Discover our latest AI-powered innovations around faster payments, smarter workflows, and real-time visibility.Learn more →
Anti-money laundering (or AML) compliance entails a careful adherence to rules and regulations aimed at combating illicit financial activities. In the US, AML compliance is upheld by the US Treasury’s Financial Crimes Enforcement Network (FinCen) and governed by the Bank Secrecy Act (or BSA). AML compliance is also referred to as BSA/AML compliance.
All companies that partner with banks and build products to move money are subject to anti-money laundering (AML) regulations since banks are required to ensure AML compliance for business customers they underwrite.
At its simplest, money laundering refers to the “cleaning” of money obtained illegally using legitimate financial institutions. As an example, someone involved in criminal activity might clean stolen money by depositing small amounts into multiple bank accounts, transferring this money to other accounts, and then withdrawing the money, thus distancing the funds from their illicit origins. Ostensibly a source for the phrase “money laundering,” Al Capone famously opened laundromats as a front to account for and process money he obtained through criminal activity during prohibition.
There are traditionally three stages in money laundering (placement, layering, and integration) and AML compliance aims to deter this process within the first two stages. Returning to the example of someone cleaning stolen money through bank deposits and withdrawals, placement would entail opening bank accounts and layering would occur when the bad actor mixed their money with legitimate funds through small bank transfers. Finally, integration would involve the purchase of a house or car with the clean money, thus re-entering previously dirty funds into the economy.
AML compliance programs aim to catch laundering before integration (after which detection is more difficult) with onboarding detections like KYC (or “know your customer,” which involves identity verification and cross-checks), transaction monitoring, and ongoing diligence (including oversights, reviews, and audits).
Why is AML compliance important?
According to the UN Office on Drugs and Crime, between $800 billion and $2 trillion US dollars are laundered annually worldwide. In addition to disrupting economies, these funds fuel activities with large and dangerous social impacts including drug trafficking, terrorism, human trafficking, cyber attacks, smuggling, nuclear proliferation, and a host of other criminal and fraudulent activities.
In fact, money laundering is the nexus where many illegal operations converge; regardless of the type of crime, attaining money is very often the end goal. (Note: money laundering doesn’t have to involve legal tender, since digital currencies, goods, and services can also entail crime.) Because money laundering is central to illicit activity, financial institutions are uniquely positioned to prevent and report on significant crimes, in part using AML compliance.
Businesses can be subject to heavy fines and sanctions or even lose a license for failures in AML compliance. In 2021, for example, FinCEN issued $1.6B in fines to 55 companies and banks for money laundering. And this type of criminal activity isn’t going away any time soon. With surging ransomware attacks threatening businesses of all sizes, AML compliance will continue to be essential in protecting financial systems used to facilitate payments.
What makes AML compliance challenging?
AML compliance can be difficult for businesses to establish and uphold for a number of reasons:
- Setting up a rigorous compliance program is complex, time-consuming, and unlikely to be a core business competency
- Regulations at the state, federal, and international level consistently evolve
- AML compliance needs to be set up right, properly maintained, and regularly updated—and the risks of failure are significant
- Businesses often rely on multiple tools and systems to ensure compliance, causing inefficiency and increasing risk if one system fails
- While some automations exist, AML compliance ultimately relies on some level of human oversight (ie. valuable company resources)
Try Modern Treasury
See how smooth payment operations can be.
Learn
Compliance is a crucial function for any company that moves money on behalf of their customers. Dive into the fundamentals behind key compliance processes like KYC, KYB, transaction monitoring, and more.
Compliance risk management (CRM) is the ongoing process of identifying, assessing, and mitigating potential risks that threaten an organization’s business.
Customer due diligence (CDD) is a process used at financial institutions (FIs) when working with potential new customers.
The Customer Identification Program (CIP), part of the Know Your Customer program guidelines, requires that financial institutions in the U.S. verify that customers (both individuals and businesses) are who they say they are when they open new accounts for themselves or other people.
FinCEN, short for Financial Crimes Enforcement Network, is a government bureau that aims to prevent money laundering and other financial crimes—and punish bad actors that commit them.
Know Your Business (KYB) is a set of verification procedures that helps companies avoid getting into business with criminals.
The Office of the Comptroller of the Currency (OCC) is a federal agency that "charters, regulates, and supervises" all national banks.
According to the Department of Labor (DOL), Personal Identifiable Information (PII) is any information from which a person’s identity can be either directly or indirectly inferred.
A Politically Exposed Person (PEP) is someone that might be more likely to break the law or be corrupt because of the power their position affords them.
Specially Designated Nationals (SDN) are individuals and entities tied to countries that the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has hit with sanctions.
A Suspicious Activity Report (SAR) is a report that a bank or other financial institution must file if it suspects that a customer might be breaking the law and committing fraud, financing terrorism, or laundering money.
Anti-money laundering (or AML) compliance entails a careful adherence to rules and regulations aimed at combating illicit financial activities.
Know Your Customer or Know Your Client (KYC) is a set of guidelines for verifying the identity of a customer and gauging the associated risk of working with them.
The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency under the jurisdiction of the US Treasury Department.
PCI DSS certification means your business has met the requirements laid out in the Payment Card Industry Data Security Standard (PCI DSS) to secure payment card data.
Service Organization Control 2 (SOC 2) is a voluntary auditing procedure that service providers complete to keep their clients’ data secure from cyber attacks.
Section 314(a) is part of the USA Patriot Act that enables financial institutions (FIs) and law enforcement to work together to fight money laundering and terrorist activity.
Section 314(b) and Section 314(a) of the USA Patriot Act both relate to information requests under the Banking Secrecy Act (BSA).
A currency transaction report (CTR) is a report made by U.S. financial institutions aiming to prevent money laundering.
An Agent of the Payee is a person, entity, or other intermediary specifically appointed by a payee to process and collect payments on their behalf.
Identity Verification APIs allow businesses to streamline the process of checking the identities of new users by automatically, and in some cases instantly, verifying their provided identifying information.
The Bank Secrecy Act (BSA)—also known as the Currency and Foreign Transactions Reporting Act—is a piece of legislation designed to help prevent fraud.
The Electronic Fund Transfer Act (EFTA) is a federal law in the U.S. that regulates electronic transactions to protect consumers.