Financial institutions must ensure they don’t accidentally help criminals. But which anti money laundering, or AML solutions should they use?
The last thing you want to do, as a business, is accidentally support money laundering. The funds may come from organized crime, prostitution rings, human trafficking, or terrorism. And ethics aside, you could land your entire organization into hot waters due to crippling AML, or anti money laundering fines.
But what do we call anti money laundering exactly? And what kind of AML software should you put in place within your company? Let’s find out.
The Basics of Money Laundering
Criminals who acquire money through illegal means want to ensure the funds cannot be traced back to them. The process, known as money laundering, usually involves running the money through a legitimate business. It can be a cash-based brick and mortar shop, or an online operation.
There are three steps involved in money laundering:
Placement: where the dirty money is placed into the legitimate financial system
Layering: where the money is concealed through transactions and bookkeeping tricks
Integration: the money is now laundered, and withdrawn from a legitimate account by criminals.
What is Anti Money Laundering (AML)?
To combat money laundering, businesses in the financial sector must comply with a certain number of laws and regulations. The Financial Action task Force (FATF), founded in 1989, was the first organization whose mission was to set up guidelines on how to help AML.
After the 9/11 attacks, AML laws also began targeting terrorist financing, and these days, there are mounting regulations from the FATF, as well as the IMF (International Monetary Fund).
These organizations deploy AML compliance officers, who are appointed to check that anti money laundering laws are respected. The guidelines are regularly updated and found on the FATF site.
Ultimately, the goal is to return the funds to their rightful owners. An AML investigation may help trace the money back to a victim of robbery or embezzlement, for instance, and businesses who became accomplices to criminals, either willingly or accidentally, have to pay hefty fines.
The Rules to Follow
Whether you are a crypto exchange, a neobank or a traditional financial institution, it’s your duty to be aware of, and to follow, AML regulations.
And while there are different levels depending on your vertical, the core rules to follow include:
- AML holding period: a recommendation that funds deposited in an account must be held for a minimum of five trading days.
- Reporting suspicious activity: businesses must monitor customer deposits and transactions. Large sums, especially those exceeding $10,000 must be given extra attention, by verifying their origin.
- Educating about AML: the responsibility of letting customers know about AML laws falls on the shoulders of the business.
- Logging financial information: businesses must keep extensive records, which can be used to investigate suspicious financial transactions.
- Customer due diligence: knowing who your customers are through extensive KYC checks is also the business’ responsibility.
Do You Really Know Your Customer?
Risk assessment is a broad term, which encompasses any effort to calculate how likely a customer is to break laws in the future. It is one of the pillars of an AML check, but it’s not enough to know a customer.
Which is why KYC, or Know Your Customer, is a series of checks that can also help gather information about your users’ identity. It’s a mandatory process for financial institutions, and can also help with AML, when it’s used specifically to prevent terrorism financing and other financial crimes.
Hefty Fines for Non Compliance
The year 2020 set a record for global anti money laundering fines. Authorities handed out around $706M, topping the previous year’s record of $444M.
The fact that AML fines keep rising year on year points to the challenges faced by financial organizations. Despite increasing efforts and investment, large banks are still unwillingly helping financial crime, as shown with the largest money laundering scandal of Danske Bank in 2018.
The Challenges of AML
The biggest controversy surrounding AML is whether it’s effective at all. While heavy fines are so large that they destroy a business, there is little evidence that the current approach helps catching terrorists, criminals or insiders who abuse the financial system.
And still, financial institutions must employ sizable teams of staff and consultants to help with transaction monitoring, even when it’s automated.
The main challenge, however, isn’t necessarily in deploying the right team of resources to prevent money laundering. It’s about the friction that these checks create for customers.
This is particularly damaging for neobanks, whose entire business model relies on a quick and painless onboarding via mobile or desktop. Throw in too many ID verifications and questions, and your potential customers might just turn elsewhere.
It doesn’t matter if you use in-house tools or third party companies like Onfido (as does Revolut): AML is stacked on top of already heavy regulations regarding customers’ identity in the form of KYC or PEP and Sanctions checks.
Can You Trust Your AML Data?
Another constant worry: what if you are diligent in your AML checks, but accidentally miss some falsified information? Many developing countries don’t have bureaus for ID information to reliably perform checks with.
Real criminals, moreover, have every incentive to hide their IDs from you. And there is no shortage of options for them to build fake profiles.
Criminals acquire stolen ID scans from the deep web
They open bank or neobank accounts as “drops”
They deposit money in these accounts, and withdraw to P2P money transfer apps or crypto exchanges
The funds are “tumbled”, i.e. moved across multiple accounts so they become untraceable
Understanding these steps helps to highlight where the challenge lies for financial institutions. The onboarding stage, where you collect all your customer information, is the stage where money launderers will work the hardest to fool you.
Which brings us to the topic of AML tools you can put in place within your organization.
What Connects AML and Fraud Prevention?
Essentially, AML and fraud detection efforts require the same checks. You must ensure you can confirm your user’s identity, and flag any suspicious activity, both at the onboarding and transaction stage (deposits and withdrawals).
This is why a continuous detection solution like SEON’s can help simultaneously with anti fraud, and anti money laundering.
Onboarding Fake, Stolen and Synthetic IDs
Whether you’re a traditional financial institution, a neobank or a crypto exchange, the onboarding process is where you’ll need to be smart about checking data. And it’s also your duty to go above and beyond the obligatory KYC regulations.
There are two core fraudulent types of users you want to flag as soon as possible: Stolen IDs, bought in bulk on the darknet. They come from data breaches, sometimes advertised as full packages designed to open online bank accounts. Fraudsters also go to great lengths to acquire personal data via phishing, fake job openings or plain old hacking.
If you want a drop account, you also have the option to purchase one pre-created neobank account for your fraudulent needs. Just find one on the darknet, and buy the login details from a seller.
Synthetic IDs, meanwhile, combine real and fake personal data. For instance, fraudsters often use stolen ID details from children with clean credit records, and use them to apply for loans. With real credit information, it’s extremely easy to create fake IDs using templates. You can even find online services that specialize in photoshop editing for ID fakes and 2FA verification.
How to Screen For Bad IDs
We’ve already extensively covered how SEON’s tools like digital footprint analysis, data enrichment and dynamic friction can help, especially in the context of onboarding users with zero friction.
But it’s worth noting here that a key element of improving your AML checks is to look at user behaviour. And this is something an experienced fraud team can do, but it’s also possible to automate the process with certain risk rules.
Put simply, a fraud detection engine such as SEON’s will be monitoring and logging all user activity on your platform. And it’s up to you to feed that data through certain rules, to see if the activity looks suspicious or not.
This is what we call velocity rules: or rules that look at a customer’s actions over time. For instance, this is what could increase the risk factor, and alert you that AML processes should be deployed:
- A user logs in from different geolocation and device, and starts withdrawing large sums of money.
- A new user transfers hundreds of small sums to their account, and withdraws them in bulk.
- Money seems to be deposited and withdrawn too quickly
- Someone is logging in multiple times from a risky IP pointing to the Cayman Islands.
Use Case: How a Client Uses SEON for AML
One of our clients, a leading crypto exchange, uses our fraud prevention solution to stay on top of AML regulations. How? Via a smart Slack integration.
SEON monitors every user action on their platform, and the exchange has set up a custom rule in the Scoring Engine that is triggered when a customer deposits more than 2500€. The transaction is automatically paused, and the team receives a notification directly in Slack, so they can immediately act by asking further questions or performing a manual review.
Click here for more ideas of how SEON can help with productivity as well as fraud prevention.
Combining Anti Fraud, AML and KYC in One
One of the main challenges of AML solutions is that financial institutions believe they need to multiply their hiring of specialists. This can be costly and overwhelming and doesn’t necessarily work at scale.
But in fact, there is a lot of passive monitoring you can do using a powerful fraud detection tool. Analyzing large amounts of data and user behaviour at scale is something these tools are particularly adept at doing.
And while a fraud detection solution cannot replace a formal AML investigation, it can certainly help you ensure that fraudsters, criminals and money launderers don’t set foot on your site in the first place.