, and why—law
enforcement might develop or add criminal charges for the underlying
activity and possible money laundering. Law enforcement may be able to
follow the money and other supporting data, determine other criminals
involved in the activity, and expand the investigation further.

Certified Anti-Money Laundering Specialist Page 363

Version 7.0
Offboarding and de-risking

Refusing or terminating a customer

Refusing to onboard a customer can take place at different points in the
customer cycle. The organization may choose to not accept a new customer
because, after conducting customer due diligence, you discover the
customer is outside your organization’s risk appetite. Or the customer might
have raised enough red flags for financial crime.

The organization may also decide to exit an existing customer after a standard
review cycle, either because their activities look suspicious, or because your
firm’s risk appetite has changed.

If, for example, the organization does not accept embassies as customers, it is
safe to say and document the reason. If there are underlying suspicions of
financial crime, you must take care not to tip off the customer.

Potential new customers who fail your organization’s CDD or are outside the
stated risk appetite are the simplest to exit. If it is a risk appetite matter, such
as not accepting certain sectors, it is safe to tell the potential customer.
However, if it is because of financial crime suspicions, care must be taken not
to tip off the customer. A simple explanation of “outside of risk appetite”
should be sufficient. If you exit a new customer, you must keep a file stating
your reasons. If you suspect financial crime, your organization must make the
necessary suspicious activity reports.

Exiting an established customer requires additional steps. If your organization

has decided to exit a sector or jurisdiction, there might be a press release or
standard statement and customer communications that can be used to
inform the customer of the decision.

Exiting a customer because of suspicious activity is more difficult. You should

follow your organization's policies and procedures. It should be followed by a
very generic letter or communication saying the organization wishes to
discontinue the relationship. Your company might have a template for this
communication. Provided there is no legal requirement for you to do

Certified Anti-Money Laundering Specialist Page 364

Version 7.0
otherwise, you must give your customer reasonable time to make other
arrangements.

De-risking
FATF defines de-risking as the act of a financial institution terminating or
restricting customer relationships, sometimes for entire client categories,
because they no longer align with the organization’s risk appetite. Instead of
managing risk through a risk-based approach, some organizations choose to
avoid it, leading them to offboard entire segments of high-risk clients or not
offer a service at all. This results in financial exclusion, or de-banking. De-
banking is the broader loss of financial services due to risk appetite,
commercial factors, profitability, complex regulatory constraints related to
AFC compliance, sanctions, or financial regulations. Consequently, certain
client categories lose access to banking services, even though they might not
have been directly involved with illicit activity.

De-risking has reduced correspondent banking relationships in some regions

and restricted banking access for sectors such as MSBs, cryptocurrency
exchanges, money or value transfer services (MVTS), and non-profit
organizations (NPO). Organizations might avoid customers who pose
compliance risks that could jeopardize regulatory obligations. This is common
in higher-risk sectors, where cross-border remittances increase exposure to
illicit activity. For example, in 2013, HSBC asked over 40 foreign embassies,
including the Vatican, Papua New Guinea, and Benin, to close their accounts.
This decision caused significant disruption, as diplomatic missions rely on bank
accounts for essential business transactions.

Some organizations might also sever ties with customers over reputational
concerns, such as de-banking arms manufacturers, despite legal compliance.
Regulatory inconsistencies further complicate de-risking. For example, in the
US, federally insured banks face challenges when state laws, such as those
legalizing cannabis businesses, conflict with federal laws. To mitigate legal
risks, many banks avoid serving such businesses altogether.

Certified Anti-Money Laundering Specialist Page 365

Version 7.0
Making broad decisions based on risk aversion, rather than conducting
individual risk assessments, conflicts with FATF’s Recommendations. FATF
emphasizes proportional, risk-based management over broad exclusions. To
mitigate de-risking, organizations could:

• Form a de-risking committee with members from business, legal, and

compliance departments to assess risk. Some financial institutions refer to
this as a Reputational Risk forum or a Client Selection committee.

• Adopt a risk-based approach by conducting case-by-case individual risk

assessments and reviews rather than categorizing entire sectors as high
risk.

• Develop a sector-specific Wolfsberg-type questionnaire to standardize

information collection.

• Implement advanced transaction monitoring to improve transparency and

efficiency while reducing reliance on broad restrictions.

• Engage in multi-stakeholder discussions with regulators and industry

bodies to align expectations and reduce compliance burdens.

• Develop nuanced risk tiers that account for multiple factors beyond
jurisdiction or nationality.

• Provide financial access through tiered accounts with risk-appropriate

transaction limits, supporting inclusion while managing exposure.

• Conduct due diligence or EDD appropriate to the specific risks of the

sector or business type.

Financial inclusion
Financial inclusion ensures that individuals and businesses, particularly the
disadvantaged, have access to financial services. These services enhance
economic participation and meet a range of needs. Examples of financial
services include banking, credit, insurance, savings and loans, payment
systems, and consumer protection against fraud, which is enhanced through
regulated services.

Financial inclusion empowers individuals economically, reduces poverty, and

supports entrepreneurship and business growth. By improving access to

Certified Anti-Money Laundering Specialist Page 366

Version 7.0
services, financial institutions can help foster economic growth, enabling
individuals to save, invest, and manage risks, thereby improving society as the
whole.

Financial crime controls, including AFC measures, can inadvertently create

barriers for vulnerable customers, particularly those unable to provide
required documentation. Many financial institutions require specific
documentation for identity and address verification. This requirement can
exclude individuals in vulnerable or precarious situations, such as those who
rely on the informal economy.

The World Bank reported in the Global Findex Database 2021 that
approximately 1.4 billion adults lacked access to a formal bank account,
highlighting the scale of this challenge. FATF noted that strict documentation
requirements could reduce account ownership by up to 23% in Sub-Saharan
Africa.

FATF recognizes that effective AFC measures can support financial inclusion
efforts. It advocates for an RBA that does not exclude legitimate consumers
from the financial system. To balance financial inclusion with effective AFC
controls, AFC professionals can:

• Implement a risk-based approach by allowing flexibility in applying AFC

measures tailored to the specific risks of different customer segments.

• Simplify due diligence by adopting tiered CDD processes. This can

accommodate customers with limited documentation and provide access
for lower-risk customers.

• Engage continuously with regulators to identify barriers to financial

inclusion while ensuring compliance with AFC regulations.

• Use technology, such as digital identity solutions and mobile banking, to

enhance access for underserved populations.

• Provide appropriate training to all relevant staff on implementing AFC

measures while ensuring financial inclusion.

Certified Anti-Money Laundering Specialist Page 367

Version 7.0
Tools and Technologies to
Fight Financial Crimes
After completing this learning experience, you will be able to:

• Describe the tools and technologies used to fight financial crime and
comply with AFC regulations.

• Discuss the use of technology for customer onboarding in AFC

compliance.

• Discuss the use of technology for ongoing monitoring and investigations in

AFC compliance.

• Explain the importance of data privacy and data collection and preparation
for AFC compliance technology solutions.

Certified Anti-Money Laundering Specialist Page 368

Version 7.0
Technology for AFC
Compliance

Introduction

Introduction: Technology for AFC

compliance
This module shows how AFC technology, a subset of regulatory technology
(also known as RegTech), enhances financial institutions' ability to prevent and
detect illicit activities. This technology supports key functions such as
customer onboarding, sanctions screening, and suspicious activity monitoring.
This module also covers the importance of ensuring AFC technology complies
with privacy laws, such as the GDPR, AFC regulatory frameworks, such as the
US AML Act of 2020, and global standards, such as FATF Recommendations
and guidance notes.

As financial crimes grow more sophisticated and the regulatory landscape

evolves, institutions should keep pace by strategically implementing
innovative solutions to enhance compliance, risk management, and
operational efficiency while ensuring robust governance, scalability, and
security.

Certified Anti-Money Laundering Specialist Page 369

Version 7.0
Case example: Implementing technology in
AFC compliance
Senior management at a US bank set a strategic goal to enhance its AFC
compliance program over the next three years by investing in technology
infrastructure. The bank assigns Anna, the BSA Officer, the task of reviewing
existing AFC technology, identifying gaps, and preparing a proposal for
integrating advanced solutions. The bank's ultimate goal is to enhance
efficiency, effectiveness, accuracy, and regulatory compliance across all
domains throughout the organization.

She begins by assessing the bank's technological needs, using a risk-based

approach that prioritizes areas that have the greatest exposure. Since the last
risk assessment was a year ago, she includes a review of regulatory changes,
guidance, and enforcement actions. Anna then conducts a current-state
assessment of technology across these needs, mapping out the systems,
tools, and processes currently in place. She identifies and prioritizes the gaps,
determining which areas will benefit from new technology, which areas can
be enhanced by augmenting existing technology with additional solutions,
and which ones do not merit additional investment. As a result of the review,
she decides that the priority should be upgrading technology in customer
onboarding/KYC and transaction monitoring.

In each of these areas, Anna completes a full market assessment of available

technology, focusing on enhancements that become available as technology
advances. For KYC, she seeks enhanced digital identity verification technology
and aims to use perpetual KYC models to move from periodic KYC reviews to
continuous customer risk analysis. The goal for transaction monitoring is to
adopt AI contextual monitoring models that leverage internal and external
data to detect complex and evolving financial crime patterns.

Having identified the types of solutions that fit the bank's needs, Anna begins
the process of selecting and implementing tools in partnership with the
technology services function at her organization. This involves assessing
whether to build in-house solutions or buy from a vendor, considering vendor
risks, integration with legacy systems and data, total cost of ownership, and
return on investment. Anna and her technology partners also consider how to
manage and maintain data in the new systems on an ongoing basis. They will

Certified Anti-Money Laundering Specialist Page 370

Version 7.0
need to carefully prepare, manage, and inspect quality control guidelines to
ensure effective deployment and ongoing usage of AFC technology.

This process takes considerable time and effort. However, after thorough
analysis, Anna and her technology partners present a well-reasoned and
documented proposal for enhanced technology, including specific solutions,
timelines, and budgets to meet the organization's strategic goals.

Key takeaways

Enhance your AFC compliance program by conducting a comprehensive

review and upgrading existing technology.

• Prioritize areas with the greatest exposure and leverage advanced

solutions to improve efficiency, effectiveness, accuracy, and regulatory
compliance, with the specific goal depending on the maturity of the
organization.

• A focus on customer onboarding/KYC and transaction monitoring, along

with a well-planned implementation strategy, can help reduce financial
crime risk.

Certified Anti-Money Laundering Specialist Page 371

Version 7.0
Understanding AFC technology

AFC technology overview

The World Economic Forum describes regulatory technology as the
application of new technological solutions that assist highly regulated industry
stakeholders in setting, effectuating, and meeting regulatory governance,
reporting, compliance, and risk management obligations. According to FATF,
the use of regulatory technology enhances compliance by enabling
organizations to be more effective and efficient in managing financial crime
risks. Organizations use these technologies in executing various AFC controls,
including customer onboarding, sanctions and negative news screening, and
suspicious activity monitoring.

Digital onboarding uses technologies such as geolocation and device

intelligence for remote identity verification, improving efficiency and security.
Perpetual KYC ensures continuous risk monitoring. The Wolfsberg Group’s
Guidance on Digital Customer Lifecycle Risk Management underscores
secure non-face-to-face interactions and emphasizes ongoing, trigger-
based due diligence.

Advanced screening tools employ AI to cross-reference customer data

against global sanctions lists and adverse media sources. This enables
institutions to swiftly identify and respond to potential risks associated with
sanctioned parties and financial crime-related negative news.

AI is enhancing traditional rules-based systems. These technologies can

analyze vast datasets to detect complex and evolving patterns of suspicious
behavior. Contextual monitoring further refines this process. It considers the
broader context of transactions, such as customer behavior and market
conditions, thereby reducing false positives and improving detection
accuracy. The Wolfsberg Group’s Statement on Effective Monitoring for
Suspicious Activity highlights the role of transaction monitoring as one
important factor, along with customer behavior and attributes, in detecting
suspicious activity.

Certified Anti-Money Laundering Specialist Page 372

Version 7.0
Advanced analytics and data visualization tools streamline investigations and
due diligence, helping compliance teams efficiently detect, analyze, and
mitigate financial crime risks.

As technology advances to tackle complex problems, organizations should

enhance their understanding, maintain data quality, and carefully implement
solutions to minimize risk. Technology alone is not the solution—fundamentals
always matter.

By adopting advanced technologies aligned with international standards,

financial institutions can strengthen AFC frameworks and ensure effective
crime prevention while maintaining regulatory compliance and ethical
integrity. When integrating technology into AFC compliance, organizations
should align their systems with regulations in the jurisdictions in which they
operate and have customers. These regulations include stringent data and
privacy laws, such as the GDPR in the EU and the Gramm-Leach-Bliley Act in
the US. The FATF’s Opportunities and Challenges of New Technologies for
AML/CFT emphasizes policies for leveraging technology against financial
crime. Additionally, the AML Act of 2020 in the US establishes a clear mandate
for innovation as a key theme and purpose.

Certified Anti-Money Laundering Specialist Page 373

Version 7.0
Tools and technologies for AFC compliance
While there is no one-size-fits-all approach to AFC technology, each financial
institution needs to implement appropriate technology along the customer
journey.

During onboarding, financial institutions perform initial due diligence, which

includes: KYC and identity and verification (ID&V); screening for sanctions and
terror lists, PEPs, and adverse media; and completing a customer risk
assessment and rating. Based on the result of the risk rating, the organization
may need to conduct enhanced due diligence (EDD). Financial institutions use
technologies such as digital identity verification, biometric authentication,
geolocation, and device intelligence to ensure secure and efficient KYC
processes.

After onboarding, organizations perform ongoing due diligence, which may

include periodic KYC or perpetual KYC. Periodic KYC involves updating
customer information at fixed intervals, such as every one to five years, based
on typical customer risks. Perpetual KYC involves continuously monitoring
customer profiles and detecting emerging risks in real time, such as changes
in ownership structures, business activities, or adverse media coverage.

Ongoing due diligence also includes transaction monitoring, payment and

batch screening, and screening for sanctions, PEPs, and adverse media. Real-

Certified Anti-Money Laundering Specialist Page 374

Version 7.0
time automated screening tools leverage machine learning and other forms
of AI to cross-reference customer and transaction data with global sanctions
lists, PEP databases, and global adverse media sources. These tools ensure
compliance with international regulations such as OFAC, EU, and UN sanctions
lists. They also help maintain oversight of customer risk and activity.

Transaction monitoring technologies analyze transaction patterns in real time

or on a scheduled basis using traditional rules-based systems, AI-based
approaches, or both. Financial institutions analyze large datasets of
customers, accounts, and transactions to identify anomalies, emerging
financial crime trends, and contextual risk factors. Financial crime investigation
teams use intelligence-led and data visualization technologies to assist in the
investigation of complex transaction flows.

AI-powered automation and external intelligence sources streamline manual

processes, improving efficiency and accuracy in investigations.
Comprehensive risk management frameworks incorporate predictive
analytics, AI-driven risk scoring, and real-time data aggregation to proactively
assess financial crime risks. Continuous monitoring and dynamic risk
assessment help financial institutions adapt to emerging threats and
regulatory changes.

By integrating these technologies, financial institutions enhance their AFC

compliance programs, strengthen risk management capabilities, and meet
regulatory expectations while effectively mitigating and identifying financial
crime risks.

While many of these control functions are highly dependent on technology

tools, organizations that have rushed to implement the latest technologies
without appropriate risk assessment and understanding have had to suffer
consequences. As cited in the Moneylaundering.com article, "Regtech Failures
Plaguing European Banks," Carolin Gardner, the European Banking Authority’s
head of AML, states, “One of the challenges, based on what (national)
supervisors are telling us, is that technology is being employed before it’s
properly tested, and that [it] then has the potential to actually weaken
institutions’ systems and controls."

This article goes on to discuss how “unthinking” reliance on new technologies

accounted for over half of the more than 250 cases in which financial services
companies were found to have breached anti-money laundering rules in the
EU in 2024. This article provides a good reminder that organizations need to

Certified Anti-Money Laundering Specialist Page 375

Version 7.0
follow the risk assessment fundamentals and sound technology
implementation principles to gain advantages from innovative technology.

Global AFC innovation

Financial institutions and governments worldwide have increasingly adopted
innovative approaches to combat money laundering, terrorist financing, and
sanctions evasion. This evolution reflects a concerted effort to enhance the
effectiveness of financial crime risk management.

In the mid-1990s, financial institutions primarily relied on retrospective, manual

processes, and rudimentary software to detect suspicious activities. The late
1990s and early 2000s saw the introduction of rules-based systems, which
automated the detection of predefined patterns indicative of potential
financial crimes. While these systems improved efficiency, they were limited
by their inability to adapt to evolving criminal methodologies.

The 2010s introduced machine learning models and other forms of AI, while
the 2020s introduced technologies such as large language models and
generative AI. These technologies enabled predictive models and the analysis
of vast datasets to identify complex patterns of emerging financial crime
threats in real time.

Recognizing the need for a unified response to sophisticated financial crimes,

the public and private sectors have launched various global initiatives to foster
innovation and collaboration. Examples include:

• The Collaborative Sharing of Money Laundering Information and Cases

platform, an initiative by the Monetary Authority of Singapore (MAS) to
facilitate real-time financial crime information sharing among financial
institutions

• The Anticipatory and Adaptive Anti-Money Laundering program, an

initiative of the Defense Advanced Research Projects Agency (DARPA) of
the US Department of Defense that aims to develop AI systems capable of
predicting and adapting to emerging money laundering schemes

Certified Anti-Money Laundering Specialist Page 376

Version 7.0
Governments worldwide are enacting legislation and regulatory frameworks
that foster innovation to strengthen financial system resilience, including the
following:

• Regulatory sandboxes provide a controlled environment for financial

institutions and regulatory technology firms to safely experiment with
innovative new technologies.

• Technological adoption mandates, such as the US AML Act of 2020 and

FATF guidance, encourage financial institutions to modernize and integrate
innovative technologies.

Over the past quarter century, financial crime prevention has transitioned
from manual, retrospective analysis to automated monitoring and predictive
modeling. This shift is driven by technological advancements and
collaborative global initiatives. As financial crimes grow more complex,
innovation and private-public cooperation remain crucial. By embracing
advanced technologies and fostering collaboration, the global community can
enhance financial system resilience and protect against financial crimes.

As financial crime prevention has evolved, so have criminals. Many organized

crime groups use sophisticated AI-based technology and innovative
techniques to produce synthetic identities and deepfakes and to get around
AML controls. This technological race has made it even more imperative that
organizations consider how they can stay ahead of criminals.

Technology implementation considerations

Financial crime technology, such as machine learning and other forms of AI,
enhances risk prevention and detection. However, implementing these
technologies requires strategic decisions related to building versus buying,
addressing vendor challenges, and retaining responsibility to ensure
effectiveness and sustainability, regardless of outsourcing.

Adopting financial crime technology involves strategic, operational, and

compliance considerations that impact effectiveness, cost, and sustainability.
These considerations include:

• Regulatory compliance and adaptability: Align with evolving financial crime

regulations.

Certified Anti-Money Laundering Specialist Page 377

Version 7.0
• Data privacy and security: Comply with privacy laws, such as the GDPR and
the Gramm-Leach-Bliley Act, and ensure secure data storage, encryption,
and access controls to mitigate cybersecurity risks.

• Integration with existing systems: Ensure compatibility with legacy

technology and core banking systems.

• Total cost of ownership: Assess ongoing maintenance, licensing,

compliance updates, and staffing needs to determine long-term viability.
Consider whether to use cloud-based systems or host in-house servers,
which may be more secure but involve substantial cost.

• Time and effort to implement: Estimate the amount of time and effort
needed to implement new technology in terms of engagement and focus
from multiple teams within the organization, such as AFC compliance,
operations, and technology.

Financial institutions then have a choice to build AFC technology solutions in-
house or buy them from a third party or a combination of the two approaches.
Buying from a third party includes off-the-shelf solutions and customized
solutions that the vendor tailors to the organization’s needs. Some key pros
and cons are as follows.

Criteria Build in-house Buy customized Buy off-the-shelf

solution solution

Pros • Fully • Fully • Pre-built

customized customized solutions
with vendor
• Greater • Proven
experience
control effectiveness
• Greater
• Competitive • Continuous
control
differentiation vendor
• Continuous support
vendor through
support ongoing
update

Certified Anti-Money Laundering Specialist Page 378

Version 7.0
Cons • Potentially • Potentially • Limited
higher higher customization
development development
• Vendor
costs costs
dependency
• Potentially • Vendor
• Potentially
higher dependency
higher long-
opportunity
• Maintenance term costs
costs, with
burden,
internal
depending on
technology
negotiated
teams unable
terms
to work on
other projects

• Potentially
slower
implementatio
n if there are
conflicting
internal
priorities

• Ongoing
maintenance
burden

Buying financial crime technology also introduces challenges beyond

commercial considerations. To address these challenges, organizations carry
out multiple due diligence steps, including:

• Assessing a vendor’s reputation, security protocols, regulatory adherence,

and financial stability to limit exposure to compliance failures and
breaches.

• Negotiating SLAs to clearly define system uptime, support response times,

and vendor accountability for failures, avoiding operational disruptions.

Certified Anti-Money Laundering Specialist Page 379

Version 7.0
• Developing contingency plans if the vendor fails to meet expectations,
considering the cost and complexity of transitioning vendors.

• Establishing a cadence of audits and reviews to ensure the technology

meets regulatory requirements and remains effective.

• Assessing the vendor's success within peer groups and in the same or
similar regulatory regimes.

Typically, organizations choose their vendors and their approach to building,

buying, or a combination of the two, based on their size and ability to build
complex software solutions in-house. Implementing and maintaining financial
crime technology requires assessing build or buy options, regulations, vendor
risks, integration, scalability, and cost.

Other options include outsourcing to vendors, such as managed service

providers, who can execute specific controls for and on behalf of the
organization using their own or the organization’s technology suite.

Ultimately, financial institutions remain accountable for compliance and

maintain ownership of AML risks. If the vendor systems fail or vendors do not
perform as expected, the risk remains with the outsourcing entity. If vendors
fail to meet the regulatory standards expected, the organization will be held
accountable.

Certified Anti-Money Laundering Specialist Page 380

Version 7.0
Choosing AFC tools for an
organization

Adopting a risk-based approach when

choosing AFC technology
A risk-based approach refers to the process of identifying the highest risks
and prioritizing resources to address them. Investing in AFC tools and
technologies also follows the same principle. In practice, constraints such as
budgets, timelines, and other competing priorities may mean resources are
limited. Applying a risk-based approach in this instance would lead to the
organization choosing to overhaul the weakest or most inefficient controls.

Selecting AFC technology requires first conducting targeted risk assessments

for each AFC control, such as CDD, screening, and monitoring. These
assessments help identify gaps in current systems, prioritize high-risk areas,
and inform decisions about whether to augment existing technology or fully
replace it. Inputs into these risk assessments include data source analysis,
transaction types, customer profiles, jurisdictions, and other attributes needed
to present and understand a clear risk profile.

If the organization has limited experience in selecting AFC technology,

engaging strategic advisory firms may further enhance decision-making.
Experts in financial crime compliance and technology may provide
independent evaluations, recommend best-fit solutions, and ensure
alignment with evolving regulatory requirements. Their advice may also help
the organization navigate complex implementation challenges, potentially
saving time and money.

A risk-based approach influences which technology is most fit for purpose.

For instance, not all monitoring and screening functions benefit equally from
new technologies. While AI-driven transaction monitoring and machine
learning-based name screening may enhance efficiency and effectiveness,
investigative and analytical tasks may consume the most resources and be
good candidates for automation. Before committing to a full system

Certified Anti-Money Laundering Specialist Page 381

Version 7.0
replacement, organizations may consider augmentation. For example, they
might consider enhancing existing systems with new capabilities, thereby
reducing immediate cost and disruption while still improving effectiveness.

Selecting AFC technology should also align with business strategy. For
instance, an organizational strategy to move data processing to the cloud
influences AFC system options. A well-considered AFC technology strategy
leverages similar requirements across AFC dimensions. For example, consider
entity resolution, which refers to the process of confirming whether multiple
records are referring to the same data item, such as an address, a device, or a
phone number. Entity resolution is a significant part of CDD, screening, and
transaction monitoring systems, so sharing this capability across multiple
solutions makes sense when possible.

Failure to adequately consider risks when selecting new technology may

signal to business sponsors, auditors, and regulators that the AFC function
does not fully understand its role and the risks the organization faces.

Using AFC technology to reduce friction in

customer journeys
Friction can arise when organizations excessively contact customers for
information or delay processing their transactions. Unnecessary contact often
occurs when a customer holds multiple relationships within an organization.
For example, a company director who has personal retail accounts and acts
as a guarantor for a loan may face redundant KYC requests from three
different business units. Delays often stem from transaction processing or
approvals for new products or additional accounts. These delays may result
from operational backlogs or the need to update a customer’s risk profile
before proceeding. Excessive outreach or frustrating delays increase
operational costs and may lead to customer attrition.

AFC technology can reduce direct customer outreach by automating data

collection and continuously monitoring changes in customer profiles. Instead
of relying on periodic refreshes, institutions can implement trigger-based
updates using transaction patterns, third-party data, and public records.
Perpetual KYC tools can also minimize the need for large-scale remediation
projects while maintaining up-to-date information.

Certified Anti-Money Laundering Specialist Page 382

Version 7.0
Integrating customer and transactional data across technology solutions and
business units helps reduce outreach. Organizations need only contact
customers once for information, as they can then build a holistic customer risk
profile by assembling a complete dataset.

Reducing false positives in transaction monitoring and screening decreases

the need for customer inquiries. It also relieves pressure on operational
resources, who may encounter delays in processing times for alerts or
queries. By leveraging machine learning, organizations can enhance alert
accuracy, reducing the number of investigations and customer disruptions.

When selecting technology, institutions must balance effectiveness with

customer experience. Robust systems improve compliance and risk
management, but overly intrusive processes can lead to negative interactions.
The trade-off between security and convenience should align with the
organization’s risk appetite, ensuring controls are proportionate to the level of
risk.

AFC tools, choices, and considerations

Financial institutions should proactively evaluate and enhance their AFC
systems. Timely upgrades mitigate emerging risks and ensure AFC
compliance spending delivers optimal value. AFC professionals should
balance system costs while maintaining effectiveness.

Regular product risk assessments and independent assurance should include

a technology review to assess risk coverage gaps. Such gaps decrease
system effectiveness and contribute to operational inefficiencies, which
increase system cost. These reviews can validate whether existing systems
adequately cover risks and can identify gaps requiring remediation and
increased investment. Institutions should also determine whether their
systems address emerging threats, such as digital assets and increasing
sanctions complexity.

Cost considerations include internal operating expenses related to system

maintenance and output management costs resulting from false positives.
Inefficient systems drive up costs by producing excessive alerts, increasing
manual workload, and introducing additional risk through delayed processing.

Next-generation technologies, such as machine learning and other forms of

AI, can enhance detection capabilities, streamline operations, and reduce

Certified Anti-Money Laundering Specialist Page 383

Version 7.0
false positives. Institutions should evaluate whether to integrate these
advancements into existing systems or replace outdated systems entirely.
Implementation complexity, data quality, and broader organizational
readiness are critical success factors to consider when deciding whether to
migrate to new technology stacks.

Many organizations delay upgrades due to limited resources or expertise.

Engaging an advisory firm may provide insight into best practices, market
trends, and vendor selection. External partners help strategize, assess existing
technologies, and implement solutions that align with risk profiles and
operational needs.

Internal stakeholder collaboration is also critical. Engaging data, operations,

compliance, and legal teams ensures new technology meets regulatory
requirements, integrates smoothly, and enhances effectiveness. AFC
effectiveness reviews and independent testing should be cross-functional,
extending beyond traditional AFC silos, such as AML and sanctions. Institutions
should consider opportunities to use technologies in multiple streams. For
example, using better analytics to improve precision on the customer risk
rating increases accuracy for both sanctions screening and customer
monitoring.

Institutions should adopt a forward-thinking approach to AFC technology.

Regular assessments and strategic planning prevent costly, reactive system
changes. They also ensure that organizations manage financial crime risks
before they become regulatory concerns.

Artificial intelligence and machine learning

Key stakeholders, such as business sponsors, increasingly expect the AFC
function to demonstrate how it has considered and deployed new and
emerging technologies to improve system effectiveness and efficiencies. AI is
transforming AFC controls by enhancing detection, automating processes,
and improving efficiency. AI refers to the broader concept of machines
simulating human intelligence. Machine learning is a subset of AI that enables
systems to learn from data and historical performance and improve
performance through pattern recognition. These technologies can serve
different roles and complement each other.

Certified Anti-Money Laundering Specialist Page 384

Version 7.0
The use of machine learning algorithms has shown improvements in reducing
false positives in transaction monitoring and screening. Traditional rules-based
systems generate high volumes of alerts, many of which are false positives
requiring manual review. Machine learning models can analyze vast datasets,
detect patterns, and refine alert thresholds dynamically, allowing financial
institutions to focus on truly suspicious activity. Organizations may deploy
solutions as a primary detection capability or integrate them with existing
systems to enhance post-detection analysis.

Robotic process automation streamlines repetitive tasks such as data entry,

case management, and report generation. However, if a process is flawed,
robotic process automation can replicate inefficiencies rather than address
underlying issues. An end-to-end review and understanding the process are
good starting points prior to implementing new technologies.

AI can enhance detection capabilities. It supports historical analysis and

appraisal of unstructured data, enabling a review process that validates and
sense-checks system outputs.

By using natural language processing to automate SAR narratives,

organizations can reduce manual effort in compliance reporting. This allows
the human in the loop to review and confirm results rather than spend time
collecting data items from disparate systems. It also supports historical
analysis and appraisal of unstructured data, enabling a review process that
validates and sense-checks system outputs.

Generative AI and large language models offer broader applications such as

enhanced risk assessments, automated report generation, and real-time
compliance monitoring. These advanced AI models can analyze complex
financial networks, detect emerging risks, and generate human-like insights to
support decision-making.

However, AI solutions are not perfect at mitigating financial crime.

Hallucinations, bias in testing data, and lack of explainability in some AI models
are some of the challenges that organizations will need to address to ensure a
sustainable solution.

Certified Anti-Money Laundering Specialist Page 385

Version 7.0
Transitioning from traditional systems to AI-
based tools
Transitioning from a traditional rules-based AFC system to AI-driven tools,
such as technology for remote onboarding, requires careful planning to
maintain effectiveness and compliance. Organizations should ensure that
innovation enhances risk management rather than introducing new
vulnerabilities.

A key first step is conducting a comprehensive risk assessment to identify

gaps in the existing system, define objectives for AI integration, in phases as
needed, and assess regulatory expectations. AI can enhance AFC detection
capabilities, but institutions need to ensure model transparency, auditability,
and explainability to meet compliance standards. Organizations should
continuously monitor and update risk assessments to adapt to evolving
threats. Plus, a thorough risk assessment also helps prioritize time and financial
investment.

It is also important to define short- and long-term goals for AI integration. One
way organizations can begin to pilot and experiment with AI is to use it to
complement existing systems in a post-detection role before a full transition.
This will help focus on improvements that offer the greatest value in risk or
cost management. Choosing the right solutions is essential, as no single
system fits all needs.

Business sponsors often expect efficiency gains to fund further investments

that enhance risk coverage. However, depending on the maturity of the
existing operation—such as its leanness and efficiency—AI may primarily focus
on increasing AFC effectiveness. The organization should establish
expectations in the early stages of the project so that stakeholders are aligned
on strategic objectives.

To prevent disruptions during development and implementation and

minimize operational risk, organizations may run AI systems in parallel with
existing rules-based systems before fully transitioning. The process of testing,
validating, and tuning AI models ensures accuracy and prevents unintended
gaps in coverage. Engaging regulators and compliance, legal, IT, and
operations teams early ensures the new system integrates effectively across
business units. Running pilot programs to test AI systems before full
implementation may minimize risk, even if it takes longer to transition.

Certified Anti-Money Laundering Specialist Page 386

Version 7.0
AI is still in its early days and, in its current state, is unlikely to completely
eliminate the human in the loop. AI systems typically complement and
support, rather than replace, human oversight. Engaging regulators early and
often helps set expectations and allows consideration of any concerns
regarding explainability requirements. Addressing operational impacts, such
as training staff on new workflows and system output, is likely to prevent
inefficiencies in the future.

By carefully planning the transition, balancing AI’s benefits with regulatory

expectations, and avoiding common pitfalls, organizations can modernize
AFC controls and onboarding while maintaining compliance and
effectiveness.

Governance of compliance technology

Strong governance involves effective decision-making processes with clear
accountabilities and priorities. AFC technology governance processes apply
whether selecting, developing, and implementing new solutions or overseeing
an existing system. The use of AI introduces additional governance
requirements to ensure ethical use of AI, mitigation of bias, adherence to
applicable AI regulations, and adequate documentation.

Engaging key stakeholders is critical. Business sponsors, senior leadership,

compliance officers, IT teams, risk management professionals, and legal
advisors should all evaluate suitable technologies for deployment and
operation. Business sponsors or senior risk and compliance leaders often chair
these committees. Cross-functional participation and clear accountabilities
enable transparent communication and collaboration across departments,
helping align technology adoption with risk appetite and strategic goals.

Governance committees proactively support effective risk management

through review and decision-making. Key evaluation processes include data
and technology security, system integration, system effectiveness, regulatory
implications, and operational risks. Reporting from these assessments
balances potential benefits against associated risks to ensure informed
decision-making. Ongoing reporting includes key risk indicators to identify
potential vulnerabilities and key performance indicators to measure efficiency
and effectiveness in detecting and preventing financial crime. Committees
must assess this information and decide on the right course of action for the
organization.
Certified Anti-Money Laundering Specialist Page 387
Version 7.0
Balanced participation and diverse perspectives enhance committee
effectiveness. Poor decisions can arise from unclear or incorrect information,
potentially leading to actions that contradict strategic interests. Implementing
strong check-and-challenge processes helps mitigate this risk. Organizations
should document key decisions, including rationale, risk assessments,
stakeholder input, and compliance considerations. By documenting
accountability and the decision-making process, organizations are better
prepared for scrutiny from internal audits and regulators.

Governance committees can have drawbacks. Bureaucratic processes may

slow down decision-making, potentially delaying the adoption of innovative
solutions. Excessive oversight can lead to risk aversion, stifling technological
advancements. To mitigate these challenges, organizations should include a
regular, independent review of governance processes and outcomes.

Regulatory requirements for technology

Financial institutions must stay up to date with AFC regulations across multiple
jurisdictions to ensure compliance and manage risks effectively. Regulators
often issue guidance notes pertaining to AFC technologies, such as the
bulletin Supervisory Guidance on Model Risk Management from the OCC in
the US (OCC 2011-12). Regulations also focus on operational resilience and
emerging technologies, such as the Digital Operational Resilience Act (DORA),
formerly known as Regulation 2022/554, and the EU AI Act in the EU. Similar
regulations exist in China, the UK, Singapore, and other jurisdictions, along with
some US states, including California, Colorado, Utah, and New York. A
structured approach to ensuring ongoing compliance includes continuous
regulatory monitoring, proactive engagement with regulators and other
stakeholders, and the strategic use of technology.

Organizations should understand the principles and intent behind regulations

and ensure control frameworks achieve the required outcomes. For example,
AI models should have high explainability, meaning analysts should be able to
easily understand and act on the model's decisions. Also, organizations should
use AI responsibly and ethically, focusing on augmenting human capabilities,
respecting user rights and data privacy, and prioritizing transparency and
accountability in AI systems. The best practice is to consult and engage with
local regulators to understand their expectations and demonstrate an
organization’s understanding and explainability of the technology.

Certified Anti-Money Laundering Specialist Page 388

Version 7.0
Collaboration through industry associations, AFC-focused forums, and
regulatory working groups is essential for staying informed about emerging
trends and best practices. This helps institutions operationalize new
regulations. For multinational organizations, different jurisdictions might
interpret similar regulations differently across borders. A strong compliance
framework navigates these differences, aligning internal policies and
procedures with all regulatory requirements and creating minimum standards
across the group.

Integrating new AFC tools with existing

systems and data
When choosing and implementing a new AFC tool, organizations should first
conduct a thorough assessment of existing systems, data quality, and
integration challenges. A critical step is determining whether legacy
databases and platforms are outdated and if they can be effectively migrated
into the new system. Poorly structured or inconsistent data can severely
impact the effectiveness of next-generation technologies such as machine
learning, contextual monitoring, and other forms of AI.

There are four key considerations for evaluating new AFC technology:
scalability, flexible architecture, integration, and collaboration.

• Scalability: A robust AFC solution should accommodate organic growth,

acquisitions, and new products or services. Scalability is essential to ensure
compliance capabilities evolve alongside the organization’s expansion,
minimizing the need for costly system replacements or frequent
upgrades.

• Flexible architecture: Legacy system designs often create integration

roadblocks. A flexible architecture emphasizes seamless connectivity
across data platforms and application layers to build a unified compliance
ecosystem. For example, it is advisable to avoid separate data stores for
each new system and to share customer segmentation and resolution
tools across applications whenever possible. Prioritizing architecture that
reduces data silos and system duplication enhances efficiency and
performance.

Certified Anti-Money Laundering Specialist Page 389

Version 7.0
• Integration: A well-integrated AFC solution should streamline workflows
and ensure interoperability across tools and datasets. New technologies
should focus on efficient data sharing and automation, enabling
organizations to respond swiftly to regulatory changes and emerging risks.

• Collaboration: A significant compliance risk arises when organizations

make IT-driven architecture decisions without AFC input. Technology
choices that do not fully support regulatory needs can constrain AFC
professionals and lead to inefficiencies and potential compliance gaps.
Close collaboration between AFC, IT, and business units is essential to
ensure systems align with both regulatory and operational requirements.

Additionally, organizations should consider the long-term sustainability of the

AFC tool, ensuring it is built on adaptable frameworks that support evolving
compliance landscapes. Prompt attention to data integrity, system
compatibility, and governance processes will help institutions implement an
AFC tool that not only meets current regulatory standards but also enables
future technological advancements.

Prioritizing resources
Selecting, implementing, and operating new AFC technology require a blend
of skills that differ across the implementation and ongoing operational life
cycles. Organizations need to balance recruitment and development of
internal capabilities with the need for supplementary external expertise.

During selection and implementation, key internal resources include those

with domain expertise in AFC, compliance, risk management, IT, and project
management. These individuals provide essential insights into system
requirements, integration needs, and regulatory considerations. When
building AI-driven solutions, it is essential to have domain experts provide
extensive datasets to train and tune the systems.

Internal and external system implementors and consultants play a crucial role
by bringing specialized technical knowledge, offering industry best practices,
and facilitating a smooth transition. When engaging external vendors to
configure and deploy technology solutions, detailed pre-deployment training
programs should upskill internal teams to enable effective system handover
and reduce external dependency after implementation.

Certified Anti-Money Laundering Specialist Page 390

Version 7.0
Operational success depends upon maintaining a skilled workforce capable of
managing, troubleshooting, and optimizing the AFC system. This includes IT
support specialists, cybersecurity experts, compliance officers, and data
analysts to ensure system security, operational effectiveness, and regulatory
adherence. Ongoing training for staff is essential to keep pace with
technological updates, evolving financial crime threats, and emerging trends.
A combination of in-house teams and external support may be necessary for
routine maintenance, such as tuning and calibration, and system
enhancements.

Resource prioritization strategies vary between implementation and

operation phases. Implementation often demands a high initial investment in
external consultants and system integrators, while operation shifts the focus
to sustaining internal expertise with periodic external support. Organizations
should be prepared to modify both implementation and operating strategies
based on resource availability. Compliance professionals need to assess these
priorities and allocate resources to meet effectiveness and efficiency targets
while fulfilling regulatory obligations.

Organizations should include comprehensive knowledge management

practices to retain expertise throughout the system's life cycle. It is important
to document institutional expertise and establish cross-training initiatives to
mitigate risks associated with staff turnover and retain corporate knowledge.

Certified Anti-Money Laundering Specialist Page 391

Version 7.0
Privacy regulations and
technology

Impact of privacy regulations on technology

use
Consumer privacy regulations such as the GDPR and the Gramm-Leach-Bliley
Act directly prescribe how AFC technologies collect, process, and share
personally identifiable information. GDPR imposes strict rules on handling the
personal data of EU citizens, emphasizing principles such as data minimization,
purpose limitation, storage limitation, and the right to erasure. Similarly, the
Gramm-Leach-Bliley Act mandates that financial institutions safeguard
consumer financial information and disclose how they share such data.

For AFC professionals, these regulations involve balancing effective financial

crime detection with legal obligations for data privacy. Technologies for KYC,
transaction monitoring, sanctions screening, and adverse media analysis
process large volumes of sensitive data. Under GDPR and the Gramm-Leach-
Bliley Act, data controllers, such as financial institutions, must ensure that data
storage—whether in the cloud or internal databases—is secure, transparent,
and compliant.

Moreover, data sharing with other banks, government agencies, or law

enforcement introduces complexity, as jurisdictions tightly regulate cross-
border transfers of personal data. Organizations participating in collaborative
initiatives such as real-time intelligence-sharing platforms must implement
controls to prevent unauthorized access or misuse of shared data.

Additionally, third-party vendors providing AFC technology must comply with

privacy laws, requiring thorough due diligence, contractual safeguards, and
clear service-level agreements to manage data processing responsibilities.

To address these challenges, banks can adopt privacy-enhancing

technologies (PET), such as federated learning, secure multiparty
computation, or data anonymization. These technologies enable secure data
analysis and information sharing while preserving privacy and regulatory

Certified Anti-Money Laundering Specialist Page 392

Version 7.0
compliance, ensuring that AFC efforts remain effective without
compromising personal data protection.

Privacy-enhancing technology
Privacy-enhancing technologies (PETs) are innovative tools that enable data
sharing and analysis while preserving individual privacy. They ensure
compliance with data protection regulations such as the GDPR and the
Gramm-Leach-Bliley Act. In AFC efforts, PETs allow banks and law
enforcement to collaborate on sensitive financial data without exposing PII.
This helps overcome jurisdiction-based data-sharing restrictions and allows
organizations to share intelligence efficiently.

Examples of PETs in AFC include the following:

• Federated learning: This technique enables multiple organizations to

collaboratively train machine learning models without sharing raw data.
Each participant processes its own dataset locally and shares only model
updates, preserving customer privacy. For example, banks across
jurisdictions can build joint models to detect suspicious transaction
patterns without exposing customer information.

• Homomorphic encryption: Using this technique, computations can be

performed on encrypted data without needing to decrypt it first. This
enables collaborative analysis of encrypted data, preserving privacy while
maintaining utility.

• Secure multiparty computation: This technique allows multiple parties to

compute a function over their combined datasets without revealing their
individual inputs. In AFC, this tool helps banks collaboratively identify money
laundering networks while ensuring each organization’s data remains
confidential.

• Data anonymization: Techniques such as tokenization and

pseudonymization mask sensitive data before sharing, which reduces the
risk of exposing PII while still allowing analytical processes, such as
sanctions screening or typology detection.

One notable project leveraging PET technology is the Bank for International
Settlements (BIS) Innovation Hub’s Project Aurora. This project explores how

Certified Anti-Money Laundering Specialist Page 393

Version 7.0
organizations can use PETs such as federated learning and secure multiparty
computation to securely detect cross-border money laundering typologies
without compromising data privacy.

In another example, the Singapore government amended the FSMA to set up

COSMIC’s legislative framework. COSMIC allows participating organizations to
share customer information with another participant if the customer’s profile
or behavior is suspicious. To ensure that the shared information remains
confidential, the Act requires that all participating organizations have policies
and safeguards particularly related to customer privacy.

FATF’s guidance Stocktake on Data Pooling, Collaborative Analytics and Data

Protection explores emerging technologies, addresses balancing data
protection with crime prevention, and offers policy considerations to support
effective, privacy-compliant information sharing.

These initiatives and guidance illustrate the growing role of PETs in enhancing
global financial crime detection while respecting data protection regulations.
They bridge the gap between regulatory compliance and the need for cross-
border, cross-institutional data sharing.

Certified Anti-Money Laundering Specialist Page 394

Version 7.0
Technology and tools used across
the customer life cycle

Geolocation technology
Geolocation technology enables financial institutions to determine a user or
device’s physical location by analyzing signals such as IP address, GPS data,
Wi-Fi networks, and mobile towers. With digital banking replacing in-person
banking services, geolocation serves as a critical tool for uncovering
suspicious behavior, identifying jurisdictional risks, and enhancing the
effectiveness of CDD, transaction monitoring, and sanctions screening
programs. While a user’s IP address offers initial insight into the user’s location,
threat actors often use VPNs, proxy servers, or dark web browsers to mask
their actual location—a behavior that can itself act as a red flag for financial
crime.

For example, FinCEN issues advisories on red flags that highlight scenarios
such as: “Customer conducts transactions from a location inconsistent with
their profile.” These red flags can manifest digitally when transactions
originate from unexpected or masked geolocations. Likewise, the Federal
Financial Institutions Examination Council outlines risk where:

• Funds are transferred to or from financial secrecy havens or high-risk

jurisdictions.

• Transfers involve institutions in regions far from the customer’s operations.

• Customers frequently use branches geographically distant from their

residence or business without clear reason.

Geolocation technology supports real-time anomaly detection by flagging

such inconsistencies between a customer’s declared location and observed
behavior. Financial institutions can use geolocation technology to monitor the
risks digitally and track transaction origination and access patterns, particularly
in mobile banking transactions.

Certified Anti-Money Laundering Specialist Page 395

Version 7.0
The benefits of incorporating geolocation into AFC controls are wide-ranging.
Geolocation technology strengthens risk-based alerting, detects impossible
travel patterns, and supports sanctions compliance by identifying access
attempts from embargoed regions—even when a VPN is used. Combined with
device intelligence, institutions can build context-aware models that detect
coordinated fraud, synthetic identities, which combine fake information with
real information, and mule networks operating across jurisdictions. Moreover,
geolocation enables more targeted EDD and supports geo-fencing for high-
risk locations. By aligning with the geographic risk indicators of FinCEN and the
Federal Financial Institutions Examination Council, financial institutions can
modernize their AFC frameworks to proactively detect and respond to
geographic red flags in today’s digital-first financial landscape.

Device intelligence
Device intelligence and device fingerprinting are becoming critical tools in the
fight against online financial crimes in the digital era. Device intelligence goes
beyond basic identification. It includes analyzing behavioral patterns,
interaction habits, and usage contexts to build a fuller picture of device
activity. For example, device intelligence can recognize whether a customer is
using a known, trusted device or one typically used by a money launderer. It
also helps determine if a device is being used in abnormal ways—such as
rapidly switching accounts, mimicking human behavior, or accessing systems
from mismatched geolocations. These insights strengthen decision-making
by combining device behavior with known red flags and historical transaction
patterns.

Device fingerprinting involves creating a unique identifier for a device based

on its technical attributes—such as browser type, screen resolution, operating
system, and installed plugins. This unique “fingerprint” helps organizations
distinguish between devices, even if traditional identifiers such as cookies or IP
addresses are masked. It enables the detection of suspicious behaviors such
as a user accessing multiple accounts from the same device or a sudden
switch to a device previously associated with financial crimes.

Organizations can now reinterpret several traditional financial crime indicators

through a digital lens using device intelligence. For instance, the Federal
Financial Institutions Examination Council's (FFIEC) red flag, “Customer makes
multiple and frequent currency deposits to various accounts that are

Certified Anti-Money Laundering Specialist Page 396

Version 7.0
purportedly unrelated,” can be translated in an online context as “Customer
initiates multiple and frequent transactions to unrelated accounts using the
same device.” Similarly, structuring activity conducted by groups at a physical
branch can now manifest digitally as multiple users accessing different
accounts using a single device. These device-level patterns offer powerful
signals that can trigger enhanced monitoring or escalation, making device
intelligence a modern-day extension of traditional AML red flags in the digital
banking era.

Robotic process automation

Robotic process automation (RPA) is the use of robots, or
"bots," to automatically perform repeated processes and procedures. RPA can
help to improve performance without compromising AML controls. For
example, during the KYC process, RPA bots can conduct an open-source
intelligence search, extract data from identification documents, autofill
internal systems, and populate the risk rating—all tasks that are repetitive and
rules-based. In the context of screening and transaction monitoring, RPA can
support initial alert triage, route alerts for further investigation based on
predefined logic, and integrate with machine learning models to suppress
alerts that have repeatedly proven to be false positives. These "hibernated"
alerts may need to be revisited periodically through a formal schedule.
Dashboards or reports that show the category and volume of such
suppressed alerts ensure auditability and ongoing control.

Another emerging area for responsible AI-assisted automation is SAR drafting.

Generative AI technology can assist investigators in generating SAR narratives
by referencing previous SARs with similar patterns. This approach improves
reporting quality and consistency and significantly reduces turnaround time.
Most organizations retain a human in the loop to review the SAR and exercise
final judgement in submitting the report.

Before applying any form of automation or AI, organizations should invest in

process reengineering—streamlining workflows, removing redundancies, and
validating controls—so that only robust, compliant, and controlled processes
are subject to automation. Processes that have loopholes or that rely heavily
on human intervention may not be ideal for applying RPA. In the highly
regulated AML environment, financial institutions should approach the
deployment of RPA with utmost caution. While RPA can bring significant

Certified Anti-Money Laundering Specialist Page 397

Version 7.0
efficiency and scalability benefits, careless implementation can lead to serious
legal and reputational consequences. Organizations might use RPA or AI
models, but the accountability for AML failures remains with the financial
institutions. Regulators expect organizations to maintain complete oversight
and control over their AML programs, regardless of task automation or
delegation. Therefore, it is prudent to consider automating only those
processes that are thoroughly tested and operationally mature.

Behavioral and profile monitoring

Instead of relying solely on static rules-based thresholds, behavioral
transaction monitoring analyzes a customer’s historical transaction behavior
to build dynamic profiles and detect anomalies that may signal suspicious
activity. For example, if a customer typically sends small domestic transfers
and suddenly initiates a large international wire to a high-risk jurisdiction, this
deviation is flagged. Incorporating contextual factors—such as changes in
occupation, recent travel, or market volatility—is needed to avoid
misinterpreting legitimate shifts. The main advantage of this method is its
ability to reduce false positives by focusing on individual profile risk, but it
requires robust historical data and ongoing model calibration to be effective.

Machine learning further enhances behavioral analysis by allowing systems to

learn from past cases and adapt over time. Machine learning algorithms
detect subtle, nonobvious patterns and can flag emerging typologies that
traditional rules might miss. These systems support predictive analytics,
anomaly detection, and adaptive models that evolve as criminal strategies
change. For example, machine learning can identify a previously unseen
pattern of layering or structuring by recognizing it in real time. The major
strengths of machine learning include scalability, speed, and sophistication in
pattern recognition. However, sometimes, systems can be opaque, or "black-
box," making it challenging for compliance teams to explain decisions to
regulators—a potential drawback in high-stakes compliance environments.

Network analysis complements both behavioral monitoring and AI by visually

and analytically mapping connections between data points, such as business
relationships between individuals and entities or shared addresses. This
technique is particularly powerful in detecting organized networks behind
illicit activities. Identifying central nodes, shared beneficiaries, or account
overlaps can uncover hidden relationships and transaction layering strategies.

Certified Anti-Money Laundering Specialist Page 398

Version 7.0
It is especially useful for tracing funds across jurisdictions and identifying
collusion. Though highly effective, network analysis often requires specialized
tools and expertise, making it more resource-intensive than other AFC
techniques. Together, these methods create a layered, adaptive approach to
financial crime prevention and detection.

Open-source intelligence
Open-source intelligence (OSINT) is the collection and analysis of information
from publicly available sources. OSINT has long been a vital tool for sectors
such as law enforcement, government agencies, and financial institutions.
Recently, OSINT techniques have gained popularity in the broader
commercial space, particularly as companies seek to strengthen their due
diligence and KYC practices.

By leveraging publicly available information, organizations can assess

reputational risks, detect potential red flags, and build more comprehensive
client profiles—all while staying within legal and ethical boundaries. OSINT
harnesses the vast amount of data available online to supplement traditional
internal sources of information.

Numerous OSINT tools and techniques are available today, ranging from basic
to highly sophisticated. The most obvious and widely used tool is the search
engine, which serves as the entry point to uncovering vast amounts of publicly
available data. Search engines can find news articles, regulatory notices, social
media activity, and archived websites that provide valuable context about
individuals or organizations.

Beyond search engines, other techniques include: social media monitoring to

evaluate public profiles and connections; news and media scans to track any
adverse mentions; and web scraping tools to extract structured data from
websites or online databases. OSINT draws information from sources that may
be unreliable, so analysts should confirm the source of information to be able
to rely on it.

Importantly, OSINT relies only on information that is publicly accessible. It

excludes any proprietary, confidential, or internal data and focuses solely on
open sources—content that anyone can access without special credentials.
These sources can include social media platforms, corporate websites,
government databases, press releases, and online news outlets. Since OSINT

Certified Anti-Money Laundering Specialist Page 399

Version 7.0
involves analyzing data already in the public domain, it allows organizations to
enhance their risk assessments and investigative capabilities without violating
privacy laws. When used responsibly, OSINT empowers organizations to make
more-informed decisions while reinforcing transparency, accountability, and
regulatory compliance.

Certified Anti-Money Laundering Specialist Page 400

Version 7.0
Technology for Customer
Onboarding

Introduction

Introduction: Technology for customer

onboarding
AFC specialists need to recognize and understand advancements in
technology to develop and implement robust and streamlined onboarding
processes. This module will help you better understand how organizations use
technology in onboarding, including for identification, verification, and
screening. It will also focus on the resulting tools that leverage technological
advances, such as biometric, facial, and voice recognition, and authentication
and security technologies. The module aims to give you an understanding of
how to use technology for customer onboarding and factors to consider
when adopting it.

Case example: Improving technology for

customer onboarding
OneFrance, a fully digital challenger bank operating in France plans to expand
into the rest of Europe. The bank hires Marie as a consultant to review the
effectiveness and efficiency of its onboarding technology. OneFrance prides
itself on using advanced technology throughout its AFC program, including
the onboarding process.

Marie is an expert in digital banking, regulatory technology, and compliance.

She assesses the bank’s electronic KYC processes and notices various
deficiencies.

Certified Anti-Money Laundering Specialist Page 401

Version 7.0
As part of OneFrance’s onboarding process, customers must take a selfie and
submit it on the app to be verified against documents they have. During the
process, the geolocation of the customers is recorded to ensure they are
within the EU when opening an account. The bank also screens all the new
customers’ names against the required sanctions lists during onboarding.

Marie notes that currently the system only verifies 80% of customers through
facial recognition technology. This is due to the inadequacy of the system the
bank purchased from a vendor. The system does not incorporate strong
liveness checks and is not properly integrated with the document processing
system that extracts ID pictures from identity books and passports. The
system cannot reliably match selfies customers take during the onboarding
process to ID pictures. This leads to a team of analysts manually checking
unverified customers, increasing onboarding time.

Marie also identifies that during the screening process, one specific common
French name keeps matching against the European sanctions list, generating
false positives that analysts must address. After further investigation, she
notes that the system uses partial match logic to identify possible hits and
does not allow deviations in names. The system keeps matching “Henri”
against “Henrik,” which is indicated on the list. Similarly, the system seems to
be missing matches when the name is slightly different from its appearance
on watch lists.

After her assessment of the bank’s onboarding processes, Marie advises the
following improvements to minimize manual intervention and improve
customer experience:

• Implement more sophisticated models that consider 80 or more nodal

points in facial recognition and incorporate liveness checks. These steps
will further improve document matching.

• Improve the screening process by tuning fuzzy logic or algorithms to

identify name deviations influenced by regional spelling variations.

Certified Anti-Money Laundering Specialist Page 402

Version 7.0
Key takeaways

• Optimize facial recognition and biometric systems to ensure accurate

customer verification.

• Integrate all systems seamlessly, whether self-developed or purchased.

• Use complex name matching logic to minimize false positives in name

screening.

Certified Anti-Money Laundering Specialist Page 403

Version 7.0
Technology for KYC

How does technology help KYC?

In recent years, international bodies such as FATF and various local regulators
have encouraged financial institutions to incorporate more technological
solutions to mitigate financial crime risks. The updated FATF
recommendations clarify that non-face-to-face business relationships, such
as those involving digital onboarding and transactions, are considered higher-
risk situations only when organizations have not implemented appropriate risk
mitigation measures, which can include AI.

Many organizations incorporate technologies into their client onboarding

procedures, such as electronic identity verification, biometric authentication,
and optical character recognition. Technology improves process efficiency in
several ways, but the ultimate goal is to prevent financial crime while
enhancing the overall customer experience by reducing the time required to
open an account.

Improved technologies such as biometric authentication provide more

accurate results and reduce errors and fraud in the onboarding process.
Machine learning can analyze large datasets to detect inconsistencies and
anomalies, helping to identify potential errors and enhance risk identification.

Technology also enables real-time data processing and verification, providing

immediate feedback and improving decision-making. This leads to cost
savings for financial institutions and allows effective resource allocation.

Optical character recognition (OCR) technology also reduces errors in the

onboarding process. This technology converts scanned documents into
editable and searchable data, ensuring accurate data extraction and reducing
manual errors. OCR is often AI-enabled, which allows it to recognize complex
fonts and document layouts.

National identity databases also provide benefits to organizations. Countries

such as Estonia, India, Spain, and Singapore have national e-identity processes
for their citizens, while countries such as the US and Canada offer similar
systems at the state or province level. This integration of government

Certified Anti-Money Laundering Specialist Page 404

Version 7.0
information with financial institution processes allows a quicker turnaround
time in identity verification processes and therefore enhances onboarding
efficiency. Often, KYC controls incorporate fraud controls to ensure legitimacy
of documents.

However, using technology to improve KYC can also pose risk to an

organization. Depending on the type of digital identity it uses and the relevant
control to ensure information accuracy, the organization may need to
conduct additional checks to avoid synthetic identity and impersonation.

Electronic KYC
As the world evolves and adopts more technology-driven solutions, financial
institutions need to adjust their ways of working, including onboarding new
customers. Electronic KYC plays a key role in fulfilling that need, by allowing a
digital process for verifying the identity of customers and meeting KYC
requirements electronically. It replaces traditional paper-based methods with
digital verification, enabling organizations to remotely confirm an individual’s
identity.

Technologies such as geolocation verification tools, smart device intelligence

that can detect anomalies on one device, AI, and machine learning have
enabled the creation of fast and secure electronic KYC processes. Behavioral
and profile monitoring and open-source intelligence have helped advance
electronic KYC by allowing financial institutions to implement perpetual KYC
processes.

Electronic KYC can significantly improve the detection and mitigation of

financial crime risk and ensure compliance with regulatory requirements. It
provides faster and more streamlined customer onboarding by completing
the processes within hours or even minutes compared with weeks for
traditional manual processes.

Electronic KYC increases the efficiency of teams and lowers costs by

reducing the need for manual intervention involving hard copy
documentation, allowing teams to focus on higher-risk customers and areas.
It minimizes human errors that might occur within the onboarding process
and ensures that customers’ information is up to date. Digital records provide
clear audit trails, making it easier to demonstrate compliance during
regulatory inspections.

Certified Anti-Money Laundering Specialist Page 405

Version 7.0
Electronic KYC also enhances security with verification methods such as
biometrics, which helps prevent and detect illicit activities such as identity
fraud.

Many countries such as India, Singapore, and Hong Kong have streamlined
eKYC processes even more by implementing national identity databases.
Governments use these centralized systems to store and manage the
personally identifiable information (PII) of their citizens. These databases
typically include data such as names, addresses, dates of birth, biometric
information, and unique identification numbers. Financial institutions are linked
to these databases, ensuring a smoother and more secure onboarding
process.

One issue with national identity databases is that they can create “honeypot”
problems for governments. Centralized databases that curate valuable
information are regular targets for cyberattacks.

Perpetual KYC
Traditional KYC within organizations involves performing KYC checks during
customer onboarding and classifying customers according to risk categories
(such as high, medium, or low) or risk scores. Subsequently, organizations
typically update customer KYC information periodically, following a regular
cycle based on the customer’s risk rating, or during event-driven reviews.
However, typical periodic review cycles, such as once every three to five
years, are too infrequent, allowing customer data to become outdated.

To avoid this problem, organizations are increasingly shifting from periodic

KYC practices to perpetual KYC to improve the overall efficiency of KYC
processes. Perpetual KYC maintains accurate customer data through near-
real-time updates based on changes in customers’ behaviors and
circumstances. Unlike traditional KYC, perpetual KYC is a continuous process.

Perpetual KYC monitors various up-to-date data points on an ongoing basis to

identify any triggers that might warrant a KYC review of a customer. These
triggers include anomalies in transaction patterns, adverse media reports,
changes to company structures, expansion to new markets, and growth into
diverse sectors. Perpetual KYC also picks up static data changes, such as
changes to a customer’s address or headquarters location. It is a data-led
practice and uses multiple data sources, both internal and external, that are

Certified Anti-Money Laundering Specialist Page 406

Version 7.0
continuously updated. External data might include voter registers, PEP
databases, and other publicly available information. This approach leads
organizations to adopt a data-led methodology, allowing customer file
reviews to focus on the highest-risk customers on an “as-often-as-needed”
basis. Perpetual KYC does not eliminate the need to carry out customer file
reviews. It is a practice that ensures data is up to date, making any necessary
reviews efficient and effective.

The implementation of perpetual KYC practices offers multiple benefits for

organizations. One major benefit is effective financial crime risk management.
By allowing updates and potential reviews, organizations can focus their
resources on higher-risk areas. Investing in perpetual KYC practices not only
reduces costs but also results in operational efficiencies by minimizing
unnecessary reviews triggered by non-risk-increasing factors. Effective use of
customer contact channels ensures that customer data remains up to date
during each customer interaction, eliminating the need for complete
refreshes each time. This, in turn, results in improved customer experience.

Certified Anti-Money Laundering Specialist Page 407

Version 7.0
Digital onboarding technology
Online and mobile identity verification technologies have become essential
for customer onboarding in financial institutions. They use modern
technologies for collecting, verifying, and presenting data.

FATF emphasizes several advantages for implementing the technologies:

• Improved risk management: These technologies help financial institutions

identify, understand, and manage risks more effectively.

• Faster data processing: They process and analyze large sets of data more
quickly and accurately.

• Improved efficiency: They enhance the efficiency of onboarding practices.

• Greater auditability: They achieve greater auditability, accountability, and

governance.

• Reduced cost: They reduce costs, allowing resources to focus on more

complex financial crime areas.

• Versatile data handling: They collect, verify, and present data efficiently.

During the onboarding process, organizations can authenticate documents

more quickly and accurately by having customers upload scans or photos of

Certified Anti-Money Laundering Specialist Page 408

Version 7.0
required documents, such as identification cards or passports, for verification.
AI tools can automatically verify the authenticity of these documents by
cross-referencing them with trusted databases. Machine learning algorithms
can assess the risk profile of new customers in real time. Financial institutions
use methods such as biometrics to verify customers, including facial and
voice recognition and liveness checks. AI chatbots further improve customer
experience by providing instant answers to frequent questions and guiding
customers through the onboarding process. Integrated live chat or video call
support from human agents is also available when needed. Various
onboarding technologies can work together to significantly enhance the
onboarding process.

Criminals continue to use AI to outwit and overcome an organization’s

controls. The use of deepfakes and synthetic identities has increased with the
advent of AI tools that can create such identities at scale. It is almost
impossible to verify identity documents with the naked eye, given the
sophistication and criminal use of AI. Organizations have therefore deployed
additional checks to reliably verify and authenticate documents. Also, FATF
has issued guidelines to help organizations determine the suitability of digital
identities for CDD. In its Guidance on Digital Identity, published in March of
2020, FATF covers principles of a digital identify framework and how digital
identities can be used for customer onboarding and due diligence in line with
FATF's Recommendation 10.

Authentication and security technology

Various security risks arise from storing customer data collected during the
KYC process, including data breaches, misuse of data by employees, and
maintaining data integrity to ensure accuracy and unaltered information.
Complex and varying data compliance regulations across jurisdictions also
add to the risk for global organizations to ensure compliance. Security and
authentication technologies address such risks. These technologies
encompass a wide range of methods and tools designed to protect data and
systems from unauthorized access and to verify the identities of individuals.

These technologies ensure that organizations can accurately and securely

verify the identities of their customers. They help organizations comply with
regulatory requirements, prevent fraud, and protect customer data, making
the KYC process more efficient and secure. These technologies enhance

Certified Anti-Money Laundering Specialist Page 409

Version 7.0
organizational security and help reduce operational expenses. They also
improve the user experience for customers by streamlining processes.

However, these technologies come with some disadvantages, including

complexity, scalability issues for long-term growth, and high implementation
costs. Ensuring data privacy while implementing these technologies is another
major challenge.

Authentication is the process of verifying the identity of a user, device, or

system. Authentication technology includes biometrics, such as facial and
voice recognition and liveness checks. It also includes two-factor
authentication and, increasingly, multi-factor authentication (MFA). Two-
factor authentication combines two different methods of authentication to
verify the individual’s identity, such as requiring a password and sending a
one-time code in a text. MFA extends two-factor authentication by requiring
multiple forms of verification, usually three.

Typically, authentication methods fall into three main categories: Ownership

(something you have), knowledge (something you know), and inherence
(something you are). MFA combines these methods to create strong
authentication. An example of strong MFA would be the combination of a
security token, such as a one-time code received on the phone (ownership),
a password or answer to a security question (knowledge), and a fingerprint or
facial recognition (inherence). MFA is a powerful fraud control.

Some institutions require all customers to submit a photo of their IDs and
record a video of themselves before they can access all the platform’s
functionalities. Organizations use authentication technologies to verify
customers during the onboarding process.

Authentication technologies can also prevent and detect fraudulent activities

such as identity theft by requiring individuals to identify themselves through
multi-factor authentication and liveness checks, adding an extra layer of
security. These technologies use behavioral analysis to detect possible
unauthorized access to accounts, helping to prevent account takeovers.

Security technology includes tools such as firewalls, antivirus software, and

encryption tools. These tools safeguard an organization’s IT infrastructure.

Certified Anti-Money Laundering Specialist Page 410

Version 7.0
Authentication technologies Security technologies

• Verify identity of users. • Protect data and systems.

• Include biometrics, such as facial • Include firewalls and antivirus

and voice recognition. software.

• Use voice recognition and liveness • Use encryption tools.

checks.
• Safeguard IT infrastructure.
• Employ two-factor and multi-
• Prevent unauthorized access.
factor authentication.

• Enhance security and compliance.

• Prevent fraud and protect data.

Biometric technology
Biometric technology identifies and verifies individuals based on their unique
biological and behavioral characteristics, such as fingerprints, facial features,
or voice. Organizations can extract distinguishing biometric features for
biometric recognition. We frequently use biometric technology in daily life,
such as when unlocking a phone using a fingerprint or accessing a banking
app with live facial recognition.

Biometric data falls into two main categories: physiological and behavioral.
Physiological biometrics include physical, structural, and constant attributes
such as fingerprints, facial features, iris patterns, and voice. Behavioral
biometrics involves monitoring distinctive characteristics of movements,
gestures, and motor skills as individuals perform tasks. Examples include
unique keystroke patterns, specific motions while using devices, geolocation
patterns, and behavior patterns while buying.

The KYC process increasingly uses biometric technology to enhance security,

efficiency, and user experience. Biometric data's uniqueness makes it
extremely difficult to replicate, significantly reducing identity theft and fraud
risks. Using biometrics for verification purposes, institutions can enhance
process efficiency and speed compared to traditional methods. The
technology provides higher accuracy than manual processes, reducing errors

Certified Anti-Money Laundering Specialist Page 411

Version 7.0
and minimizing false positives or negatives. It also improves the overall user
experience due to the convenience it offers compared to remembering
passwords or carrying physical documents. In addition to the KYC process
during onboarding, biometric technology is used for customer verification
when customers access their accounts or execute transactions.

Additional benefits of biometric technology include cost savings by reducing

the need for manual controls, saving time and resources. The technology also
helps institutions comply with regulatory requirements by providing a robust
and secure method of identity verification.

However, biometric data is extremely sensitive and personal. If compromised,

it can lead to severe privacy violations and identity theft. In countries with strict
data protection laws, such as the GDPR in the EU, institutions must follow
stringent guidelines on collecting, storing, and using biometric information.
Implementing and maintaining biometric technology may also involve higher
costs for institutions.

Facial and voice recognition technology

Facial recognition technology is a sophisticated tool capable of identifying and
verifying an individual's identity using an algorithm that processes a digital
image or video frame against a database of faces. Individuals commonly use
this technology to sign in to their phones or proceed through border control
at airports.

Facial recognition software is constantly evolving, with several methods in use

today. Some of the main methods include:

• The eigenfaces method identifies the principal components of a dataset of

face images by extracting characteristic features and representing the
face as a linear combination.

• The Fisherfaces method builds upon the eignefaces method by

maximizing the separation between different faces. Fisherfaces often
outperforms eigenfaces, especially when dealing with variations within the
same person's face, but is computationally more expensive.

• DeepFace, which was developed by Facebook and is now also an open-

source tool under Massachusetts Institute of Technology license, uses

Certified Anti-Money Laundering Specialist Page 412

Version 7.0
 deep learning, a type of machine learning, to achieve high accuracy in
recognizing faces.

• 3D facial recognition uses 3D sensors to capture the shape of a face.

• Thermal imaging uses infrared cameras to capture the heat that a face
emits.

These methods use different levels of reference points within facial

recognition technology. Some methods use up to 80 nodal points on the face.
The technology verifies a customer’s identity by comparing a live image or
video with submitted identity documents.

Method of facial Description

recognition

Eigenfaces and Extracts characteristic features and represents the

Fisherfaces methods face as a linear combination

DeepFace Uses deep learning for high accuracy

3D facial recognition Uses 3D sensors to capture the shape of a face

Thermal imaging Uses infrared cameras to capture the heat emitted by

a face

Voice recognition technology, also known as speaker identification, is a

biometric method that identifies individuals based on their unique voice
characteristics. It analyzes various aspects of a person's voice, such as pitch,
tone, and speech patterns, to verify identity.

These technologies also add an extra layer of security to the KYC process by
preventing and detecting fraudulent activities more effectively than traditional
methods.

However, facial and voice recognition technology can pose major risks.
Hackers can cause significant problems by accessing the data, as changing or
resetting it is difficult, unlike passwords. Fraudsters also pose a risk by using
spoofing techniques, such as photos, videos, or masks, to trick facial
recognition tools or employing deepfake technology to open fraudulent
accounts.

Certified Anti-Money Laundering Specialist Page 413

Version 7.0
Another downside of these technologies is that they can produce false
positives, incorrectly identifying someone as a match, or false negatives,
failing to recognize a legitimate match.

Facial and voice recognition technology also plays a crucial role in the KYC
process by enhancing customer experience. Customers can onboard and
verify remotely without needing to visit a physical location. It also helps
organizations to comply with strict regulatory requirements by providing
accurate and reliable identity verification.

Role or risk of voice recognition Description

technology in KYC

Role Regulatory compliance Technology provides accurate and

reliable identity verification.

Security System detects and prevents

fraudulent activities more effectively
than traditional methods.

Risk Data access Hackers can cause problems by

accessing data, which is difficult to
change or reset.

Spoofing Fraudsters use photos, videos, masks,

or deepfake technology to trick tools
and open fraudulent accounts.

Accuracy issues False positives and false negatives

can affect tool accuracy.

Certified Anti-Money Laundering Specialist Page 414

Version 7.0
Liveness check technology
Institutions use liveness check technology during the biometric authentication
process to verify that the biometric sample is from a living individual. This
technology prevents and detects the use of spoofing methods such as
photos, videos, or masks to access systems or processes. It is also known as
liveness detection or anti-spoofing technology.

Institutions divide liveness check technology into three types: active, passive,
and hybrid. Active liveness was used in first-generation liveness check
technology and is based on active communication between an individual and
the software. It requires an individual to engage with specific prompts, such as
blinking, smiling, or repeating a phrase. Active liveness is a proven method to
detect fraudulent activities but is less convenient for users.

Passive liveness is a simplified process that requires minimal user interaction.

Individuals usually only need to do one thing, such as take a selfie. This
technology uses AI to analyze micro-features such as skin texture, light
reflection, micro-motions, or other minute characteristics. These
technologies use different techniques to identify liveness.

The last type, hybrid liveness, is an intersection of the two previous types.
During this process, an individual performs a simple task with an additional
quick task, for example, taking a selfie with one eye closed. This process is
more secure than passive liveness, while being less disruptive to users.

The different types of liveness check technology use different techniques to

identify liveness. Motion analysis tracks and analyzes the movement of an
individual, while texture analysis examines the details and textures of an
individual’s skin or fingerprint. Another technique includes voice commands
that require individuals to repeat a phrase.

Liveness check technology plays a crucial role in the electronic KYC process
by enhancing security, preventing fraud, and ensuring the integrity of
biometric systems. The technology also assists in creating a multi-layered
authentication process by ensuring that once liveness has been confirmed,
the system can move forward with, for example, document verification. By
integrating the technology into the KYC process, organizations can ensure
compliance with regulations that require the verification of the physical
presence of an individual during the onboarding process.

Certified Anti-Money Laundering Specialist Page 415

Version 7.0
Technology for screening

How does technology help screening?

Technology has had a profound impact on financial crime prevention and
detection by significantly enhancing the efficiency and accuracy of screening
processes, particularly at customer onboarding.

Real-time monitoring of sanctions and terror lists, PEPs, and adverse media
improves multiple processes, including customer screening. This technology
provides continuous monitoring systems and alerts organizations to any
changes in a customer’s risk profile, ensuring timely action. It also allows
automated systems to continuously monitor media sources and provide real-
time alerts about new adverse information regarding customers. It helps
organizations comply with sanctions and other regulatory requirements by
providing real-time updates on the status of customers, such as if they were
added to a sanctions list or if their PEP status changed.

Screening tools can access extensive databases, making it easier to identify

possible PEPs or matches on different sanctions lists.

Technology has also streamlined the customer screening process by allowing

software to automatically gather customer data from multiple sources,
internal and external, and analyze it, reducing manual effort and increasing
accuracy. Machine learning algorithms improve customer risk assessments by
identifying patterns and anomalies that may indicate suspicious activity.

For financial institutions with extensive customer bases or high transactional

volumes, technology has improved the speed and efficiency of batch
screening by processing millions of records quickly. Automated systems
provide results in a fraction of the time required for manual screening.
Technology also ensures consistency in batch screening, reducing the risk of
human error and ensuring consistent compliance.

Technology such as fuzzy logic matching allows systems to identify variations

in names and other details. Fuzzy logic matching uses algorithms to match
names that are similar but not identical, accounting for variations in spelling,
typos, and translations. For example, the model identifies "John Smith" as a

Certified Anti-Money Laundering Specialist Page 416

Version 7.0
potential match for "Jon Smith," considering common spelling variations and
typos. This reduces false positives and ensures more accurate results.

Natural language processing algorithms reduce the time and effort required
to complete manual adverse media screening by analyzing large volumes of
text to identify relevant negative news.

Understanding screening system logic

Screening systems for customer onboarding, including name screening and
adverse media screening, can deploy several types of logical models to
effectively identify individuals, mitigate risks, and ensure compliance with
regulatory requirements. Rules-based models use predefined rules and
criteria to screen names and other information against watchlists, sanctions
lists, and other databases. For example, in the case of a VASP, a rules-based
model might screen all virtual assets addresses against the OFAC list. This
model is simple and easy to implement and processes data quickly due to
straightforward rules. However, it lacks flexibility and may generate a high
number of false positives if the requirements are too broad.

Fuzzy logic matching models use algorithms to match names that are similar
but not identical, accounting for variations in spelling, typos, and translations. It
improves detection by reducing the risk of missing matches due to minor
differences or errors in names. Although flexible and capable of handling a
variety of names, it requires sophisticated algorithms and constant tuning.
Broad matching criteria may create false positives.

Machine learning models use complex algorithms to learn from historical data
and improve the accuracy of screening systems over time. For example, a
financial institution can develop a machine learning model that analyzes past
screening results to improve the detection of screening matches, reducing
false positives. The model adapts to new patterns and is highly accurate in
detecting matches. Unlike fuzzy logic matching models, which focus on a
specific set of data such as customer names, machine learning models
operate on broader data pools and continuously learn to identify new
potential hits. However, it can be difficult to interpret and explain the decisions
of these models to local regulators. They can be costly to implement and
maintain and require significant computational power and expertise.
Additionally, they need enormous amounts of data to operate effectively.

Certified Anti-Money Laundering Specialist Page 417

Version 7.0
Network analysis models identify and visualize relationships and interactions
within data. They enhance the detection of complex money laundering
schemes by uncovering hidden networks of individuals or entities that might
be involved in illicit activities. They also improve the accuracy of screening by
linking different identifiers, such as names and addresses, to a single entity.
These models are complex to implement and maintain and require
specialized knowledge and resources.

Hybrid models leverage the strengths of multiple models. For example, a

financial institution can use a rules-based model for initial screening and a
machine learning model to reduce false positives identified through the rules-
based model. Using a combination of models creates more flexibility based on
specific needs. However, integrating different models is complex and requires
continuous tuning.

Choosing the right model for your screening system depends on numerous
factors and specific requirements, such as the complexity of names or the
nature of the search.

Model type Description

Rules-based Uses predefined rules to screen

names against watchlists and
sanctions lists

Fuzzy logic matching Matches names that sound similar but

are spelled differently, accounting for
variations and typos

Machine learning Uses historical data to improve

accuracy over time, reducing false
positives

Network analysis Identifies and visualizes relationships

within data to uncover hidden
networks and improves screening
accuracy

Certified Anti-Money Laundering Specialist Page 418

Version 7.0
Hybrid Combines multiple models to
leverage strengths and improve
accuracy and flexibility

List management
An organization should take its compliance with relevant sanctions regimes
very seriously; failure to do so can result in regulatory investigations and
potential fines if an organization’s controls are insufficient. Carefully
considering how to plan to screen customers and transactions, which lists to
use, and how to test that the list management process is working correctly
ensures that the sanctions compliance program is effective. List management
is also critical to ensuring that AFC screening controls are working effectively,
including politically exposed person (PEP) screening, adverse media
screening, and other lists used to determine controls against money
laundering and sanctions risk.

Most organizations select a third-party vendor to provide sanctions, PEPs,

adverse media, and other lists to screen against.

Consider the following elements when selecting a vendor and implementing

list management controls:

• Which lists to use: This will be based on a number of factors, including

geographic location, the currencies involved in transactions, the business
model, where your customers are based, and the activities they undertake.

• What to screen: Consider which lists customers, beneficial owners, and

transactions should be screened against based on regulation and risk.

• List quality: Sanctions and enforcement lists will usually be sourced from
local governments and international organizations; however, it is important
to consider how often the lists are updated. PEP lists are often compiled by
the vendors themselves and may also have errors if not regularly
maintained.

• List updates: A target is subject to sanctions immediately upon being listed.

Therefore, select a provider that implements list updates from
government sources quickly, ideally in real time.

Certified Anti-Money Laundering Specialist Page 419

Version 7.0
• Testing and assurance: It is common practice to ensure there is a process
in place for reviewing lists to screen against and a technical assurance
process to verify that sanctions lists are incorporated correctly into your
systems and producing relevant alerts.

Student note: Sanctions lists

Please refer to AFC Global Frameworks, Governance, and Regulations for how
to determine which sanctions lists to screen against.

Fuzzy logic and partial matches

Fuzzy logic is a matching technique that is used to increase the effectiveness
of screening processes by overcoming problems such as flawed records and
databases. This technique is accomplished through algorithms that use
degrees of similarity to determine the probability that two names are the
same. Fuzzy logic can find matches in misspelled names, incomplete names,
and names with different spellings but similar sounds or phonetics. In addition,
fuzzy logic accepts different formats for date of birth and other
inconsistencies.

A partial match means the entity being screened is similar to an entry on a list,
based on fuzzy logic and potentially other identifying factors, such as date of
birth. Partial matches require further human intervention to determine if the
match is a true match.

The use of fuzzy logic is critical in accommodating partial matches and

variations in naming conventions. This approach acknowledges that data
sources often provide inconsistent and diverse information, making it
challenging to rely solely on exact name matches. Partial matches identify
similarities between names or entities, even if they are not exact matches.
Fuzzy logic considers variations in naming conventions across different
cultures and languages, such as the order of first, middle, and last names. It
also considers transliterations, which involve representing names or words
from one language to another using different alphabets or phonetic systems,
such as converting Arabic characters into Cyrillic script. Romanization refers
to the conversion of text from a non-Latin script to a Latin one.

Certified Anti-Money Laundering Specialist Page 420

Version 7.0
The use of fuzzy logic is particularly important in international business
environments, where names can be written and spelled differently based on
cultural or transliteration practices. The algorithms used under fuzzy logic
include:

• Phonetic, identifying similar sounding names.

o "Katherine Navel" and "Catherine Naval"

• Edit Distance or Damerau-Levenshtein metric, calculating the number of

character changes required to transform one name into another.

o "McDowd" and "MacDawd"

Based on the fuzzy logic configuration, an organization will generate partial

matches. These partial matches should then be investigated to determine
whether they are true matches or false positives.

Screening system tuning

Regulators around the world emphasize the importance of tuning screening
systems to improve their effectiveness and efficiency. Untuned systems may
fail to identify issues in time, leading to significant compliance breaches.

Tuning is not the same as optimization. Tuning involves adjusting the

parameters of an existing system to improve its performance without
changing its fundamental structure. In contrast, optimization involves making
fundamental changes to the system’s design or algorithms to enhance
performance. Optimization can include changing the code, adopting more
efficient algorithms, or altering the underlying technology.

Although there are no fixed requirements for when to tune a system, good
practice recommends tuning a system three months after implementation
and then at least once a year or every six months, depending on its
complexity. Some organizations tune their systems more frequently.

In a sanctions screening system, you might tune the fuzzy logic levels to adjust
the fuzziness level, detecting variations in names, such as misspellings,
abbreviations, and transliterations. Tuning helps you manage the volume of
alerts and reduces the number of false positives a system generates. You can
adjust parameters to increase or decrease the number of alerts. However,
organizations should not limit the number of alerts the system generates

Certified Anti-Money Laundering Specialist Page 421

Version 7.0
based on the size of the team, as this might compromise the quality of
investigations and lead to noncompliance with regulatory obligations.

Some fuzzy logic systems include a self-tuning capability using machine

learning. However, AFC professionals should ensure a regular checking
mechanism is in place and continue to perform manual tuning to ensure good
results.

Indicators that lead to manual tuning include:

• The screening system generates a remarkably high percentage of false

positive alerts.

• The system generates more alerts than expected.

• The screening system generates no alerts.

Financial institutions should tune the parameters within a screening system

depending on the type of system and the logic it implements. For an adverse
media screening system, tune parameters such as keywords and phrases to
filter out irrelevant information, ensuring the organization focuses only on
actual adverse media. Organizations should also carefully select their sources
to ensure the system uses only credible and reliable sources.

Whitelisting and adding to internal lists

Whitelisting and adding to internal lists are key methods to reduce false
positives and continuously monitor for known risks not included on third-party
lists.

As part of list management, whitelisting involves maintaining an internal list of

customer names or other data points not to be flagged in certain situations.
For example, an organization might whitelist a customer whose name has
repeatedly triggered alerts that the organization determines to be false
positives. This action is to avoid triggering repetitive reviews. Financial
institutions create this list based on the analysis of false positive alerts caused
by certain terms on other lists and frequently encountered data.

Financial institutions also maintain internal lists known as private lists or grey
lists, which contain names of individuals and entities that may present financial
crime risk to the organization. Organizations identify these names through
their internal processes or intelligence. For example, this may include the

Certified Anti-Money Laundering Specialist Page 422

Version 7.0
names of customers the organization has exited due to fraud or other
financial crimes.

Using whitelisting, financial institutions can streamline their compliance efforts

and enhance efficiency by reducing false positive alerts. Internal lists of
individuals or entities allow organizations to focus on true hits, thereby
enhancing the prevention and detection of suspicious activities. Using these
lists improves customer experience, particularly with payments, and identifies
risk sooner.

However, whitelisting may present critical risks, too. For example, a sanctioned
entity could gain indirect access to financial services through a whitelisted
intermediary, or shell companies with prior clean records could be used to
layer illicit funds.

The Wolfsberg Group advises financial institutions to apply a risk-based

approach when implementing these lists and to ensure that they fall within
their risk appetite.

It also recommends strong governance in creating and maintaining these lists.

Policies and procedures should include a process for adding and removing
entries to these lists, including instances where screening is no longer needed
or necessary. Financial institutions should periodically review the lists to ensure
they are up to date and accurate. They should also establish an approval
process and ensure that only appropriate individuals can make changes to the
lists.

Other governance measures include performing regular risk assessments or

continuous monitoring to evaluate the potential risks associated with
whitelisted entities and keeping a clear audit trail. Financial institutions should
also ensure that their practices are aligned with relevant regulatory
requirements and guidelines.

Certified Anti-Money Laundering Specialist Page 423

Version 7.0
Integrating screening technology with
other systems
With the evolving and dynamic landscape of financial crime and technology,
organizations increasingly need to integrate their systems to address risks,
enhance agility, improve security, and ensure compliance. When integrating
screening systems with other systems or databases, such as transaction
monitoring systems, organizations should consider several factors.

During onboarding, organizations often need to screen customers individually

rather than in batches. Although screening customers one by one on an as-
needed basis offers flexibility, screening customers in batches can improve
efficiency.

Screening systems should be compatible with other systems. This includes

data flows, workflow management tools, and application programming
interface (API) integrations. Carrying out a complete assessment of all
touchpoints with other systems and understanding the screening process
workflow enables a more successful implementation later.

Organizations should also ensure that their integrated systems are scalable
with the growth of the organization and increased data volumes of varying to
accommodate the development of the organization and increased data
volumes in various formats to accommodate the growth of the organization
and increased data volumes, as well as the development of the organization
and the varying formats of data. The systems must be able to handle an
increase in data requirements without compromising performance.

Factor Recommended actions

Compatibility • Ensure systems are compatible

with data flows, workflow
management tools, and API
integrations.

• Complete a compliance system

assessment and consider all
relevant systems.

Certified Anti-Money Laundering Specialist Page 424

Version 7.0
Scalability • Ensure systems scale with
organizational growth and
increasing data volumes.

• Systems should be able to handle

increased data without
compromising performance.

Vendor selection • Choose software vendors that

offer reliable support and regular
updates.

• Implement controls for ongoing

maintenance and troubleshooting.

Data security and privacy • Pay special attention to data

security and privacy during
integration.

• Ensure compliance with relevant

data protection regulations, such
as the GDPR.

• Implement strong encryption

methods to protect sensitive data.

• Restrict access to authorized

individuals.

Regulatory compliance • Ensure the final integrated system

complies with all regulatory
requirements and guidelines for
financial crime systems.

Technical considerations • Using cloud-based capabilities for

integrating systems may present
advantages of speed and flexibility.

Certified Anti-Money Laundering Specialist Page 425

Version 7.0
When using software vendors instead of building systems in-house,
organizations should also choose providers that offer reliable support and
regular updates. Implementing controls for ongoing maintenance and
troubleshooting is also essential to ensure system efficiency.

Organizations should also pay special attention to data security and privacy
during integration. They should ensure compliance with all relevant data
protection regulations, such as the GDPR in Europe. Organizations should
implement strong encryption methods to protect sensitive data and restrict
access to authorized individuals.

Likewise, organizations should ensure that the final integrated system

complies with all regulatory requirements and guidelines for financial crime
systems.

As AFC technologies evolve, the capabilities of different systems are likely to

converge. For example, technologies such as cloud-based solutions offer
more possibilities for integrating systems, such as payment screening
systems with real-time monitoring.

Using AI for screening

AI has transformed financial crime technology systems and tools, including
screening, by enhancing accuracy, efficiency, and compliance. The FATF
highlights that these technologies improve risk assessments, onboarding
practices, relationships with regulators, auditability, accountability, and overall
good governance while reducing costs.

Machine learning is a subset of AI that helps reduce false positives, which are
prevalent with traditional screening systems, and enhance the accuracy of
these systems. These technologies improve efficiency in the screening
process and reduce the burden on staff members. AI, through machine
learning and NLP, better recognizes linguistic variations, translations, and
common name patterns, drastically reducing false positives by applying
advanced matching algorithms. These technologies further reduce false
positives through secondary screening by matching initial results against
additional data fields such as addresses, phone numbers, and dates of birth.

These technologies improve the overall efficiency of teams by automating

routine tasks and reducing false positives. They also help identify high-risk

Certified Anti-Money Laundering Specialist Page 426

Version 7.0
alerts that organizations can prioritize and allocate to analysts with the
required skill sets.

Machine learning models continuously learn and adapt to new data, improving
their accuracy and effectiveness over time. This ensures the screening
process stays up to date with evolving threats and regulatory changes.

These technologies enhance risk detection by integrating with other financial

crime systems to provide a comprehensive view of potential risks. For
example, AI tools screen names against sanctions lists and external data
sources to detect name matches. This integration reduces false positives by
enhancing the accuracy and effectiveness of financial crime detection.

Certified Anti-Money Laundering Specialist Page 427

Version 7.0
Technology for Ongoing
Monitoring and Investigations

Introduction

Introduction: Technology for ongoing

monitoring and investigations
This module covers the critical role technology plays in AFC monitoring and
investigations due to the large volume of customers and transactions that
organizations need to monitor. Real-time and batch payment screening help
prevent sanctions evasion and detect financial crime. Over time, this
technology has evolved from rules-based systems to contextual monitoring,
integrating network analysis and AI to view transactions in a broader context.
This module also illustrates how effective transaction monitoring requires
scenario development, calibration, ongoing testing and tuning, and
governance. AFC investigations require technology solutions for network
analysis, case management, blockchain tracing, and reporting.

Case example: New batch screening

technology considerations
Marco, a compliance officer at an international financial institution, is
considering new batch screening technologies from different vendors. His
goal is to enhance AFC efficiency and reduce false positive alerts and manual
workloads. Marco believes new technologies could streamline the
organization’s resources and enhance control effectiveness.

Marco performs an assessment to identify gaps in the current screening

system. He notes that the current system has limitations in fuzzy logic

Certified Anti-Money Laundering Specialist Page 428

Version 7.0
matching. In addition, the system cannot handle different languages
consistently. Therefore, the system generates a large volume of false positive
alerts on customers with “Muhammad” in their name.

Various vendors approach Marco to demonstrate their systems, some of

which use AI to enhance fuzzy logic. Marco prepares a list of questions for the
vendors, including the following:

• What kind of technology is the system using?

• How soon does the system update after OFAC and the UN announce new
sanctioned entities?

• How does the system work to retrieve customer data?

• How can the organization adjust fuzzy logic settings to perform optimally
for Latin, Arabic, and Cyrillic alphabets? Given that the organization plans to
expand geographically, what is the performance for other alphabet sets?

• How does the system generate alerts?

• What AI technologies does the system use? How can their results be
explained?

• What are the system's stability, performance, and response time like when
handling a large amount of data?

• How does the system provide an audit trail?

Marco focuses his assessment on the explainability and ease of integration of

each system to ensure seamless compatibility with existing infrastructure,
including core banking and case management systems. He also assesses its
ability to scale with growing transaction and customer volumes. Finally, he
evaluates the flexibility of system settings and tuning to ensure the selected
system can perform the job for multiple jurisdictions.

By carefully considering these factors, Marco will be prepared to propose a

batch screening solution to the board and persuade them that investing in it
will enhance compliance efficiency and improve control effectiveness.

Certified Anti-Money Laundering Specialist Page 429

Version 7.0
Key takeaways

• Organizations should ensure their screening technology aligns with

regulatory requirements and produces explainable results.

• A screening system should integrate seamlessly with existing

infrastructure and scale to address future risks.

• A screening system should optimize detection efficiency without

overburdening compliance teams.

• A screening system should provide audit trails and comprehensive

documentation for regulatory scrutiny and compliance.

Certified Anti-Money Laundering Specialist Page 430

Version 7.0
Technology for payment and
batch screening

Types of ongoing screening

Ongoing screening in payment systems is critical for preventing and
detecting financial crimes, including money laundering, terrorist financing, and
sanctions evasion. There are typically two types of screening: Real-time
screening and batch screening. Each serves its own purpose.

Real-time screening involves screening payments as they happen, which

helps prevent payments involving sanctioned individuals or entities. Failing to
prevent such transactions can put any business at risk for severe regulatory
penalties, reputational damage, and legal consequences. Noncompliance with
sanctions regulations can result in heavy fines imposed by regulatory bodies
such as the OFAC in the US or OFSI in the UK. When an organization onboards
a customer, as part of its KYC checks it should screen the customer in real
time against sanctions or terror lists. If the customer is identified as a PEP, the
organization may need to conduct additional due diligence.

Batch screening is a process of screening the organization’s entire customer

base against sanctions and terror lists. Organizations also screen customers
against specific watch lists and PEP lists. Batch screening of existing
customers is necessary because a customer may have been added to a
sanctions or watch list since being onboarded. The only way an organization
can know about the customer’s change in status is by batch screening.

Organizations use both real-time and batch screening because they serve
different purposes. Real-time screening is necessary for payments that
organizations must detect and block immediately. Batch screening identifies
existing customers who have been added to sanctions or watch lists.

Certified Anti-Money Laundering Specialist Page 431

Version 7.0
Maintaining screening technology
Maintaining effective screening technology helps organizations prevent and
detect financial crimes such as money laundering, terrorist financing, and
sanctions evasion. The choice of technology depends on the scale of
transaction volume, business type, and risk profile.

Technologies range from simple tools to large-scale systems maintained by

dedicated IT teams that perform real-time screening and batch screening.
These systems rely on current databases, automated updates, and advanced
analytics to minimize false positives and ensure regulatory compliance.

Small businesses with limited clientele might only need a simple solution
connected to a website of the local jurisdiction, such as the US Department of
the Treasury, which screens customers against the OFAC and UN sanctions
lists. However, basic solutions work only for organizations with low transaction
volumes and low-risk exposure. As customer and transaction volumes
increase, organizations require more sophisticated systems to maintain
efficiency and accuracy.

In contrast, large financial institutions, such as banks issuing credit cards,

require advanced technology to manage high volumes of daily transactions
and large numbers of customers. These organizations use large databases
integrated with vendor software platforms capable of both real-time and
batch screening.

Additionally, organizations use fuzzy logic to identify inexact matches, which

often result from inadvertent or deliberate variations in spelling or numbers.
Organizations need to regularly tune their fuzzy logic algorithms to balance
detection accuracy with minimizing false positives. This will also ensure that
the screening system is not delaying legitimate transactions. AI enhances
these systems by prioritizing screening results, detecting anomalies, and
reducing false positives.

Using these ongoing screening technologies, large financial institutions can

maintain compliance with regulatory requirements while efficiently managing
the risks of high transaction volumes.

Certified Anti-Money Laundering Specialist Page 432

Version 7.0
Technology for payment screening
Payment screening helps prevent and detect financial crimes while ensuring
compliance with regulatory requirements. Financial institutions and payment
processors use advanced screening tools to monitor transactions against
sanctions lists, PEP databases, and other risk indicators. These systems
integrate seamlessly with global payment networks such as SWIFT, CHAPS,
RTGS, CHIPS, and Fedwire. They use structured message formats such as XML
to facilitate real-time payment screening. By leveraging these technologies,
financial institutions can identify and block potentially illicit transactions before
processing them, reducing the risk of money laundering, terrorist financing,
and sanctions violations.

The level of technological sophistication in payment screening depends on

the institution’s application and risk profile. Simple, traditional tools with name-
matching techniques might suffice for small businesses with known clientele.
However, for larger financial institutions handling millions of transactions, basic
name matching is insufficient. These organizations require more advanced
methodologies, such as fuzzy logic algorithms. These algorithms enable
approximate name matching, allowing for variations in spelling and
transliteration errors.

Advanced AI tools can scan entire documents and transaction details to

detect hidden risks. These tools help ensure that criminals do not exploit
complex financial products and transactions for the purpose of evading
sanctions or engaging in other illicit activities.

Although sophisticated technologies enhance detection capabilities, they also

introduce challenges in calibration. A conservative approach with strict
thresholds might result in high false positives, leading to inefficiencies and
unnecessary transaction delays. Conversely, overly lenient thresholds might
allow serious financial crimes to proceed undetected.

Machine learning allows the system to learn from previous results to refine the
parameters, helping to strike the right balance. This helps maintain regulatory
compliance while minimizing disruptions to legitimate transactions. Financial
institutions can use real-time updates to adjust and tune screening filters to
continuously refine their screening models.

Certified Anti-Money Laundering Specialist Page 433

Version 7.0
Screening digital assets and currencies
The transfer of value in digital assets and currencies follows a structure similar
to traditional financial transactions. It involves an originator, intermediaries, and
a recipient. However, a key difference is the reliability and transparency of
transaction information. Traditional banking adheres to standardized KYC and
AML protocols. Digital asset transactions may lack universally accepted
compliance measures.

Regulatory frameworks for digital asset transactions vary across jurisdictions.

This causes inconsistencies in how jurisdictions verify and monitor transaction
details. This variability creates enforcement gaps, making it difficult to apply
the same level of scrutiny as in fiat currency transactions. Furthermore, the
decentralized and borderless nature of digital assets complicates financial
institutions’ ability to enforce compliance. Criminals exploit this regulatory
arbitrage by operating in jurisdictions with lax oversight.

A major challenge is the fundamental debate over the legitimacy of digital

assets and currencies. Many financial institutions remain skeptical, arguing that
fiat currencies are backed by sovereign governments, which provides stability
and assurance. Digital assets lack this backing. This skepticism has led many
traditional organizations to avoid digital asset transactions.

Increasingly, financial institutions are expanding into offering

cryptocurrencies, other blockchain-based assets, and associated services.
These organizations employ experts with deep knowledge of blockchain
technology, transaction monitoring, and risk mitigation strategies specific to
digital assets. Their expertise bridges the gap between evolving regulations
and the technical complexities of blockchain transactions. This ensures
rigorous digital asset screening that is comparable to traditional finance.

Screening in digital asset transactions focuses on identifying high-risk third

parties, particularly VASPs that operate outside regulatory frameworks. Many
financial institutions maintain internal lists of unregistered or noncompliant
entities. They refuse to engage with these entities to mitigate regulatory and
reputational risks. The screening process involves analyzing blockchain
addresses and transaction histories—or on-chain data—and using risk
intelligence databases—or off-chain data—to detect illicit activities such as
fraud, money laundering, and sanctions evasion.

Certified Anti-Money Laundering Specialist Page 434

Version 7.0
However, the pseudonymous nature of many digital asset transactions may
make ownership and identity verification challenging. This complexity requires
advanced analytics and blockchain forensics to improve transparency and
compliance efforts. As the regulatory environment for digital assets evolves,
financial institutions must continuously update their screening capabilities.
Adopting new technologies and regulatory best practices will help ensure
compliance while maintaining operational efficiency.

Certified Anti-Money Laundering Specialist Page 435

Version 7.0
Evolution of transaction
monitoring

Rules-based transaction monitoring

Rules-based transaction monitoring is a fundamental approach to monitoring
customer transactions. Financial institutions create rules based on known risk
factors or regulatory requirements. They set predefined rules or thresholds,
which are static, predictable, and easy to implement and understand.

However, rigid thresholds alone are not sufficient. For example, many financial
institutions establish rule thresholds, such as US$10,000, to limit the potential
impact of financial crime. Conducting a transaction above the threshold
results in alerts, required reporting, and increased scrutiny of the transaction.
But criminals can evade triggering these controls by breaking down large
transactions into multiple smaller ones, each of which is just below the
reporting threshold, a practice known as structuring. Most jurisdictions
consider structuring a financial crime, regardless of the source of funds.

Segmentation refers to categorizing customers based on factors such as

business type, transaction behavior, and risk profile. Segmentation allows
financial institutions to set thresholds that reflect expected activity within each
segment. This improves the relevance and effectiveness of alerts. Proper
segmentation ensures that organizations apply transaction monitoring
appropriately across different customer groups.

Once organizations have identified customer segments, they apply

appropriate rules to each segment. This provides an initial framework to
identify customers who deviate from their expected behavior. For example, a
local street vendor regularly depositing cash is expected due to the nature of
the business. However, if a government office clerk, who typically receives a
salary via an automated transfer, suddenly starts making frequent cash
deposits, it might raise red flags. If this deviated pattern continues without a
legitimate explanation, it might indicate illicit activity, such as bribery.

Certified Anti-Money Laundering Specialist Page 436

Version 7.0
When a rules-based system generates an alert due to a threshold breach,
banks may process these alerts through additional analytical tools, including AI
models. These advanced systems incorporate customer information,
historical behavior, and additional risk parameters to assess the severity of the
alert. By assigning a risk rating, such models help AML investigators prioritize or
deprioritize alerts. This ensures that high-risk cases receive immediate
attention while reducing false positives.

Although rules-based monitoring is static and does not adapt unless manually
updated, it remains a foundational tool for AML compliance. Many
organizations supplement it with risk-based monitoring or AI-driven
enhancements to improve accuracy and efficiency in detecting suspicious
activities.

New and emerging technologies for

monitoring customers
Advanced technology has empowered money launderers to use increasingly
sophisticated techniques. They exploit gaps in static rules-based systems by
structuring transactions, using synthetic identities, and leveraging cross-
border transfers. While rules-based monitoring remains a critical part of AML
compliance, it is insufficient on its own.

To counter these evolving threats, financial institutions may integrate

traditional TM with advanced technologies, such as AI and high-performance
computing. This multipronged approach combines rules-based logic with
intelligence-led strategies and uncovers hidden patterns to mitigate risks
more effectively. Organizations are also shifting from a rules-based approach
to holistic customer monitoring and dynamic risk rating, which integrate more
data points.

The use of these technologies facilitates contextual monitoring, a data-driven

approach that evaluates financial transactions within a broader context. It
shifts the focus from isolated transactions to broader customer behavior and
network relationships, whereas conventional methods trigger alerts based
solely on predefined thresholds. Contextual monitoring analyzes customer
interactions across multiple touchpoints and incorporates internal and
external datasets for a holistic risk assessment.

Certified Anti-Money Laundering Specialist Page 437

Version 7.0
Advanced analytical tools, such as enhanced entity resolution and network
analysis, allow contextual monitoring to transform raw transaction data into
actionable intelligence. These tools detect emerging threats faster, reduce
false positives, and streamline investigations. Instead of merely flagging
individual transactions, contextual monitoring provides investigators with a
risk-driven, real-time view of financial crimes, supporting more effective
decision-making and resource allocation. Continuous and automated tuning
ensures the system adapts as financial crime schemes evolve.

Network analysis, a key feature of contextual monitoring, identifies hidden

relationships between customers and entities. This helps detect complex
money laundering schemes that rules-based systems often miss. Some key
typologies that contextual monitoring helps to uncover include:

• Account collusion and shell companies: Identifying customers who appear

separate but share key identifiers, such as phone numbers, email
addresses, IP addresses, or physical addresses, which might indicate
coordinated activity to conceal illicit funds

• Self-funding transactions: Detecting instances where funds circulate

through multiple entities before returning to the original sender, a
common tactic in money laundering, tax evasion, and fraud

• Sophisticated structuring: Uncovering deliberate fragmentation of large

transactions into smaller amounts spread across multiple accounts to
evade regulatory reporting thresholds

By integrating AI-driven insights, automated anomaly detection, and real-time

data processing, contextual monitoring accelerates investigations, reducing
analysis time from weeks to hours. As financial crime tactics continue to
evolve, financial institutions should embrace intelligence-led monitoring,
ensuring that compliance efforts remain proactive.

Certified Anti-Money Laundering Specialist Page 438

Version 7.0
Case example: Evolution of transaction
monitoring
Thomas has recently been hired as the new MLRO of a mid-sized regional
bank in the US. One of his responsibilities is to update its TM system. From
experience, he knows that TM is constantly evolving as technology, financial
crime typologies, and regulations change. To learn about how his bank has
adapted its approach over the decades, he decides to review the bank’s
archived documents.

In an old filing cabinet, he finds policies and procedures from the 1970s. He is
amazed at how much compliance practices have changed over time. He
notices the bank relied on simple threshold-based reporting. Back then, the
bank’s primary guidance was the recently passed BSA of 1970. The BSA set
the foundation for TM. Specifically, it required banks to identify and report
cash transactions over US$10,000 and suspicious activities.

He explores some digital folders from the 1990s in the archive and notices
references to rules-based systems. He shares these files with a long-term
employee of the bank and asks what TM was like back then. The employee
explains how the bank gradually shifted from manual to semi-automated
systems to filter transaction logs and identify anomalies. These systems relied
on simple rules-based logic, using {IF:THEN} statements, where humans set
rules and computers executed them.

Reviewing more-recent history, Thomas notices the gradual incorporation of

machine learning and other forms of AI, enabling more holistic and advanced
approaches. The bank is moving away from static rules and is adopting tools
that analyze customer behavior and context by comparing current
transactions to historical patterns, peer group activities, and external datasets.

Returning to his task of updating the current TM system, Thomas explores AI-
driven technology solutions available on the market. These tools will gather
internal and external data to:

• Detect anomalies across multiple transactions, relationships, and entities.

• Conduct strategic threat analyses and develop intuitive investigative

processes.

Certified Anti-Money Laundering Specialist Page 439

Version 7.0
• Make intelligence-led decisions that reduce investigative time from weeks
to hours.

• Identify early signs of financial distress, mitigating risks before they

escalate.

• Fine-tune alert parameters by learning from the performance of existing

thresholds.

Understanding how TM has evolved from a reactive compliance function into

a proactive, intelligence-driven system, Thomas realizes the importance of
continuously updating and improving systems. By using AI and advanced
analytics, his bank will have powerful tools to detect, prevent, and mitigate
financial crime more efficiently.

Threshold-based Rules-based systems Contextual systems

reporting

1970s 1990s 2000s

Banks required to report Reliance on simple Adopting tools that

cash transactions over rules-based logic, using analyze customer
US$10,000 and {IF:THEN} statements, behavior and context by
suspicious activity in the where humans set rules comparing current
US and computers transactions to historical
executed them patterns, peer group
activities, and external
datasets

Manual checks Gradual shift from Gradual incorporation of

manual to semi- machine learning and
automated systems to other forms of AI,
filter transaction logs enabling more holistic
and identify anomalies and advanced
approaches, moving
away from static rules

Certified Anti-Money Laundering Specialist Page 440

Version 7.0
Key takeaways

• TM has evolved from a reactive to proactive approach.

• The BSA of 1970 laid the foundation for TM and compliance in the US,
introducing recordkeeping, reporting, and due diligence, while other
jurisdictions followed a similar trajectory of changes.

• The evolution of technology has enabled organizations to shift from

threshold- to rules-based reporting.

• Modern systems leverage AI to detect anomalies, assess risks dynamically,

and accelerate investigations.

Certified Anti-Money Laundering Specialist Page 441

Version 7.0
Technology for transaction
monitoring

Transaction monitoring and sufficient

scenarios coverage
To detect financial crimes, financial institutions must ensure their TM systems
cover a wide range of scenarios that reflect their current and potential future
risk exposures. Scenarios help TM systems recognize various types of illicit
activity. This requires conducting a comprehensive product risk assessment
to identify vulnerabilities and tailor monitoring rules according to the risk
exposure. Institutions need technical skills to convert the results of a product
risk assessment into scenarios that provide appropriate coverage for the
identified risks. A one-size-fits-all approach is inadequate because different
institutions face varying levels of risk depending on their customers,
jurisdictions, products, and delivery channels. Additionally, these factors
change over time. It is necessary to regularly review and update scenarios
proactively.

In addition to product risk assessment, other key risk indicators, such as

customer demographics, transactional behavior, and regulatory
requirements, should guide scenario development. Institutions should also
analyze law enforcement and government risk reports, such as those from
the US Treasury and FinCEN, national money laundering risk assessments, and
peer discussions to help develop actionable monitoring scenarios. Without
sufficient scenario coverage, financial institutions risk missing critical red flags.
This could lead to compliance failures and expose institutions to illicit activities
such as money laundering, terrorist financing, and fraud.

To ensure TM systems are robust and responsive, institutions must develop

risk-based scenarios that adapt to evolving financial crime tactics. High-risk
customers, such as PEPs, shell companies, and entities operating in high-risk
jurisdictions, require enhanced monitoring with specialized alerts. Monitoring
scenarios should also address suspicious transaction behaviors, including

Certified Anti-Money Laundering Specialist Page 442

Version 7.0
large cash deposits, frequent structuring (or "smurfing"), rapid fund
movement between accounts, and cross-border transactions to high-risk
regions.

An effective system should detect both obvious violations and subtle

behavioral shifts that could indicate emerging risks. It must also integrate
historical transaction analysis and peer group comparisons to quickly flag
deviations from expected behavior for further investigation.

A risk assessment can capture an institution’s risks at a specific time. However,

AML risks are constantly evolving. A well-chosen vendor TM system should
provide technology-driven monitoring, industry-wide research, and evolving
threat intelligence. Vendors have access to data across multiple financial
institutions. This allows them to identify emerging money laundering trends
and recommend monitoring scenarios that a single institution might miss.

Financial institutions must document their monitoring decisions and the

rationale behind them for future justification, regulatory exams, and system
validation. By combining vendor insights with internal risk assessments,
financial institutions can future-proof their TM system. This approach ensures
comprehensive scenario coverage, regulatory compliance, and proactive
detection of financial crimes, strengthening the institution’s risk management
framework.

Transaction monitoring scenario

development
The first step in developing transaction monitoring scenarios is conducting a
risk assessment to define the specific transaction patterns that require
monitoring. Common scenario designs include frequent cross-border
transactions with high-risk countries, structuring, sudden large cash deposits,
and unexpected repayment of overdue credit amounts.

Transactions that do not align with a customer’s business profile, unexplained

fund transfers, or sudden activity in dormant accounts might also indicate
potential financial crime. The financial institution should assess these scenarios
against its risk profile to determine which are most relevant based on its
business model, customer base, and regulatory obligations.

Certified Anti-Money Laundering Specialist Page 443

Version 7.0
Financial institutions perform customer segmentation for effective
monitoring, either before or after developing the scenarios. They categorize
customers by business type, transaction behavior, geographic exposure, and
risk level. For example, high-cash businesses such as convenience stores or
restaurants often have frequent cash deposits, while a salaried professional
receiving cash payments might be unusual.

By establishing optimal thresholds for each customer segment, financial

institutions can fine-tune monitoring systems to balance accuracy and
efficiency. Parameterization is key in this process, as it ensures that
transaction limits, frequency checks, and behavioral patterns are set
appropriately. Overly sensitive thresholds can overwhelm operational teams
with false positives. Overly lenient settings might fail to detect legitimate
financial crimes. To mitigate these issues, financial institutions use historical
transaction data, peer-group comparisons, and severity factors to refine
monitoring rules. Severity factors are criteria for assessing the significance of
suspicious transactions based on transaction size and frequency, customer
risk profile, and potential regulatory impact. These factors help prioritize alerts
for investigation.

Risk-rating models enhance scenario effectiveness by assigning risk scores

based on transaction behaviors, customer attributes, and exposure to high-
risk jurisdictions. For example, products and services, such as offshore wire
transfers and cryptocurrency transactions, also influence risk and require
stricter thresholds than domestic payments.

To maintain efficiency, financial institutions should continuously test, calibrate,

and conduct impact analysis to ensure scenarios remain effective. Not all TM
systems are equally capable. Some have rigid rule structures or limited
integration with external risk intelligence sources. To overcome these
challenges, institutions may leverage machine learning, behavioral analytics,
manual overrides, and expert-driven adjustments to ensure their monitoring
frameworks remain adaptive to emerging threats.

Certified Anti-Money Laundering Specialist Page 444

Version 7.0
Transaction monitoring scenario calibration
testing
Transaction monitoring scenarios require careful calibration to effectively
detect suspicious activities while minimizing false positives. Calibration, or
threshold tuning, involves adjusting parameters based on empirical
transaction data, risk models, and a broader risk-based approach.

Calibration begins with segmenting the customer base and establishing the
optimal threshold for each segment. Then, conduct pre-launch testing on the
segmentation and thresholds as an impact analysis to ensure effectiveness. It
is not advisable to leave a transaction monitoring system at its default settings.
Instead, calibrating and tuning it for the specific circumstances that the
organization faces ensures optimal performance. The goal is to refine
monitoring thresholds and segmentation criteria so that alerts are generated
only for truly anomalous behavior. Proper calibration improves operational
team efficiency, reduces operational burdens, and ensures alignment with
regulatory expectations.

For example, monthly conversions of Bitcoin to fiat currency, followed by

equal deposits to a business checking account, would make sense for a
restaurant that accepts cryptocurrency for payment. Since these deposits
match the business’s profile, the bank calibrates its monitoring scenario to
avoid unnecessary alerts.

Another key aspect of scenario calibration is detecting structuring. For

example, if regulatory guidelines require reporting for cash deposits above
US$10,000, a customer consistently depositing US$9,900 in multiple
transactions might be structuring. Effective calibration includes setting
velocity checks, monitoring aggregate transactions over specific time frames,
and analyzing behavioral patterns to detect such activity.

To validate the effectiveness of calibrated scenarios, financial institutions use

three different testing methods:

• Close testing examines transactions near the defined threshold to ensure

borderline cases trigger alerts.

• Above-threshold testing assesses whether truly suspicious transactions

consistently trigger alerts, capturing high-risk activity.

Certified Anti-Money Laundering Specialist Page 445

Version 7.0
• Below-threshold testing identifies potential gaps, such as structuring,
where criminals intentionally keep transactions slightly below reporting
limits.

Above-the-line and below-the-line testing are related concepts used in

tuning and testing transaction monitoring. The "line" may refer to the current
threshold; however, these tests are typically performed at differing levels
above and below the thresholds set to tune alerts for optimal performance.

This layered testing approach ensures that thresholds are neither too
sensitive nor too lenient, maintaining a well-balanced monitoring system. A
well-calibrated system minimizes both false positives (legitimate transactions
mistakenly flagged as suspicious) and false negatives (suspicious activities
that go undetected).

The overall volume of alerts generated is a key metric. Excessive alerts can
overwhelm compliance teams and lead to inefficiencies and missed high-risk
transactions. By continuously refining monitoring parameters, organizations
can strike the right balance between risk sensitivity and operational efficiency.
This strengthens their AML framework as they maintain regulatory
compliance.

Ongoing testing and tuning for rules-based

systems
Once financial institutions develop, calibrate, and deploy transaction
monitoring scenarios, they should continuously test and tune them to ensure
effectiveness. This process occurs periodically and due to special
circumstances, such as regulatory changes, emerging financial crime trends,
or shifts in customer transaction behavior. Rules-based systems are typically
easier to test and tune.

Without proper testing, monitoring scenarios might become outdated. This

could lead to inefficiencies such as excessive false positives or undetected
suspicious activity. Testing ensures that scenarios remain aligned with
evolving risks while balancing effective detection and operational efficiency.

If predefined thresholds are repeatedly breached, it might indicate a change

in transaction patterns or regulatory expectations, requiring an adjustment.
For example, if false positives are excessively high, the threshold might be too

Certified Anti-Money Laundering Specialist Page 446

Version 7.0
strict, flagging many legitimate transactions as suspicious. In such cases,
lowering the threshold can help reduce unnecessary alerts and improve
compliance team efficiency. Conversely, if false positives drop significantly,
the threshold might be too lenient, allowing illicit activity to go undetected. In
such cases, raising the threshold might improve risk detection.

When tuning the transaction monitoring system, organizations should

consider such data as transaction thresholds, frequency, and geolocation
mismatches.

While there is no universal standard that dictates testing frequency, industry

best practices recommend structured reviews, such as semi-annual or
annual, to maintain effectiveness and regulatory alignment. Depending on the
business scale of the organization, more frequent testing may be required.
Testing should also occur in response to significant risk factors, such as
emerging financial crime trends, regulatory changes, or shifts in transaction
behavior.

Monitoring false positives is an ongoing process in business-as-usual

operations. Fluctuations in false positive rates might be normal due to
seasonal changes, shifts in customer behavior, or updates in organizational
policies. However, fluctuations do not always require immediate tuning.
Instead, organizations should conduct tuning in response to continuous
breaches or sustained deviations from expected performance.

Before making any adjustments, conduct an impact analysis to ensure that

tuning improves efficiency without introducing new risks. To ensure that
scenarios are optimal, financial institutions should maintain a structured
approach to testing and tuning. This ensures that their transaction monitoring
systems remain effective, adaptive, and aligned with both regulatory
expectations and operational goals.

Certified Anti-Money Laundering Specialist Page 447

Version 7.0
Ongoing testing and tuning for AI tools
Ongoing testing and tuning of AI tools in transaction monitoring is a complex
and dynamic process. This process involves training the systems, testing the
results they generate, and retraining them if the results are not ideal. To make
effective use of AI-based tools, organizations need to understand how the
models make decisions and ensure the dataset is large, relevant, and of high
quality. To avoid statistical bias that might skew results, ensure the dataset
includes a broad sample of transactions, not only those transactions that
generated an alert.

An organization first performs testing and tuning when it develops the AI

model, before deployment. It splits a sample of data into two sets: a large
training set and a smaller test set. The system learns from the training set by
analyzing the data to create the model’s parameters and operations. It then
tests the model against the test set and fine-tunes it, as needed.

After deploying the model, the organization should test and fine-tune it
periodically. This process typically involves back-testing, using 6 to 12 months
of historical data and various sampling techniques. Comparing flagged alerts
with actual SAR filings helps find false positives. Identifying alerts in the test
data that were not previously flagged helps identify false negatives, also
known as missing alerts. Organizations can use various sophisticated statistical
methods to test AI tools, depending on the tools' complexity and available
resources.

Human-in-the-loop training involves having a knowledgeable expert review

test results and assess their reliability and accuracy. Human-in-the-loop
testing provides qualitative feedback, helping data scientists fine-tune
parameters and data to provide better results.

When completing any cycle of training and tuning, remember that models
should have high explainability. Analysts should easily understand and act on
the model's decisions. They should also document the rationale for decisions
for auditing purposes.

The diversity and strength of the training data often dictate the success of AI
algorithms. Any biases or inaccuracies in the training data may be magnified
when AI algorithms recognize these patterns. Having an appropriately trained
professional reviewing results for bias is one way of minimizing this risk.
Additionally, other AI algorithms may be used to pinpoint deficiencies that can

Certified Anti-Money Laundering Specialist Page 448

Version 7.0
be corrected. Regulators around the world expect algorithms to be
transparent. This means providing an explanation of why a specific alert was
deemed suspicious when others were not. While some AI algorithms offer
explainability, many black-box models exist and may present risk if used
without adequate understanding of its limitations.

Governance for transaction monitoring

After financial institutions conduct risk assessments, they design AML systems
to mitigate the threats they have identified by implementing transaction
monitoring rules and models. To ensure they select the right scenarios and
apply appropriate methodologies, institutions establish governance
committees, such as for model risk governance. These committees oversee
rule selection, implementation, and system updates. They typically include
business leaders, product managers, customer relationship teams, risk
management professionals, compliance officers, and auditors in addition to
model risk experts to ensure broad oversight.

Governance committees help maintain effective, fair, and accurate

transaction monitoring rules. These committees regularly assess whether
existing rules align with evolving financial crime trends, regulatory
expectations, and emerging money laundering techniques. Governance
committees also review, approve, and validate initial and ongoing scenario
development, tuning, and turning off outdated or ineffective scenarios.

AI- and machine learning-driven AML models add complexity. Organizations

may choose to set up AI councils that specialize in AI oversight throughout the
organization, including its application for AFC. These councils ensure AI
models remain explainable, unbiased, and aligned with ethical AI principles.
This is particularly important when detecting complex money laundering
patterns, such as layering and structuring. Collaboration between AML
governance committees and AI oversight bodies ensures that transaction
monitoring adapts to emerging threats while remaining compliant and
auditable.

Comprehensive documentation is essential for AML transaction monitoring

governance. Financial institutions must maintain detailed records of rule
development, scenario tuning, model validation, and system updates to
provide an audit trail for regulators. AI-driven models require additional
documentation covering training data, feature selection, bias mitigation
Certified Anti-Money Laundering Specialist Page 449
Version 7.0
strategies, and explainability metrics to demonstrate compliance with AML
regulations.

Proper documentation ensures transparency, regulatory adherence, and

defensibility in case of scrutiny from regulators, auditors, or legal authorities. A
well-documented governance framework helps institutions detect, report,
and adapt to evolving money laundering risks in an increasingly complex
financial environment.

Certified Anti-Money Laundering Specialist Page 450

Version 7.0
Technology for investigations

Technology to assist investigation

The table below summarizes different categories of technology solutions:

Technology solution Description

Visualization • Identifies patterns

• Detects anomalies

• Uncovers networks

• Maps relationships

Social network analysis • Identifies relationships, central

figures

• Uncovers activity clusters

Network analysis • Detects unusual transaction

patterns

• Groups individuals and entities

based on shared characteristics

Open-source solution • Provides access to:

o Public sources of adverse

media

o Government-maintained
watch lists

• Enables initial due diligence

Certified Anti-Money Laundering Specialist Page 451

Version 7.0
Subscription-based solution • Aggregates global media
coverage

• Offers automated risk

assessments

• Enhances investigative efficiency

Publicly available watchlists offer basic compliance checks. Paid solutions

integrate screening into case management workflows with real-time risk
scoring and ongoing monitoring. AI-driven monitoring tools, particularly those
in enterprise solutions, detect behavioral anomalies in financial transactions,
flagging high-risk activities for further review. While free tools can support
investigative efforts, paid solutions provide scalability, automation, and
enhanced accuracy in risk identification.

Deciding the level of automation in an investigation requires balancing

machine-driven efficiency with human oversight. For example, automated
transaction monitoring systems flag unusual activity, but human analysts must
review and validate alerts to avoid false positives.

Automation streamlines investigations by prioritizing high-risk cases, but

overreliance on machine-generated outputs can overlook contextual factors
that only human judgment can assess. Conversely, fully manual investigations
are inefficient and resource intensive. A balanced approach, using technology
to automate repetitive tasks while maintaining expert oversight for final
decisions, ensures accuracy, compliance, and effective risk mitigation. By
combining free and subscription-based investigative tools, financial crime
teams can optimize their workflows and enhance regulatory compliance
efforts.

Certified Anti-Money Laundering Specialist Page 452

Version 7.0
Network analysis solutions for transaction
monitoring
Network analysis in AML efforts offers several significant advantages for
transaction monitoring. Network analysis refers to a set of techniques that
depicts relationships among actors and analyzes the recurrence of these
connections. For example, imagine that every time Customer A receives a
large deposit, Customer X, who is unrelated to Customer A, always receives
the same amount but through multiple transactions from different accounts.
Network analysis in this scenario could identify the link for further investigation.

Network analysis makes it easier to identify irregular patterns or suspicious

clusters. It enables real-time analysis, allowing investigators to promptly
monitor and respond to emerging threats. It also provides a holistic view of
financial activities by considering the broader context of transactions rather
than evaluating them in isolation. Finally, by accurately mapping relationships
and interactions, network analysis helps reduce false positives, streamlining
investigative efforts and resource allocation. This comprehensive perspective
helps organizations understand the full scope of potential money laundering
schemes.

By automating the collection of internal and external data points, network

analysis reduces manual investigation steps. It helps identify suspicious
transaction patterns that might indicate money laundering activities such as
rapid, high-volume transactions, circular money flows, or structured deposits
designed to evade reporting thresholds. It also enhances CDD by building
connections via customer relationships and social and financial interactions to
reveal associations with high-risk individuals or entities.

Certified Anti-Money Laundering Specialist Page 453

Version 7.0
Network analysis uncovers hidden relationships between seemingly unrelated
entities and compiles them into easy-to-understand networks. This exposes
complex schemes that traditional monitoring methods might overlook.
Financial institutions can use these capabilities to proactively address potential
risks and strengthen their AML compliance frameworks.

However, implementing network analysis in AML investigations presents

challenges. Financial institutions must address issues related to data accuracy,
integrate disparate data sources, and use advanced analytical tools to process
large-scale transaction data. Skilled analysts are needed to interpret complex
network structures and derive actionable insights.

Integrating network analysis into AML strategies represents a significant

advantage in combating financial crimes. By providing a deeper
understanding of transactional relationships and patterns, it equips financial
institutions with the tools necessary to prevent and detect money laundering
activities more effectively.

Certified Anti-Money Laundering Specialist Page 454

Version 7.0
Technology to assist case management
Technology strengthens global AML compliance frameworks, particularly in
case management. Modern AML solutions are web-based platforms that
centralize customer and account data, supporting KYC requirements and risk
assessments. These systems consolidate information from various sources,
automate risk ratings, monitor ongoing customer activity, and allow
investigators to access data more quickly.

Case management tools within these platforms streamline investigations by

tracking suspicious activities, flagging high-risk transactions, and organizing
case files for regulatory reporting. Integrating advanced analytics and
machine learning ensures data-driven risk assessment processes, reduces
false positives, and enables compliance teams to focus on genuinely
suspicious cases. These tools make the management of cases more efficient
by reducing the need for investigators to manually sort through data, reducing
the time required to collate and assemble such data.

Additionally, tools are available to help manage cases throughout their life
cycle. These include tools to automate workflows, facilitate collaboration,
track case status and progress, and manage the storage, searching, and
retrieval of documentation.

These platforms also improve regulatory compliance by automating the

process to produce SARs and ensuring that compliance actions are
sufficiently documented to withstand the scrutiny of an audit. Seamless
integration with existing compliance systems helps financial institutions
maintain consistency in their AML strategies without operational disruptions.

From an investigative standpoint, modern case management tools optimize

decision-making by organizing risk-related insights systematically, eliminating
silos and information islands. Investigators can efficiently escalate cases
through defined workflows. Automating processes ensures that compliance
teams allocate resources effectively. This allows them to focus on high-
priority cases and reduce unnecessary manual reviews. Built-in collaboration
tools facilitate communication among compliance teams, improving
coordination in complex investigations.

As financial crime tactics evolve, leveraging sophisticated case management

technology ensures regulatory compliance, reduces operational risks, and
strengthens institutional defenses against financial crime.

Certified Anti-Money Laundering Specialist Page 455

Version 7.0
Technology for blockchain tracing
Blockchain tracing technology helps organizations and regulators in the fight
against illicit financial activities. Distributed ledger technology is a
decentralized secure database system in which multiple participants share
access without a central authority. Blockchain is its most prominent form. This
technology provides a transparent and immutable record of transactions. This
certainty of record is both a strength and a weakness, particularly for criminals
attempting to exploit digital assets for illicit purposes.

While blockchain transactions are pseudonymous, regulated digital asset

platforms and currency agents require KYC verification. This allows authorities
to link blockchain addresses to real-world identities. It also enables financial
institutions and regulatory bodies to trace suspicious transactions and enforce
compliance measures effectively.

Criminals use sophisticated techniques such as privacy-enhancing tools,

mixing services, and cross-chain transfers to obscure the origins and
destinations of illicit funds. These techniques require advanced blockchain
tracing technologies. To track digital asset movements, organizations could
use innovative blockchain analytics solutions, including:

• On-chain analytics, which examine direct transaction data, including wallet

addresses, transaction histories, and smart contract interactions.

• Off-chain analytics, which integrate external sources such as regulatory

filings, social media activity, and dark web intelligence to provide a more
comprehensive view of suspicious behavior.

• Advanced machine learning algorithms, which help detect transaction

patterns associated with money laundering and sanctions evasion, flagging
high-risk activities for further investigation.

These technologies enable investigators to follow digital asset transactions,

even when funds are fragmented into smaller amounts and dispersed across
multiple wallets or blockchain networks.

As financial crimes involving digital assets rapidly evolve and become more
sophisticated, blockchain tracing technology continues to evolve almost as
rapidly. Criminals develop new methods to exploit the system, but analytics

Certified Anti-Money Laundering Specialist Page 456

Version 7.0
solutions are continuously improving to identify and de-anonymize illicit
financial flows.

Globally, regulatory bodies mandate compliance measures such as

transaction monitoring, risk assessment, and information-sharing frameworks
to ensure financial institutions mitigate risks effectively. By integrating
blockchain tracing technologies into compliance frameworks, organizations
and regulators can enhance transparency, detect suspicious activity more
efficiently, and protect the integrity of financial systems in an increasingly
digital economy.

Technology for reporting

AML and sanctions compliance carry significant civil and criminal legal liabilities
for organizations and individuals responsible for enforcement. Without proper
records, even the most diligent compliance efforts cannot be evidenced. This
principle emphasizes the importance of maintaining thorough documentation
of all AFC-related processes, including transaction monitoring, investigations,
and reporting. Financial institutions and their employees should ensure that
every step taken to identify, investigate, and report suspicious activities is well
documented to demonstrate regulatory adherence and avoid potential legal
consequences.

Given the massive scale of financial transactions and regulatory requirements,

maintaining effective reporting mechanisms is a significant requirement in
demonstrating AML and sanctions compliance. Without structured
documentation, compliance programs might fail to provide regulators with
necessary evidence of due diligence. To address this, financial institutions use
case management systems and advanced reporting to manage data
volumes, helping compliance teams efficiently track, analyze, and document
cases.

Most reporting technologies are included in transaction monitoring solution

packages. However, some solutions now focus exclusively on workflow and
case management, either replacing or supplementing existing systems that
lack these elements. Automated systems process large datasets, detect
anomalies, and generate compliance reports. This reduces manual effort
while ensuring regulatory expectation compliance. These technological
solutions also help institutions minimize errors, improve efficiency, and
enhance transparency in their compliance efforts.
Certified Anti-Money Laundering Specialist Page 457
Version 7.0
Many AML and sanctions compliance solutions integrate reporting features
within customer databases and transaction monitoring systems. This
seamless integration ensures that the solutions systematically document
alerts, cases, investigations, and regulatory reports. By automating and
centralizing compliance records, these solutions provide a clear audit trail for
regulators. This enables institutions to respond swiftly to inquiries and legal
scrutiny. The UN developed goAML, an innovative reporting solution, which
provides a standardized platform for FIUs to collect, analyze, and share AML-
related reports.

Institutions should evaluate various factors when deciding to augment existing

systems with a reporting solution. Considerations include the complexity of
regulatory requirements, scalability of current systems, need for enhanced
workflow management, and cost-benefit analysis of implementing standalone
reporting solutions versus upgrading existing platforms.

As regulatory expectations continue to evolve, financial institutions should

leverage technology to document compliance efforts to mitigate risk, protect
their employees, and uphold the integrity of the financial system.

Certified Anti-Money Laundering Specialist Page 458

Version 7.0
Data Collection and
Preparation

Introduction

Introduction: Data collection and

preparation
AFC compliance systems have become more complex and effective,
increasing the demand for improved data. As this module shows, data
governance, preparation, management, and quality control are essential in
financial crime compliance systems. Internal and external data sources play
key roles in compliance onboarding, screening, and monitoring. This module
covers the techniques and tools for moving and using data within the
organization. Validation and testing processes help detect anomalies and
maintain data integrity, accuracy, completeness, and consistency. This
module also examines the processes needed to enhance data reliability,
support regulatory compliance, and optimize financial crime detection
systems.

Certified Anti-Money Laundering Specialist Page 459

Version 7.0
Case example: Identify data for a new TM
system
Sarah, a financial crime analyst at a mid-sized bank, has been asked to identify
data needed for a new TM system. The goal is to ensure the system effectively
detects suspicious activity while balancing operational feasibility and
regulatory requirements.

She identifies core transactional data as essential components, including

customer account numbers, transaction time stamps, amounts,
counterparties, and geographic locations. Sarah then consults with
compliance and IT teams to assess customer profile information that can
enhance risk detection. This includes customer risk ratings, account types,
expected transaction behaviors, and historical activity.

Next, Sarah reviews the latest annual risk assessment to identify risks that the
TM systems should control. She conducts a product risk assessment to ensure
that the AML risks of all products are understood. She then maps the existing
scenarios of the TM system against the risks to examine coverage and to
understand what additional scenarios may be needed.

Each specific risk has attributes that match corresponding data points that
form the foundation of the TM system. For example, a risk such as rapid fund
transfers requires data points, including inbound and outbound payment time
stamps, acceptable thresholds based on risk profiles, transaction amounts,
and thresholds for amounts based on different risk profiles. Where necessary,
she adds these to available core transactional and customer risk profile data.

Sarah then identifies supplemental data sources to refine alerts and improve
investigative efficiency. She considers including data on adverse media
screenings, PEP status, and SAR filings. She also explores integrating
behavioral indicators, such as sudden deviations from a customer's usual
transaction size or velocity.

However, Sarah understands that selecting data is not just about adding more
variables. She knows she should avoid treating this process as a checklist. This
process should align with the identified risks and available data. She evaluates
whether the bank has consistent, reliable access to each dataset, whether it
meets privacy and regulatory requirements, and whether it aligns with the
bank’s specific risks. She also assesses the data’s compatibility with existing

Certified Anti-Money Laundering Specialist Page 460

Version 7.0
formats and the system’s processing capacity. This ensures that additional
data fields enhance detection without overwhelming resources or generating
excessive false positives.

By taking a risk-based approach to data selection, Sarah ensures that the new
TM system is both effective and efficient, aligning with the bank’s compliance
needs while leveraging available data intelligently.

Key takeaways

• Identify data for new TM systems to detect suspicious activity while

balancing operational and regulatory requirements.

• Key data sources include core transactional data, customer profile

information, risk attributes matched to data points, and supplemental data
sources.

• Review the latest risk assessment to match specific risks with

corresponding data points.

• Conduct a product risk assessment and identify any gaps that existing
scenarios do not cover.

• Ensure the data is aligned with identified risks, meets privacy and
regulatory standards, is accessible, and fits the system’s processing
capacity to avoid overwhelming resources or generating excessive false
positives.

Certified Anti-Money Laundering Specialist Page 461

Version 7.0
Data as an input for solutions

Understanding your data

Compliance systems require particular types of data to function properly.
Data must be relevant to the compliance risk that an organization is mitigating.
Each risk has an intended control, and each control must list the data it needs
to operate effectively.

Controls such as screening and monitoring solutions might require different

datasets. Solutions utilizing AI leverage a larger dataset to build a holistic view
of the customer. Therefore, data requirements are tailored to the specifics of
the control.

Data taxonomy is a discrete system for classifying data into hierarchical

structures. Curating and classifying data into a data taxonomy can help
provide a consistent framework for identifying data items that are needed for
AFC and other risk management processes.

Data can be static or dynamic. Static data is the fixed attributes of the
customer, such as KYC details. Dynamic data is collected from observing
customer behaviors, such as transactions or other account activity.

Organizations obtain data from internal and external sources. Internal sources
are what organizations collect or observe about their customers and those
with whom they interact, such as counterparties. External sources refer to
information that other organizations have about a given organization's
customers, such as data from adverse media reports and beneficial
ownership registers. External sources also provide data needed for the
operation of a control, such as lists from regulators and other government or
international agencies. These lists include entities subject to sanctions and
embargoes, as well as known criminal and terrorist individuals and
organizations.

Since data may be in different formats or have other characteristics,

integrating data is an important step in the process. As data flows into the
compliance system, it populates tables in accordance with a data dictionary
that system technologists and business partners create. This ensures that the

Certified Anti-Money Laundering Specialist Page 462

Version 7.0
system accurately and consistently maps data from multiple sources to the
correct field within the table. For example, data from one source that uses a
label of "street address" will not be compatible with data from a second
source with the label "address." Similarly, data with the label "beneficiary" will
not be compatible with data labeled "recipient."

Completed, or populated, data tables compare data required for control

operation with available data from internal and external sources.

Coverage and gap assessment

A coverage and gap assessment identifies data that is missed, inaccurate, or
inconsistent. It also identifies incorrectly used data and the extent to which the
available data covers compliance solution requirements.

Missing data might be due to an incomplete data feed or a corrupted file. Or,
source systems might not contain the required data, such as a KYC file that
does not contain the required details for a customer.

Inaccurate data might be out of date, such as when a customer’s new address
is not updated. It can also mean an incorrect attribute is allocated to a
customer or group of customers.

Inconsistent data is not standardized to conform to an agreed-upon data

dictionary. This means the compliance system does not have all the required
data. For example, data might include nonstandard country codes, which
might cause the compliance system to fail to identify some international
customers or transactions.

Incorrectly used data can be difficult to identify because the data itself might
be accurate. One example is when a transaction monitoring solution uses
industry codes to segment customers. This means all customers with the
same code are segmented together and are subject to equal monitoring. This
solution fails to use other attributes such as turnover, scale, products, and
channels to complete a more detailed and accurate segmentation.

Missing, inaccurate, inconsistent, or inaccurately used data does not always

prevent compliance systems from operating. However, it does distort the
effectiveness of the solution. It might also reduce the overall risk coverage.
The purpose of the coverage and gap assessment is to identify where this
occurs and the likely impact on control operation. Since compliance systems

Certified Anti-Money Laundering Specialist Page 463

Version 7.0
still operate with poor or missing data, a tolerance level for data quality is
assessed. The compliance officer should understand the data quality
tolerance level for the compliance systems.

Examiners and regulators also use data coverage and gap assessments to
benchmark financial institutions against the industry and gauge whether
systems are capable of meeting minimum legal requirements.

Clean data for technology solutions

Clean data is complete, consistent, accurate, and error-free. Clean data
assists with analytics and helps improve or maintain accuracy in compliance
system outputs. It also increases the efficiency and effectiveness of data
processing through compliance systems. The process of cleaning data is
referred to as data cleansing or data cleaning.

Data cleansing processes:

• Remove duplicates.

• Standardize data.

• Verify or validate data accuracy.

• Manage data outliers.

• Identify and fix corrupted data sets.

Data professionals usually clean data using specific software. Their role is a
specialist function within technology teams or external data vendors and
service providers. Data cleansing occurs before implementing a new
technology solution or upgrading an existing one. Data professionals can clean
data in situ, or where it resides, via technology that searches a data set for
irregularities. They can also clean data in batches by running a series of scripts
to identify and highlight anomalies. Additionally, they can send the data
through a specialist firewall that acts like a filter to achieve the same result.
The data cleansing process must be ongoing. Organizations should report
metrics under governance protocols and take corrective actions as
necessary.

There are different forms of data cleansing, including discarding empty data
fields, null entries, or missing records. For example, if a KYC record does not
contain a date of birth, the system might remove it from a screening dataset

Certified Anti-Money Laundering Specialist Page 464

Version 7.0
and return it to the source system for remediation. Sometimes, previous poor
practices need to be changed. For example, in cases where the customer's
date of birth is unknown, there may be a practice of inserting "01/01/1900"
instead of leaving the date of birth field blank. The system might adjust other
records, such as when it automatically verifies or adds an international area
code for a customer phone number based on the address location. Another
example of remediation is when the system standardizes addresses and
changes abbreviations such as St for street or Rd for road.

There should be a balance between data that is clean and data that remains
true to the source data. Data cleansing can be expensive and time-
consuming. Organizations need to discern when data is clean enough to use
and not strive for 100% cleanness, which they will never be able to achieve.

Certified Anti-Money Laundering Specialist Page 465

Version 7.0
Data collection

Internal versus external data

Data sources are internal or external. Organizations obtain internal data from
customer KYC and other onboarding details. Some examples of internal data
are the nature and purpose of the account, the type of products required, and
the countries where the customer intends to operate. Internal data can also
include attributes the organization assigns to the customer, such as a risk
rating, unique identifier, account details, and account status.

One type of internal data, observed data, includes transaction records

showing what customers do and with whom they do it. It also shows
observations from relationship managers, customer service operators,
investigators, and any other employee who interacts with the customer.

In addition, internal data includes lists of customers to avoid, such as those the
organization previously exited for compliance reasons. It further includes lists
of customers the organization investigated before and deemed low risk for
financial crime.

Certified Anti-Money Laundering Specialist Page 466

Version 7.0
External data is data found outside the organization. There are two types. The
first type is data specific to a particular customer. This includes adverse media
reports, court rulings, business registries, UBO databases, voter registers, and
other publicly available sources. This data helps organizations complete
appropriate due diligence. The second type is data the organization screens
all customers against. This includes lists of entities for sanctions and
embargoes, terrorists and major criminal groups, and PEPs.

Compliance systems manage financial crime risk by combining internal and

external data, often using network analysis. For example, systems combine
customer-provided KYC data, observed transactional data, and data from
correspondent transactions to identify potential risks that would otherwise go
unnoticed. Another example is screening systems, as they require a
combination of static customer KYC details and external data from list
providers and other agencies.

Internal data is often in a structured format, which makes it easier for the
organization to control. External data originates from many diverse sources,
which might make it unstructured or incompatible with compliance systems.
Unstructured data is data that is not provided in a fixed format, such as free
text that appears in a comment field. This requires additional work to refine it
into a usable format.

Internal static data

Internal static data is data a customer provides or another entity attributes to a
customer that remains the same after it is collected. The data the customer
provides includes KYC details such as name, address, date of birth, business
registration number, and unique identifications such as passport or license
numbers. These details can change over time but are treated as static data
because customers always have this type of data, such as a name or date of
birth. Business directors, signatories, and beneficial owners of a company are
also examples of static data.

Organizations obtain data from the customer during the onboarding process
or regular review cycle. The customer can also provide changes as they
occur. Customers might have multiple products or relationships within an
organization. When this happens, the organization might hold customer data
in separate systems and make any updates to the static data where it resides.

Certified Anti-Money Laundering Specialist Page 467

Version 7.0
Regulated entities may also attribute data to a customer. Attributed data
includes:

• Customer identification numbers.

• Type of products requested such as savings account, foreign currency

account, credit card, or business loan.

• Type of usage such as personal transactions, business financing, or

international trade.

• Transaction channels such as internet, mobile, SWIFT, ACH, or cash.

• Account status such as new, existing, active, or dormant.

Sometimes data might be misaligned due to the customer being associated

with different parts of the organization. For example, the director of a
company is also a private customer with a personal account. Another example
is when a customer is flagged as dormant in one part of the business but is still
active in another.

Organizations should combine data the customer provides with attributed

data. This helps provide a complete view for due diligence and risk
assessment processes. For example, two commercial customers might have
similar static data, such as business name, address, and owner. However,
adding the attributed data, such as products and jurisdictions, might result in a
different risk profile. Further analysis of the data might be needed to correctly
classify it.

Internal observed data

Internal observed data refers to transactional or behavioral data that an
organization’s internal systems generate or capture and process. It has
multiple sources, including transaction records, investigations, relationship
managers, and operations staff. The data can be objective or based on
opinion. It can also be based on the inability of staff to contact a customer.

Observed data can take the form of transaction data, flags or checkboxes in
customer service records, or narrative. Organizations should convert
observed data into a data element to incorporate it into a compliance system.
For example, if an investigator finds that a customer is conducting
transactions in a pattern that differs from the expected behavior based on the

Certified Anti-Money Laundering Specialist Page 468

Version 7.0
amount, location, industry, and stated expectations, the investigator assigns a
flag for required review to temporarily increase the risk rating of the
customer. This triggers a review by a relationship manager.

An example of observed data is data resulting from an investigation. When an

investigation finds no evidence or suspicion of financial crime, the organization
might adjust the customer’s risk profile to a reduced risk rating for ongoing
monitoring and screening. The organization should frequently reassess the
revised rating to ensure it remains appropriate.

Internal observed data is typically data a regulated entity assigns or attributes

to a customer or group of customers. This is in contrast to internal static data,
which an organization may either collect from or assign to a customer.
Observed data is not independently verified or validated. It is time-based,
which means the data is only true at the time of observation. Organizations
should be careful when using observed data in a compliance system due to
this subjective and time-based nature.

Organizations compare observed data with static data. For example, a

customer has an address in one country, which is static data, but the
monitoring system indicates all transactions occur in a different country,
which is observed data. Similarly, a retail customer claims to be a salaried
employee, but ongoing account monitoring shows a transaction pattern
resembling a small business. In both examples, the customer risk rating might
require adjustment.

Leveraging data from internal platforms

Data comes from many different sources in the organization. Therefore, it has
different labels, structures, and levels of accuracy and completeness. For
example, monitoring and payment screening systems receive customer
account data from one data store and attempt to match it with transactional
data from payment systems. The data labels across these disparate systems
likely vary, and therefore the compliance system must standardize them
before use.

For a compliance system to use internal data, it must first assemble the data
into tables in accordance with definitions from a common data dictionary or
glossary. System requirements dictate data table structures. For example, if a
compliance system requires three fields, <name>, <address>, and <date of

Certified Anti-Money Laundering Specialist Page 469

Version 7.0
birth>, then the data table will have three columns corresponding to these
labels.

Compliance systems only consume data that is relevant to the operation of

the system, so some data in the source systems will not populate in the data
tables. This is because overpopulated data tables reduce the efficiency of
compliance systems. This is more complicated for systems incorporating AI
solutions, in which required data tables are more comprehensive and
inclusive.

Data from older systems may not be compatible with newer systems, as
naming conventions and storage protocols have changed. Crossing
jurisdictional and language boundaries complicates these processes further.
To address this, the compliance system assembles, cleans, enriches, and
standardizes the data in staging tables before populating it into final data
tables.

Data use is either passive or active. Passive use refers to instances in which the
value of the data is inherent, such as the "country code" field, which holds
inherent value without further action.

Active use is interactive, such as when the compliance system compares two
data fields to identify instances in which transaction activity deviates from the
expected pattern for that profile. Comparing these data elements allows the
compliance system to either detect an anomaly that requires further
investigation or apply additional active data fields.

Case example: AI for money laundering

detection
Erik is a data scientist working at Nova Capital Bank. The bank uses a
conventional transaction monitoring system that has a defined series of rules
to match pre-identified risks. Erik has expressed concerns about this system
to the senior leaders of his organization. He explained that, across the
spectrum of all rules within the system, the system only uses a subset of
available internal data for monitoring customers.

For example, the bank has a threshold for automatically reporting cash
transactions to government agencies. This includes system rules requiring
specific data elements to monitor cash transactions just below the reporting

Certified Anti-Money Laundering Specialist Page 470

Version 7.0
threshold. The bank’s rules require transaction details such as "type," "value,"
"location," "channel," "inbound or outbound," and "depositor.” However, the
system either does not use or only partially uses data elements such as
"source of funds,” "source of wealth,” "connected parties,” "counterparties,"
and "location" for specific scenarios and rules. This could potentially allow
criminals to process cash through their accounts undetected.

After several months of testing and considering the guidance of the AI council
within his organization, Erik finally convinces his organization to employ AI
technologies to improve the efficiency and effectiveness of financial crime
detection using internal data. Rather than defining a prescriptive risk and then
mapping data points to it, the new system collates as much data as possible
and uses it to construct a holistic view of the customer. These greatly
increased data points require augmented processing power to quickly
provide a customer risk score based on multiple indicators extracted from the
data. Additionally, the system can "self-learn," which increases its
effectiveness and efficiency over time.

Nova Capital Bank quickly witnesses the results of this updated technology.
Within weeks, the system flags a customer whose patterns deviate from
established normal behavior, indicating potential financial crime. The system
analyzes large volumes of data, recognizing a relationship between the
customer and a previously flagged entity that the conventional rules-based
system would have likely missed. This discovery escalates, and the bank
ultimately concludes that the customer is laundering money, thanks to Erik,
the new detection system, and Nova Capital Bank's extensive internal data.

A common expectation is that AI systems are deployed to yield head count

efficiencies. In Erik’s case, the goal was to make the ecosystem more
effective at detecting financial crime, which was achieved.

Certified Anti-Money Laundering Specialist Page 471

Version 7.0
Key takeaways

• Detection system effectiveness increases when organizations leverage all

available internal data.

• Processing large volumes of data requires additional processing power,

which increases the speed of the system but may also increase
operational costs.

• AI is useful for identifying anomalous behavior and complex networks

when deployed responsibly following sufficient testing.

External data
External data refers to information from sources outside the organization. It is
important that organizations source, collate, clean, and prepare external data
before using it. It is essential that organizations source, collate, clean, and
prepare external data before incorporating it into their compliance systems.
Third parties can also provide external data, such as lists for screening
purposes, intelligence from government agencies, or identification details
from registries.

External data enriches and enhances internal data. For example, organizations
import business registration details to improve KYC and due diligence
processes. Similarly, data from court records and other government agencies
can be valuable.

Organizations also use external data to perform a specific function, such as list
screening. For larger financial institutions, data sources are usually third-party
providers who collate data from multiple sources and provide a single
preconfigured dataset. Another example of a specific function for external
data is adverse media screening, which sources can supply automatically or
manually.

Organizations should take care when using external data. They are
accountable for system accuracy. Organizations should validate and test
externally provided data for accuracy, reliability, compatibility, and
consistency. This is particularly relevant when using open-source or publicly
available records.

Certified Anti-Money Laundering Specialist Page 472

Version 7.0
Organizations should consider the source of external data and whether
additional checks are needed to validate its quality or assess potential
malicious data or misinformation, such as incorrect adverse media reports. AI
products provide useful information, but AI responses should be verified like
any external data. It is more appropriate to use AI to locate primary sources,
which can then be verified for accuracy. Organizations should require
additional system testing when incorporating external data into compliance
systems to check for poor quality and negative performance impacts.

Additionally, an organization should consider whether it has a legal right to use

the data. Consider whether storage and retention restrictions apply. For
example, many jurisdictions have laws and regulations governing what data
may be used for and how organizations must store or delete it. Organizations
are using privacy-enhancing technologies and other tools to broaden the
availability of data for financial crime purposes while adhering to local data
regulations.

Integrating data from various sources

Organizations collect data from a variety of sources, both internal and
external. They then collate the data into a data store such as a data
warehouse or data lake.

Collecting data from multiple sources means the data points might be similar
in content but different in format. For example, one source might provide the
date of birth as <dd/mm/yyyy> with the label <date of birth>, while another
source might provide it as <yymmdd> with the label <dob>. In this example, the
data points have different sequences and different labels for similar data.
When integrating this data, organizations need to store it in a way that ensures
no original data is lost and that the data is correct and consistent for any
downstream systems. Multiple downstream systems that use different data
fields and labels can complicate this process even more.

With data integration processes, organizations need to merge, enrich, or

enhance data in some way. The basic form of integration requires
organizations to store data together and move it through a staging process in
a coherent sequence as needed for a particular system. The staging process
ensures that data from one source system merges or combines with other
source data to meet the requirements of the end-user system. Because

Certified Anti-Money Laundering Specialist Page 473

Version 7.0
organizations need to move, retrieve, update, and validate data constantly, the
process can be inefficient and prone to error.

More recent technologies allow data to remain with the original source.
Organizations retrieve the data via dedicated integration tools when they
need it. These tools connect the source and the end-user system. The tools
include processes to ensure the data is valid, consistent, and coherent.

Certified Anti-Money Laundering Specialist Page 474

Version 7.0
Data preparation

Data quality
Effective compliance systems require high-quality data. Data loaded into
compliance systems can include:

• Customer details, such as name and address.

• Attributes, such as type of business and type of accounts held.

• Customer activity, such as what transactions are sent and received and
who else is involved.

Compliance specialists may also decide to source external information such

as lists of known criminals and terrorists, adverse media reports, and other
useful material to help systems better detect risk within their customer or
transactional base.

Data quality is a determinant of how well organizations can use data elements
within compliance systems and processes. Raw data often contains errors,
inconsistencies, and missing information. Inaccurate and incomplete data can
lead to missed instances of criminal risk. While high-quality data does not
need to be perfect, it should be fit for its purpose. For AFC compliance,
professionals need good data to monitor or screen customers in alignment
with their risk appetite and determine where financial crime risk occurs to a
satisfactory level of accuracy.

Organizations should measure data quality against qualitative and quantitative

metrics, such as completeness, accuracy, consistency, timeliness, and validity.
Throughout the data’s life cycle, organizations can collect, collate, store,
retrieve, manipulate, analyze, move, merge, strip, and subject it to many other
processes. Organizations should check data for quality and reconcile it—
meaning compare its expected quality against its actual quality for
consistency—each time they alter or move it.

Professionals should include these metrics in management reporting as part

of ongoing governance to ensure that they can assess the quality of data, and
therefore the quality of the compliance system output, at any time. This data

Certified Anti-Money Laundering Specialist Page 475

Version 7.0
quality reporting provides a trigger so that deficiencies in reports can identify
where corrective action is required.

Data preparation
Data preparation is a process that includes collecting, cleaning, transforming,
and preparing data for analysis. Clean, well-structured data enhances system
robustness by reducing errors, speeding up processing, and optimizing
system performance.

When done correctly, data preparation can have a direct impact on the
business, as data quality ensures accuracy, consistency, reliability, and
compliance with regulatory requirements. Thorough data preparation builds a
strong foundation for detecting financial crime and making informed
decisions.

Although data engineers typically perform data preparation, it is important

that members of the AFC team understand each step in the process.

Data extraction is the process of gathering data from various sources such as
customer databases and third-party providers. The methods used to collect
data include application programming interface calls, extract, transform, load
processes, and network traffic analysis. The more comprehensive the data,
the better the chance of identifying suspicious patterns.

Data transformation involves cleaning and converting raw data to improve its
quality and usability. This step removes duplicates, corrects errors, handles
missing values, and ensures consistency across the dataset. For example,
inconsistencies in date formats or currency types could lead to incorrect
analyses. Data transformation also converts data into a format suitable for
analysis. This includes normalizing and encoding data, and creating features,
such as aggregated data, frequencies, sums, averages, and standard
deviations.

Data loading stores the processed data in a database or data warehouse.

Data mining and data matching take the data that has been extracted,
prepared, and loaded and apply various algorithms and analytical techniques
to it. The purpose is to detect anomalies and recognize patterns and
correlations indicative of suspicious behavior.

Certified Anti-Money Laundering Specialist Page 476

Version 7.0
Accurate and consistent data makes AFC systems more robust, impactful,
and effective, leading to reliable patterns and model classifications.

Case example: Handling increased alert

volume
Magnify Bank has expanded and grown significantly over the past several
years, and its transaction monitoring system has had issues keeping up with
the increasing volume and complexity of alert activity. A central issue is that
data comes to the system from several sources, and this data is often
incomplete or provided in different formats, making the downstream analysis
unreliable and, in some cases, obsolete. Magnify Bank has initiated a project to
integrate data from multiple source systems and prepare it for various end-
user applications.

Magnify Bank begins by collecting data from internal systems, such as the KYC
and customer onboarding systems and the transaction processing system. It
also collects external data from sanctions and PEP lists, as well as adverse
media reports.

The bank prepares the data by extracting it from source databases,

document stores, and external sources. A review of the data reveals several
issues that the bank needs to address before it can integrate and use that
data. The data includes inconsistent formats and fields, missing information,
and duplication. The bank starts by standardizing the data into a common
schema, according to the data dictionary.

In the cleaning and transformation process, Magnify Bank performs

deduplication and standardization protocols. It addresses missing data by
using automated techniques and flagging incomplete records for manual
review and remediation. It performs entity resolution to consistently identify
customer identities across different datasets by using fuzzy logic and
machine learning.

Next, Magnify Bank performs data integration by merging the data into a
centralized warehouse for analytics and reporting. The bank creates a unified
profile for customers, including consolidated attributes from all sources. The
bank then enriches the data by linking customer behavior with external risk
indicators.

Certified Anti-Money Laundering Specialist Page 477

Version 7.0
To aggregate customers’ data and thus benefit from synergies among the
data, Magnify Bank calculates the customer risk scores based on transaction
anomalies, historical behaviors, and external risk indicators. The bank
generates attributes such as "average transaction size," "number of high-risk
transactions," and "recent adverse media mentions.”

The bank leverages outputs in several end-user systems to make informed

decisions regarding customer risk level. This includes the financial crime
detection system, regulatory compliance dashboard, and customer record
management system. All of these systems work together to produce a
comprehensive risk assessment for the customer.

Magnify Bank integrates the customer risk profiles with transaction data in the
TM system to detect anomalies and trigger alerts. By ensuring that the data
going into the TM system has been properly standardized and integrated, the
transaction monitoring process is now more reliable and efficient, reducing
the number of false positives and the risk of missing suspicious behavior.

Key takeaways

There are four key processes for data preparation:

• Extract data from source systems.

• Clean and transform data for use by multiple systems.

• Integrate data by combining multiple sources.

• Aggregate data to benefit from data synergies.

Data lineage
Data lineage is the process of tracking and mapping dataflows from the
source system to the end user. It provides a clear view of how organizations
source data, including external sources and staging processes, where and
how data transforms, and ultimately how end-user systems consume it. Data
lineage can help rebuild fragmented or damaged data flows and reconstruct
system outputs by recreating point-in-time data feeds. It can also assist in
debugging systems by pinpointing incorrect data points such as
inconsistencies, duplications, or missing information.

Certified Anti-Money Laundering Specialist Page 478

Version 7.0
Data lineage can be either backward or forward. Backward data lineage goes
from the end-user system to the source, while forward lineage goes from the
source to the end-user system. Both processes are required for complete
data reconciliation. Reconciled data allows organizations to see and
understand each step along the data flow and use this information to quantify
some aspects of data quality. Quantified data reconciliation is a key metric for
governance and regulatory reporting.

Compliance and internal audit benefit from data lineage, as it can

demonstrate how organizations adhere to strict regulations such as the GDPR
or ESG-based directives and expectations. Data lineage also plays a role in
data preparation processes by ensuring that data transformations are
documented and efficient. Another key advantage of data lineage is
facilitation of root cause analysis when errors occur. If incorrect data appears
in reports, lineage tracing helps identify the original source and transformation
steps, allowing for quick resolution and reducing the risk of data corruption.

By tracking data movements and transformations, organizations can show

compliance and improve data governance. However, full data lineage is not
always possible. Source systems or in-process transformations can corrupt
dataflows and disrupt how transformation outcomes are interpreted. In these
instances, it is still possible—and beneficial—to complete partial data lineage to
maximize process benefit.

The critical need for clear data lineage was highlighted in July 2024, when
Citibank was fined $136 million through a joint action by the Federal Reserve
and the Office of the Comptroller. Citibank was penalized for making
insufficient progress in fixing data management issues identified in 2020.
These prior data management issues had then resulted in a fine of $400
million after regulators identified various deficiencies, including in data quality
management.

Certified Anti-Money Laundering Specialist Page 479

Version 7.0
AFC data extraction
Spreadsheets and data tables present data in neatly organized rows and
columns, which make reading and adjusting easier and assist with manual
analysis. Data storage, however, often relies on relational databases,
distributed file systems, and cloud architectures to optimize data for ease of
retrieval and processing rather than ease of reading. Extract, transform, and
load (ETL) processes bridge the gap between the complexity of how systems
store data and the simplicity and readability of a spreadsheet or table.

ETL processes require data to first be structured according to predefined

schemas. Business and IT teams have to agree on field definitions, data types,
and unique data identifiers to prevent mismatches and misinterpretations and
ensure consistency and uniformity across systems.

Before extraction, validation rules check for missing values, incorrect formats,
or duplicate records. If quality issues or inconsistencies are found, a separate
process is applied to correct, reject, or manually review the problematic data.
Automated extraction tools use API or database queries to pull data efficiently,
reducing manual errors and ensuring completeness. API enables automated
retrieval of data from various sources, such as databases, cloud services, or
third-party applications, without manual intervention.

After extraction, data transitions to one of two destinations: the “landing zone”
for raw data storage or the intermediary “staging area” for cleaning and
preparation for loading. During this interim stage, data transformation
prepares the data for use within the compliance system.

Depending on its intended use, the data then loads into a data warehouse,
data lake, or similar technology. Data warehouses store structured data
optimized for analysis and reporting, while data lakes store unstructured or
semi-structured data at scale. The compliance solution then accesses the
data lake, data warehouse, or similar technology through further APIs or direct
feeds.

Correctly executed extract, transform, and load processes ensure that data
flows correctly from source to destination while maintaining accuracy,
security, and usability.

Certified Anti-Money Laundering Specialist Page 480

Version 7.0
Data mining and matching
Data mining and data matching use advanced analytical techniques to
uncover hidden patterns, correlations, anomalies, and connections within
large datasets. These methods use various algorithms and analytical
techniques, including machine learning models and statistical analyses, to
detect anomalies and recognize patterns indicative of fraudulent behavior.

Data mining and data matching help AFC professionals save time by efficiently
sifting through large amounts of data. They offer a more precise and effective
method of identifying potential financial crimes. This allows for quicker and
more accurate responses to financial crime threats.

Data mining and data matching are essential techniques in AFC systems. Data
mining extracts useful information from large complex datasets, revealing
valuable patterns, insights, relationships, and trends. Data mining can uncover
unusual transaction patterns, such as large purchases from unexpected
locations, or frequent small transactions that add up to a significant sum. By
analyzing these patterns, AFC professionals can recognize behaviors that
deviate from typical activities.

Data matching involves comparing and linking data from different sources to
identify inconsistencies or discrepancies. For example, data matching can be
used to compare a customer's address with public records to verify accuracy,
or cross-check insurance claims with medical records to find inconsistencies.
This process helps to verify the authenticity of the data to detect fraudulent
claims or false information.

Combining data mining and data matching enhances the accuracy and
effectiveness of the AFC systems. Data mining might identify a cluster of
suspicious transactions from a specific geographical region or demographic
group. Data matching can then be used to verify the legitimacy of the
customers and addresses involved in these transactions. By cross-referencing
various data sources, data matching helps confirm or rule out potential
suspicious activities. Using these techniques helps maintain strong detection
rates and minimizes false positives.

Certified Anti-Money Laundering Specialist Page 481

Version 7.0
Case example: Analyzing customer
behaviors
Evertrust Bank is working to improve its ability to prevent and detect financial
crimes such as money laundering. To do this, the bank uses both data
matching and data mining techniques to analyze customer behaviors and
identify suspicious activity.

Evertrust Bank simulates a scenario with a fictional customer named John

Doe, who attempts to open a new account using a driver’s license
identification number and other personal details. The bank's system performs
a matching process, checking this data against its internal watchlist and
external databases such as government sanctions lists and known criminal
databases. As expected, John Doe’s information matches an entry on these
lists, and the system flags the application for further review.

Later, Evertrust Bank tests a scenario where John Doe is already a customer.
Using data mining techniques such as machine learning algorithms and
anomaly detection, the bank explores large pools of data to identify patterns,
relationships, and anomalies that might otherwise not be apparent. The test
compares the fictional customer’s activity to patterns that the data mining
processes have identified as indicative of money laundering or terrorist
financing, such as making repeated high-value transfers to multiple foreign
accounts. It then determines that John Doe is engaging in similar types of
suspicious activities.

Using clustering algorithms, the system identifies accounts that exhibit

suspicious patterns of activity. Although the test does not identify specific
transactions that indicate money laundering, the customer’s overall activity
and KYC information place it into the cluster of higher-risk customers.

These tests demonstrate that Evertrust Bank’s prevention and detection

systems are effectively identifying potential financial crimes. Through ongoing
scenario testing, the bank ensures that its systems remain resilient against
evolving criminal tactics. As threats grow ever more sophisticated, the bank
remains proactive in enhancing its mining and matching capabilities, ensuring
a dynamic and intelligent approach to fraud prevention.

Certified Anti-Money Laundering Specialist Page 482

Version 7.0
Key takeaways

• Mining and matching are useful for improving financial crime prevention
and detection.

• Use data mining to uncover patterns that might otherwise go undetected.

• Use data matching to check data in different datasets against fixed criteria.

Data validation and testing

Data validation and testing ensure that datasets are accurate, consistent, and
reliable before they are used within compliance systems. First, an automated
process extracts raw data from various source systems. At this stage,
inconsistencies or errors might already be present, making validation crucial.

The next step is data cleaning, which involves identifying and correcting
duplicate records, missing values, and incorrect entries. Automated scripts or
tools help standardize formats, ensuring that dates, numerical values, and
categorical data—such as name, gender, and occupation—are consistent
across the dataset.

Once data is clean, the validation process begins. This involves applying
predefined rules and constraints, such as checking for valid email formats,
ensuring numerical values fall within expected ranges, and verifying that
categorical data contains only permitted values. Data validation should include
testing for completeness to ensure the data includes all that was asked for. It
should also include testing for accuracy to ensure data is aligned to intended
business requirements for the system or solution. Violations of this process
trigger alerts or exceptions, requiring manual review or automated
corrections.

Data testing is the next step. Preset checks analyze and assess sample data
accuracy. Common methods include:

• Unit testing for individual data points.

• Integration testing to ensure different datasets work together.

• System testing to ensure data works with the compliance system.

• Regression testing to confirm that new data does not cause existing
functionalities to fail.

Certified Anti-Money Laundering Specialist Page 483

Version 7.0
Anomaly detection techniques also help identify outliers or inconsistencies
that could indicate underlying issues.

Reliability checking is an important outcome of the testing process. Reliability

means that validation and testing are repeatable and that expected results
can be predicted and replicated if required. This structured approach to
validation and testing ensures high data quality by minimizing errors and
improving the integrity of insights derived from the information or the
functioning of the compliance system.

Entity resolution
Organizations use entity resolution in compliance systems to accurately
identify individuals, organizations, and other entities across different datasets.
Entity resolution is the process of confirming whether multiple records are
referring to the same data item. It improves financial crime detection by
consolidating and linking entity-related information from various sources to
create a single view of the customer. This adds greater precision and,
therefore, greater certainty to the identity and expected activities of
customers and related parties.

Entity resolution tools and systems assemble data from multiple internal and
external sources, including customer databases, transaction records, and
external watchlists such as the OFAC, UN, and EU sanctions lists. Automated
processes then clean and standardize this data to ensure consistency in
formatting and handling variations in names, addresses, and other identifying
details.

Entities often have multiple representations across different datasets.

Normalization techniques, such as phonetic encoding, fuzzy matching, and
synonym handling help transform data into a comparable format. Matching
algorithms then link data. Deterministic matching looks for exact matches
based on predefined rules, such as identical passport numbers. Probabilistic
matching assigns similarity scores based on weighted, or statistical, attributes,
which helps to identify close matches even with minor discrepancies.

Once entities are linked, risk-based scoring models assess potential matches.
The system escalates high-risk matches to data specialists for manual review,
while automatically clearing or "hibernating" low-risk cases for future manual
or automated review. As new data becomes available, entity resolution

Certified Anti-Money Laundering Specialist Page 484

Version 7.0
systems continuously update and refine entity profiles to maintain accuracy
and improve detection capabilities.

Entity resolution goes beyond enhancing KYC processes. For example, two
businesses may appear to operate independently as small enterprises.
However, after accurately linking available internal and external data, you
discover they are ultimately owned by a company that holds a majority stake
in each, along with several other similarly sized firms. Transactional records
support the assumption that these businesses are related.

This deeper insight into the customer’s structure enables a more accurate
assessment of localized risk, ensuring appropriate due diligence and risk
management. By improving entity resolution in this way, transaction
monitoring and sanctions screening systems can reduce false positives and
enhance financial crime detection.

Attributes of a block and sources of data

In blockchain technology, information about transactions, assets, and other
actions is stored in blocks. Each block contains four key parts: data, a hash, the
previous hash, and metadata. The data within a block is simply the list of
transactions included in the block. A hash is the result of a complex
mathematical algorithm that serves as a unique identifier for a block. Each
block also contains information from the hash of the previous block. Metadata
contains information such as the block number and the timestamp.

Similar to analyzing transactions and specific address data, blockchain

explorers can be used to find various information about any past block.

Each cryptocurrency has its own blockchain, which allows multiple blockchain
explorers to track information. These blockchain explorers serve as sources of
data that allow users to find information about specific blocks. Some popular
blockchains, such as Bitcoin and Ethereum, have multiple blockchain
explorers with different features.

Different types of information about blocks can be found within blockchain

explorers. Depending on the virtual asset being analyzed, the following
information can often be found about a specific block:

• Height or number of the block

• Block reward paid to the miner

Certified Anti-Money Laundering Specialist Page 485

Version 7.0
• Size of the block in bytes

• Exact time the block was mined

• Number of transactions in the block

• Amount of funds in the block transactions

• Fees that were paid in the block transactions

• List of transactions included in the block

• List of participating addresses

• Other technical information

Blockchain explorers help users find information that can be used for analysis
by researchers and companies. These explorers are third-party tools that
could present false information, both intentional and accidental. Sometimes,
different blockchain explorers might present different information on the
same transactions due to oversight or misinterpretation. It is important for
users to adequately research their blockchain explorer before using it. It is also
helpful to compare data between blockchain explorers to determine their
reliability.

Clustering
An important topic in cryptocurrency transactions is clustering, which is a
deanonymizing feature built into some cryptocurrencies such as Bitcoin.
Clustering is the process of using blockchain data to group multiple addresses
or wallets into a single wallet in order to better understand transaction
patterns on the blockchain. For example, because more than one unique
address can be used to create a transaction, it is possible that multiple
addresses belong to a single entity. Blockchain analytic tools usually have built-
in clustering of Bitcoin (BTC) transactions, which allows a better
understanding of such activity.

Clustering is an attribute of BTC and several other cryptocurrencies that aid in

deanonymizing blockchain transactions. When more than one cryptocurrency
address is used in a single transaction input, it is likely that these addresses are
controlled by the same entity. This information helps investigators analyze
activity and better understand the big picture when screening transactions.

Certified Anti-Money Laundering Specialist Page 486

Version 7.0
Most blockchain analytic tools used by investigators have a clustering feature
enabled in their visualization software. Instead of showing transactions made
by individual addresses, the addresses will be clustered into a single wallet
with multiple addresses inside that wallet. By demonstrating which addresses
belong to the same entity, it speeds up the task of analyzing and
comprehending the data.

Example of clustering:

• Address 1 and address 2 send funds to address 4.

• After some time, address 2 and address 3 send funds to address 5.

In this case, it can be assumed with a high degree of certainty that address 1
and address 3 belong to the same entity because address 2 was used with
both of these addresses together. In this case, addresses 1, 2, and 3 will be
clustered into a wallet belonging to a single entity.

Certified Anti-Money Laundering Specialist Page 487

Version 7.0
Governance process

Data governance committees

Data is a critical asset for decision-making, risk assessment, regulatory
compliance, and customer engagement. While data management includes
actions taken to store, organize and maintain data, data governance provides
the necessary frameworks, policies, and assurance measures to control these
processes effectively.

Committees dedicated to data management and governance across an

organization focus on accuracy, security, and compliance with industry
standards. These committees are centralized bodies that establish policies,
frameworks, and best practices for data handling. By setting clear data
governance standards, they ensure consistency across business units,
reducing the risk of errors, financial crime, or regulatory breaches.
Governance committees receive regular updates on data reconciliation, data
lineage, and validation and testing results as part of their oversight
responsibilities. Deficiencies are subject to corrective actions under the
committee’s supervision.

Regulatory compliance is a key focus, as financial institutions must adhere to

strict guidelines such as the GDPR, the California Consumer Privacy Act, and
Basel III. Committees monitor compliance, ensuring that the organization
collects, stores, and processes data according to legal and ethical standards.
This oversight helps mitigate legal risks and protects the organization from
penalties or reputational damage.

Committees work closely with IT and cybersecurity teams to establish

security protocols for data protection, preventing breaches, cyber threats,
and unauthorized access. In a more strategic role, they oversee the use of
data for innovation. In this role, they help the organization achieve a
competitive advantage by identifying valuable trends, improving customer
risk assessments, and optimizing detection performance across internal
business units.

An executive who is accountable for process and system outcomes should

chair data management and governance committees. For financial crime

Certified Anti-Money Laundering Specialist Page 488

Version 7.0
compliance committees, the chair may be the head of monitoring or
screening. For a senior committee in a large organization, it may be the group
MLRO. Committee members should include representatives from the end-
user community, IT teams, and the upstream source data providers.

Data governance administration and quality

control
AFC compliance technology solutions rely on data governance processes to
ensure high-quality data. A well-structured data governance framework
includes ongoing processes for both approval and oversight. Data is rarely
permanent and will require changes such as additions, deletions, merging,
separation, and other transformation activities needed for compliance system
operations.

Most common changes involve introducing new data sources or modifying

existing ones, such as integrating third-party watchlists, sanctions lists, or
internal risk databases. These require a formal change management approval
process, which should include impact assessments, validation checks, data
mapping, and governance committee approvals before deployment.

Changes can also encompass adjustments needed for active operating data
used in compliance system models. Governance structures should approve
changes to thresholds, rules, or machine learning parameters before
implementation.

Not all governance processes involve change. Oversight processes include

periodic data quality assessments and scheduled reviews of key data
attributes, such as accuracy, completeness, timeliness, and consistency.
Governance teams conduct exception reporting, outlier analysis, and data
reconciliation exercises to detect anomalies, and assign corrective action for
deficiencies under supervision of the committee or delegate. These
corrective actions are often associated with data or system changes that
require additional governance approvals.

It is best practice to include a structured approval process before submitting

AFC compliance system outputs to other stakeholders, such as audit teams
and regulators. These outputs include suspicious activity reports, transaction
monitoring outputs, data quality reports, and outcomes from oversight

Certified Anti-Money Laundering Specialist Page 489

Version 7.0
processes. Governance committees must review these key reports for
precision.

Role-based access control refers to a model of authorizing end-user access

to specific systems and data based on the role of the end user. Data
governance principles drive organizations to provide users access to data only
when needed, with clear policies and procedures in place to govern the
update of access rights.

Strong governance mechanisms generate trust in data-driven compliance

solutions, ensuring they remain effective in combating financial crime while
meeting evolving regulatory expectations.

Certified Anti-Money Laundering Specialist Page 490

Version 7.0
Glossary
1LoD

First line of defense

2FA

Two-factor authentication

6AMLD

Sixth Anti-Money Laundering Directive

ABC

Anti-bribery and corruption

ACH

Automated clearing house

ACWG

Anti-corruption working group

AFC

Anti-financial crime

Affidavit

A written statement given under oath before an officer of the court, notary
public, or other authorized person. It is commonly used as the factual basis for
an application for a search, arrest, or seizure warrant.

AFP

Australian Federal Police

AI

Artificial intelligence

Certified Anti-Money Laundering Specialist Page 491

Version 7.0
Alternative remittance system (ARS)

An underground banking or informal value transfer system. Often associated

with the Middle East, Africa, or Asia, and commonly involving the transfer of
values among countries outside of the formal banking system. The remittance
entity can be an ordinary shop selling goods that has an arrangement with a
correspondent business in another country. There is usually no physical
movement of currency and a lack of formality with regard to verification and
recordkeeping. The money transfer takes place by coded information that is
passed through chits, couriers, letters, faxes, emails, text messages, or online
chat systems, followed by some form of telecommunications confirmations.

AML

Anti-money laundering

AML/CFT

Anti-money laundering and countering the financing of terrorism

AML/CFT/CPF

Anti-money laundering, countering the financing of terrorism, and countering

proliferation financing

AMLA

Anti-Money Laundering Act

AMLD

Anti-Money Laundering Directive

Anti-money laundering (AML) / Bank Secrecy Act (BSA) officer

An individual appointed within a financial institution with specific

responsibilities and duties to oversee and implement the AML compliance
program.
The BSA officer position is predominantly a role within US financial institutions,
as the role specifically aligns with requirements of the BSA. See Bank Secrecy
Act (BSA).

Certified Anti-Money Laundering Specialist Page 492

Version 7.0
Anti-money laundering and countering the financing of terrorism program

A system designed to assist institutions in their fight against money laundering

and terrorist financing. In many jurisdictions, government regulations require
financial institutions, including banks, securities dealers, and money services
businesses, to establish such programs.

API

Application programming interface

API/PNR

Advance passenger information and passenger name record

Arrest warrant

A court order directing a law enforcement officer to seize and detain a

particular person and require him or her to provide an answer to a complaint
or otherwise appear in court.

ART

Asset-referenced token

ASO

Australian Sanctions Office

Asset misappropriation

Theft or misuse of company assets.

Asset protection

A process that includes reorganizing how assets are held to make them less
vulnerable should a claim be made against a person. Asset protection is also a
term tax planners use for measures taken to protect assets from taxation in
other jurisdictions.

AUM

Assets under management

Certified Anti-Money Laundering Specialist Page 493

Version 7.0
AUSTRAC

Australian Transaction Reports and Analysis Centre

Automated clearing house (ACH)

An electronic banking network that processes large volumes of both credit

and debit transactions that originate in batches. ACH credit transfers include
direct deposit payroll payments and payments to contractors and vendors.
ACH debit transfers include consumer payments on insurance premiums,
mortgage loans, and other kinds of expenses.

Automated teller machine (ATM)

An electronic banking outlet that allows customers to complete basic

transactions without the assistance of a bank employee. ATMs generally
dispense cash, allow check and cash deposits and transfers to be made, as
well as balance inquiries. For the purposes of money laundering, ATMs located
in remote areas provide criminals the opportunity to evade face-to-face
interactions with bank staff and may allow criminal activity to go undetected
for a potentially greater period of time.

B2B

Business-to-business

B2C

Business-to-consumer

BaaS

Banking-as-a-service

BaFin

Federal Financial Supervisory Authority (of Germany)

Certified Anti-Money Laundering Specialist Page 494

Version 7.0
Bank Secrecy Act (BSA)

Formally known as the Currency and Foreign Transactions Reporting Act, a US

law enacted in 1970 that requires financial institutions to assist government
agencies in detecting and preventing money laundering and other financial
crimes. The BSA mandates reporting and recordkeeping requirements for
transactions involving cash, foreign accounts, and suspicious activities.

Banking-as-a-service (BaaS)

The integration of digital banking services into non-bank businesses through

application programming interfaces. It allows third-party companies to offer
banking products, such as accounts, payments, and loans, by leveraging the
infrastructure and compliance of established financial institutions. This model
enables greater innovation, flexibility, and customer-centric solutions in the
financial services sector.

Basel Committee on Banking Supervision (Basel Committee)

An international regulatory body composed of central banks and banking

supervisors from various countries. Established in 1974, the committee’s
primary purpose is to enhance financial stability by developing and promoting
standards for banking supervision and regulation. See www.bis.org/bcbs.

Batch processing

A method of executing a series of tasks or transactions collectively at one

time, rather than processing each task individually in real time. This approach
is commonly used in data processing, programming, and financial
transactions to increase efficiency and optimize resource utilization.

BAU

Business-as-usual

BCBS

Basel Committee on Banking Supervision

Certified Anti-Money Laundering Specialist Page 495

Version 7.0
Bearer form

A type of financial instrument or document that is payable to the holder or

“bearer” of the instrument rather than a specific individual or entity. This
means that ownership is transferred simply by possession; whoever physically
holds the document has the right to claim the associated value or benefit.

Bearer negotiable instrument

A financial document that represents a promise to pay the holder or bearer a

specified amount of money, which can be easily transferred from one party to
another through mere possession. This instrument does not require
endorsement by the original holder to be transferred, allowing for
straightforward transferability.

Bearer share

A type of equity (shares) security that represents ownership in a company

and is issued in a form that grants ownership rights to the person or entity that
physically holds the share certificate. Unlike registered shares, which are
recorded in the company’s shareholder register associated with a specific
owner, bearer shares do not have a registered owner, allowing for anonymous
ownership and easy transferability.

BEC

Business email compromise

Beneficial owner (BO)

The term “beneficial owner” has two different definitions depending on the
context:

• The natural person who ultimately owns or controls an account through

which a transaction is being conducted.

• The natural people who have significant ownership of, as well as those who
exercise effective control over, a legal person or arrangement.

Certified Anti-Money Laundering Specialist Page 496

Version 7.0
Beneficiary

The term “beneficiary” has two different definitions depending on the context:

• The person (natural or legal) who benefits from a transaction, such as the
party receiving the proceeds of a wire or a payout on an insurance policy.

• In the trust context, all trusts (other than charitable or statutory-permitted

noncharitable trusts) must have beneficiaries, which may include the
settlor. Trusts must also include a maximum time frame, known as the
perpetuity period, which normally extends up to 100 years. Although trusts
must always have some ultimately ascertainable beneficiary, they may
have no defined existing beneficiaries.

BIS

Bank for International Settlements

Black Market Peso Exchange (BMPE)

A complex method of trade-based money laundering involving the use of an

informal and illegal market to exchange foreign currency, particularly US
dollars, for local currency (typically pesos) outside official financial systems.
This method is often used by individuals and entities involved in money
laundering, drug trafficking, or other illicit activities to disguise the proceeds of
their crimes and convert them into legitimate currency.

Blockchain

A decentralized digital ledger technology that records transactions across

multiple computers in a way that ensures security, transparency, and
immutability. Each transaction is grouped into a block, which is
cryptographically linked to the previous block, forming a chain. This structure
prevents tampering and fraud, making blockchain suitable for various
applications, including cryptocurrencies, supply chain management, and
identity verification.

BMPE

Black Market Peso Exchange

BO

Beneficial owner
Certified Anti-Money Laundering Specialist Page 497
Version 7.0
BPI

Bribe Payers Index

BRN

Business registration number

Broker-dealer

A firm or individual that buys and sells securities on behalf of clients.

BSA

Bank Secrecy Act

BVI

British Virgin Islands

C2B

Consumer-to-business

C2C

Consumer-to-consumer

CAMLO

Chief anti-money laundering officer

CAMS

Certified Anti-Money Laundering Specialist

Cardholder

An individual or entity that possesses a payment card, such as a credit card,

debit card, or prepaid card, and is authorized to use it for conducting financial
transactions. The cardholder’s name is typically printed on the card, and the
cardholder has the right to initiate purchases, access funds, or receive
financing based on terms provided by the card issuer.

Cash smuggling

Illegal transportation of cash across borders.

Certified Anti-Money Laundering Specialist Page 498

Version 7.0
Cashier's check

A type of payment instrument that is issued and guaranteed by a bank or

financial institution, drawn on the bank’s own funds rather than the personal
funds of an individual. Cashier’s check fraud refers to various schemes in
which criminals use counterfeit or fraudulent cashier’s checks to deceive
individuals or businesses into relinquishing goods, services, or money.

Cash-intensive business

An enterprise that primarily deals in cash transactions, meaning that a

significant portion of its income is derived from cash sales rather than
electronic payments or credit transactions. Businesses such as restaurants,
takeaway delivery services, taxi firms, and car washes often have high
volumes of cash flow, making them particularly susceptible to financial crimes
such as money laundering and tax evasion, as it becomes easier to
commingle illegally obtained funds with legitimate business income.

CASP

Cryptoasset service provider

CB

Custodian bank

CBDC

Central bank digital currency

CCC

Comptroller of the Currency

CDD

Customer due diligence

CFT

Countering the financing of terrorism

CIP

Customer Identification Program

Certified Anti-Money Laundering Specialist Page 499

Version 7.0
Concentration account

A type of bank account businesses use to aggregate funds from multiple sub-
accounts or locations into a single account. This practice helps streamline
cash management and optimize liquidity but can create opportunities for illicit
activities if not properly monitored. Also called an omnibus account.

Confidentiality

The ethical and legal duty to protect private information from being disclosed
to unauthorized individuals or entities. It refers to the practice of safeguarding
sensitive data and ensuring it is only accessible to those who are authorized to
have that information.

Confiscation

The legal process whereby authorities seize property or assets from

individuals or entities, typically as a result of illegal activity or non-compliance
with laws and regulations. Confiscation can occur without compensation to
the owner and is often executed by government agencies as part of law
enforcement efforts to combat crime, particularly in cases related to drug
trafficking, money laundering, or other criminal activities. See Forfeiture.

Corporate vehicle

A legal entity or structure created to facilitate business operations, manage

risks, or achieve specific financial and operational objectives. This vehicle can
include various forms of corporations, such as private limited companies,
public limited companies whose shares are not traded on a stock exchange,
trusts, limited liability partnerships, and private investment companies.
Occasionally, it is difficult to identify the people who are the ultimate beneficial
owners and controllers of corporate vehicles, which makes the vehicles
vulnerable to money laundering.

Certified Anti-Money Laundering Specialist Page 500

Version 7.0
Correspondent banking

An arrangement between banks to provide services on behalf of each other,

particularly in international financial transactions. This enables banks to
conduct business and offer services in regions where they may not have a
physical presence or local licenses, facilitating the movement of capital and
information across borders. Correspondent banks typically offer a range of
services including foreign currency exchange, wire transfers and payment
processing, clearing and settlement of international transactions, and support
for trade finance-related transactions.

COSMIC

Collaborative Sharing Money Laundering/Terrorism Financing Information and

Cases

CPF

Counter-proliferation financing

CPI

Corruption Perceptions Index

CRA

Customer risk assessment

Credit card

A financial instrument issued by a bank or financial institution that allows

cardholders to borrow funds to make purchases or withdraw cash up to a
specified credit limit. It enables users to access credit for transactions instead
of using cash or debit from a bank account. Cardholders are required to pay
back the borrowed amount, usually with interest, over time. Credit cards may
be used to launder money when payments of the amounts owed on the card
are made with criminal money.

Criminal proceeds

Any property derived from or obtained, directly or indirectly, through the

commission of a crime.

Certified Anti-Money Laundering Specialist Page 501

Version 7.0
Cross-border transfer

The movement of funds or assets between individuals or entities located in

different countries.

Cryptocurrency

A digital or virtual currency that uses cryptography for security and operates
on decentralized blockchain technology. Cryptocurrencies are designed to
work as a medium of exchange, allowing users to transact directly without
intermediaries, such as banks. Bitcoin is an example of a cryptocurrency.

CSP

Company service provider

CTR

Currency transaction report

Currency transaction report (CTR)

A report documenting a physical currency transaction that exceeds a certain

monetary threshold. A CTR can also be filed on multiple currency transactions
that occur in one day and collectively exceed the required reporting amount.
Some countries, including the US, have requirements addressing when CTRs
should be filed with government authorities.

Custodian

A financial institution, individual, or other entity that is responsible for the

safeguarding, administration, and management of assets on behalf of clients,
such as individuals, businesses, or institutional investors. Custodians play a vital
role in ensuring the security of assets, as well as providing a range of related
services, including recordkeeping, transaction processing, and compliance. A
custodian holds assets to minimize risk of theft or loss and does not actively
trade or handle the assets.

Custody

The act of safeguarding and administering clients’ investments or assets, or

the authority to do so.

Certified Anti-Money Laundering Specialist Page 502

Version 7.0
Customer due diligence (CDD)

The process of verifying the identity of clients and assessing their potential risk
for involvement in money laundering, terrorist financing, or other financial
crimes. It is a crucial component of AML compliance and financial institution
regulatory frameworks.

Cybercrime

Criminal activities committed using computers, networks, or the internet. This

can involve a wide range of illegal activities that target individuals,
organizations, or governments, exploiting technology and digital platforms for
malicious purposes.

D2C

Direct-to-consumer

Dark web

A part of the internet that is not indexed by traditional search engines and is
intentionally hidden from public view. It consists of a vast network of
encrypted websites and online platforms that require specific software,
configurations, or authorization to access. The dark web operates on overlay
networks that run on the internet but are only reachable through specialized
tools, most notably The Onion Routing (TOR) browser.

DARPA

Defense Advanced Research Projects Agency

DCM

Debt capital market

Debit card

A financial card that allows the cardholder to access funds directly from his or
her bank account to make purchases, withdraw cash, or perform transactions.
Debit cards often allow for movement of cash via cash-back transactions or
withdrawals at ATMs and can also be used for internet-based transactions.

Certified Anti-Money Laundering Specialist Page 503

Version 7.0
Decentralized finance (DeFi)

Financial services built on blockchain technology that operate without

traditional financial intermediaries.

DeFi

Decentrailized finance

Denial-of-service (DoS) attack

An attempt to make a system or network unavailable by overwhelming it with

traffic or requests, causing disruption of services.

Designated nonfinancial businesses and professions (DNFBP)

Businesses and professions that are not classified as traditional financial

institutions but are nonetheless at risk of being used in money laundering or
terrorist financing activities. The term is used primarily within the context of
AML and CTF regulations.

DFAT

Department of Foreign Affairs and Trade

DFS

New York State Department of Financial Services

Distributed ledger technology (DLT)

A digital system for recording asset transactions in multiple places at the

same time, enabling secure, transparent, and tamper-proof recordkeeping.

DLT

Distributed ledger technology

DNFBP

Designated Non-Financial Businesses and Professions

DOJ

US Department of Justice

Certified Anti-Money Laundering Specialist Page 504

Version 7.0
Domestic transfer

An electronic funds transfer in which the originator and beneficiary institutions

are located in the same jurisdiction. A domestic transfer, therefore, refers to
any chain of wire transfers that takes place entirely within the borders of a
single jurisdiction, even though the actual system used to send the wire
transfer may be located in another jurisdiction or online.

DORA

Digital Operational Resilience Act

DPA

Deferred prosecution agreement

DPRK

Democratic People's Republic of Korea

EBITDA

Earnings before interest, taxes, depreciation, and amortization

EC

European Commission

ECCTA

Economic Crime and Corporate Transparency Act

ECM

Equity capital market

EDD

Enhanced due diligence

EEA

European Economic Area

Certified Anti-Money Laundering Specialist Page 505

Version 7.0
Egmont Group of Financial Intelligence Units

An international organization formed by a network of financial intelligence

units (FIU) from different countries. Established in 1995, the group aims to
enhance cooperation and collaboration among FIUs to combat money
laundering, terrorist financing, and other financial crimes. The Egmont Group
meets regularly to find ways to promote the development of FIUs and to
cooperate, especially in the area of information exchange, training, and
sharing of expertise.

EIO

European Investigation Order

Electronic funds transfer (EFT)

The movement of funds between financial institutions electronically. The two

most common electronic funds transfer systems in the US are FedWire and
CHIPS.

EMT

Electronic money token

Enhanced due diligence (EDD)

The additional measures that financial institutions and other regulated entities
undertake to assess the risks associated with certain customers or
transactions that present a higher risk of money laundering, terrorist financing,
or other illicit activities. EDD goes beyond standard due diligence processes
and is typically applied to high-risk customers, such as politically exposed
persons, clients from high-risk jurisdictions, or those involved in complex
transactions.

Certified Anti-Money Laundering Specialist Page 506

Version 7.0
Environmental, social, and governance (ESG)

A framework used to evaluate a company’s performance and risk

management in three key areas:

• Environmental: This aspect considers a company’s impact on the planet,

including factors such as carbon emissions, resource use, waste
management, and climate change initiatives.

• Social: This dimension evaluates how a company manages relationships

with employees, suppliers, customers, and the communities where it
operates, focusing on issues such as labor practices, diversity, and human
rights.

• Governance: This area assesses company leadership, organizational

structure, ethical practices, shareholder rights, and compliance with laws
and regulations.

ESG criteria are increasingly used by investors and stakeholders to make

informed decisions regarding a company’s sustainability and ethical practices.

ESG

Environmental, social, and governance

ETA

Euskadi Ta Askatasuna

ETL

Extract, transform, load

EU

European Union

EU AMLA

EU Anti-Money Laundering Authority

EUR

Euro

Certified Anti-Money Laundering Specialist Page 507

Version 7.0
European Union (EU)

A political and economic union of 27 countries located primarily in Europe.

Formally established by the Maastricht Treaty, which was signed in 1991, the EU
came into force in November 1993. It was established to promote cooperation
and integration among its member states, fostering economic collaboration,
political stability, and social progress.

European Union Directive on Prevention of the Use of the Financial System for
the Purpose of Money Laundering and Terrorist Financing

An EU directive aimed at preventing the use of financial systems for money

laundering and terrorist financing, primarily encapsulated in the Anti-Money
Laundering Directive. The most recent iteration is the 6th Anti-Money
Laundering Directive, which came into force in December 2020.

Europol

The law enforcement agency of the EU that assists member states in

combating serious international crime and terrorism. In the area of AML
efforts, Europol provides member states’ law enforcement authorities with
operational and analytical support via the Europol liaison officers and its
analysts, as well as state-of-the-art databases and communication channels.
Also known as the European Union Agency for Law Enforcement
Cooperation.

EWRA

Enterprise-wide risk assessment

Extradition

The surrender by one jurisdiction to another of an accused or convicted

person under an agreement that specifies the terms of such exchanges.

Extraterritorial reach

The ability of a country, legal system, or regulatory authority to apply its laws,
regulations, or legal jurisdiction beyond its own geographical boundaries. This
concept allows a state to enforce laws that have implications for activities
conducted in other countries or by individuals and entities located outside its
borders.

Certified Anti-Money Laundering Specialist Page 508

Version 7.0
FATF

Financial Action Task Force

FBI

Federal Bureau of Investigation

FCA

Financial Conduct Authority

FCPA

Foreign Corrupt Practices Act

FCRA

Financial crime risk assessment

FDIC

Federal Deposit Insurance Corporation

FFIEC

Federal Financial Institutions Examination Council

FI

Financial institution

Fiat currency

A type of government-issued currency that is not backed by a physical

commodity, such as gold or silver. Instead, its value derives from the trust and
confidence of the people who use it and the stability of the government that
issues it. An example of a fiat currency is the US dollar.

Certified Anti-Money Laundering Specialist Page 509

Version 7.0
Financial Action Task Force (FATF)

An intergovernmental organization established in 1989 to combat money

laundering, terrorist financing, and other threats to the integrity of the
international financial system. FATF develops and promotes policies aimed at
enhancing the effectiveness of measures to prevent and combat financial
crimes on a global scale. FATF develops annual typology reports showcasing
current money laundering and terrorist financing trends and methods. See
www.fatf-gafi.org.

Financial Action Task Force-style regional body (FSRB)

A regional group of countries that work together to implement the Financial

Action Task Force’s (FATF) Recommendations. FSRBs have forms and
functions similar to those of FATF. However, their efforts are targeted to
specific regions. In conjunction with FATF, FSRBs constitute an affiliated global
network to combat money laundering and terrorist financing.

Financial intelligence unit (FIU)

A specialized national agency or body responsible for receiving, analyzing, and

disseminating financial information related to suspicious activities that may
indicate money laundering, terrorist financing, or other financial crimes.

FinCEN

Financial Crimes Enforcement Network

FinCrime

Financial crime

FinTech

Financial technology

FINTRAC

Financial Transactions and Reports Analysis Centre of Canada

FIU

Financial intelligence unit

Certified Anti-Money Laundering Specialist Page 510

Version 7.0
Forfeiture

A legal process through which the government or another regulatory body

can seize assets or property that is believed to be connected to illegal
activities or obtained through unlawful means. This process is often used in
the context of criminal law, especially in regard to drug offenses, money
laundering, and other related crimes.

Fraud

The intentional act of deceiving or misleading individuals or entities for

personal or financial gain. It involves misrepresentation and manipulation of
information to obtain money, property, or services unlawfully.

FRB

Federal Reserve Board

Freezing order

The legal action taken to temporarily restrict or block access to funds or

assets, preventing their transfer, withdrawal, or disposal. This measure is often
implemented by law enforcement agencies, regulatory authorities, or financial
institutions in response to suspected criminal activity, such as money
laundering, fraud, or terrorist financing.

Front company

A legitimate business entity that is used to disguise or conceal illegal activities,

often serving as a facade for illegal operations such as money laundering, drug
trafficking, or other forms of organized crime. These companies typically
conduct real business operations but are primarily established to serve as a
cover for illicit activities or to provide a means to launder money generated
from such activities. Front companies may subsidize products and services at
levels well below market rates or even below manufacturing costs, a red flag
that may indicate the company is not interested in genuine trading practices.

FRRTF

Financial Risk Review Task Force

Certified Anti-Money Laundering Specialist Page 511

Version 7.0
FRS

Federal Reserve System

FSAP

Financial Sector Assessment Program

FSC

Financial Services Commission

FSMA

Financial Services and Markets Act 2022

FSRB

FATF-style regional body

FTF

Foreign terrorist fighter

FTR

Funds Transfer Regulation

FX

Foreign exchange

G-10

Group of Ten

G-20

Group of Twenty

G-7

Group of Seven

Certified Anti-Money Laundering Specialist Page 512

Version 7.0
Gatekeeper

An individual or entity that plays a crucial role in facilitating or enabling access

to financial systems, markets, or services. Gatekeepers are professionals such
as lawyers, notaries, accountants, investment advisors, and trust and company
service providers. They often hold positions of trust and authority. They are
responsible for conducting due diligence, monitoring transactions, or
providing advice and are deemed to have a particular role in identifying,
preventing, and reporting money laundering. Some countries impose due
diligence requirements on gatekeepers that are similar to those for financial
institutions.

GDPR

General Data Protection Regulation

GenAI

Generative artificial intelligence

GPML

Global Programme Against Money Laundering

Grantor

The party who transfers title or ownership of property or assets. In a trust,

typically the person who creates or funds the trust.

Hacking

Unauthorized access to computer systems or networks with the intent to

steal or manipulate data, disrupt services, or gain sensitive information.

Certified Anti-Money Laundering Specialist Page 513

Version 7.0
Hawala

An informal value transfer system common in the Middle East, North Africa,
and the Indian subcontinent. The system operates outside traditional banking
systems and is an informal method of transferring money without the physical
movement of cash. In its basic form, a customer contacts a hawaladar and
gives him or her money to be transferred to another person. The hawaladar
contacts his or her counterpart where the second person lives, and the
counterpart remits appropriate funds to that person. A running tally with net
sums is kept between the hawaladars. See Alternative remittance system
(ARS).

HKMA

Hong Kong Monetary Authority

HKSAR

Hong Kong Special Administrative Region of China

HMRC

His Majesty’s Revenue and Customs

HR

Human resources

HSBC

Hongkong and Shanghai Banking Corporation

Human smuggling

The illegal movement of individuals across borders, typically involving the

facilitation of their entry into a country without proper legal authorization or
documentation. Human smuggling differs from human trafficking in that it
focuses on the entry or transport, rather than the exploitation, of the person
involved.

Certified Anti-Money Laundering Specialist Page 514

Version 7.0
Human trafficking

The exploitation of individuals through coercion, deception, or force for

various purposes, including forced labor, sexual exploitation, servitude, or
other illegal activities. Human trafficking is a severe human rights violation and
a form of organized crime. It is considered a significant financial crime due to
the profits the traffickers generate and the illicit nature of the activities
involved. Also known as trafficking in persons.

IAIS

International Association of Insurance Supervisors

ICAR

International Center for Asset Recovery

ICT

Information and communications technology

IEEPA

International Emergency Economic Powers Act

ILI

Investment-linked insurance

IMF

International Monetary Fund

Integration

The third and last stage of the classic money laundering process, in which the
money launderer places laundered funds back into the economy by re-
entering the funds into the financial system and giving them the appearance
of legitimacy.

Certified Anti-Money Laundering Specialist Page 515

Version 7.0
International Monetary Fund (IMF)

An organization of more than 190 member countries and a key institution in

the international financial system, helping to promote economic stablity,
facilitate international trade, and reduce poverty. By providing financial
resources and policy guidance, the IMF supports countries in addressing
economic challenges and fosters a cooperative approach to global economic
governance.

IO

Immediate outcome

IOSCO

International Organization of Securities Commissions

IPO

Initial public offering

ISIS

Islamic State of Iraq and Syria

IT

Information technology

IVTS

Informal value transfer system

J5

Joint Chiefs of Global Tax Enforcement

JMLIT

Joint Money Laundering Intelligence Taskforce

JMLSG

Joint Money Laundering Steering Group

Certified Anti-Money Laundering Specialist Page 516

Version 7.0
Know your customer (KYC)

A set of measures and procedures that financial institutions and certain

regulated businesses undertake to verify the identity of their clients. The KYC
process is essential for preventing fraud, money laundering, terrorist
financing, and other financial crimes. It helps institutions establish and maintain
a relationship with their clients while ensuring compliance with legal and
regulatory requirements.

Know your employee (KYE)

The measures organizations implement to verify the identity and background

of their employees, particularly in sectors that are highly regulated or
vulnerable to financial crimes. These sectors include banking, finance, and
other industries that handle sensitive information. These measures can assist
organizations in preventing and detecting financial crime.

KPI

Key performance indicator

KRI

Key risk indicator

KYC

Know your customer

KYE

Know your employee

KYV

Know your vendor

L/C

Letter of credit

Certified Anti-Money Laundering Specialist Page 517

Version 7.0
Layering

The second stage of the classic three-stage money laundering process,

between placement and integration. Layering involves distancing illegal
proceeds from their source by creating complex levels of financial
transactions designed to disguise the audit trail and provide anonymity.

LEA

Law enforcement agency

Letter of credit

A financial document a bank or financial institution issues on behalf of a buyer

(the applicant) that guarantees payment to a seller (the beneficiary) under
specified conditions. It serves as a payment assurance in international trade
transactions, facilitating commerce by reducing the risk associated with
nonpayment.

LLM

Large language model

LLP

Limited liability partnership

LOD

Line of defense

M&A

Mergers and acquisitions

Malware

Malicious software designed to infiltrate, damage, or disable computers,

servers, or networks. Common types include viruses, worms, ransomware,
and spyware.

MAS

Monetary Authority of Singapore

Certified Anti-Money Laundering Specialist Page 518

Version 7.0
MBML

Market-based money laundering

Memorandum of understanding (MOU)

A formal agreement between two or more parties outlining the terms and
details of a mutual understanding or cooperation regarding specific actions or
obligations. In the context of financial crime, MOUs are often used between
regulatory agencies, law enforcement, and financial institutions to facilitate
collaboration, data sharing, and coordinated efforts in combating money
laundering, fraud, and other financial crimes. An MOU is often used by
countries to govern their sharing of assets in international asset forfeiture
cases.

MFA

Multi-factor authentication

MiCA

Markets in Cryptoassets Regulation

MiFID II

Markets in Financial Instruments Directive II

Miner

An individual or entity that participates in the process of validating and

recording transactions on a blockchain network, commonly found in proof-of-
work systems such as Bitcoin. Miners play a crucial role in maintaining the
security and integrity of the blockchain by solving complex mathematical
problems through computational processing power.

ML

Money laundering

MLAT

Mutual legal assistance treaties

Certified Anti-Money Laundering Specialist Page 519

Version 7.0
MLR 2017

Money Laundering, Terrorist Financing, and Transfer of Funds (Information on

the Payer) Regulations 2017

MLRO

Money laundering reporting officer

Monetary instrument

A traveler’s check, negotiable instrument—such as a personal or business

check—official bank check, cashier’s check, promissory note, money order,
security, or stock in bearer form. Monetary instruments are normally included,
along with currency, in the AML regulations of most countries, and financial
institutions must file reports and maintain records of customer activities
involving them.

Money laundering

The process of concealing or disguising the existence, source, movement,

destination, or illegal application of illicitly derived property or funds to make
them appear legitimate. It usually involves a three-part system: placement of
funds into a financial system; layering of transactions to disguise the source,
ownership, and location of the funds; and integration of the funds into society
in the form of holdings that appear legitimate. The definition of money
laundering varies in each country where it is recognized as a crime.

Money laundering reporting officer (MLRO)

A designated individual within a financial institution or regulated entity who is

responsible for overseeing the organization’s compliance with AML laws and
regulations. The MLRO plays a key role in preventing, detecting, and reporting
suspicious activities that may involve money laundering, terrorist financing, or
other financial crimes. This role is similar to Bank Secrecy Act officer in the US.

Certified Anti-Money Laundering Specialist Page 520

Version 7.0
Money laundering typology

A method or technique used to disguise the illicit origins of illegally obtained

funds. These typologies, a term used by the Financial Action Task Force, help
financial institutions, law enforcement agencies, and regulatory bodies
understand the various ways in which money laundering occurs, enabling
them to develop more effective prevention and detection strategies.

Money mule

An individual who is recruited, often unwittingly, to transfer illicitly obtained

funds on behalf of others. A mule acts as an intermediary in money laundering
schemes, facilitating the movement of money that has been acquired
through illegal activities such as fraud, drug trafficking, or human trafficking.

Money order

A monetary instrument usually purchased with cash in small (generally under

€500) denominations. It is commonly used by people without checking
accounts to pay bills or to pay for purchases in which the vendor will not
accept a personal check. Money orders may be used for laundering because
they represent an instrument drawn on the issuing institution rather than on
an individual’s account.

Money services business (MSB)

An individual or entity engaged in money services, including foreign exchange

and money transmission. It is deemed to be a nonbank financial institution
subject to AML obligations.

Certified Anti-Money Laundering Specialist Page 521

Version 7.0
Money transfer service

A financial service that accepts cash, checks, and other monetary

instruments. It can store value in one location and pay a corresponding sum in
cash or other form to a beneficiary in another location by means of a
communication, message, transfer, or clearing network to which the money
or value transfer service belongs. Transactions performed by such services
can involve one or more intermediaries and a third-party final payment. A
money or value transfer service may be provided by people (natural or legal)
formally through the regulated financial system (such as bank accounts),
informally through nonbank financial institutions and business entities, or
outside of the regulated system. In some jurisdictions, informal systems are
referred to as alternative remittance services or underground (or parallel)
banking systems. Also known as value transfer service. See Alternative
remittance system (ARS).

MONEYVAL

Committee of Experts on the Evaluation of Anti-Money Laundering Measures

and the Financing of Terrorism

MSB

Money services business

MTL

Money transmitter license

Mutual legal assistance treaty (MLAT)

An agreement between two or more countries for the purpose of gathering

and exchanging information in an effort to enforce civil or criminal laws.
MLATs facilitate international cooperation in legal matters, particularly in
response to requests for assistance in investigations, prosecutions, and
enforcement actions related to financial crimes, drug trafficking, terrorism,
and other criminal activities.

MVTS

Money or value transfer service

Certified Anti-Money Laundering Specialist Page 522

Version 7.0
NBFI

Nonbank financial institution

NCA

National Competent Authority

Nesting

The practice whereby a respondent bank provides downstream

correspondent services to other financial institutions and processes these
transactions through its own correspondent account. The correspondent
bank is thus processing transactions for financial institutions on which it has
not conducted due diligence. Although this is a normal part of correspondent
banking, it requires the correspondent bank to conduct enhanced due
diligence on its respondent’s AML program to adequately mitigate the risk of
processing the customer’s transactions.

NFT

Non-fungible token

NGO

Nongovernmental organization

NHS

The National Health Service

NLP

Natural language processing

Nominee account

A financial account that is held in the name of one person (the nominee) but is
actually owned by another individual (the beneficial owner).

Non-fungible token (NFT)

A unique digital asset representing ownership of specific items, such as art or

collectibles, recorded on a blockchain.

Certified Anti-Money Laundering Specialist Page 523

Version 7.0
Nongovernmental organization (NGO)

A nonprofit organization that operates independently of government

influence and is typically focused on addressing social, humanitarian,
environmental, or advocacy issues. NGOs can operate locally, nationally, or
internationally and often rely on donations, grants, and volunteer work to fund
their activities. NGOs, especially those operating in high-risk jurisdictions or
conflict areas, may be exploited by criminals to launder money or funnel illicit
funds to support terrorist activity.

Nonprofit organization (NPO)

An entity that operates for purposes other than generating profit for its
owners or shareholders. Instead, the organization reinvests any surplus
revenue it generates into its mission, activities, or programs to benefit the
community or pursue a specific social, educational, charitable, or
environmental objective. FATF has suggested practices to help authorities
protect organizations that raise or disburse funds for charitable, religious,
cultural, educational, social, or fraternal purposes from being misused or
exploited by financiers of terrorism.

NPO

Nonprofit organization

NRA

National risk assessment

OCC

Office of the Comptroller of the Currency

OCR

Optical character recognition

ODD

Ongoing due diligence

OECD

Organisation for Economic Co-Operation and Development

Certified Anti-Money Laundering Specialist Page 524

Version 7.0
OFAC

Office of Foreign Assets Control

Offshore

In reference to financial activities or entities, being established outside of a

person’s or organization’s home country, typically in jurisdictions that offer
favorable tax laws, regulatory environments, or privacy protections. Offshore
accounts and companies are often used for legitimate purposes, such as
international trade or investment; however, they can also pose significant risks
related to financial crime, including money laundering, tax evasion, and other
illicit activities.

Offshore banking license

A legal authorization granted by a regulatory authority in a specific jurisdiction

that allows a financial institution to operate as a bank outside its home country.

Offshore financial center (OFC)

A jurisdiction that provides financial services to nonresidents, primarily through

a favorable regulatory environment, including low or zero taxes, minimal
regulations, and privacy protections. These centers are often used by
individuals and businesses for various purposes, such as tax optimization, asset
protection, investment diversification, and wealth management. OFCs can be
susceptible to misuse for illicit purposes, such as money laundering, tax
evasion, and hiding assets. This has led to increasing scrutiny and pressure
from international organizations, such as the Financial Action Task Force, to
improve transparency and regulatory standards.

Originator

The party that places an order with a financial institution to perform a wire
transfer.

OSINT

Open-source intelligence

P2P

Peer-to-peer

Certified Anti-Money Laundering Specialist Page 525

Version 7.0
Payable-through account (PTA)

A transaction account a foreign financial institution opens at a depository

institution through which the foreign institution’s customers engage in
banking activities and transactions. This engagement may be either direct or
through subaccounts. In any case, the customers have direct control over the
funds in the account. These accounts pose risks to the depository institutions
that hold them because it can be difficult to conduct due diligence on foreign
institution customers who are ultimately using the PTA accounts.

Payment service provider (PSP)

A third-party company that facilitates online payment processing for

businesses and consumers. PSPs offer various services including managing
transactions, providing gateways for credit and debit card payments, enabling
mobile payments, and supporting alternative payment methods.

PBWM

Private banking and wealth management

PCMLTFA

Proceeds of Crime (Money Laundering) and Terrorist Financing Act

PDF

Portable document format

PE

Private equity

PEP

Politically exposed person

PET

Privacy-enhancing technology

Certified Anti-Money Laundering Specialist Page 526

Version 7.0
Physical presence

The existence of an actual brick-and-mortar location with meaningful

management of the institution physically located within a country, where it
maintains business records and is subject to supervision. The mere existence
of a local agent or low-level staff does not constitute a physical presence.

PII

Personally identifiable information

pKYC

Perpetual KYC

Placement

The first stage of the money laundering process: the physical disposal of
proceeds derived from illegal activity.

Politically exposed person (PEP)

According to the Finacial Action Task Force’s revised 40 Recommendations of

2012, an individual who has been entrusted with prominent public functions in
a foreign country, such as a head of state, senior politician, senior government
official, judicial or military official, senior executive of a state-owned
corporation, or important political party official, as well as their families and
close associates. Various country regulations define the term PEP, which may
include domestic as well as foreign persons.

Certified Anti-Money Laundering Specialist Page 527

Version 7.0
Ponzi scheme

A fraudulent scheme named after Charles Ponzi, an Italian immigrant who

spent 10 years in a US jail for a scheme that defrauded 40,000 people out of
US$15 million. Ponzi’s name became synonymous with returns that are paid to
earlier investors from the capital contributed by newer investors, rather than
from profit earned by the operation of legitimate business. Ponzi schemes
involve fake, nonexistent investment schemes in which investors are tricked
into investing on the promise of unusually attractive returns. The operator of
the scheme can keep the operation going by paying off early investors with
the money from new investors until the scheme collapses under its own
weight or the promoter vanishes with the remaining money. Also known as a
“pyramid scheme.”

PPP

Public-private partnership

PRA

Prudential Regulatory Authority

Predicate crime

An underlying criminal offense that generates proceeds of crime (the

Financial Action Task Force defined 21 offenses) and serves as the basis for
more serious charges, such as money laundering or organized crime. In
essence, these crimes are the initial illegal activities that produce illicit profits,
which are then disguised or placed into the financial system through
laundering efforts. Most AML laws contain a broad definition or listing of such
underlying crimes. Predicate crimes are sometimes defined as felonies or “all
offenses in the criminal code.”

Private investment company (PIC)

A type of corporation that is often established in an offshore jurisdiction with

tight secrecy laws to protect the privacy of its owners. In some jurisdictions, an
international business company or exempt company is referred to as a private
investment company. Also known as a personal investment company.

Certified Anti-Money Laundering Specialist Page 528

Version 7.0
PSP

Payment service provider

QA

Quality assurance

QC

Quality control

QR

Quick-response (code)

RACI

Responsible, accountable, consulted, and informed

Ransomware

Malware that blocks access to a system until a ransom is paid. See

Cybercrime.

RAS

Risk appetite statement

RBA

Risk-based approach

RBC

Royal Bank of Canada

RegTech

Regulatory technology

Certified Anti-Money Laundering Specialist Page 529

Version 7.0
Regulator

A government entity responsible for supervising and overseeing one or more

categories of financial institutions. A regulator generally has authority to issue
regulations, conduct examinations, impose fines and penalties, curtail
activities, and, sometimes, terminate charters of institutions under its
jurisdiction. Most financial regulators play a major role in preventing and
detecting money laundering and other financial crimes.

Remittance service

A business that receives cash or other funds that it transfers through the
banking system to another account. The account is held by an associated
company in a foreign jurisdiction where the money is made available to the
ultimate recipient. Also known as a giro house or “casa de cambio.”

REP-CRIM

Financial crime report

Reputational risk

In the context of financial crime, the potential for an organization, such as a

financial institution, to suffer damage to its reputation as a result of being
involved in or perceived as being associated with illegal or unethical activities,
such as money laundering, fraud, or terrorist financing. This type of risk can
arise from actual events or negative perceptions within the market or among
stakeholders.

Respondent bank

A financial institution that provides services such as processing transactions

and conducting wire transfers on behalf of another bank, typically referred to
as the correspondent bank.

RFI

Request for information

RI

Requests for Information

Certified Anti-Money Laundering Specialist Page 530

Version 7.0
Risk-based approach (RBA)

A strategy used to identify, assess, and prioritize risks to allocate resources

and implement measures effectively in financial crime risk management. This
approach emphasizes focusing on areas of higher risk, allowing organizations
to address potential threats more efficiently and effectively.

RPA

Robotic process automation

Safe harbor

A legal provision that provides protection from liability or legal consequences

under specific circumstances. It allows individuals or organizations to avoid
penalties or legal repercussions if they report their suspicions in good faith to
the relevant financial investigation unit, even if they did not know precisely
what the underlying criminal activity was and regardless of whether illegal
activity actually occurred.

SAFS

Swiss-Asia Financial Services Pte Ltd

Sanctions

Punitive measures imposed by countries or international organizations to

influence or restrict the behavior of a specific country, group, or individual.
These measures can take various forms.

SAR

Suspicious activity report

Screening

The process of reviewing and evaluating individuals, entities, or transactions to

prevent and detect activities associated with financial crimes. Screening helps
identify risks, potential fraud, or compliance issues and is essential for financial
institutions and businesses to comply with regulatory requirements.

SDD

Simplified due diligence

Certified Anti-Money Laundering Specialist Page 531

Version 7.0
SDN

Specially designated national

SEC

Securities and Exchange Commission

Senior foreign political figure

A US term for foreign politically exposed persons. See Politically exposed

person (PEP).

Settlor

An individual or entity that establishes a trust by transferring assets into it and

defining the terms under which the trust will operate. The settlor outlines how
the trust’s assets will be managed and distributed to the beneficiaries as set
out in the trust deed. Also known as a grantor, trustor, or creator.

SFO

UK Serious Fraud Office

Shell bank

A financial institution that has no physical presence or significant operations in

the country where it is licensed or claims to operate. These banks primarily
exist to facilitate transactions without genuine banking activities, often serving
as vehicles for money laundering and other financial crimes.

Shell company

A legal entity that exists only on paper and has no significant physical
operations, assets, or active business activities. It is often created for specific
purposes, such as tax benefits, privacy, financing, and ease of regulatory
compliance.

Shell companies are frequently associated with illicit activities such as money
laundering, tax evasion, and fraud, as they can obscure financial transactions
and ownership structures.

SLA

Service level agreement

Certified Anti-Money Laundering Specialist Page 532

Version 7.0
SLP

Scottish Limited Partnership

SMPC

Secure multiparty computation

Smurfing

A financial crime technique used to evade detection by breaking down large

amounts of illicit funds into smaller, less suspicious transactions, usually under
the reporting threshold. This approach is commonly associated with money
laundering, in which individuals attempt to disguise the origins of illegally
obtained money by conducting multiple small transactions instead of one
large transaction. Smurfing involves the use of multiple individuals,
transactions, or both for making cash deposits. Individuals hired to conduct
the transactions are referred to as “smurfs.” See Structuring.

Social engineering

A manipulation technique that exploits human psychology to gain confidential

information or unauthorized access or to execute fraudulent activities. Rather
than relying on technical hacking methods, social engineering focuses on
tricking individuals into revealing sensitive information or performing actions
that compromise security.

Society for Worldwide Interbank Financial Telecommunication (SWIFT)

A global messaging network that enables secure and standardized

communication among financial institutions for the purpose of processing
international money transfers and other banking transactions.

SOF

Sources of funds

SPV

Special purpose vehicle

SRA

Sectoral risk assessment

Certified Anti-Money Laundering Specialist Page 533

Version 7.0
SSN

Social Security Number

StAR

Stolen Asset Recovery

STR

Suspicious transaction report

Structuring

A financial crime technique used to break down large amounts of illicit funds
into smaller, less suspicious transactions to evade detection, reporting
requirements, or regulatory scrutiny. For example, cash deposits may be split
into smaller amounts or used to purchase monetary instruments to stay below
a currency reporting threshold. See Smurfing.

Subpoena

A legal document issued by a court or other authorized entity that commands

an individual or organization to appear and testify or produce documents,
records, or evidence in a legal proceeding. It is a tool used in the judicial
process to compel the participation of witnesses or the production of specific
information relevant to a case.

SupTech

Supervisory technology

Suspicious activity

Any behavior, transaction, or pattern of transactions that raises red flags or

indicates possible involvement in illegal activities, such as money laundering,
fraud, or terrorist financing. See Unusual activity or transaction.

Certified Anti-Money Laundering Specialist Page 534

Version 7.0
Suspicious activity report (SAR)

A document that financial institutions and certain regulated businesses are

required to file with government authorities, usually the financial intelligence
unit of the jurisdiction, when they detect suspicious or potentially illicit activity.
Such activity may indicate money laundering, fraud, terrorist financing, or
other financial crimes. Some jurisdictions call it a suspicious transaction report.

SWF

Sovereign wealth fund

SWIFT

Society for Worldwide Interbank Financial Telecommunication

Tax haven

A country that offers special tax incentives or tax avoidance to foreign

investors and depositors. Tax havens typically provide low or zero tax rates,
financial secrecy, and regulatory advantages, making them attractive
locations for tax avoidance and evasion schemes.

TBML

Trade-based money laundering

TCSP

Trust or company service provider

Terrorist financing

The process of providing financial support to individuals or groups engaged in

terrorist activities. This financing can come from both legal and illegal sources
and is used to fund terrorism-related operations, such as planning,
recruitment, training, and execution of terrorist acts. Financial support can be
provided through various channels, including cash transactions, bank
transfers, cryptocurrency, and informal value transfer systems.

TF

Terrorism financing

Certified Anti-Money Laundering Specialist Page 535

Version 7.0
TI

Transparency International

TIN

Tax identification number

Tipping off

The improper or illegal act of alerting or notifying an individual or entity that it is

being investigated or that its activities have raised suspicion, particularly in the
context of legal or regulatory matters such as money laundering or criminal
investigation. See Letter of credit.

TJN

Tax Justice Network

TM

Transaction monitoring

TMS

Transaction monitoring system

TOR

The Onion Routing

Trade-based money laundering (TBML)

A method of money laundering that involves manipulation of trade

transactions to disguise the origin of illicit funds. TBML typically utilizes
complex trade schemes to make illegal money appear legitimate by over-
invoicing, under-invoicing, phantom shipments, misrepresentation of goods,
and false invoicing.

TBML is challenging to detect because it exploits legitimate trade practices

and often involves multiple jurisdictions, making it a significant concern for
regulatory authorities and financial institutions in efforts to combat money
laundering and ensure compliance with AML regulations.

Certified Anti-Money Laundering Specialist Page 536

Version 7.0
Transaction monitoring (TM)

The systematic process of observing and analyzing financial transactions and

activities to detect suspicious behavior, prevent illicit activities, and ensure
compliance with laws and regulations. TM is a critical component of an AML
program in which customer activity is reviewed for unusual or suspicious
patterns, trends, or outlying transactions that do not fit a normal pattern.
Transactions are often monitored using software that weighs the activity
against a threshold of what is deemed normal and expected for the customer.

Transparency International (TI)

A nongovernmental organization founded in 1993 that aims to combat

corruption and promote transparency, accountability, and integrity at all levels
of society. TI is best known for its annual Corruption Perceptions Index (CPI),
which ranks countries by perceived levels of corruption among public officials.
Its Bribe Payers Index (BPI) ranks the leading exporting countries according to
their propensity to bribe. TI’s annual Global Corruption Report combines the
CPI and BPI and ranks each country by its overall level of corruption. The lists
help financial institutions determine the risk associated with a particular
jurisdiction.

Trust

A legal arrangement in which one party, known as the trustor (or grantor),
transfers assets to another party (the trustee), who manages those assets for
the benefit of a third party, known as the beneficiary.

Trustee

A paid or unpaid professional, company, or individual who holds the assets in a

trust fund separate from the trustee’s own assets. The trustee invests and
disposes of the assets in accordance with the settlor’s trust deed, taking into
consideration any letter of wishes.

TWEA

Trading with the Enemy Act

UAE

United Arab Emirates

Certified Anti-Money Laundering Specialist Page 537

Version 7.0
UAR

Unusual activity report

UBO

Ultimate beneficial owner

Ultimate beneficial owner (UBO)

The individual or individuals who ultimately own or control a company or legal

entity, even if their ownership is not directly recorded in public documents.
UBOs are the final beneficiaries who enjoy the benefits of ownership, such as
financial gains or control over the entity.

UBO identification often involves tracing ownership structures through layers

of companies or entities to review the individuals who ultimately benefit from
the business operations. It may not be obvious who the UBO is due to a
complex structure, and, in certain situations, aggregation of indirect
ownership may result in an individual being identified as the UBO.

UN

United Nations

UN Security Council Resolution 1373 (2001)

Adopted in 2001, a resolution that aims to enhance international cooperation

in combating terrorism and establish measures for preventing and
suppressing terrorist activities globally. It prompted member nations to adopt
or strengthen laws and regulations aimed at preventing terrorism and
addressing its financing. The resolution also required member nations to
“afford one another the greatest measure of assistance for criminal
investigations or criminal proceedings relating to the financing or support of
terrorist acts.”

The principles established in this resolution continue to influence international

counterterrorism efforts and the work of various UN agencies and bodies
involved in security and anti-terrorism initiatives.

Underground banking

See alternative remittance system.

Certified Anti-Money Laundering Specialist Page 538

Version 7.0
United Nations (UN)

An international organization founded in 1945, shortly after World War II, by 51

countries with the primary goal of promoting peace, security, and cooperation
among countries. The UN addresses financial crime through various
frameworks, conventions, and initiatives aimed at combating issues such as
money laundering, corruption, and terrorist financing. One such initiative is the
Global Program against Money Laundering, which is the key instrument of the
UN Office of Drug Control and Crime Prevention. As of today, almost every
nation in the world belongs to the UN. See Vienna Convention.

UNOCT

United Nations Office of Counter-Terrorism

UNODC

United Nations Office on Drugs and Crime

UNSC

United Nations Security Council

UNTAD

United Nations Trade and Development

Unusual activity or transaction

Any financial activity that deviates from a customer’s normal behavior or

established patterns. This type of activity raises suspicions and may indicate
potential illicit conduct such as money laundering, fraud, or other financial
crimes.

US

United States

USA PATRIOT Act

Enacted on October 26, 2001, a law designed to enhance the US

government’s ability to combat terrorism and strengthen national security in
the aftermath of the September 11 attacks. The acronym stands for “Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism.”

Certified Anti-Money Laundering Specialist Page 539

Version 7.0
The USA PATRIOT Act significantly altered the landscape of national security
and law enforcement in the US, reflecting a responsive approach to perceived
threats in the wake of terrorism.

USD

US dollar

USDC

USD Coin

USDT

US dollar Tether

VASP

Virtual asset service provider

VAT

Value-added tax

VC

Venture capital

Vienna Convention

The 1988 United Nations Convention Against Illicit Trade in Narcotic Drugs and
Psychotropic Substances, commonly referred to as the “1988 Vienna
Convention,” an international treaty aimed at combating the growing problem
of illicit drug production and trafficking. Signing countries of the Convention
commit to criminalizing drug trafficking and associated money laundering and
enacting measures for the confiscation of the proceeds of drug trafficking.
Article III of the Convention provides a comprehensive definition of money
laundering, which has been the basis of much subsequent national legislation.

Certified Anti-Money Laundering Specialist Page 540

Version 7.0
Virtual asset service provider (VASP)

A digital platform that allows users to buy, sell, and trade cryptocurrencies.
These exchanges serve as intermediaries between buyers and sellers,
facilitating the exchange of digital assets for other cryptocurrencies or fiat
currencies. Examples of VASPs include cryptocurrency exchanges, wallet
providers, and payment processors.

Virtual currency

A medium of exchange that operates in the digital space and can typically be
either converted into a fiat, or government-issued, currency or used as a
substitute for real currency.

VPN

Virtual private network

Wallet provider

A service that offers digital wallets for storing, managing, and transacting with
cryptocurrencies and other digital assets. These wallets allow users to
securely hold their cryptocurrencies, track their balances, and perform
transactions such as sending and receiving funds.

Whistleblower

An individual who reports or exposes information or activities within an

organization that the individual believes to be illegal, unethical, or inconsistent
with the organization’s policies. This can include reporting wrongdoing such as
fraud, corruption, violations of regulations, safety concerns, or other
misconduct. In many jurisdictions, whistleblowers are given legal protection to
prevent retaliation or discrimination by their employer as a result of their
disclosures, and any attempts to identify them can have serious
consequences for the organization and its senior management.

Certified Anti-Money Laundering Specialist Page 541

Version 7.0
Willful blindness

A legal principle that operates in money laundering cases in the US and that
courts define as the “deliberate avoidance of knowledge of the facts” or
“purposeful indifference.” Courts have held that willful blindness is the
equivalent of actual knowledge of the illegal source of funds or of the
intentions of a customer in a money laundering transaction.

Wire transfer

An electronic transmission of funds among financial institutions on behalf of

themselves or their customers. Wire transfers are financial vehicles covered
by the regulatory requirements of many countries in the AML effort.

WMD

Weapon of mass destruction

Wolfsberg Group

An association of 13 global financial institutions established in 2000 in response

to growing concerns about financial crime within the private banking sector.
Since then, it has issued several guidelines on correspondent banking and
terrorist financing, among others, and aims to promote effective financial
crime risk management and strengthen the overall integrity of the financial
system through best practices.

World Bank

A vital source of financial and technical assistance to developing countries. It is

not a bank in the traditional sense but is made up of five organizations owned
by 189 members. The World Bank plays a crucial role in shaping the global
response to money laundering by supporting countries in building effective
regulatory and institutional frameworks, facilitating international cooperation,
and funding necessary reforms to enhance financial integrity.

Certified Anti-Money Laundering Specialist Page 542

Version 7.0