Understanding AML in Banking: Risks & Compliance

AML in banking is notoriously costly and challenging.

How costly? Figures from 2020 put spending at $214 billion worldwide, up by 18% year on year, per Napier.

Here, we will boost your understanding of how it works and how to do it right at your financial institution, neobank or challenger bank – as well as demonstrate exactly how SEON’s data enrichment and fraud prevention solution can help streamline it.

Why Is AML in Banking Important?

The scale of money laundering is hard to gauge.

According to the UNODC, it reaches 2–5% of the world’s entire GDP each year. This puts the estimate at around $800 billion and $2 trillion annually.

But why is it a problem for a challenger bank, neobank or fintech? On an organizational scale, failing to control that flow of dirty money into your system could:

• Incur hefty compliance fines: Failing to meet AML regulations will be extremely costly for your financial institution. 
• Damage your business reputation: You may face a PR disaster if your bank or neobank is found to be helping terrorists or criminals.
• Incentivize crime: An indirect consequence of allowing money laundering to take place is the fact you’re giving criminals figurative permission to continue with their illegal activities – if not emboldening them to use your organization for these schemes.
• Help finance terrorism: A key goal of AML is to reduce terrorist financing. Terrorist organizations rely on money to sustain themselves but accessing that money can be challenging, especially for large, cross-border amounts. Money coming from both legitimate and criminal sources funds terrorism worldwide.

Here is a table of AML fines paid by banks in 2019 alone in each of a set of prominent economies.

Meanwhile, In 2021, the defects in most banks’ AML processes led to enforcement fines north of $10.4 billion, a significant increase of 80% from 2019.

AML fines are nothing short of controversial in the banking world. But they are nevertheless a harsh reality.

Banks and neobanks who wish to remain competitive must do their best to ensure these compliance costs do not balloon to the point where they damage their bottom line.

A Timeline of AML in Banking

The US Bank Secrecy Act (BSA), enacted in 1970, is widely considered to be the earliest effort to curb money laundering in banking. After numerous edits and amendments, a special team was designated to administer it: the Financial Crimes Enforcement Network. 

In 1989, the Financial Action Task Force, or FATF, was launched to prevent money laundering in multiple countries. After the 9/11 attacks, it added terrorist financing to the list of crimes it attempts to prevent. 

The 1989 UN Vienna Convention article 3.1 defines money laundering as follows:

“The conversion or transfer of property, knowing that such property is derived from any offense(s), for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in such offense(s) to evade the legal consequences of his actions.”

Today, AML is regulated by a large number of organizations worldwide, along with the FATF:

• AMLD (Anti-Money Laundering Directive) in Europe
• The Financial Conduct Authority (FCA) in the UK
• FINTRAC (Financial Transactions and Reports Analysis Centre of Canada)
• CBIRC, the China Banking and Insurance Regulatory Commission
• FSA, the Financial Services Agency in Japan
• FIU, the Financial Intelligence Unity in India
• and more…

AML Guidelines for Banks

AML guidelines for banks include mandates to verify new customers’ identity and address, conduct regular customer due diligence (CDD) or, where appropriate, enhanced due diligence, track transactions over certain thresholds and submit SARs where appropriate, stay up to speed with any changes to a person’s PEP or blacklist status, and more.

Strictly speaking, anti-money laundering guidelines for banks, including neobanks and challenger banks, are defined by individual countries’ governments. However, they tend to be fairly similar worldwide since they want to be able to transact across regions as well as due to the influence of international bodies such as the United Nations Office on Drugs and Crime (UNODC) and the G7’s Financial Action Task Force (FATF).

How Does Money Laundering Work in Banking? 

The simple answer is that a criminal will place it, layer (launder) it and then integrate the illegally acquired funds. But how does this work in practice?

Suppose you are a criminal and want to buy a house. You can’t just pay for it in cash. Your illegal money needs to enter the banking system and be laundered, so you are not caught when using it.

There are three key stages to that process.

1. Placement: Dirty money enters the financial system. Typically, this is someone’s bank account – personal or business. For example, placement can come from cash-based businesses, payment for invoices with the wrong item quantities or quality, or smurfing (when criminals place small amounts of money in multiple accounts to avoid triggering AML verification checks).
   
2. Layering: Also called laundering, this stage essentially moves the money about. It’s often transferred to offshore companies or bounced from one shell company to another. The end goal is to hide its origin.
   
3. Integration: This is the final stage when the money is used to purchase assets. Most common assets purchased with previously dirty money include property, fine art, and commercial investments. Lately, NFTs have also been known to help launder money, as we covered in our explainer on metaverse fraud.

Do note that not all money is laundered through the banking system.

For example, the iGaming industry, which encompasses all real-money online gaming, is traditionally used by criminals in their laundering efforts. In fact, AML in iGaming is a major pain point for operators looking to find the right balance between a pleasant gaming experience and AML compliance.

How to Remain Compliant with Banking AML

AML compliance can be a headache for banks of all sizes and persuasions.

There are so many AML regulators that it may be hard to keep track of all the rules. This is particularly true for banks and neobanks that operate in multiple jurisdictions.

It is important to continue to keep the customer journey in mind too, as unnecessary friction can cause churn. Here are some tips to get you started.

1. Conduct Proper Risk Assessment 

An accurate, thorough risk assessment forms the foundation of an effective AML strategy.

In addition to the basic information you are forced by law to request, also assess your risk level and appetite as it relates to these three considerations:

Customers

Going beyond simple KYC verification, you will want to consider the customer’s job, income, location, and frequently used digital channels to get a sense for who they really are. 

Additionally, a bank will want to cross-reference with sanctions lists and politically exposed persons (PEP) lists, and consider the types of transactions they’re likely to conduct, too.

Locale

This entails deeply understanding the particular risks and challenges posed by a jurisdiction. For example, you might need to pay more attention to customers in countries where bribery and corruption are high. 

You can use SEON to control the risks associated with countries considered more risky. 

Here’s how:

First, create a custom list via the lists section: 

Next, leverage IP addresses by filling the data field IP country and adding those found on the international sanctions list. Here, we’re filtering out high-risk countries such as Yemen.

Next, we’ll create a customizable rule and call it “IP country is AML High Risk”.

Whenever a user from a high-risk country, say Yemen, tries to use your product, the rule creates a REVIEW alert.

You can also choose to automatically APPROVE or DECLINE the user’s transaction, depending on your risk appetite.

If it’s sent for review, your AML compliance team can check the details of the transaction for more information or log the details to submit an AML SAR report.

Financial Products and Services

You also have to examine the risks specific to your products and services. For example, you’ll need to trigger enhanced due diligence on customers who conduct international transactions frequently or use your bank’s investment services.

Money laundering techniques are constantly evolving, as is the regulatory landscape.

Don’t make risk assessment a one-time thing. Instead, keep evaluating it by monitoring customers’ behavior, as well as monitoring transactions. 

Also, stay updated with the latest compliance trends, so your bank won’t find itself paying any unnecessary fines. 

2. Leverage Alternative Data for Due Diligence  

While fraudsters are becoming smarter at fooling IDV checks, there are aspects of their presence that remain hard to fake: the traces they leave behind in their online activities – or those they don’t.

Put simply, this means that we can look in real-time at the online activity associated with their given email address, IP address or phone number to assess whether it matches the behavior of a legitimate individual. 

A real person will always have some digital footprint associated with their email address – for instance, the fact they’ve registered with it on Twitter, LinkedIn or TripAdvisor, or that they’ve been one of the victims of a data breach. An internet user who has no such activity at all is highly suspicious.

This digital footprint analysis can be done in batches, scaling up easily thanks to data enrichment. When combined with device fingerprinting and machine learning, it allows you to filter out fraudsters, including those who want to exploit your banking system for money laundering purposes. 

Further below, we’ll show you how to source this type of data with SEON.

3. Develop a Deeper Understanding of How Money Laundering Works

Developing a deep understanding of money laundering typologies can help you finetune your AML strategy. 

Specifically, make sure you’re aware of how the following work. ?ou can follow the links to find out more in-depth information.

Money mules: Criminals who specialize in laundering money, bringing it into the financial system by hiding its origins. These can be individuals working alone or an extensive network dispersed across multiple locations. To find them, you must go beyond identifying suspicious activities and look for information connecting the dots between accounts. 

Bank drops: This is the fraudster term for the accounts used to launder money. To create a bank drop, a fraudster will always provide fake personal information, because they cannot afford being found out. Good KYC and pre-KYC checks can mitigate against these.

Smurfing: Criminals split large transactions into smaller ones (below official thresholds) across different accounts, which is called smurfing. To protect your bank from smurfing, add monitoring rules that catch numerous small transfers of specific amounts at regular intervals.

This leads us to the next point. 

4. Improve Transaction Monitoring

AML regulations compel digital banks to monitor AML transactions, homing in on  those over a certain threshold. In the US, for instance, the official threshold is $3000. 

SEON’s scoring engine allows you to log and monitor transactions over a certain threshold easily. For instance, a simple rule that flags as higher risk all transactions over $3000.

But we can make this even more granular. In the example below, we have decided to flag all transactions over this threshold where the user’s IP address is in Russia and their payment card was also issued in Russia. 

Below, you see the results of this as well as three other rules triggering: SEON’s platform provides a risk score with in-depth explanations, including which rules were triggered and how many points each added to the score. 

What’s more, there’s also a blackbox score, as you can see in the bottom left. This user has been referred to the fraud analyst team for review – but the software can be easily configured to blacklist any such users, or even let them through. 

You can also take your transaction monitoring efforts one step further by setting up velocity rules considering and comparing transactions over a set period of time.

5. Prepare a Customer-Centric AML Policy 

As trivial as crafting an AML policy statement might seem, it goes a long way in helping your bank retain its customer base. This policy statement should explicitly state the checks you perform and their rationale, so that customers can rest assured that you’re doing your best to protect not just your organization, but them too.

Seeking an AML policy checklist? We have prepared a downloadable example to get you started. 

6. Expand the Team the Right Way 

It’s also important to ensure that there are enough resources on the bank’s compliance team. 

This is especially key for fintech startups, which might face abrupt growth and struggle to keep up with AML obligations because of it. 

And while your rapid expansion won’t permit you to add hundreds of staff to your team like your traditional counterparts, you can make the best of your limited capacity. 

How? By hiring the right people. 

The right hire is:

• A specialist: Although you might be tempted to hire candidates who can juggle different tasks, you’re better off hiring employees with prior experience and training (mostly from legacy banks) in either AML or fraud. 

• Curious and positive: You need team members who have a can-do attitude and will be willing to learn more about ongoing regulations and new risks. 

Since the best (and best appreciated by customers) course for banks is to leverage customer data to fight financial crime and fulfill compliance obligations, consider recruiting data scientists. These hires will prove helpful in creating profiles on expected customer behavior. 

SEON’s data enrichment can help data scientists with better clustering of your users based on hundreds of data points to do with their online presence, physical location, and software and hardware configuration. Identifying emerging patterns (between known money launderers, for example) can help you come up with even better rules against them. 

However, there’s always help off-site: SEON’s Customer Success team is made up of fraud analysts and managers, who regularly review your data to also flag any suspicious patterns.

What Is an AML Suspicious Activity Report (SAR) in Banking? 

A Suspicious Activity Report (SAR) is an official document that must be submitted to the relevant authorities if you suspect you are dealing with criminal activity. It is mandated on the list of the FATF’s 40 recommendations.

In the banking AML world, this will cover a customer or business who you may suspect is laundering money using your services. 

SARs are a key part of law enforcement, but also help governments perform risk assessments by identifying emerging trends in financial crime in order to develop new legislation or adapt existing laws. 

AML Systems in Banking

AML regulations are constantly evolving – but so are the tools and systems designed for compliance.

No matter how many competent hands you hire, the manual management of AML requirements isn’t sustainable. The volume and scale of your digital banking processes require swift response times while using legacy systems to sift through customer data for timely, relevant insights can be challenging. 

This is where AML software comes in. With the right AML tools, you can identify risks faster and more accurately, optimize alert thresholds in real-time, and better understand what suspicious customer behavior looks like. 

Look out for these features:

• No-friction pre-KYC checks. One way in which SEON’s customers consistently reduce compliance costs is by conducting checks on customers before they reach the KYC step. This means not having to pay to conduct IDV checks on obvious fraudsters. The savings quickly add up.
  
• Reliable ID verification. Good IDV software allows you to confirm users’ identities in a way that is convenient for them – while still fulfilling your legal obligations. Look into the preferences of your customer base as defined by their age and location: Are they fans of biometrics? Do they appreciate a quick video call more than scanning and uploading documents? etc.
  
• Transaction monitoring. As noted, you need to monitor transactions per regulatory specifications. Using an effective AML tool helps you achieve that with no hassle. 

• Real-time alerts. It’s not enough to monitor transactions. You need to ensure the monitoring is done in real-time so you and your team can quickly identify out-of-the-blue, large transactions. 
  
• Machine learning: Artificial intelligence algorithms have been at the forefront of AML detection for quite some time. Machine learning engines learn from previous cases where money laundering was identified and suggest relevant rules to ensure it doesn’t happen again using neural networks and heuristics.

How to Boost Your Banking AML with SEON

SEON is designed to add unique insights and frictionless flexibility to your anti-money laundering strategy by both enabling AML screenings and providing solid fraud defenses and granular reporting.

SEON offers features to help you assume complete control over risk rules and avoid regulatory fines, as well as AML specific screening capabilities.

These features include:

AML Screening

Enabled through a standalone API or as part of our end-to-end solution, SEON’s AML screening checks are designed to provide the confidence that the name of a new customer signing up for your new bank has been thoroughly checked against all applicable AML watchlists, including:

• PEP & RCA lists
• FBI’s Criminal and Fugitive lists, as well as other crime lists
• sanctions lists from competent authorities across the world
• watchlists and blacklists defined by authorities

What’s more, the results of these searches are logged on a granular level, to help you prove your compliance and provide supplementary data where needed. You can also set these checks to be run at regular intervals based on your local mandates.

Behavior Analytics and Real-Time Alerts 

Constantly examining user behavior is crucial in improving your AML compliance processes. And while you can do this with your team manually, SEON gives you a competitive advantage by allowing you to log and monitor all users’ activity on it. 

All you have to do is enable and/or create relevant preset, custom and velocity rules, and you’ll quickly know if an activity is suspicious or not:

For example, as we saw earlier, the tool can alert you in real-time about any transactions over a certain threshold.

A 360-Degree View of Customers 

Without disrupting their customer journey, data enrichment analyzes every user’s digital footprint, to identify even skilled money launderers early on. 

With a single email address, you can accurately determine a customer’s level of risk. 

All you have to do is get them to share their email address with you, which is a given in the digital world – and then either let the software enrich the data, or check for yourself manually.

No matter how hard a criminal tries to imitate a legitimate user – via spoofing their hardware or location and forging documentation, for example – it is virtually impossible to recreate a convincing digital footprint for each of the hundreds of personas they use to conduct their schemes.

In other words, these profiles are the most reliable assessment of a customer’s true intentions.

They can be used to outright block obvious fraudsters and also to minimize friction for good users, as SEON will also point out when a customer is very obviously legitimate – or even a high-value customer.

Overall, this strategy helps you: 

• fulfill your AML mandates 
• stop all types of fraud
• reward good users with a smooth customer experience 
• save on KYC and other CDD costs
• segment users for your marketing and other efforts

Our transparent, pay-per-API call pricing makes it the ideal solution to augment your current AML systems – whether you need to pre-filter obvious fraudsters or gain more information as part of your manual AML reviews.

FAQ

Sources

• UNODC: Money Laundering
• FATF: The FATF Recommendations
• Napier: The cost of compliance: future trends in AML
• Compliance Week: Fines against financial institutions hit $10.4B in 2020