AML & CFT: Combating Money Laundering & Financial Terrorism Financing

International bodies charged with keeping the world of ecommerce a safe space know they have a monumental task in front of them. Unfortunately, criminals do not present these regulators with a unified problem. Legislation set in place to protect customers and businesses has to act as a shield for swords of all types, from all over the world.

The sharpest swords that loom the largest, however, are certainly money laundering and the financing of terrorism. What kind of shield have world governments constructed to protect from these nefarious, diverse threats? Oak? Steel? Energy deflector? SEON investigates.

What Is AML/CFT?

AML/CFT refers to the regulations put in place to actively prevent money laundering and the financing of terrorism. They are commonly referred to together as they roughly align in practice. However, while anti-money laundering (AML) and the countering of the financing of terrorism (CFT) mandates can be adhered to with similar tools and protocols, their goals, focus, and requirements are different.

AML’s main focus is stopping criminals from being able to process and hide illicit funds. This includes monitoring transactions for large movements of funds, as well as high-value retail that could be used to launder money.

CFT, on the other hand, is more concerned with making sure money does not end up in the hands of known terrorists. Thus, the focus of CFT is on identifying any business-related parties that pose a high risk of being involved in terrorism and monitoring transactions for attempts to send money to those parties.

Notably, CFT is slightly distinct from CTF, or counter-terrorist financing. CFT represents a larger umbrella, under which CTF falls. Where CFT addresses the entire process of disrupting terrorist groups’ ability to fund themselves, CTF alone refers to practices required specifically by financial institutions to meet that goal.

Practically speaking, meeting compliance benchmarks for both of these mandates can be achieved as part of a single protocol, as they both necessitate similar methods. Much of the financing of terrorism will be achieved through some form of money laundering, after all. Software-based tools designed to help with AML/CFT compliance recognize these similarities, and so very often approach them holistically.

AML/CFT Regulations

Though AML and CFT legal requirements are similar enough beasts that they can be tamed with a single digital whip, their underlying regulations are distinct. This practical overlap makes these distinctions easy to overlook. However, to satisfy both, understanding the subtle differences is paramount.

In terms of requirements, industries within the AML perimeter have to:

• conduct software-assisted risk assessment
• implement a strong customer due diligence (CDD) program that leads to enhanced due diligence (EDD) for high-risk entities
• confirm identities and beneficial ownership per Know Your Customer (KYC) mandates
• perform due diligence on third-party partner companies
• assign a designated AML compliance officer who updates protocols per the most recent regulations
• monitor transactions for certain behaviors and value thresholds identified as posing a risk
• officially report any instances that cross those thresholds 

CFT regulations cover much of this same ground in terms of the mandated responsibilities they pass on to companies. Notably, the fence around CFT is not quite as inclusive as AML, as retail ecommerce has not been identified as a terrorism financing risk, though it can still be used for money laundering. Within that slightly smaller perimeter, companies must:

• conduct risk assessment
• maintain robust KYC protocols
• proceed to EDD for high-risk customers and regions
• continuously screen transactions for entities associated with terrorism
• keep comprehensive transaction records
• train staff and designate an official compliance officer
• report instances of suspicious activity
• conduct regular independent audits of the effectiveness of this process

Though these regulations exist independently of each other and for different purposes, businesses can implement a single protocol to address both.

Why Is AML/CFT Important? Consequences If Not Implemented?

For both companies and entire nations, failure to implement comprehensive AML/CFT regulation represents a huge financial, reputational, and regulatory risk.

Economic damage as a result of money laundering and terrorism is the first and most direct consequence of having no safety protocols in place for both commercial entities and whole countries.

The money that criminals attempt to launder is almost categorically the result of theft or fraud. According to a poll conducted by PwC, losses to fraud totaled $42 billion last year alone. Meanwhile, terrorists destroy physical buildings and infrastructure, costing the countries they attack billions.

As a benchmark, the 9/11 terrorist plot cost $55 billion in immediate infrastructural and human damage, with the fallout and increased security spending bringing that total up to $3.3 trillion, according to the New York Times.

From a reputational standpoint, companies that don’t implement AML/CFT checks and who thereafter find their domains full of fraudsters (or worse) will certainly be labeled unsafe places to shop or do business. At the national level, the consequences are similar, with a country’s tourism, trade, and foreign investment economies suffering.

Perhaps the most damaging result, however, is that any entities that don’t have AML/CFT implementations and conduct business with known terrorists, or other entities with financial sanctions applied to them, are risking becoming high-risk entities themselves.

This is particularly challenging when approaching AML in banking and other financial industries, partly because this is where regulators are focusing their scrutiny, but also because the money service industry is more likely to contend with fraudulent holding companies and obscured ultimate beneficial owners. This is true both for customers doing business within the institution and for vetting partner companies.

This goes from individual people all the way up to entire industries, or even nations. Names are constantly added to international sanctions lists, at which point many of the world’s businesses can longer legally conduct any business with them.

How Is Money Laundered for Financial Terrorism?

Terrorist-affiliated money laundering doesn’t necessarily employ techniques specific to terrorism, and those techniques are, unfortunately, diverse. Companies offering third-party AML and fraud-fighting solutions are familiar with combating legacy techniques, and they’re also aware of the underlying indicators that reflect the behavior of money launderers, to bring the fight to incoming, innovative threats.

By dissecting some of the following traditional money laundering methods, we can identify some of the underlying motives, to inform how to detect new methods in the future.

Structured Transactions

Money launderers and terrorist financers know they have to obscure the paper trail that leads back to the origin of the money and their own identities. One of the classic ways to do this is to make that trail as dark and winding as possible.

Structured transactions make the path significantly more confusing. Breaking up a lump sum into multiple smaller amounts, then transacting those smaller sums across different channels and accounts achieves this. This avoids triggering mandatory suspicious activity reports (SARs), flying under the regulatory radar. Not only does this assist money launderers in avoiding detection by the law, it also conveniently avoids illicit funds being taxed.

Money Laundering by Smurfing

Money launderers also employ smurfing to avoid triggering the SARs required for certain transactions. Like structured transactions, smurfing consists of breaking a large, illicit, sum of money into smaller amounts, then employing third parties to disseminate the money across multiple ownerships.

The involvement of these third parties makes smurfing more illegal than structuring alone. Smurfing effectively avoids SARs, as AML regulation dictates that a SAR must be filed for aggregate amounts of transactions over certain thresholds. Fraudsters can work around this threshold by spreading the money across many different accounts in addition to making the transactions smaller.

Different tiers in a smurfing scheme may complicate things further if those being involved are unaware that they’re part of a money laundering ploy at all. An example is money mules, who hold fraudsters’ money in their personal accounts in exchange for remuneration.

Shell Companies

Money launderers set up companies that have no actual business operations besides being an entity through which to pass money. Shell companies offer criminals a certain amount of anonymity by obscuring ownership, just as structured transactions can.

The ownership of a shell company may be another shell company, or split between multiple entities that law enforcement agencies have to sort through. This is why establishing the ultimate beneficial owner of a partner company is a facet of AML/CFT regulations.

How Can SEON Help with AML/CFT Compliance?

AML/CFT compliance is currently – and will likely continue to be – an achievement made by a team outfitted with the best tools and preparation, not alone. This means teams without state-of-the-art risk management software for detecting AML fraud will be just as overwhelmed as an automated software suite would be without human oversight and a designated SAR reporting officer.

To help create a robust program of AML/CFT compliance, SEON can address many of the key best practices. Specifically, SEON’s fraud monitoring platform does this by:

• providing mandated risk-based assessment
• informing CDD with geographical data to identify high-risk regions
• boosting ID confidence through data enrichment, which can flag users who are less likely to be genuine
• allowing comprehensive AML verification, constantly-updated and referencing most international watchlists, sanctions lists, and so on
• generating transaction history reports for record-keeping and reporting
• monitoring transactions for AML-compliant risk thresholds – easily adjustable for changing legislation

Additionally, SEON’s lookups can be of use to risk and compliance teams across many verticals when it comes to manual reviews and investigations. The industries that regulators watch most closely will have the most instances of potentially suspicious activities, and apply SEON’s in-depth manual lookup tools to review them.

Though no piece of software can guarantee AML/CFT compliance autonomously, SEON shaves off all the roughest corners of the process. Allowing your company to fall onto the noncompliant side of the coin could lead to huge losses from fraud, fines from allowing money laundering to take place in your domain, reputational damage from allowing terrorist funds to flow through the business, or even becoming a sanctioned entity.

If, as part of a strong compliance program, you educate and equip your teams well, your focus can remain on your bottom line instead of your risk exposure.

Related Articles

• What Is Layering In Money Laundering & How Does It Work?
• What Is AML Screening & Why Is It Important?
• FRAML: Fraud Prevention and AML for Stronger Defensibility

Sources

• PwC’s Global Economic Crime and Fraud Survey 2022
• New York Times 9/11: The Reckoning