AML Verification: How to Not Get Fined

Introduced in 2020, the 6th Anti Money-Laundering Directive (6AMLD) identifies 22 crimes as being within its purview, including those related to digital assets and taxes.

This directive was penned by the European Union, but is one of the pieces of multinational legislation that sets the pace for money laundering law worldwide. In order to fall into compliance with 6AMLD, it is mandatory for financial institutions and certain other companies to have technological safeguards to avoid participation in these crimes. 

The scrutiny of these safeguards – layers of software security – must amount to an AML verification, or AML check.

The specifics of what constitutes a compliant AML check are sometimes characterized as a moving target, with the mandates changing regularly to encompass the expanding landscape of fraud and money laundering.

Let’s explore the practicalities of the current AML environment.

What Is AML Verification?

An AML verification, or AML check, is a data collection and analysis protocol that financial institutions must have in place in order to legally conduct transactions. In practicality, it is a background vetting process that is conducted during customer onboarding, as well as along their customer journey to the satisfaction of “existing expectations for SAR reporting”.

The process is designed to keep companies within legal compliance for anti-terrorist legislation like the Banking Secrecy Act in the US and European 6AMLD regulation, and other mandates that help keep the international economy safe. 

Notably, AML checks will overlap with the data gathered from KYC verification checks, though the former would normally take into account more information. But where KYC checks are mandated for financial and some other entities, AML verification also references other data-based strategies to address the concerns of money laundering specifically. 

How Does AML Verification Work?

To be compliant with international mandates, the name, date of birth, and address of the account holder must be validated. According to legislation, these data points are enough to be confident in a customer’s profile when it comes to potential liability. The institution will assess the validity of this personal information and ensure that they’re not on any sanctions lists, blacklists or PEP lists.

However, in the case of accounts not owned by individuals but companies, establishing the beneficial owner of a commercial entity can be tricky. Money launderers attempt to obfuscate the true ownership of a commercial bank account or other account within oversight to be able to use it as a bank drop to launder money.

Another way to hide transactions with criminal origins is to lean on plausible deniability. In some cases, bad actors at potentially high levels of a company might knowingly let financially valuable, criminal activity occur inside their systems. When it comes time to point the finger at a responsible party, these companies assume liability will get lost in the chaos of the blame game, to no conclusion.

To address this, Article 7 of 6AMLD assigns explicit criminality to situations where a “lack of supervision or control” makes a criminal act possible. Where, previously, correct liability was too vaguely defined to pursue legal action, the law now demands the place of blame to be occupied by a responsible professional, if not the beneficial owner.

What Is Beneficial Ownership?

A beneficial owner is defined as a single entity that owns or controls an interest in a legal or commercial entity, such as a company, property, or security. Most commonly, though, knowing the beneficial owner answers the question “Whose money is this, really?” This designation of ownership is in place for the sake of legal responsibility when it comes to that entity’s conduct in the larger economy.

In the context of AML legislation, the establishment of a beneficial owner of a financial product is also part of enhanced due diligence, as any legal culpability will fall to this person. For a personal bank account, the beneficial owner is, of course, the account holder, but for many larger accounts, there may be many apparent owners, one or several of whom must be designated the beneficiary.

Sometimes these layers of ownership will be structured to hide the beneficial owner, and, thus, the legal responsibility in the case of any wrongdoing. They may, for example, put in place unnecessarily complex ownership structures with layers of proxies or shell companies.

The Financial Crimes Enforcement Network (FinCEN) defines certain thresholds for the establishment of beneficial ownership. Generally, if an individual owns more than 25% of the interest in an entity, they are a legal beneficial owner. However, FinCEN has particular language for considering the below:

• when a financial institution wants to designate a beneficial owner as someone with less than 25% ownership and monitor them thereafter
• entities that have complex ownership structures – still must be broken down into individual percentages of ownership
• what addresses of a beneficial owner are acceptable
• how to handle new customers onboarding by proxy or via a representative
• how to handle potential instances of redundant AML checks – they must be completed for every new account, even if the data is already stored, and each instance must be retained
• a process to keep updated on the potential risk of ongoing customers – adhering to industry-standard CDD during transactions is satisfactory
• what documents are acceptable for the AML verification process

What Documentation Is Required for an AML Check?

To receive a valid AML verification, FinCEN also has a list of acceptable forms of identification that can be provided. These tend to overlap with KYC compliance checks and include:

• a government-issued photo ID that indicates full name and nationality, such as a passport or driver’s license
• a document that proves the individual’s address, such as a utility bill or correspondence from government organizations
• direct contact with the beneficial owner
• source of funds information, including financial records from other institutions
• regular updates to the above (subject to locally applicable legislation)

The validity of the above will be confirmed using identity verification software (IDV tools). At the financial entity’s discretion, photocopies of the above can be acceptable, as long as this is paired with a risk assessment during onboarding. The institution will also cross-reference the identity of the beneficiary against sanctions lists, PEP lists, and other applicable blacklists.

In the screenshot above, SEON is used to supervise potentially money laundering-related transactions.

Who Needs to Comply with AML Regulations?

Current AML regulations are based on the idea of keeping the economy and the world safe from terrorism, cross-border aggression, corruption and other criminal enterprises. Thus, any entity that could play or facilitate a role in the financing of the above falls under the jurisdiction of AML mandates. Across the world, AML requirements in banking are a given. But, depending on the country, there are also AML mandates for iGaming, fintech, high value dealers and more.

Generally, worldwide, the entities that are required to execute compliant AML verification are largely in the financial sector, though AML regulations have also expanded into verticals where money has traditionally been hidden, like luxury real estate, art collection, and gambling. For example, in cases where shell companies are used to purchase luxury residences. 

The industries that generally need to meet BSA AML compliance include:

• firms that buy or sell property or business entities ought to follow AML laws
• firms that deal in high-value items, such as art and antiques
• managerial services for clients’ money, securities, or other assets
• gambling and online gambling (iGaming) companies are subject to AML
• services that open or manage bank accounts
• companies that manage funds for the creation or management of companies
• firms that create or manage trusts, funds, and foundations are also subject

Notably, financial companies that want to play in the stateside banking sandbox have to comply with the specifics of the American AML regulation. Currently, these companies are:

• domestic financial institutions
• foreign financial institutions with US-based operations
• purely foreign banks with business interactions with US banks
• foreign banks that employ any stateside banking services, or are from sanctioned countries

In the UK, the businesses required to register for money laundering supervision extend to industries commonly associated with criminal laundering:

• high-value dealers such as art and antiques
• trust service providers that act in the stead of another legal entity
• accountancy providers
• real estate agencies
• a number of entities, often to do with legal practice and education, are also under the permanent supervision of the FCA – online casinos and other iGaming companies registered within the jurisdiction of AML mandates also must register, though companies registered outside that purview can still operate within regulated borders

Why Are AML Checks Important?

With the adoption of 6AMLD protocols, AML verification has become an even higher priority for financial bodies than it was. The most obvious benefit is being part of the greater effort to negate the financial power of criminal enterprises and terrorism worldwide – a reward in and of itself. But avoiding fines is also key for these companies.

For most companies, the looming threat of massive fines is a key motivator to maintain watertight compliance. For example, for companies in the EU subject to 6AMLD mandates, the punishments for noncompliance offenders were hardened significantly by comparison to 5AMLD, with the minimum fine now at €5/$4.8 million and four years imprisonment for the responsible party. 

Entities found to be repeat or extreme lawbreakers can also be subject to:

• denial of governmental benefits like grants and public funds
• temporary or permanent disabling of all business activity
• judicial surveillance
• court-ordered closings of physical premises

How Can SEON Help?

Staying compliant with AML regulations is a huge part of what SEON can help achieve. International AML mandates all describe a compliant process as one that has a risk-based software security solution in place to give confidence in the validity of new customers. 

Over 80% of SEON customers are under the jurisdiction of AML mandates, and we get them over the finish line of both compliance and ROI by providing flexible risk mitigation solutions.

We provide a way to do AML screenings, including checking whether names and their variations appear on any AML related lists – PEPs and RCAs, watchlists, fugitive lists, sanctions lists, and so on. SEON’s AML API can be used in isolation or as part of the end-to-end fraud prevention platform.

Our comprehensive risk assessment is based on real-time data being fed through machine-learning algorithms, escalating potential bad actors to further scrutiny and approving obviously good customers with minimal friction.

During AML checks, SEON allows fraud teams to do all of the following:

• spot synthetic, falsified identities
• see who is an AML liability
• flag PEPs and their relatives and monitor them closely
• look for suspicious connections with other flagged accounts
• identify patterns in suspicious users
• conduct transaction monitoring
• verify identities without the cost and friction associated with MFA or other SCA
• explore the validity of provided location data based on other location signifiers like IP fraud score or the presence of privacy services like a VPN
• source data for SARs
• reference AML-specific datasets for red flags

In other words, implementing SEON makes keeping AML compliant at both digital onboarding and throughout the customer journey by constantly checking for signs of misdeeds. 

The safest environment for a financial institution to do business in is certainly one that is free from money laundering, but cultivating that space requires work. With SEON, that work can be streamlined significantly, saving both time and operational costs while also boosting fraud prevention and mitigation.

In the screenshot above, SEON is used to pause the journey of customers from high-risk countries to be reviewed manually.

Sources

• GOV.UK: Who needs to register for money laundering supervision
• Willkie Compliance: Who is Subject to US AML Laws?
• FinCEN: Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions