AML regulatory landscape
Anti-money laundering (AML) uses a series of financial transactions to convert the proceeds of crimes into “clean” money indistinguishable from any other funds. This three-stage process involves:
- Placement of criminal proceeds into the financial system.
- Layering of financial transactions to obscure the source of the funds.
- Integration of the obscured funds into the financial system to appear “clean.”
In addition to laundering the proceeds of crimes such as drug trafficking, these techniques obscure the opposite money trail from “legitimate” sources to criminals and terrorists. Many financial regulations now include provisions for both anti-money laundering and combatting the financing of terrorism (CFT). Examples of money laundering laws include:
Bank Secrecy Act (United States of America)
As amended by the PATRIOT Act, the Bank Secrecy Act (BSA) requires American financial institutions to help federal law enforcement combat money laundering and terrorism financing.
Institutions must report large transactions, foreign bank accounts, and suspicious activities to the United States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN).
Sanctions and Anti-Money Laundering Act (United Kingdom)
Following its departure from the European Union, the UK Parliament passed the Sanctions and Anti-Money Laundering Act 2018 (SAMLA 2018) to restore the authority to impose regulations and sanctions for money laundering and terrorism financing.
5th Money Laundering Directive (European Union)
Over the past quarter-century, the European Union has introduced a series of anti-money laundering directives to unify regulations, compliance requirements, and enforcement across EU member-states. The most recent 5th round (AMLD5) enhanced transparency, tightened cryptocurrency regulation, and improved communications between regulatory offices.
Financial Action Task Force (International)
In a global financial system, money laundering does not respect national jurisdictions. The Financial Action Task Force (FATF) is an intergovernmental body that coordinates AML/CFT enforcement. FATF research identifies illicit activities trends, proposes money laundering regulations standards, evaluates member performance, and flags high-risk countries.
What financial institutions require for AML
Companies that offer financial services must have robust AML/CFT programs to prevent terrorists and organized crime organizations from using their services for criminal activity. Some elements of an effective AML/CFT program include:
Risk assessment
Most regulations require a risk-based approach to preventing illicit activity. As part of an overall risk management process, financial institutions must assess money laundering risks such as:
- Size and frequency of transactions.
- Location of customers and accounts.
- Regulatory exposure.
This risk assessment cannot be a one-time event. Firms must regularly review their tolerance of and exposure to AML/CFT risk.
Know your customer
A pillar of effective AML compliance is understanding who you do business with by implementing a thorough Know Your Customer (KYC) process. Companies that deal with the public must verify each customer’s identity. Institutions serving business customers must confirm their customers’ location and beneficial ownership. Beneficial owners are the people with a controlling interest in the company.
Sanctions screening
KYC programs allow institutions to comply with financial sanctions laws that prevent named criminals, terrorists, and other individuals from accessing the global financial systems. Although international coordination happens, these lists vary from country to country. The Office of Foreign Assets Control (OFAC) enforces sanctions in the United States. On the other hand, regulators within each member state enforce European Union sanctions.
Screening politically exposed persons
In addition to identifying known criminals, financial institutions must use their KYC processes to monitor accounts owned or controlled by senior government officials whose positions create opportunities for corruption. Screening these Politically Exposed Persons (PEPs) helps prevent political corruption that could support money laundering or terrorist financing.
Transaction monitoring and detection
Financial institutions must implement ongoing monitoring systems that can detect money laundering activities. These systems use transaction histories to establish patterns of behavior for each customer. Comparing real-time transactions to these behavior patterns reveals suspicious transactions for investigation and reporting.
4 types of anti-money laundering measures
Companies must implement several measures to comply with AML regulations, ranging from how they investigate their customers, what kinds of reports they must file, and how they oversee their compliance efforts.
Customer due diligence
AML compliance programs must implement customer due diligence (CDD) rules to identify and assess each customer’s risk of criminal activity. For example, FinCEN’s CDD Rule requires financial institutions to:
- Identify and verify customer identities.
- Identify and verify beneficial owners’ identities.
- Understand customer relationships to develop customer risk profiles.
- Monitor transactions, update customer identification, and report suspicious activities.
Enhanced due diligence
Institutions must apply enhanced due diligence (EDD) procedures to fully assess the AML/CFT threat posed by high-risk customers. These measures are not limited to those on sanctions or PEP lists. Anti-money laundering programs must also evaluate the risks presented by high-net-worth individuals, people living in high-risk countries, or those accessing risky financial services.
Suspicious activity reporting
Regulators cannot monitor the financial system directly. Instead, they rely on financial institutions to monitor their internal systems and report unusual activity that could support money laundering and other financial crimes.
When institutions detect unusual transaction patterns, they must submit suspicious activity reports (SAR) to their regulator. The definition of “suspicious” is not set in stone, varying between institutions, transaction types, and customer risk profiles.
Some transactions trigger reports whether or not there are signs of suspicious activity. Currency transaction reports (CTRs) let regulators see every large deposit, withdrawal, or other transaction. US regulators set this threshold at $10,000. To prevent criminals from structuring transactions to avoid the CTR limit, institutions must submit an SAR when they detect multiple transactions over several days that combine to exceed the threshold.
AML compliance oversight
AML laws assign responsibility for compliance to the institution’s board of directors and senior management. They must ensure the company has controls to monitor, identify, and enforce AML practices. Typically, a compliance officer will oversee these AML compliance efforts. These officers report to senior management and the board, giving them enough independence to avoid undue influence from within the organization.
What is an example of an anti-money laundering scenario?
In July 2023, Bank of America’s Merrill Lynch brokerage arm paid a $6 million fine to the Financial Industry Regulatory Authority (FINRA) and a $6 million penalty to the Security and Exchange Commission (SEC) for failing to meet the BSA’s AML reporting requirements.
Merrill Lynch and other broker-dealers must submit SARs for transactions exceeding a $5,000 threshold. However, Bank of America and other national banks must file a SAR for suspected criminal transactions of $25,000 or more.
After the two companies combined in 2009, the merged company’s AML program applied the higher threshold to all Merrill Lynch transactions. In the ten years before discovering the error, Merrill Lynch failed to file reports for roughly 1,500 suspicious transactions.
How Starburst and data analytics are leading the fight against AML
Financial institutions increasingly rely on data analytics to overcome challenges in the fight against money laundering. Rapid identification of suspicious activity requires near real-time analysis of financial transactions, which the complexity of modern data architectures undermines. Moving and copying data through pipelines takes time and makes data less relevant to immediate action. In this regard, filtering false positives is a particular challenge as it requires access to data in disparate stores and locations.
Another challenge is reconciling hundreds of national and regional AML/CTF regulations with hundreds of data privacy and sovereignty regulations. Identifying, investigating, and reporting suspicious activities requires speedy access to KYC, CDD, and EDD data. However, privacy regulations require strict limits on who may access personally identifiable information (PII). Likewise, data sovereignty regulations limit the transfer of PII across national boundaries.
Starburst Stargate creates a virtual gateway for cross-cloud data analytics. Applying Stargate’s query abstraction layer over your institution’s globally-dispersed data architecture lets you create virtual data warehouses for your AML programs.
Through a single interface, compliance officers can query and analyze data from anywhere in the company without slow, complex ETL processes.
All data remains at the source, so there’s no need to invest in additional storage infrastructure.
Stargate’s single point of access applies compliance rules to queries at runtime, allowing AML teams to get the data they need without compromising privacy and sovereignty compliance efforts.
See how a global investment bank used Starburst to reduce false positives, speed investigations, and minimize the risk of AML non-compliance. For more information about the Stargate platform, check out our solution brief.