AML Checklist + SAR and Policy Forms

AML compliance may seem daunting at first. With our AML checklist, it should be much easier to ensure you meet the right regulatory requirements.

What Is an AML Checklist?

An AML checklist helps you go through all the stages needed to protect your business against money launderers. This is an essential read for helping you create your AML toolkit.

This step-by-step process will help you decide what kind of AML fraud prevention & detection features you need to consider and why they’re important.

10 Steps to Better AML Checklists

Before you create your own checklist, make sure you go through our 10-point process below:

#1 Check If You’re in a High-Risk Industry for Money Laundering

Chances are that if you’re on this page, you’ve already been asked to meet AML requirements. But just to recap, here are the key industries where this will be needed:

• Money service businesses: A money service business, or MSB, is a legal term describing businesses that transmit or convert money. It covers banks and financial institutions, but also foreign currency exchanges and post offices.
  
• Real estate agencies: Criminals use real estate agencies to purchase property assets, usually hiding behind complex company structures. Governments have put strict AML regulations in place to ensure commercial or personal properties aren’t sold to money launderers.
  
• High-value dealers: High-value dealers are defined as companies whose cash payments average above $10,000 or more in exchange for goods.
  
• Trust or company service providers: TCSPs are involved in a range of services and activities for their customers, including acting as a director or secretary, providing a registered address, acting as a trustee, etc.
  
• Accountancy sector: Accountants would be the first ones to know if the source of funds from their clients appears illegitimate. Governments go straight to the source by targeting them with AML compliance.
  
• Art industry: The art market is attractive to money launderers. Art dealers and other participants must put controls in place to ensure they remain compliant.

#2 Grasp the Basics of Money Laundering

There are, broadly speaking, four key types of money laundering techniques:

1. Trade-based money laundering: Criminals move funds through the import/export of goods. Techniques designed to hide funds may include invoicing multiple times for the same shipment and misrepresenting the quality or quantity of goods.
   
2. Cash-based businesses: Criminals purchase brick-and-mortar businesses such as coffee places, candy shops, and launderettes to act as a front.
   
3. Banking money laundering: Illegal activities bring criminals vast amounts of cash, which they attempt to enter into the legal financial system via banks. This may include smurfing or money mules, who lend their accounts to cash-based criminal ventures.
   
4. Cryptocurrency money laundering: The pseudonymous and decentralized nature of cryptocurrencies has opened the door to new methods for money laundering. Bitcoin ATMs, for instance, are still pretty lenient when it comes to KYC and AML compliance checks.

#3 Perform Identity Verification Checks

Identity verification is a cornerstone of AML. Your business should know who it’s dealing with. Basic Know Your Customer verification includes reviewing the customer’s:

• full name
• date of birth
• residential address

That info must be validated with an official document, such as a driving license, national ID, or passport. 

And while video verification is increasingly becoming the norm for AML checks in certain industries, such as banking, note that it’s by no means the only technique you can use. 

#4 Add Alternative Data Checks to Your Process

The elephant in the room, when it comes to AML checks, is that fraudsters and criminals probably know how to fool your checks. This can have expensive consequences for your business. 

So how can you verify identities if you can’t trust ID documents? A great solution is to look at alternative data. 

Put simply, it allows you to learn who you’re dealing with based on public information. That data can come from:

• an IP address
• an email address
• a phone number
• the type of device they use

And it’s surprisingly effective. Combining that alternative data with risk scores, you can immediately filter out obvious fraudsters and criminals who attempt to use your business. This helps you save on expensive AML and KYC checks, and gives you more confidence in your compliance.

You can read more about leveraging alternative data for customer due diligence here.

#5 Check PEP and Sanctions Lists

PEP, or Politically Exposed Persons, are individuals in prominent positions. They are considered higher risk than the average person because they may be subject to bribery or corruption. Checking PEP lists is an AML requirement, and there are dozens of online services allowing you to do it.

Sanctions lists are usually lumped together with PEP checks, but you can also find online databases that specialize in that kind of data. These checks help ensure that you aren’t dealing with individuals or companies that have previously been penalized for money laundering.

#6 Monitor Transactions in Real-Time

Anti-money-laundering regulations require that you monitor transactions above a certain threshold. That threshold varies from one market to the next. In the US, it has been lowered to $3,000. 

So how does real-time transaction monitoring work? You usually deploy software (in-house or third-party), which analyzes data from every deposit, withdrawal or transaction. If it goes above a set threshold, you can review it, or automatically accept/deny the transaction.

The advantage of real-time transaction monitoring software is that you can customize the thresholds to meet your risk appetite. What’s more, it should be easy enough to change the thresholds when AML rules inevitably change.

#7 Go the Extra Mile With Behavior Analysis 

Now imagine you could get inside the mind of a money launderer. How do they interact with your business? Do they deposit loads of small amounts to fly under the radar? Do they log in from different, seemingly unconnected geolocations?

These are precisely the kind of questions you can answer by deploying custom risk rules on your site. 

Put simply, these rules are the closest thing you can get to behavior analysis, based on data. For instance, you could see if:

• Someone regularly changes their device and geolocation
• Someone makes a large number of small deposits into the same account
• Users all send the same amount to the same account
• Etc…

The idea, of course, is to preempt money laundering by understanding where the risk lies – going beyond what AML regulations recommend.

#8 Craft Your AML Policy

A nice and easy step: Your company should have an AML policy statement written and displayed on your website or client communications. 

It should explicitly state which checks you perform and for what reasons. This is not only to prepare yourself for legal checks but also to offer your users guidance. If you’re going to add friction to their journey, you can at least explain that it’s a legal requirement.

Looking for an AML policy template? Click here to download an example. 

#9 Prepare Records and Suspicious Activity Reports

SARs, or Suspicious Activity Reports, are an integral part of your AML strategy.

You need to be prepared to deliver information on people you suspect might be bad agents. That information takes the form of these reports, which are standardized to make it easier for AML compliance agents. 

But what about the data itself? Well, it also needs to be recorded. That means you must have systems in place to log client information – while meeting data protection standards. 

Here is a great example of a SAR, which will inform you of the kind of data you need to collect.

#10 Train Your Staff and Keep Track of AML Regulation Changes

This step should be straightforward and hopefully, our checklist will be a great primer on how to teach your staff about AML regulations.

Do remember that they tend to change all the time. Sanctions lists and PEP lists need to be updated regularly, and so do thresholds for transaction monitoring. 

Ideally, your AML software will keep track of all the regulatory changes, but you can of course check yourself by adding websites such as FINCEN in the US or legislation.gov.uk in the UK.

How to Augment Your AML Checklist With SEON

SEON is a flexible fraud prevention and customer intelligence solution for companies in need of extra intelligence and real-time transaction monitoring.

With modular features that adapt to your AML strategy, we give you complete flexibility in how you verify identities and understand user behavior. SEON offers modular APIs that help address your AML pain points. You’ll be able to:

• AML-check names against watchlists, crime lists, PEP and relatives lists, etc
• flag high-value transactions over the AML threshold with transaction monitoring
• capture and log in-depth information about your customers to assist SARs and other reports
• save money on KYC and IDV checks by weeding out fraudsters before they reach that step
• monitor customers‘ behavior, software, hardware and other data points to protect your operations
• minimize fraud such as account takeovers, identity theft, and more
• send you real-time alerts & fraud monitoring whenever any of the above or other conditions are met
• allow your compliance team to do better manual reviewing
• boost your automation efforts with powerful rulesets that are easy to configure

Our transparent, cancel-anytime pricing model also makes it easy to test the power of SEON to augment your AML checks. Best of all, there’s a 30-free day trial to help you get started with better compliance today. There is also a completely free version of SEON, with a few limitations.

AML Checklist FAQ

Learn more about:

• SEON: KYC & AML: What Are They & How They Work Together
• SEON: How to Set Up an AML Compliance Program