AML Verification: Processes for AML Compliance

by PJ Rohall

Introduced in 2020, the 6th Anti Money-Laundering Directive (6AMLD) identifies 22 crimes as being within its purview, including those related to digital assets and taxes.

This directive was penned by the European Union, but is one of the pieces of multinational legislation that sets the pace for money laundering law worldwide. In order to fall into compliance with 6AMLD, it is mandatory for financial institutions and certain other companies to have technological safeguards to avoid participation in these crimes.

The scrutiny of these safeguards – layers of software security – must amount to an AML verification, or AML check.

Let’s explore the practicalities of the current AML environment.

What Is AML Verification?

An AML verification, or AML check, is a data collection and analysis protocol that financial institutions must have in place in order to legally conduct transactions. In practicality, it is a background vetting process that is conducted during customer onboarding, as well as along their customer journey to the satisfaction of “existing expectations for SAR reporting”.

The process is designed to keep companies within legal compliance for anti-terrorist legislation like the Banking Secrecy Act in the US and European 6AMLD regulation, and other mandates that help keep the international economy safe.

Notably, AML checks will overlap with the data gathered from the KYC verification process, though the former would normally take into account more information. But where KYC checks are mandated for financial and some other entities, AML verification also references other data-based strategies to address the concerns of money laundering specifically.

How Does AML Verification Work?

To be compliant with international mandates, the name, date of birth, and address of the account holder must be validated. According to legislation, these data points are enough to be confident in a customer’s profile when it comes to potential liability. The institution will assess the validity of this personal information and ensure that they’re not on any sanctions lists, blacklists or PEP lists.

However, in the case of accounts not owned by individuals but companies, establishing the beneficial owner of a commercial entity can be tricky. Money launderers attempt to obfuscate the true ownership of a commercial bank account or other account within oversight to be able to use it as a bank drop to launder money.

Another way to hide transactions with criminal origins is to lean on plausible deniability. In some cases, bad actors at potentially high levels of a company might knowingly let financially valuable, criminal activity occur inside their systems. When it comes time to point the finger at a responsible party, these companies assume liability will get lost in the chaos of the blame game, to no conclusion.

To address this, Article 7 of 6AMLD assigns explicit criminality to situations where a “lack of supervision or control” makes a criminal act possible. Where, previously, correct liability was too vaguely defined to pursue legal action, the law now demands the place of blame to be occupied by a responsible professional, if not the beneficial owner.

Infographic illustrating the AML regulators around the world

Why Are AML Verification Important?

With the adoption of 6AMLD protocols, AML verification has become an even higher priority for financial bodies than it was. The most obvious benefit is being part of the greater effort to negate the financial power of criminal enterprises and terrorism worldwide – a reward in and of itself. But avoiding fines is also key for these companies.

For most companies, the looming threat of massive fines is a key motivator to maintain watertight compliance. For example, for companies in the EU subject to 6AMLD mandates, the punishments for noncompliance offenders were hardened significantly by comparison to 5AMLD, with the minimum fine now at €5/$4.8 million and four years imprisonment for the responsible party.

Entities found to be repeat or extreme lawbreakers can also be subject to:

denial of governmental benefits like grants and public funds
temporary or permanent disabling of all business activity
judicial surveillance
court-ordered closings of physical premises

What Documentation Is Required for an AML Verification?

To receive a valid AML verification, FinCEN also has a list of acceptable forms of identification that can be provided. These tend to overlap with KYC compliance checks and include:

a government-issued photo ID that indicates full name and nationality, such as a passport or driver’s license
a document that proves the individual’s address, such as a utility bill or correspondence from government organizations
direct contact with the beneficial owner
source of funds information, including financial records from other institutions
regular updates to the above (subject to locally applicable legislation)

The validity of the above will be confirmed using identity verification software (IDV tools). At the financial entity’s discretion, photocopies of the above can be acceptable, as long as this is paired with a risk assessment during onboarding. The institution will also cross-reference the identity of the beneficiary against sanctions lists, PEP lists, and other applicable blacklists.

In the screenshot above, SEON is used to supervise potentially money laundering-related transactions.

Who Needs to Comply with AML Regulations?

Current AML regulations are based on the idea of keeping the economy and the world safe from terrorism, cross-border aggression, corruption and other criminal enterprises. Thus, any entity that could play or facilitate a role in the financing of the above falls under the jurisdiction of AML mandates. Across the world, AML requirements in banking are a given. But, depending on the country, there are also AML mandates for iGaming, fintech, high value dealers and more.

Generally, worldwide, the entities that are required to execute compliant AML verification are largely in the financial sector, though AML regulations have also expanded into verticals where money has traditionally been hidden, like luxury real estate, art collection, and gambling. For example, in cases where shell companies are used to purchase luxury residences.

The industries that generally need to meet BSA AML compliance include:

firms that buy or sell property or business entities ought to follow AML laws
firms that deal in high-value items, such as art and antiques
managerial services for clients’ money, securities, or other assets
gambling and online gambling (iGaming) companies are subject to AML
services that open or manage bank accounts
companies that manage funds for the creation or management of companies
firms that create or manage trusts, funds, and foundations are also subject

Notably, financial companies that want to play in the stateside banking sandbox have to comply with the specifics of the American AML regulation. Currently, these companies are:

domestic financial institutions
foreign financial institutions with US-based operations
purely foreign banks with business interactions with US banks
foreign banks that employ any stateside banking services, or are from sanctioned countries

In the UK, the businesses required to register for money laundering supervision extend to industries commonly associated with criminal laundering:

high-value dealers such as art and antiques
trust service providers that act in the stead of another legal entity
accountancy providers
real estate agencies
a number of entities, often to do with legal practice and education, are also under the permanent supervision of the FCA – online casinos and other iGaming companies registered within the jurisdiction of AML mandates also must register, though companies registered outside that purview can still operate within regulated borders

How Can SEON Help?

Staying compliant with AML regulations is a huge part of what SEON can help achieve. International AML mandates all describe a compliant process as one that has an AML software security solution in place to give confidence in the validity of new customers.

Over 80% of SEON customers are under the jurisdiction of AML mandates, and we get them over the finish line of both compliance and ROI by providing flexible risk mitigation solutions.

We provide a way to do AML risk assessment, including checking whether names and their variations appear on any AML related lists – PEPs and RCAs, watchlists, fugitive lists, sanctions lists, and so on. SEON’s AML API can be used in isolation or as part of the end-to-end fraud prevention platform.

Our comprehensive risk assessment is based on real-time data being fed through machine-learning algorithms, escalating potential bad actors to further scrutiny and approving obviously good customers with minimal friction.

During AML checks, SEON allows fraud teams to do all of the following:

spot synthetic, falsified identities
see who is an AML liability
flag PEPs and their relatives and monitor them closely
look for suspicious connections with other flagged accounts
identify patterns in suspicious users
conduct transaction monitoring
verify identities without the cost and friction associated with MFA or other SCA
explore the validity of provided location data based on other location signifiers like IP fraud score or the presence of privacy services like a VPN
source data for SARs
reference AML-specific datasets for red flags

In other words, implementing SEON makes keeping AML compliant at both digital onboarding and throughout the customer journey by constantly checking for signs of misdeeds.

The safest environment for a financial institution to do business in is certainly one that is free from money laundering, but cultivating that space requires work. With SEON, that work can be streamlined significantly, saving both time and operational costs while also boosting fraud prevention and mitigation.

Frequently Asked Questions

What is beneficial ownership?

A beneficial owner is defined as a single entity that owns or controls an interest in a legal or commercial entity, such as a company, property, or security. Most commonly, though, knowing the beneficial owner answers the question “Whose money is this, really?” This designation of ownership is in place for the sake of legal responsibility when it comes to that entity’s conduct in the larger economy.

What is a SAR (Suspicious Activity Report)?

When transaction monitoring software flags suspicious data, the information is compiled in a report called a SAR – or Suspicious Activity Report. It is formatted in a specific way so that financial analysts and regulators may review it.
The easiest way to submit a SAR is via a free online system – via the BSA E-Filing System in the US or the NCA website in the UK, for example. Some transaction monitoring software will also include a feature to automatically file them for you.

In the screenshot above, SEON is used to pause the journey of customers from high-risk countries to be reviewed manually.

Sources

GOV.UK: Who needs to register for money laundering supervision
Willkie Compliance: Who is Subject to US AML Laws?
FinCEN: Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions