Anti-money laundering laws in the EU are set to prevent money laundering and terrorist financing, and they apply to all financial institutions, as well as non-financial businesses and professions – such as lawyers, accountants, and real estate agents. The EU’s 4th Anti-Money Laundering Directive (AMLD4) and 5th Anti-Money Laundering Directive (AMLD5) are the main legislative acts that set the AML requirements for companies operating in the EU. These directives require companies to implement a robust AML compliance program, conduct customer due diligence, and report suspicious activities to the relevant authorities.
Non-compliance with AML laws and regulations can lead to severe consequences for companies. Non-compliance can lead to severe consequences, including hefty fines, reputational damage, and even criminal charges. Financial authorities such as the Financial Conduct Authority (FCA) in the UK and the Financial Crimes Enforcement Network (FinCEN) in the US have the power to impose heavy fines on companies that fail to comply with AML laws and regulations.
The AML compliance process in a nutshell
The AML compliance process is a multi-faceted approach that involves several steps to ensure that a company is meeting its AML obligations. To fulfill their AML duties, companies need to consider a number of different factors, including:
- Risk Assessment: The first step in the AML compliance process is to conduct a risk assessment. This involves identifying and assessing the money laundering and terrorist financing risks that the company may be exposed to. The risk assessment should take into account the company’s business model, customer base, and geographic locations, amongst others.
- Customer Due Diligence: Once the risks have been identified, companies need to conduct customer due diligence (CDD or SDD) to verify the identity of their customers. This includes collecting and verifying information such as the customer’s name, address, and identification number. This is often referred to as Know Your Customer or Know Your Business (KYC or KYB). Companies also need to conduct enhanced due diligence (EDD) on high-risk customers, including those who are classified as Politically Exposed Persons (PEPs).
- Transaction Monitoring: Companies need to implement a transaction monitoring system to detect and report suspicious activities. This involves identifying and analyzing transactions to detect patterns or anomalies that may indicate money laundering or terrorist financing.
- Incident Management: Companies need to have a robust incident management process in place to respond to any AML-related incidents that may occur. This includes documenting and reporting suspicious activities to the relevant authorities and taking appropriate action to address the incident.
- Ongoing Compliance: AML compliance is an ongoing process that requires continuous monitoring and updating. Companies need to stay up to date with the latest laws and regulations and adapt their compliance program accordingly.
- Training: Providing regular AML training to employees is essential for ensuring compliance. This can help employees identify and report suspicious activities, understand their compliance responsibilities and adhere to the company’s AML policies and procedures.
- Auditing: Regular auditing of the compliance program is essential to ensure that the program is being implemented correctly and that the company is meeting its AML obligations. Auditing can be done internally or by a third-party auditor.
In summary, the AML compliance process is a multi-step approach that involves conducting a risk assessment, conducting customer due diligence, implementing a transaction monitoring system, having a robust incident management process, staying up to date with laws and regulations, providing regular training, and conducting regular auditing.
Non-compliance can be expensive – AML fines
Some notable examples of companies that have been hit with AML fines by financial authorities include:
- In 2018, Deutsche Bank was fined $630 million by the US Department of Justice for failing to have adequate AML controls in place. The bank was found to have processed $10 billion in suspicious transactions without properly reporting them to authorities.
- In 2019, Danske Bank was fined $234 million by the US Securities and Exchange Commission for AML violations. The bank was found to have processed billions of dollars in suspicious transactions through its Estonian branch without proper AML controls in place.
- In 2020, Standard Chartered Bank was fined $1.1 billion by US and UK regulators for AML violations. The bank was found to have failed to properly monitor transactions involving high-risk customers, including those linked to Iran and North Korea.
- In 2021, JPMorgan Chase was fined $2.5 billion by the US Department of Justice and the Office of the Comptroller of the Currency for AML violations. The bank was found to have failed to properly monitor transactions involving high-risk customers and had inadequate AML controls in place.
- In 2020, HSBC was fined $1.9 billion by US authorities for AML violations. The bank was found to have failed to properly monitor transactions involving high-risk customers, including those linked to Mexico, Iran, and Syria.
These examples show that even large and well-established companies are not immune to AML fines. Financial authorities are taking a stricter approach toward AML compliance and companies need to ensure that they have proper AML controls in place to avoid such fines.
Staying safe in an ever-changing regulatory landscape
To ensure compliance with AML laws, companies first need to adopt a risk-based approach. This means that companies should assess the risk of money laundering and terrorist financing activities in their business and design their AML compliance program accordingly. The program should include measures such as customer due diligence, transaction monitoring, and suspicious activity reporting. In addition, customer vetting for PEP and sanction list is key.
PEP screening is a process of identifying individuals who are or have been entrusted with a prominent public function, such as politicians, government officials, and their family members. These individuals may pose a higher risk of money laundering and corruption, and companies are required to conduct enhanced due diligence on them.
Sanction list scanning, on the other hand, is a process of identifying individuals and entities that are on the sanctions list of regulatory bodies such as the United Nations, the European Union, and the US Office of Foreign Assets Control (OFAC). These individuals and entities are subject to financial sanctions and companies are prohibited from doing business with them.
One way for companies to ensure compliance with the new, stricter AML laws is by implementing specialized AML software into customer onboarding processes.
AML software can prove to be a crucial tool for companies to prevent, detect and report money laundering activities. Such software helps companies comply with AML laws and regulations set by regulatory bodies such as the Financial Action Task Force (FATF), the European Union (EU), and its national financial authorities.
Kyros – Your one-stop shop for AML compliance
One such tool is Kyros AML Data Suite. Kyros AML Data Suite is a complete SaaS (Software as a Service) software that helps companies fulfill their AML compliance requirements. Kyros is incorporated in Estonia but was founded by a Norwegian serial entrepreneur and former attorney with extensive KYC and AML experience.
Essentially, Kyros is a cloud-based SaaS software, offering an online AML workbench to onboard, process, and monitor natural persons and business customers. It integrates into your existing back office via API. Kyros offers to allow for automated risk-scoring of customers, PEP and sanction list scanning, KYC-authentication on demand, data enrichment of existing customers, live transaction monitoring, rule-based alerts, and easy SAR/STR (Suspicious Activity Report / Suspicious Transaction Report) reporting. Kyros currently supports 200+ countries.
Kyros is the perfect tool for licensed cryptocurrency exchanges, casino operators, banks, EMIs, real estate agents, auction houses, and many more. In effect, Kyros helps these companies identify and mitigate the risk of money laundering and terrorist financing activities – ultimately ensuring that they keep their license.
Competing or complementary KYC or AML software providers include Trulioo, Veriff, Accuity, Fircosoft, and LexisNexus. It is important for companies to carefully evaluate the features and capabilities of different AML software providers before making a decision.
It’s important to note that AML compliance is an ongoing process and companies need to stay up to date with the latest laws and regulations. The regulatory environment is constantly changing, and companies need to adapt their compliance program accordingly.
In summary, AML software is a crucial tool for companies to comply with AML laws and regulations. It can help companies automate many of the compliance tasks, make them more efficient and prevent money laundering activities before they occur. Companies need to adopt a risk-based approach, implement a robust AML compliance program, conduct regular testing and monitoring, and stay updated on the latest laws and regulations. Companies such as Kyros AML Data Suite can assist them in fulfilling their AML compliance requirements, including onboarding, processing, and monitoring customers and their financial transactions.