The GBG guide to Anti Money Laundering (AML)
Learn how GBG products can help you meet your AML obligations and give you a competitive edge as a leader in compliance.
- What is money laundering?
- What is Anti Money Laundering (AML) regulation?
- How big is the risk?
- Who has to carry out AML checks?
- How do I carry out AML checks?
- When do I need to carry out AML checks?
- What happens if AML is not done properly?
Money laundering is the term for financial transactions that enable criminals to change illegally obtained money or other assets into “clean” money or assets that have no obvious link to their criminal origins. It may involve transactions with financial institutions, businesses or private individuals.
Anti money laundering rules keep people from carrying out financial transactions with money from illegal sources. These regulations are designed to protect financial systems and to assist in preventing and detecting crime. If your business is covered by these regulations, you must put controls in place to prevent it being used for money laundering.
Businesses covered by the regulations are required to apply risk-based customer due diligence (CDD) measures and to take other steps to prevent their services from being used for money laundering and other illegal activities such as terrorist financing.
Banks, for example, are required to verify a customer's identity and monitor transactions for suspicious activity. This process comes under the know your customer (KYC) measures, which means knowing the identity of the customer and understanding the kinds of transactions in which the customer is likely to engage. By knowing their customers, financial institutions can often identify unusual or suspicious behaviour, termed anomalies, which may be an indication of money laundering.
Regulated businesses are required to identify and report transactions of a suspicious nature to the financial intelligence unit in their country.
The United Nations Office on Drugs and Crime (UNODC) estimates that between 2% and 5% of the world’s Gross Domestic Product (GDP) is laundered each year, which is equal to between £616bn and £1.47tn.
The regulations apply across a range of business sectors, including banks, building societies and credit unions and other businesses that participate in financial activities including investment managers and stockbrokers, legal firms, e-money institutions, payment institutions, consumer credit firms that offer lending services, financial advisors, investment firms, asset managers and those providing safety deposit services.
Every business covered by AML regulations will be monitored by a supervisory authority. Your business may be supervised and authorised directly by the national regulator or it may belong to a professional body that acts as a regulator for your sector.
To comply with the AML regulations, you will have to act in four key areas:
- Customer due diligence
- Defining an AML policy statement for your business
- Internal controls and ongoing monitoring of your business
- Record keeping
Customer due diligence (CDD) is an important part of combating money laundering. CDD involves identifying your customers and checking they are who they say they are. In practice this means obtaining a customer’s name, often a photograph on an official document that confirms their identity and residential address and date of birth.
In some situations, you may have to identify the beneficial owner. The beneficial owner is the person who is behind the customer and who owns or controls the customer, or is the person on whose behalf a transaction is carried out.
An AML policy statement explains how your business will deal with the threat of money laundering. It should define the AML controls and procedures your business will apply and should name relevant individuals and explain their responsibilities.
The content of your policy statement will depend on the nature of your business, but it is likely to include:
- details of your approach to preventing money laundering, including named individuals and their responsibilities
- details of your procedures for identifying and verifying customers, and your customer due diligence measures and monitoring checks
- a commitment to training employees so they are aware of their responsibilities
- a summary of the monitoring controls that are in place to make sure your policies and procedures are being carried out
- recognition of the importance of staff promptly reporting any suspicious activity to the nominated officer
Internal controls and monitoring should alert you and other relevant people in your business if criminals try to use your business for money laundering.
Your internal controls and monitoring should include:
- appointing a nominated officer and making sure that employees know to report any suspicious activity to them
- appointing a compliance officer if your business is larger or more complex
- identifying the responsibilities of senior managers and providing them with regular information on money laundering risks
- providing training for relevant employees on their anti-money laundering responsibilities
- documenting and updating your anti-money laundering policies, controls and procedures
- introducing measures to ensure that the risk of money laundering is taken into account in the day-to-day running of your business
Once your procedures are in place, you need to make sure that your employees understand and comply with them. You will also need to monitor to ensure that the procedures continue to be effective and appropriate for your business.
Record keeping is a key part of AML compliance. You need to keep a record of all customer due diligence measures that you carry out, including:
- customer identification documents that you’ve obtained
- risk assessments
- your policies, controls and procedures
- training records
By keeping comprehensive records, you will be able to show that your business has complied with the regulations. This will help protect your business if there is an investigation into one of your customers.
Typically, the records would include daily transactions, receipts, cheques, paying-in books and customer correspondence. You can keep these records as original documents, photocopies, microfiche, scanned or computerised or electronic data.
You must keep these records for five years from the date on which a business relationship ends or the date on which a transaction is completed.
You must check that the customer is who they say they are and do customer due diligence on all customers. You must be able to show that you have verified the identity of all of your customers.
You will need to gather information on the purpose of the relationship and the “intended nature” of the relationship i.e. where the funds will come from and the purpose of your transactions.
You must apply CCD checks when:
- you establish a business relationship with a customer (or another party in a property sale)
- you suspect money laundering or terrorist financing
- you have doubts about a customer’s identification information that you obtained previously
- it is necessary for existing customers - for example if their circumstances change
- you carry out “occasional transactions” or make payments to a supplier that are above the threshold values specified by the regulator.
Your business must have systems in place to detect potentially linked transactions. These are individual transactions below the threshold values that have been broken down into separate, smaller transactions to avoid CDD checks.
In some situations, you must carry out “enhanced due diligence” checks. These situations include:
- when the customer is not physically present when you carry out identification checks
- when you enter into a business relationship with a “politically exposed person”
- when you enter into a transaction with a person from a high-risk country
- any other situation where there’s a higher risk of money laundering
AML rules and regulatory expectations are constantly evolving, and you have to make sure your compliance program is keeping up with each new change.
Non-compliance with AML regulations can have serious consequences for businesses and individuals, with regulatory authorities having the power to impose financial penalties and other sanctions.
The regulatory authority may impose financial penalties for AML breaches in:
- customer due diligence
- risk assessment
- policies, controls and procedures
- record keeping
In serious cases, regulators may bring criminal prosecutions that could result in an unlimited fine, a prison term, or both.
GBG products that can help you with AML
Our Identity Solution, can help you to stay on top of your regulatory requirements wherever you operate and give you a competitive edge as a leader in compliance.