Money laundering. Fueled by mobster movies and international espionage thrillers, the phrase has a mysterious, exciting edge to it. But as is often the case, the truth is far less appealing than the glitzy Hollywood version.

In reality, money laundering is an activity that traps 40.3 million people in modern slavery, fuels political unrest, and finances terrorism across the globe.

Considering the consequences, it’s no wonder governments enact AML regulations. And just as money laundering crime grows more sophisticated, so too do the regulations. These regulations have honorable and important intentions, but there’s no denying the ever-evolving compliance headaches they create for financial institutions.

Financial institutions must develop powerful AML programs, lest they face the financial fines, increased regulatory scrutiny, and reputational damage of an AML program gone wrong.

The Repercussions of an AML Program Gone Wrong

What could your firm do with over $2.9 billion? That’s the total amount of fines global regulators imposed on financial institutions in 2018 for non-compliance of anti-money laundering regulations.

But it’s not just the firms that are penalized for AML non-compliance. Last year, the Office of the Comptroller of the Currency levied AML non-compliance fines against eight individuals. Those fines totaled $455,000. The message to bank executives was clear: turning a blind eye to criminal activity opens the door for severe personal liability.

But fines are just one form of penalty for non-compliance. There’s also the increased scrutiny imposed by regulators along with additional hoops firms must jump through.

With so much at stake, what steps can your firm take to help fight this menacing crime, protect your leaders, and avoid paying AML fines?

5 Steps to Avoid AML Fines and Regulator Scrutiny

1. Create your AML program, not an AML program.

Susan Schroeder, FINRA’s Executive Vice President, Department of Enforcement, said, “When firms are part of global operations involving high-risk international securities trades and money movements, it is critical that they design and implement an AML program tailored for their business model.”

A generic AML program won’t necessarily consider your firm’s business complexity, geographical diversity, variety of customers and the different risks they pose, your suite of products, size, or the number of transactions.

Center AML Program circle with four circles around it to represent customer, products & services, industry, and country as considerations for a bank's aml program

All these factors must be considered to create an effective and compliant AML program for your firm.

You’ll also want to ensure your AML solution is flexible. For example, some out-of-the-box solutions do not allow data scientists to create ad hoc code. Or the solutions aren’t easily adjusted based on factors that are important to you, such as reporting periods. The risk of a rigid AML solution is that you must wait, sometimes for months, for the solution provider to make adjustments for you. Changes — even subtle ones — may often be costly.

And this brings us to the next crucial feature.

2. Select a Robust AML IT Solution.

The importance of this can’t be stressed enough. An AML solution’s capabilities directly correlate with its success.

What should financial institutions look for in an AML solution? There are numerous characteristics that comprise a robust AML solution. Here are some key requirements:

Apply Artificial Intelligence (AI) and Machine Learning (ML). AI is the future of AML. In fact, even the regulators encourage this.  AI allows AML programs to evolve and scale. Financial crime is continuously evolving, particularly in our digital world. Your business is growing and changing as well. If both crime and your firm change, your AML platform can’t remain static; it must also be able to evolve and scale.

Be data agnostic. One of FINRA’s key findings of firms that failed to establish proper AML programs? Data gaps. If the data feeding your AML program has gaps or is inaccurate, your AML program will most likely fail, possibly resulting in fines and besmirching your reputation.

Look for a solution that integrates data from multiple sources to mitigate the risk of data gaps.  This is critical as data is typically scattered across multiple systems, and firms struggle with data silos. By aggregating, analyzing, and correlating data correctly and efficiently in a single platform, financial institutions can solve one of the toughest problems in compliance for anti-money laundering regulations.

Provide explainable AI for regulatory visibility. Regulators demand transparent documentation. Your solution must be able to easily detail why a particular decision was made or not made or a particular action taken or not taken. Solutions that provide white-box explanations — clear and concise explanations for why a transaction or account was flagged — are ideal for this.

Monitor transactions. A proper AML solution should have an advanced and robust transaction monitoring system. It’s the cornerstone of an effective AML compliance program. Your AML solution should be able to score transactions for credit, debit, ATM, and prepaid cards (and digital wallets) for card-present and card-not-present payments. It should also be able to score automated clearing house (ACH), wire, and peer-to-peer transactions.

Know Your Customer (KYC) and Customer Due Diligence (CDD). Your AML solution should either contain this function or be able to integrate with third-party systems to ensure new accounts, existing customers, and beneficiaries are free from money laundering activity and are not on terrorist, criminal, or other blocked persons watchlists. This must be a continuous process.

3. Schedule internal control reviews and reassessments.

FINRA levied a $17 million penalty on a financial services company for, among other reasons, the company’s failure to update its AML compliance program during a period of rapid growth. Remember, your AML compliance is not a set it and forget program.

For example, a large European bank failed to reassess its AML programs during a merger, resulting in over €200 billion in money laundering and an ensuing criminal investigation by U.S. authorities. Shares in the bank lost a third of their value.

Regulations require regular internal control reviews and reassessments. The best way to make sure this happens is to schedule these in advance on a quarterly or bi-annual basis. They should be essential, non-moveable processes in your AML compliance program.

4. Write it right.

You can’t have a compliant AML program without written AML policies and procedures. The reasons for this are twofold.

First, writing out your policies and procedures provides a prime opportunity to think through each step of your program and gain a thorough understanding of what all the steps are, the resources you’ll need, and the requirements you’ve covered.

Second, and more importantly, the EU Fourth Anti-Money Laundering Directive and FINRA Rule 3310 both require firms to implement a written AML program that is approved, in writing, by a senior manager.

Essentially, Rule 3310 establishes the minimum requirements for your AML policy and requires you to:

Create AML policies and procedures that are effective. Your policies should lead to the detection and reporting of money laundering activities.Comply with the Bank Secrecy Act.

Include independent testing for compliance.

Testing must occur on an annual basis if it is conducted by individuals who work directly with customer accounts.

Testing must occur every two years if it is conducted by individuals who do not execute customer transactions or hold customer accounts.

Designate an AML compliance officer who is responsible for implementing AML policies, procedures, daily operational AML monitoring, and internal controls.

5. Build an Efficient AML team.

In addition to designating a compliance officer, you must define the compliance officer’s duties, provide him or her with proper resources, and build an efficient AML team.

In truth, an efficient team isn’t a requirement — at least not with FINRA (though it is with other regulations such as the Dutch Money Laundering and Terrorist Financing (Prevention) Act. But it should be your own internal requirement. Why? To understand the reason, let’s compare two AML teams.

A basic AML program ensures each team member:

has clearly defined roles and responsibilities has complete knowledge of AML policies and procedures

is provided with a comprehensive onboarding plan

receives ongoing education and training

An Efficient AML Team

Efficient AML teams have all the attributes of a basic team, but they also have access to an AML risk platform that utilizes both a rules-based engine and an AI engine. This increases efficiency because it significantly lowers false-positive rates, and your team won’t spend thousands of hours a year investigating false positives. Instead, they’ll have the tools regulators are looking for — and they’ll be equipped to fight money laundering criminals.


Anti-money laundering compliance. It’s a phrase that might not garner the same intrigue as a spy thriller, but it does help fight issues like human trafficking, terrorism, drugs, and fraud. And while your AML Compliance Officer doesn’t ski down the Swiss Alps, exchanging gunfire with sinister villains after having just imbibed a shaken martini, lives actually do hang in the balance of a job well done or an opportunity lost. That’s no small responsibility. Perhaps you should start calling your AML Compliance Officer…Bond, James Bond. Though 007 sounds good too.


If you liked this article, consider downloading our eBook Anti-Money Laundering: How to Protect Your Bank’s Brand & Bottom Line