AML (Anti-Money Laundering): A Comprehensive Guide

AML (Anti-Money Laundering): A Comprehensive Guide

Chapter 1: What Is Money Laundering?

What is money laundering, what can financial institutions do to stop it, and what technology tools can help? This comprehensive guide will cover what you need to know about anti-money laundering (AML) essentials. We’ll look at:

  • What money laundering is and how it works
  • What anti-money laundering is and how it relates to know your customer (KYC) guidelines
  • Why AML is important to banks, financial providers, and other institutions
  • What you need to do to be AML compliant
  • What types of technology tools can help you implement AML policies

To lay a foundation for discussing these topics, let’s begin by understanding what money laundering is and how it works, starting with an example.

What Is an Example of Money Laundering?

To illustrate what we mean by money laundering, let’s take the example of an organized crime group concealing money from narcotics trafficking. Writing a check or using a credit card to buy illegal drugs would leave a paper trail, so most transactions are handled in cash. This way, banks, financial providers, and law enforcement agencies can’t easily track who bought the drugs or who sold them.

However, keeping millions of dollars in cash would be inconvenient and make it difficult to spend on the types of expensive items wealthy criminals like to buy, such as luxury cars and homes. To be valid, the cash needs to be deposited in a bank somehow without attracting the attention of regulatory authorities.

To solve this problem, the organized crime group could buy a casino and place secret associates of the group on the casino’s board of directors. Drug dealers who have accepted cash payments use the cash to buy poker chips and to tip card dealers. The drug dealer wins a percentage back, receiving the funds in checks drawn from bank accounts with already been laundered funds. Meanwhile, the unlaundered money goes to the casino for laundering.

The casino deposits the money into an offshore bank where it has an account. Some of the money is paid out to the bank’s board of directors as their compensation. Each member of the board of directors donates a percentage of their compensation to a charity owned by the head of the organized crime group. Other funds are invested in real estate investments, with payments going to organized crime group members. The money that initially came from the illegal narcotics transactions has now been transferred to legitimate bank accounts and shuffled through legitimate businesses and charities. It has been laundered.

What Is Money Laundering in Simple Terms?

Money laundering is the process of taking money from illegal or “dirty” sources and making it look like it has come from legitimate or “clean” sources. This is designed to make it harder for law enforcement agencies to trace funds from unlawful activities and harder for courts to prove that money came from illegal activities.

Money laundering involves:

  • Transferring funds derived from illegal activity
  • Concealing the criminal source of the funds
  • Spending illegally obtained funds

Money laundering is done by placing illegal funds into legitimate financial institutions and then transferring the money to other places and spending it on legitimate expenses. More sophisticated money-laundering schemes may use a series of intermediary organizations to move money around, such as multiple banks, shell corporations secretly owned by other companies, and legitimate businesses used to transfer money to other businesses.

Money laundering is commonly used by many different types of parties engaged in illegal activity. These include:

  • Organized criminal groups
  • Terrorist organizations
  • Businesses engaging in illegal activity such as anti-trust violations or tax evasion
  • Embezzlers
  • Smugglers
  • Political funding organizations seeking to skirt campaign finance laws
  • Countries seeking to outmaneuver economic sanctions

Money laundering funds may ultimately be spent on either legitimate or illegitimate purchases. For example, the money may be used to purchase legal luxury items, as with a drug dealer who buys an expensive house, or it may be used to fund more illegal activity, as with narcotics money used to fund terrorism.

Why Is Money Laundering Illegal?

Money laundering is illegal because it supports illegal activities and makes it harder for authorities to prosecute crimes. Laundering of funds may be used to conceal funds from the trafficking of narcotics and other illegal substances, illegal weapons smuggling, espionage, terrorism, embezzlement, fraud, and other crimes.

A Brief History of Money Laundering: When Did Money Laundering Begin?

In 1713, Swiss authorities prohibited bankers from disclosing information about foreign clients. This established the practice of using foreign banks to conceal transactions, which became a key money-laundering method.

During the nineteenth century, corporations developed techniques for concealing ownership by creating interlocking shell companies, a tactic used to establish monopolistic trusts and squelch competition. This became another key money-laundering tactic. It triggered pioneering antitrust laws such as the Sherman Antitrust Act of 1890, anticipating today’s AML legislation.

Prohibition, Narcotics, and the Rise of Modern Money Laundering

During Prohibition, bootleggers such as Chicago Mafia boss Al Capone avoided keeping written records that could incriminate them. But the Treasury Department realized that Capone’s illegal earnings were subject to tax laws. Capone was convicted of tax evasion, and the Treasury unit which investigated him became today’s Internal Revenue Service (IRS).

Following Capone’s 1932 conviction, American Mafia leadership passed to Genovese family head Charles “Lucky” Luciano, whose associate Meyer Lansky pioneered the money laundering techniques used by criminal groups today. Lansky combined mastery of the casino business with the exploitation of Swiss banking laws to set up an international network of casinos, offshore bank accounts, and shell companies to conceal profits from heroin trafficking.

By 1968, Lansky’s network had become a target of the House Committee on Banking and Currency (today called the Committee on Financial Services). Congress passed the 1970 Currency and Foreign Transactions Reporting Act, also known as the Bank Secrecy Act (BSA). The BSA required banks and financial institutions to report suspicious activity suggestive of money laundering or tax evasion, laying a foundation for today’s AML legislation.

As heroin trafficking gave way to cocaine cartels, the BSA was strengthened by the Money Laundering Control Act (MLCA) of 1986, making money laundering a federal crime. It authorized fines and imprisonment for transacting or laundering criminal funds.

Money Laundering in the Twenty-first Century: Terrorism and Technology

Following the World Trade Center attack on Sept. 11, 2001, stopping funding for terrorists became a priority. Congress crafted the USA PATRIOT Act, which amended the BSA. Under the act, financial institutions must follow customer identification program (CIP) procedures to verify customer identity. They also must use customer due diligence (CDD) guidelines to assess the risk of customer relationships and transactions. Enforcement of this legislation is assigned to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) bureau. These steps are intended to prevent terrorists and criminals groups from using front companies to conceal fund transfers.

Over the last decade, innovations have created new tools for money laundering and challenges for regulatory authorities. Online banking and gaming have made it easier for criminals to launder money digitally and transfer funds to offshore banks. Technology also has helped disclose the extent of money laundering. For example, in 2016, a digital leak exposed the Panama Papers, a trove of documents detailing financial and legal information from the Panamanian law firm Mossack Fonseca. The documents included details on transactions involving shell corporations used for fraud, tax evasion, and evasion of sanctions against countries such as Russia, Syria, and North Korea.

Today, criminal groups are exploring new ways to launder money using technology such as cryptocurrency and non-fungible tokens (NFTs). Legislators and regulatory authorities continually develop techniques and technology to keep up with money-laundering trends.

How Money Laundering Works

Conventional money laundering involves three essential steps:

  1. Placement: funds from illegal sources are deposited into legitimate financial institutions
  2. Layering: money is transferred from the place where it originally was deposited to another account or bank, making it harder to trace back to the initial source
  3. Integration: money is used for legitimate expenses, making it appear to have legitimate origins

In recent years, criminals have exploited new techniques and technologies to develop a more sophisticated approach to money laundering using a new money laundering model:

  1. Enable: A criminal or criminal organization uses a third party such as a law firm to set up and administer a shell company, obscuring the criminal’s involvement
  2. Disguise: The criminal hires another third party to open a bank account for depositing illegally obtained funds, which can then be used to purchase items
  3. Distance: The criminal has a third party set up a trust fund to own their purchases, concealing their ownership

This method of money laundering serves to separate money-laundering activity from the individual or organization responsible for the activity, making it even harder to track and prosecute than conventional money laundering. However, both conventional and newer money laundering methods remain in use, and understanding both models of money laundering helps prevent and investigate money laundering.

How to Prevent Money Laundering

To reduce the risk of money laundering and make it easier to track and prosecute offenders, regulators have developed several core best practices enshrined in AML legislation, such as the BSA. Banks, financial institutions, and other institutions can fight money laundering by taking steps such as:

  • Using Know Your Customer(KYC) procedures to verify the identity of customers
  • Flagging account applications or transactions involving parties listed as sanctioned by the Treasury Department’s Office of Foreign Assets Control (OFAC)
  • Keeping records of cash purchases of negotiable instruments
  • Reporting cash transactions exceeding $10,000 to FinCEN or other authorities such as the FBI
  • Reporting any suspicious activity suggesting money laundering, tax evasion, or other criminal activity
  • Reporting any deposits from individuals or organizations which have been flagged as risks for money laundering

We’ll go in more depth into how to implement these preventive measures in our next chapter.

Chapter 2: Understanding Anti Money Laundering (AML)

Anti-money laundering methods are practices designed to counter the money-laundering tactics described in the last chapter. They include tactics designed to flag suspicious transactions, verify customer identity, and assess risk. In this chapter, we’ll define AML and explain how it works. We’ll also clarify the relationship between anti-money laundering and know your customer (KYC) procedures, which are a specific type of AML strategy.

AML Definition

Anti-money laundering is a set of methods designed to counter money-laundering crimes. It includes regulations, policies, and procedures for tasks such as:

  • Reporting suspicious transactions
  • Verifying customer identity
  • Assessing customer risk
  • Enforcing OFAC sanctions

In the United States, AML regulations are enacted by the Treasury Department under legislation such as the Bank Secrecy Act, the PATRIOT Act, and the Trading with the Enemy Act. Internationally, countries cooperate on AML through the Financial Action Task Force (FATF), an initiative of the Group of Seven (G7) nations to combat money laundering and terrorist financing.

How AML Works: Understanding the Anti-Money Laundering Process

Recall that money laundering conventionally works through a three-step process:

  1. Placement of illegitimately obtained funds into legitimate accounts
  2. Layering of deposited funds by transferring them around to make their original source harder to detect
  3. Integration of illegitimate funds into legitimate expenditures to further mask their origins

AML procedures seek to intercept money laundering attempts on each of these fronts. Key procedures include:

  1. Countering money placement by reporting suspicious transactions, such as large cash deposits exceeding a certain threshold established by regulatory requirements; or transactions involving distrustful parties, such as parties on OFAC sanctions lists
  2. Countering layering by following regulations and procedures to verify customer identity, making it harder for criminals to use false identities and front organizations to conceal ownership of illegitimate funds
  3. Countering integration by following regulations and procedures to flag the suspicious use of funds, such as all-cash payments for real estate purchases over a threshold amount

Approaches to AML based on the newer model of money laundering in terms of enable/disguise/distance (discussed in the last chapter) may follow strategies that emphasize verifying customer identity and assessing risk. However, the same tactical AML techniques generally apply.

Due to the complexity and technological sophistication of current money-laundering methods, implementing AML today relies heavily on automation. For instance, artificial intelligence can help identify suspicious activity patterns or verify customer identity.


Anti-money laundering needs to be distinguished from a closely related term, know your customer (KYC). While these two terms often are used interchangeably, they have distinct but related meanings. AML is a broad term that includes all practices for countering money laundering, particularly those used to flag suspicious transactions. KYC has a narrower scope, focusing on verifying customer identity and preventing risk.

KYC includes practices such as:

  • Customer identification program (CIP): Confirming account applicant identity by collecting identifying information.
  • Customer due diligence (CDD): Using information collected to assess the risk represented by the customer based on a rating score.
  • Continuous monitoring: Tracking customer accounts and transactions on an ongoing basis to spot suspicious activity and periodically checking account information for accuracy.
  • Risk management: When a risk of identity theft or fraud is detected, the risk level needs to be assessed, and appropriate steps must be taken to mitigate the risk.

These involve procedures such as:

  • Identity verification by checking the authenticity of documents and biometric information
  • Digital signature and non-repudiation to verify that signatures originated with an authentic signer
  • Risk control to assess the likelihood of money laundering based on scored criteria
  • User authentication to verify the identity of customers who have previously provided identifying criteria
  • Critical transaction monitoring to protect transactions through means such as two-factor authentication
  • Database sharing to streamline authentication of customers who have already authorized sharing of information by third parties
  • Data capture to optimize the collection of information to avoid errors such as typos or blurry scans

This highlights some of the critical distinctions between AML and KYC:

  • AML prevents criminals from becoming customers
  • AML monitors transactions
  • KYC is done during onboarding
  • KYC deals with customer identification and screening
  • KYC helps with risk assessment
  • KYC is a part of AML
  • AML is broader

KYC can be viewed as a specific component of AML geared toward preventing money laundering during onboarding and other critical checkpoints in the customer lifecycle. AML and KYC work together to counter money laundering.

Chapter 3: Why Is Anti-Money Laundering Important?

Anti-money laundering is critical for banks, financial institutions, and other organizations which handle money because it prevents criminal and terrorist activity. AML serves to:

  • Prevent criminal activity, including money laundering itself as well as underlying crimes such as narcotics trafficking and illegal gun-running
  • Protect consumers from identity theft by criminal organizations
  • Cut off terrorist funding
  • Prevent market manipulation, which can undermine the economy and consumer confidence
  • Reduce public corruption

Not least of all, specific industries are required to meet AML regulations. Requirements can be stricter in specific industries such as securities brokering and casino gambling.

AML in Banking

Due to their nature, banks and credit unions are at higher risk of money laundering than most industries and have stricter regulatory requirements and penalties for noncompliance. As lenders and credit providers, banks can be misused to fund criminal and terrorist activity and can even be compromised by internal crimes such as embezzlement.

Because of this risk, the Bank Secrecy Act and related regulations require banks to take steps such as:

  • Reporting suspicious deposits to FinCEN
  • Monitor deposits for OFAC sanction compliance
  • Holding deposits for a specified period of time under certain circumstances
  • Implement customer identification program procedures to verify customer identity
  • Perform customer due diligence to monitor transactions and assess risk

In addition to these legally prescribed AML regulations, individual banks may follow their internal AML policies and procedures to strengthen protections.

AML in Finance

AML also is important in other segments of the financial industry. The rise of eCommerce and emerging technologies such as cryptocurrency have made online lenders vulnerable to cybercrimes. Initiatives such as securities brokerage, wealth management, and fintech face similar challenges.

These industries generally must follow AML procedures similar to banks, including KYC procedures. As in banking, automation places an increasingly important role in implementing AML policies and achieving compliance.

Chapter 4: Anti-Money Laundering Compliance Checklist

An anti-money laundering compliance checklist helps you meet AML regulatory requirements and adhere to best practices. In this chapter, we’ll provide you with a checklist after covering some basics. First, we’ll look at what compliance is, what regulations govern it, and how your internal AML policy can help you meet and exceed regulatory requirements. Then we’ll review the main factors involved in compliance and what you can do to ensure that you comply. Finally, we’ll provide a checklist you can use to help you stay in compliance with AML regulations.

What Is Anti-Money Laundering Compliance?

AML compliance is adherence to regulations that are mandated to prevent money laundering. Under U.S. federal law as laid out in the BSA, AML compliance is mandatory for:

  • Domestic financial institutions, including foreign subsidiaries
  • Branches of foreign financial institutions operating in the U.S.
  • Non-U.S. operations of foreign institutions which have relationships with their U.S. operations
  • Financial institutions operating exclusively outside the U.S. that process funds through U.S. banking institutions or through countries sanctioned by the U.S.
  • U.S. persons, including individual sole proprietors, corporations, partnerships, joint-stock companies, associations, syndicates, joint ventures, other unincorporated individuals and groups, Indian tribes as defined by the Indian Gaming Regulatory Act, and other entities which qualify as legal personalities

Other AML laws specify additional compliance requirements. In addition to compliance with federal regulations, organizations may have their own internal compliance procedures to comply with other regulatory bodies or industry best practices. Consult your legal professional to verify which regulations apply to your business.

Compliance programs typically consist of several vital components, including:

  • A dedicated compliance officer to coordinate the implementation
  • Reporting procedures
  • Risk-based customer identification program procedures
  • Risk-based customer due diligence procedures
  • Technology to automate the implementation of procedures
  • Compliance training for employees
  • Internal controls to promote compliance
  • Independent compliance testing by company personnel or outside services

Specific components may vary by regulatory jurisdiction, industry, company, department, and financial product.

What Are AML Regulations?

In the U.S., major AML regulations include:

Specific regulations may apply to particular industries or businesses operating in other countries. Your legal professional can advise you on which regulations are mandatory for your business.

What Is AML Policy?

AML policy is a company’s internal methodology for complying with anti-money laundering requirements. Certain AML policies are required by regulatory legislation. These include:

  • Policies and procedures to detect and report suspicious transactions
  • Internal controls to comply with BSA requirements
  • Customer identification programs
  • Customer due diligence programs
  • Annual independent compliance testing
  • Designation of dedicated compliance personnel
  • Employee compliance training

Beyond these required policy components, companies may establish their own internal policies to implement best practices. These policies may go beyond what is legally required.

What Are the Main Factors for AML Compliance?

The most important factors in achieving AML compliance include:

  • Appointment of one or more dedicated compliance officers
  • Implementation of procedures to detect and report suspicious transactions
  • Implementation of customer identification programs
  • Implementation of customer due diligence programs
  • Establishment of internal controls
  • Employee compliance training
  • Independent auditing

Your dedicated compliance officer should be tasked with verifying that all these factors and any others applicable to your specific needs are in place.

How Do You Know If You’re AML Compliant?

The best way to verify that you’re AML compliant is for your chief AML compliance officer to work with your legal team to review that you’ve covered all the items on your compliance checklist. Major items to verify include:

  • You have a designated chief AML compliance officer
  • You have established AML policies
  • Your company has procedures for detecting and reporting suspicious transactions
  • Your company has appropriate KYC procedures, including CIP and CDD procedures
  • You have established internal controls
  • Your company provides employee compliance training
  • You conduct annual audits

Below is a more detailed checklist you can use.

An Anti-Money Laundering Compliance Checklist

  • Do you have a designated AML chief compliance officer?
  • Have you done a comprehensive risk assessment review covering all your customer categories, products and services, transaction activities, and geographic areas of operation?
  • Have you created written AML policies and procedures for onboarding new customers, monitoring transactions, and investigating suspicious activities?
  • Do your policies and procedures include reporting for suspicious transactions?
  • Do your policies and procedures include a customer identification program to verify information such as customer or business name, address, date of birth, Social Security number, or Employer Identification Number?
  • Do your policies and procedures include a customer due diligence program?
  • Does your CDD program include procedures to establish customer or business identity, including sources of funds where appropriate?
  • Have you established procedures to develop transactional profiles for projected account activity?
  • Are there procedures for defining and accepting customers concerning specific products and services?
  • Have you standardized steps to assess and score customer risk?
  • Do you monitor and assess transaction risk?
  • Have you established procedures to investigate unusual customer activity?
  • Have you established procedures to document investigations of suspicious activity?
  • Are you screening transactions against watch and sanctions lists?
  • Do you schedule regular AML compliance employee training?
  • Do you perform annual AML compliance audits?
  • Do you maintain your AML program with periodic updates?
  • Are you using AML technology to automate the implementation of your compliance policies and procedures?
  • Are you using the best available AML technology tools?

Chapter 5: Anti-Money Laundering Tools and Solutions

The right AML technology can make regulatory compliance much easier, and in fact, it can be difficult to achieve compliance without suitable technology solutions. This final chapter will look at what AML solutions are and what they do, why you need one, and how Incode’s Omni platform can help you achieve AML compliance.

What Is an AML Solution?

AML solutions help you automate compliance with anti-money laundering regulations and adherence to AML best practices. AML tools include features such as:

  • Artificial intelligence modeling of suspicious customers and activities
  • AI-powered algorithms for fraud detection and risk management
  • Screening against watch lists of suspicious individuals and organizations
  • Risk scoring based on risk potential and historical profile
  • Dashboards with real-time data for monitoring and investigating risk
  • Creation and delivery of documentation for AML reporting and compliance

AML solutions may sync with data from other software such as accounting apps or enterprise resource planning solutions.

What Parts of the AML Process Do AML Solutions Typically Cover?

AML solutions may assist with various tasks in the AML process, including:

  • Importation of data from other relevant software
  • Matching of customer information against databases
  • Screening against sanctions lists
  • Verification of customer-identifying documentation
  • Risk scoring
  • Authentication of transactions
  • Capturing of data needed to authenticate transactions, such as facial recognition data
  • Credit card capture and authentication
  • Monitoring transactions and accounts and flagging suspicious activity
  • Videoconferencing to verify customer identity and liveness
  • SMS verification
  • Reporting of suspicious activity

Not all solutions will cover all these bases. For best results, look for a solution that covers everything you need to automate your AML procedures.

Why Do You Need an AML Solution?

If you’re a bank, credit union, financial services provider, or fintech provider, you need an AML solution to:

  • Meet AML regulatory compliance requirements
  • Protect your business and customers from fraud
  • Optimize the efficiency of your AML procedures
  • Scale up your AML procedures to handle customer volume
  • Keep up with the latest technology advances by both criminals and AML providers

The last item above should be underscored. As technology advances, staying ahead of the latest money-laundering techniques is becoming impossible to do manually. For effective AML compliance today, the right technology solution is absolutely essential.

The Best AML Solution for Verification, Compliance, and Remediation

If you’re looking for a comprehensive, cutting-edge AML solution, look no further than Incode’s Omni platform. Omni verifies and authenticates identities simply, securely, and instantly by leveraging the latest artificial intelligence technology. Omni includes components to help you comply with AML regulatory requirements in seven major areas:

  1. Identity verification to check ID documents, extract OCR data, analyze barcodes, match biometric templates, ascertain that ID holders are genuine humans, and screen data against government databases and other databases
  2. Capture tools to optimize the accuracy of ID data collection while providing a superior user experience
  3. Digital signature and non-repudiation tools to strengthen the legal standing of digital signatures in case of a challenge
  4. Risk control tools to spot suspicious accounts and activity
  5. Authentication tools that make it easy for genuine users to log into accounts while preventing unqualified access
  6. Critical transaction tools to combat fraud and verify transactions
  7. Incode’s proprietary database streamlines account access for customers already in the database without compromising security, delivering a more satisfying customer experience

Incode is used and trusted by major companies worldwide, including Citi, Banaforte, Rappi, Volkswagen, and many others. We provide AML support for multiple industries, including finance, retail, e-commerce, travel, hospitality, and age verification services. Whether your customer needs to open a bank account or book a trip, Incode can help you onboard new customers in a frictionless and secure way. Request a demo today to see how Incode Omni can help you stay in AML compliance.