In most global jurisdictions, banks and other financial institutions must put an AML compliance program in place in order to detect and prevent money laundering and terrorism financing activities and satisfy their associated regulatory obligations.
However, achieving AML/CFT compliance in banking is a challenging process for many institutions: banks must ensure that they collect the appropriate information from customers, screen transactions on an ongoing basis and, if necessary, report suspicious activity to the financial authorities. Complicating that challenge, banks must be aware of emerging criminal methodologies and upcoming legislative changes that may affect their internal AML programs and change their compliance obligations.
Given that administrative burden, and in order to manage their AML/CFT responsibilities and ensure the effectiveness and efficiency of AML measures, it is good practice for banks to implement a compliance checklist that supports and informs their AML program. An AML checklist can help banks not only build their AML infrastructure but manage their day-to-day response to money laundering risks.
Accordingly, an effective AML compliance checklist should involve the following key features:
Under Financial Action Task Force (FATF) regulations, banks must take a risk-based approach to AML/CFT. This means that banking institutions must implement AML responses that are proportional to the criminal risks that they face, applying more intense customer due diligence, sanctions screening and transaction monitoring measures to higher-risk customers and simplified measures to lower-risk customers. The risk-based approach is at the heart of AML legislation in most global jurisdictions, and AML checklists should be flexible enough to accommodate the scaling responses that it entails.
Identity verification is a crucial component of risk-based AML/CFT: banks must know who they are dealing with, and the risk that they present, in order to deploy appropriate AML responses. An AML checklist should prioritize identity verification through customer due diligence (CDD) measures, with enhanced due diligence (EDD) measures for higher-risk customers. In practice, CDD should accurately establish:
- A customer’s personal information including their name, address and date of birth.
- Beneficial ownership of a company where that owner is not the customer or client.
- The nature of the business in which the customer is involved.
Banks must establish whether their customer is a politically-exposed person (PEP) and therefore at a higher risk of being involved in money laundering. Clients that are found to be PEPs, or that become PEPs, should be subject to enhanced due diligence measures. Ideally, a bank’s AML checklist should feature PEP screening during onboarding and throughout the business relationship to ensure that any changes in status are detected.
Banks must ensure they are not doing business with individuals, companies or countries that are named on international sanctions lists. With that in mind, a bank’s AML checklist should include a sanctions screening process that takes into account all relevant lists, which may include those issued by national authorities and by international authorities. Banks in the United States, for example, must screen customers against the US Office of Foreign Assets Control (OFAC) sanctions list and also by the United Nations Security Council sanctions list.
AML checklists should focus on helping banks to deliver ongoing compliance, which means monitoring customer transactions for suspicious activity in relation to their risk profile. In practice, transaction monitoring should be set up to detect:
- Transactions above regulatory thresholds
- Unusual transactions, for example transactions of unexpectedly high amounts or a high volume of transactions
- Unusual transaction patterns
- Transactions with high-risk countries
- Transactions with PEPs or with sanctioned individuals
- Adverse media stories involving customers
Bank AML checklists should include the process for submitting a suspicious activity report (SAR) to the financial authorities should potential money laundering be detected. The SAR submission process should be clear and include input from senior management.
Under FATF recommendations, bank employees should undergo AML training in order to remain capable of recognizing suspicious activity that could indicate money laundering or terrorism financing. Accordingly, a bank’s compliance checklist should feature an ongoing AML training schedule in order to adapt to new legislation and to emerging criminal methodologies.
A bank’s AML checklist should include a requirement — in keeping with FATF recommendations — to appoint a compliance officer both to provide oversight for the AML compliance program and to act as a liaison for the financial authorities. The compliance officer should be a senior employee with the authority and expertise to carry out their role effectively.
Record-keeping is important at every stage of the AML process. Banks must assess risk based on the records they keep on their customers, while any eventual investigations by the authorities will require the provision of information held in those same customer records. With that in mind, bank AML checklists should cover the need for effective documentation and record-keeping from onboarding through to monitoring, screening and the submission of SARs.