Criminals turn to money laundering practices to keep their sources of dirty money hidden from banks and law enforcement. This means they will try to make their ill-gotten funds resemble legitimate business operations. According to the latest statistics from the United Nations Office on Drugs and Crime, the global value of money laundering is between $800 billion and $2 trillion per year. That’s roughly 2-5% of global GDP. UNODC notes that this figure may be inaccurate because it is difficult to measure the value of money that is laundered each year.

Banks must adopt an anti-money laundering (AML) compliance program as part of their role in and commitment to stopping money laundering activities. A bank’s AML program must be in writing and include policies, procedures, and workflows designed to meet AML compliance laws, such as those outlined by the Bank Secrecy Act (BSA). A bank’s AML program should also include a designated AML compliance officer, independent assessment of a program’s effectiveness, regular AML employee training, and procedures for conducting ongoing customer due diligence.

Legal penalties for banks and FIs that are found to be non-compliant with AML regulations can include civil actions, criminal charges or investigations, and increased regulatory scrutiny, depending on the specific type of violation. But that’s not the end of the bank’s problems. Charges of AML non-compliance and of giving criminal actors and organizations safe haven in a legitimate financial system can also severely harm the bank’s public reputation resulting in customer abandonment and lost revenue.

In 2020, financial regulators fined Australian bank Westpac a record $1.3 billion AUD ($961M USD) in AML non-compliance fines. In court documents, Austrac, the Australian financial regulatory agency, accused Westpac of committing more than 23 million violations of its own AML and CTF regulations.

Criminal activities supported by money laundering can include tax evasion, market manipulation, illegal narcotic trading, illegal weapon sales, human trafficking, slave labor, child pornography, and terrorism financing, just to name a few.

Money laundering usually includes three distinct stages.

Placement: First, criminals work to move the money they collected from illegal activities into a legitimate financial system.
Layering: Next, criminals work to disguise the source of their money using a series of transactions combined with accounting and bookkeeping tactics.
Integration: After the illicit funds have been made to look legitimate, criminals can withdraw them and use them to make purchases. These purchases can include luxury items like fancy cars or rich investments to further bolster their wealth.

It’s these last two stages of money laundering (layering and integration) that makes this activity so difficult to uncover. If dirty money manages to get deposited into a legitimate financial system it can be very challenging to track its source back to criminal activity or organization.

Money laundering activities will continue to exist as long as criminals seek ways to profit from their activities. Banks must implement a robust strategy that includes regular and ongoing KYC/CDD, watchlist management for both transactions and customer screening, and a strong AML transaction monitoring system. These measures must be in place from the moment a customer onboards with the bank and throughout the duration of their relationship.

For banks, detecting money laundering activities can be challenging, especially as criminals shift their tactics. However, here are some red flags that banks should be aware of, including:

Accounts that draw a significant share of funding from cash-based operations, deposits from individuals or businesses with no clear connection to the account holder, large deposits or withdrawals that don’t match the account holder’s lifestyle or business model, transactions originating overseas from countries with poor money laundering reputations, or account holders with criminal histories or linked to individuals with troubling backgrounds.

Money laundering will continue to be a reality for banks as long as there are criminals who find ways to profit from illegal activities. This means banks must constantly monitor their systems for deposits that could be linked to money laundering organizations by tracking the origin of funds, large cash deposits, and investigating suspicious activities and transactions linked to the account.

A single SAR can trigger a money laundering investigation. Investigations can also be triggered by adverse media or by a referral from law enforcement.

A suspicious transaction is a banking transaction that appears out of the ordinary and could be in violation of AML regulations, such as the BSA. These can include transactions involving large volumes of cash or an increase in cash deposits, or account activity that does not align with the type of business the account holder claims to represent.

Any of these types of suspicious activities observed by a bank can trigger a suspicious activity report (SAR), a method of reporting unusual banking activity outlined under the BSA. SARs are filed with FinCEN, which reports to the U.S. Treasury Department. SARs must be reported within 30 days of a bank uncovering a suspicious pattern. SARs are sometimes referred to as suspicious transaction reports (STRs).

There are few exceptions to the SAR reporting requirements. SARs are not required in the case of:

  • A burglary or robbery of a bank or FI;
  • Lost, stolen, counterfeit, or missing securities;
  • An insurance company who receives a false or fraudulent insurance claim, unless it is believed that the false claim relates to money laundering or terrorist financing.

Banks are not required to terminate their relationship with a customer if one or multiple SARs are filed. However, banks are encouraged to take a risk-based approach to determine whether the ongoing relationship with the customer is worth maintaining.

WLM tools are an essential part of any bank’s AML compliance program. Individuals, organizations, government agencies, and foreign governments are frequently targeted by sanctions or the subject of adverse media for money laundering, terrorist financing, drug trafficking, and other serious financial crimes. Individuals targeted by sanctions can also include PEPs and RCAs. When this happens, their names are added to a watchlist to alert banks that regulators consider these individuals to be high-risk.

Watchlists are frequently updated, sometimes depending on the global political developments. Because watchlists are constantly changing, making it difficult for banks to keep up with the most updated sanctions developments. For example, a bank may not realize that a customer they onboarded years ago has been sanctioned and is now considered high-risk.

Transactions and payments need to be screened in real-time to identify risks across the sender, receiver, intermediaries and more. Screening in real-time allows you to block high-risk transactions that may be funding illegal activities before they are processed, while simultaneously allowing safe transactions to process without delay or customer friction.

There are many global watchlists to leverage and screen against, depending on your business. Some examples are:

  • The Office of Foreign Assets Control (OFAC) Consolidated List
  • Specially Designated Nationals (SDN) List
  • Department of Foreign Affairs and Trade (DFAT) Australia Consolidated Sanctions List
  • European External Action Service
  • United Nations Security Council Consolidated List
  • HM Treasury’s Office of Financial Sanctions Implementation (OFSI)

There are Watchlist Management (WLM) solutions that can automatically scan hundreds of watch lists and stay current on whether an individual, business, or organization has been added to a sanctions list, labeled a PEP or RCA, or has been the center of adverse media. WLM solutions can alert banks if a customer has recently been added to one of these categories. With these insights, banks can take measures to protect their reputations or decline to onboard a customer deemed too risky or that could harm the bank’s reputation.

A politically exposed person (PEP) is an individual with a level of political influence that could put them at a higher risk of bribery. PEPs can include lawmakers or another type of political officeholder, a diplomat, a staff member at a government agency, members of a board of directors, judges, legal clerks, or officials from a major political party, to name a few. PEPs should be subject to ongoing monitoring as part of a bank’s AML program to track changes to a PEP’s profile.

A relative or close associate (RCA) is an individual with a direct or indirect connection to a PEP. Connections can include family relationships like spouse, sibling, parents, children, or close friend. It can also include professional relationships such as business associates or lawyers. RCA screening should be part of a bank’s AML program.

Adverse media is negative media coverage that a customer has received based on their history. It can include news reports of a customer’s criminal or checkered history, stories that harm the customer’s reputation and credibility, or that draw attention to the customer’s relationships and connections to problematic individuals like known criminals or suspected terrorist groups. It can also include reports of a customer’s financial problems that indicate they are vulnerable to bribery, corruption, or fraud.

For Customer Due Diligence

Banks will perform ongoing and frequent customer due diligence (CDD) assessments when establishing a new relationship with a potential bank customer as part of their AML program. CDD requires banks to verify the customer’s identity, the beneficial ownership of the customer’s business, and the nature of the business relationship.

Know Your Customer (KYC) are the protocols banks and FIs use to verify the identity of their customers, understand the customers’ source of wealth, and establish risk profiles to assess whether the customer is connected to money laundering or other financial crimes. KYC processes can occur both when onboarding a new customer or during the customers’ relationship with the bank.

CDD is a key component of the KYC process. Both are interconnected, but there are key differences between the two. While KYC is performed before a potential customer is onboarded to build a risk profile of a customer. CDD, meanwhile, is an ongoing process that checks whether the information provided during onboarding is correct and if the customer’s risk profile has changed since they first joined the bank. In other words, CDD enables KYC by establishing a customer’s identity and predicting the types of transactions the customer is most likely to engage in, and the extent the customer exposes the bank to a range of risks (such as money laundering or sanctions violations).

AML is a broad set of policies that banks implement to thwart money laundering and the flow of money to criminal or terrorist organizations. KYC, on the other hand, is part of a bank’s broader AML policies that is focused on verifying a customers’ identity and risk profile.


Anti-Money Laundering (AML) is a series of regulations, policies, procedures, and laws designed to make it harder for criminals to hide the sources of their illegal actions, prevent bad actors from profiting off criminal activities, and ensure banks don’t unintentionally (or intentionally) support criminal activities.

Combating the Financing of Terrorism (CFT) laws are designed to stop the flow of money to groups labeled as terrorist organizations by government agencies and bodies. CFT laws are designed to prevent terrorist activities and attacks by cutting off funding to terrorist organizations.

Criminals will use a variety of tactics to “launder” money through legitimate financial services. A common tactic is for criminals to funnel money they collected from illegal activities through a legitimate business like a restaurant that relies on cash transactions. The criminals’ money is handed off to the business and deposited as revenue. The criminal can withdraw the cash later. Other tactics include recruiting money mules (either suspecting or unsuspecting) to accept money transfers, depositing cash in foreign countries, or crooked investments.

Banks should perform AML checks during the customer onboarding process, as part of the customer due diligence (CDD) routine, and when hiring new bank employees. AML checks should also be performed on an ongoing basis to check deposits and transactions for suspicious activities.

AML compliance programs should be audited to ensure that the program operates as it is intended. This process is sometimes referred to as a “review” or a “test” of an AML program.

According to the Basel AML Index, the countries that pose the greatest risk of AML are Haiti, the Democratic Republic of the Congo, Mauritania, Myanmar, Mozambique, Cayman Islands, Madagascar, Mali, Senegal, and Uganda.

On the flip side, the Basel AML Index noted the following countries ranked for the lowest AML risk: Andorra, Finland, Cook Islands, Slovenia, Norway, Sweden, San Marino, Denmark, Lithuania, New Zealand, and Spain.

There are numerous agencies, bodies, organizations, and regulations worldwide that are responsible for enforcing existing AML regulations. They include:

  • The Financial Action Task Force (FATF) | Global
  • European Banking Authority (EBA) | EU
  • Anti-Money Laundering Directive (AMLD) | EU
  • Bank Secrecy Act (BSA) | USA
  • Office of the Comptroller of the Currency (OCC) | USA
  • Financial Crimes Enforcement Network (FinCEN) | USA
  • Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) | Canada
  • Financial Conduct Authority (FCA) | UK
  • Autorité des Marchés Financiers (AMF) | France
  • Federal Financial Supervisory Authority (BaFIN) | Germany
  • Federal Service for Financial Monitoring (FSFM) | Russia
  • China Banking and Insurance Regulatory Commission (CBIRC) | China
  • Financial Services Agency (FSA) | Japan
  • Hong Kong Monetary Authority (HKMA) | Hong Kong
  • The Financial Intelligence Centre (FIC) | South Africa
  • Australian Transaction Reports and Analysis Centre (Austrac) | Australia
  • Financial Intelligence Unit (FIU) | India
  • Monetary Authority of Singapore (MAS) | Singapore

There are four key types of AML screening technology currently available.

  • Transaction Monitoring: These solutions operate on an ongoing basis and use both historical information and profile information to identify transactions that could trigger a SAR filing.
  • Currency Transaction Reporting (CTR): CTR systems track cash transactions that are large enough to require reporting.
  • Customer identity management systems: These systems review numerous watchlists during the initial KYC process to monitor for risks. They continue to work beyond onboarding to monitor how a customers’ risk profile has shifted.
  • Compliance software: These solutions are designed to help banks and FIs ensure they meet their regulatory compliance obligations, demonstrate proof of compliance, enable training and education for bank personnel and staff, and offer audit tools for compliance offers to demonstrate how alerts are addressed.

Cryptocurrencies are a relatively new type of payment method. Like all payment methods, they have drawn the attention of criminals and fraudsters. Criminals like crypto and bitcoin disguise the sources of their funds, which can help their illegal activities go undetected by regulators. If left undetected, banks and regulators will struggle to bring criminals’ activity to light. Cryptocurrency regulations can also vary widely by geographic region. That’s why it’s critical that AML professionals understand the latest AML compliance regulations and requirements.

Your financial organization is required to have its AML policies and procedures outlined related to how to address suspected money laundering or other types of suspicious behaviors. Either you or a designated compliance officer will then file a SAR with the relevant authorities. In some jurisdictions, a SAR must be filed within 30 days after suspicious activity is detected.

Individuals charged with money laundering can face serious legal trouble, depending on the nature of the charges. The severity of the penalties can also vary depending on whether the charges are filed at the state or federal level. A misdemeanor money laundering charge can result in up to a year in prison and court fines. In the case of felony convictions, individuals can face more than a year in prison. If the individual charged is a repeat offender or if the activity is found to be connected to terrorist financing or a broader criminal enterprise, individuals can face prison sentences of 35 years or longer.

Criminals are drawn to the gambling industry because it operates with large amounts of cash. Casinos and other gambling establishments are required to report transactions in which they suspect someone is attempting to launder money through their organization. Casino staff should also be trained in how to spot money laundering activities and how to report suspected crimes.