MetaMap joins Incode to transform identity verification. Learn more.

By Industry
By Use Case
By Region
For Businesses
For Developers

Beyond the surface: A deep dive into AML programs

BLOG POST     SEPT 4, 2023   |  2 MIN
SEPT 4, 2023   |  2 MIN

Explore the landscape of money laundering, legal and regulatory aspects, and best practices for crafting and maintaining an effective AML program.


Empowering businesses with cutting-edge technology to broaden their customer reach while maintaining adherence to Anti-Money Laundering (AML) regulations is crucial in today’s dynamic market. A potent platform for identity verification, coupled with steadfast detection and prevention mechanisms, forms the basis of this empowerment.

Implementing comprehensive AML measures, alongside a counter-financing of terrorism (CFT) program, is instrumental in bolstering the financial system’s integrity. Beyond just protection against financial crime, AML compliance also ensures risk management, safeguarding both tangible assets and institutional reputation.

In this article, we will explore the landscape of money laundering, legal and regulatory aspects, the essentials of crafting and maintaining an effective AML program, and best practices for seamlessly integrating these elements. Our aim is to equip businesses with the tools and knowledge they need to flourish in a compliant and secure environment.

AML compliance programs to thwart money laundering

The United Nations estimates that money laundering accounts for $2 trillion annually, between 2% and 5% of global GDP. By implementing an effective AML program, financial institutions play a pivotal role in safeguarding the financial system’s integrity and protecting society as a whole. AML compliance also provides risk mitigation, protecting assets and reputation.

“The estimated amount of money laundered globally in one year is 2 – 5% of global GDP, or $800 billion – $2 trillion in current US dollars”

– United Nations, Office on Drugs and Crimes.

Money laundering enables criminals to conceal the origins of their funds and integrate them into the legitimate financial system. There are three main stages involved in money laundering:

  • Placement
  • Layering
  • Integration

In the placement stage, cash is introduced into the financial system. This generally involves converting large amounts of cash into a form that can be deposited legitimately into financial institutions.

Layering involves a series of transactions to move the funds, often introducing a series of transactions or exchanges across multiple accounts, institutions, and jurisdictions. Distancing the funds from the initial placement makes it more difficult to follow the money trail and identify the source.

In the integration stage, laundered money is merged with legitimate assets to make it even more challenging to distinguish between legitimate funds and illegal funds.

Techniques include:

  • Smurfing: Depositing sums below reporting minimums in a large number of banks
  • Mules: Recruiting people to open up accounts on their behalf
  • Shells: Utilizing layers of shell corporations
  • Off-shore accounts: Using accounts in nations with less restrictive reporting

Money launderers are continually adapting their methods, including using digital currency. About $23.8 billion worth of illicit funds moved through cryptocurrency wallets in 2022, a 68% increase from 2021. Although there are few crypto ATMs in Africa and LATAM nations, ATMs make it easy for criminals to convert crypto to cash without identification or reporting.

“Overall, illicit addresses sent nearly $23.8 billion worth of cryptocurrency in 2022, a 68.0% increase over 2021”.

– The 2023 Crypto Crime Report

The legal and regulatory landscape

The legal and regulatory landscape remains mixed as governments and businesses work together to tackle money laundering. An assessment by the Financial Action Task Force (FATF) of countries shows inconsistent application of existing laws and significant regulation gaps.

However, regulations are expanding to address evolving threats in several key countries.

Expanded PEP and identity verification

The Brazilian Chamber of Deputies recently approved PL 2720/2023. This legislation focused on protecting Politically Exposed Persons (PEPs) from potential discriminator practices as part of the Know Your Customer (KYC) and AML process. While acknowledging the heightened risk associated with PEPs, this legislation seeks to balance robust risk management and the principles of “presumed innocent until proven guilty.”

In Nigeria, the Money Laundering (Prevention and Prohibition) Act of 2022 expanded requirements to identify PEPs and verify the source of funds for both financial institutions and non-financial businesses and professions (DNBPs), such as auto dealers, mortgage brokers, hotels, and real estate agents. Financial institutions and DNBP must now conduct due diligence to verify customer identities.

The Democratic Republic of the Congo (DRC) recently expanded and strengthened its legal framework on the criminalization of money laundering. South Sudan and Panama also took steps to increase identity verification and PEP assessments.

Other global efforts under evaluation

  • The Financial Action Task Force (FATF) is also looking to amend AML program recommendations to increase effectiveness, including additional risks related to environmental crime, grand corruption, international wildlife trade, and arts and antiquities markets.
  • The European Parliament is establishing a new EU Money Laundering Authority (AMLA) to directly supervise high-risk credit and financial institutions. Pending legislation also includes new requirements for Customer Due Diligence (CDD) and Ultimate Beneficial Owner (UBO) data collection.
  • The 5th EU Anti-Money Laundering Directive (AMDLS) also requires CDD measures for payments exceeding €150 monthly.
  • Proposed AML regulations in the United States include stricter reporting of beneficial ownership information (BOI) and a focus on increasing de-risking through AML/CFT programs.
  • Multiple countries are looking at increased AML regulations for cryptocurrency and digital assets.
  • In Asia, new AML/CFT regulations and recommendations are rolling out in Vietnam, India, Hong Kong, Japan, China, Singapore, and the Philippines.

All of these actions, and other emerging regulations, require financial institutions to re-evaluate their risk assessment, due diligence, and compliance measures. Banks need innovative solutions to cater to nuanced needs, like those offered by MetaMap. Customizable risk scoring enables a granular approach to risk assessment and management, enabling financial institutions to refine customer due diligence and monitoring processes based on evolving requirements and changing risk thresholds.

Building an effective AML program

Building an effective AML program requires a mindset shift from compliance to risk management. While it’s important to remain compliant with evolving regulations and threats, anti-money laundering can no longer be viewed as a checklist item but as a holistic approach to risk. And it starts with identifying and assessing risks and ensuring the proper policies, processes, and controls are in place.

Conducting customer due diligence (CDD) and enhanced due diligence (EDD) are critical components of any AML program. Organizations must verify the identity of their customers, understand the nature of their transactions, and assess the potential risk. Central to this strategy is deploying a modern Know Your Customer (KYC) program by leveraging technology.

Leveraging technology

Modern KYC programs leverage technology to verify identities, drawing from a wider pool of data and signals than traditional KYC programs. Customer information is compared to known databases and resources ⁠— including third-party data, passive signals, and behavioral data⁠ — to enhance verification and produce the most complete picture of the customer. This goes beyond basic identification and verification to help uncover patterns and anomalies and predict future behavior.

The FATF recommends all institutions implement AML/CFT solutions that use artificial intelligence (AI) and machine learning (ML) for critical compliance tasks, such as:

  • Customer identification and verification
  • Transaction monitoring
  • Identification and implementation of regulatory updates
  • Automated data reporting

AI-enhanced KYC solutions provide a faster and more reliable process. For example, contextual AI can reduce false positives by up to 70% compared to manual processes.

‍“The emergence of Artificial Intelligence (AI) has been seen as a potential light at the end of the tunnel, showing it can reduce false positives by upwards of 70%.”

– FinTech Magazine.

The best AML technology also enables additional tools to assess and mitigate risk, including:

Utilizing biometric data

Biometric identification, such as facial recognition, voice matching, fingerprint, or iris scans, can also help verify identities. Unlike alterable documents, biometric data is exceptionally challenging to fake. South Africa, Nigeria, Brazil, and other countries have seen the significant deployment of biometric ATMs using fingerprint and finger vein recognition for identity matching.

Liveness detection

Liveness detection uses selfie photos or video verification to check whether users are live humans. Users can record themselves moving their heads or reading random numbers aloud in their language.

Ongoing monitoring

Checking users against global watchlists, sanction lists, and PEP lists is essential both in onboarding and ongoing monitoring. Effective KYC requires identifying patterns of suspicious behavior indicating potential money laundering activities and can flag any necessary suspicious activity reporting (SAR) requirements.

Implementing AML controls

Transaction monitoring and detection systems are key to implementing AML control to identify illicit activities, ensuring watchlist screening and sanction compliance.

Internal and external reporting mechanisms also influence AML control to help maintain transparency and accountability. External reporting maintains compliance with regulations, while internal reporting enables compliance with organizational policies and procedures. Companies that implement internal audits and independent testing take further steps to ensure they mitigate risks and meet their goals.

Another critical component of strong AML controls is establishing whistleblower mechanisms to encourage the reporting of illicit activity and protect informants.

AML technology and tools

Companies also need the right tech and tools to manage the volumes of data created daily. The amount of data collected and stored daily grows at a staggering pace. An estimated 97 zettabytes of data were created, captured, copied, and consumed in 2022. That amount is projected to almost double by 2025. Companies need robust technology to manage all this data for AML compliance and optimize data analysis to prevent fraud.

‍‍“The total amount of data created, captured, copied, and consumed globally is forecast to increase rapidly (…). Over the next five years up to 2025, global data creation is projected to grow to more than 180 zettabytes.”

– Statista.

The right identity verification platform is key to KYC compliance and risk management. That might include tools such as optical character recognition (OCR) to extract data from identification documents and compare them against databases, AI/ML, and advanced data analytics to assess behavioral markers and anomalies.

Data analytics enable organizations to process these mass amounts of data, identify patterns, and detect suspicious activities more efficiently. They also provide real-time insights and improve accuracy, reducing the risk of false positives so organizations can focus on genuine risks.

Transaction monitoring software with advanced algorithms and ML capabilities effectively identifies increasingly complex money laundering patterns. Machine learning allows systems to refine processes and adapt to evolving risks to enhance detection rates.

AML challenges and best practices

Without the right tools, technology, and processes, AML efforts can fall short. And the consequences of non-compliance with AML regulations are serious. Financial institutions and others that are regulated can face the following:

  • Punitive fines
  • Damaged reputations
  • Sanctioning
  • Criminal proceedings

Sanctioning by global regulatory bodies can severely impact or stop the ability to work with customers that require international or cross-border transactions.

Dealing with emerging risks and evolving regulatory landscape is a delicate balance, however. Organizations must comply with AML requirements and risk management postures without negatively impacting the experience for legitimate customers. A seamless customer experience with appropriate safeguards is crucial to success.

Enhancing AML/CFT capabilities requires several key action steps.

Balancing customer experience with AML requirements

Striking a balance between compliance and customer experience is crucial. Customers aren’t likely to hesitate to walk away if they get frustrated with a slow, clunky, or overly burdensome onboarding process. A study by ABBBY in 2022 reported that 84% of organizations saw an abandonment rate of up to 40%. The banking and financial sectors had the highest levels of abandonment, with one out of every four applicants failing to complete applications for banking services.

‍‍“Banking is the sector experiencing the highest abandonment rates at onboarding, with almost 1 in 4 dropping out.”

— State of Intelligent Automation Report, ABBBY.

With more competition in today’s marketplace, providing a strong experience at every stage of the customer lifecycle is paramount to success.

Enhancing data management capability

Effective AML practices require a robust data management framework for data collection, consolidation, and governance. This framework eliminates ambiguity between functions and lines of defense, enabling efficient AML data management.

Strengthening data and tech infrastructure

Financial institutions must implement automated systems utilizing AI, ML, and cloud computing integrated into their onboarding and ongoing monitoring process. These tools empower organizations to screen transactions and detect suspicious activity. Effective screening still requires human review, but the right identity verification platform can significantly reduce false positives to streamline the review process.

Updating policies and procedures

Staying on top of development is essential amid the changing regulatory environment and evolving money laundering tactics. Organizations should develop a formal framework to track requirements to ensure policies are current and approved by senior management.

Reviewing AML Investment Budgets

Organizations should assess whether existing systems are yielding the desired results. Monitoring and benchmarking results can help identify areas where strategies and investments fall below goals while documenting progress in building sustainable AML/CFT models.

Promoting a positive AML culture

Regular training on emerging risks is vital to a strong AML compliance and risk management program. Training sessions can explore risks in areas like environmental, social, and governance (ESG), digital finance, cryptocurrencies, and emerging technologies.

Collaboration and information sharing

There’s a renewed emphasis on collaboration and information sharing within the industry to help fight money laundering. Sharing insights and best practices can help financial institutions stay current on emerging threats and strengthen their AML programs.

Besides monitoring watchlists, sanction lists, and PEP lists, MetaMap enables banks and lenders to collaborate and share information for further risk management.

Ongoing AML risk assessments

Conducting AML risk assessments to identify gaps and ensure compliance with internal and external requirements is crucial to continuous improvement to reduce risk. These processes help identify the inherent risk and effectiveness of controls for both preventing and detecting money laundering.

Ongoing AML assessments help stay ahead of evolving regulatory requirements and emerging threats. Financial institutions have multiple areas of risk that need continuous assessment, including:

  • AML risk: Evaluating the effectiveness of AML controls and best practices
  • Suspicious activity: Identifying potential suspicious or criminal behavior
  • Sanctions programs: Measuring sanctions risk based on evolving trends.

According to the FATF, a robust risk-based approach in the banking sector requires AML control implementation and an understanding of how and to what extent a financial institution is vulnerable to money laundering or terrorist financing. Assessments help financial institutions to determine the level of AML/CTF resources to mitigate risk and whether their internal tools, processes, and procedures fit their current risk profile.

AML compliance and risk management continue to evolve

Organizations cannot afford to be complacent or rely on legacy approaches to mitigate money laundering and illicit activities. The regulatory and legislative environment continues to evolve as more countries adopt stricter regulations.

While regulatory developments continue to shape the future of AML, financial institutions must also look within to strengthen their AML policies to mitigate risk holistically. It takes a commitment to meet and exceed AML regulations to properly protect your organization, including deploying the right technology to stay on top of emerging money laundering trends.

Despite increased scrutiny in Latin America among the three largest economies — Brazil, Mexico, and Argentina — money laundering, trade-based money laundering, and financial crimes continue to impact the wider LATAM region. While several countries have recently improved their AML/CFT laws, implementation and enforcement are often incomplete as political will varies.

Several African nations have also been added to the FATF’s so-called “grey list” for increased monitoring. The grey list includes countries committed to resolving deficiencies within their AML legislation or enforcements within agreed-upon timelines.

Grey list countries in Africa include:

  • Burkina Faso
  • Cameroon
  • The Democratic Republic of the Congo
  • Mali
  • Mozambique
  • Nigeria
  • Senegal
  • South Africa
  • South Sudan
  • Tanzania
  • Uganda

In Latin America, Panama is on the FATF’s grey list for increased monitoring.

The United Nations suggests that as much as 3.6% of global GDP is laundered, accounting for $1.6 trillion. Many money laundering activities are cross-border, so international cooperation is increasingly important. Exchanging intelligence, reporting on developing trends, and providing threat information help create a collective defense that strengthens everyone. For example, one organization may identify suspicious activity that prompts investigation, but there may not be enough information about a particular transaction to act. However, if user behavior at other institutions shows similar patterns, it may become clear that money laundering is taking place.

‍‍“The UNODC suggests that about 3.6% of global GDP approximately $1.6 trillion is laundered.”

– United Nations, Office of the Special Adviser on Africa.

Moving forward, managing risk requires leveraging innovation and technology advancements in AML, using AI/ML to automate and streamline processes, provide a strong customer experience, and reduce false positives. International cooperation and information sharing will also be key to strengthening the overall financial industry.

Partnering for effective risk management

In 2022, 62% of financial institutions saw an increase in fraudulent activities compared to 2021. Effective risk management requires a commitment to vigilance and leveraging technological advancements such as AI, ML, and data analytics to reduce risk and remain compliant.

Collaborating with a complete identity verification platform like MetaMap, which incorporates AML watchlist screening, monitoring, and a robust AML program, will enable you to confidently manage risk and enhance your capacity to detect money laundering activities. Our platform grants you the ability to cross-check your users against over 1,200 international watchlists, sanctions lists, and politically exposed persons (PEP) lists. This feature ensures the secure onboarding of users, protecting your business. Learn more about how MetaMap can help you mitigate risk.

Subscribe to the newsletter and stay up to date with promotions, special offers and news