Fully managed in the cloudStarburst GalaxySelf-managed anywhereStarburst Enterprise
- Start Free
Fully managed in the cloud
To crack down on financial crimes and terrorist financing, governments everywhere have tightened enforcement of anti-money laundering (AML) regulations. The direct and indirect costs of non-compliance are severe. Yet compliance remains a challenge for firms at any scale.
This introduction to anti-money laundering will review the regulatory environment, the requirements of an effective compliance program, and the growing role of data analytics in AML monitoring and compliance.
Anti-money laundering consists of the regulations and practices used to prevent the abuse of the financial system in support of terrorism and other criminal activities. Under these regulations, AML compliance is the responsibility of banks, credit card processors, and other financial institutions. They must monitor their customers and financial transactions for signs of suspicious behavior and report this activity to law enforcement agencies.
Money laundering uses a series of financial transactions to convert the proceeds of crimes into “clean” money indistinguishable from any other funds. This three-stage process involves:
In addition to laundering the proceeds of crimes such as drug trafficking, these techniques obscure the opposite money trail from “legitimate” sources to criminals and terrorists. Many financial regulations now include provisions for both anti-money laundering and combatting the financing of terrorism (CFT). Examples of money laundering laws include:
As amended by the PATRIOT Act, the Bank Secrecy Act (BSA) requires American financial institutions to help federal law enforcement combat money laundering and terrorism financing.
Institutions must report large transactions, foreign bank accounts, and suspicious activities to the United States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN).
Following its departure from the European Union, the UK Parliament passed the Sanctions and Anti-Money Laundering Act 2018 (SAMLA 2018) to restore the authority to impose regulations and sanctions for money laundering and terrorism financing.
Over the past quarter-century, the European Union has introduced a series of anti-money laundering directives to unify regulations, compliance requirements, and enforcement across EU member-states. The most recent 5th round (AMLD5) enhanced transparency, tightened cryptocurrency regulation, and improved communications between regulatory offices.
In a global financial system, money laundering does not respect national jurisdictions. The Financial Action Task Force (FATF) is an intergovernmental body that coordinates AML/CFT enforcement. FATF research identifies illicit activities trends, proposes money laundering regulations standards, evaluates member performance, and flags high-risk countries.
Companies that offer financial services must have robust AML/CFT programs to prevent terrorists and organized crime organizations from using their services for criminal activity. Some elements of an effective AML/CFT program include:
Most regulations require a risk-based approach to preventing illicit activity. As part of an overall risk management process, financial institutions must assess money laundering risks such as:
This risk assessment cannot be a one-time event. Firms must regularly review their tolerance of and exposure to AML/CFT risk.
A pillar of effective AML compliance is understanding who you do business with by implementing a thorough Know Your Customer (KYC) process. Companies that deal with the public must verify each customer’s identity. Institutions serving business customers must confirm their customers’ location and beneficial ownership. Beneficial owners are the people with a controlling interest in the company.
KYC programs allow institutions to comply with financial sanctions laws that prevent named criminals, terrorists, and other individuals from accessing the global financial systems. Although international coordination happens, these lists vary from country to country. The Office of Foreign Assets Control (OFAC) enforces sanctions in the United States. On the other hand, regulators within each member state enforce European Union sanctions.
In addition to identifying known criminals, financial institutions must use their KYC processes to monitor accounts owned or controlled by senior government officials whose positions create opportunities for corruption. Screening these Politically Exposed Persons (PEPs) helps prevent political corruption that could support money laundering or terrorist financing.
Financial institutions must implement ongoing monitoring systems that can detect money laundering activities. These systems use transaction histories to establish patterns of behavior for each customer. Comparing real-time transactions to these behavior patterns reveals suspicious transactions for investigation and reporting.
Companies must implement several measures to comply with AML regulations, ranging from how they investigate their customers, what kinds of reports they must file, and how they oversee their compliance efforts.
AML compliance programs must implement customer due diligence (CDD) rules to identify and assess each customer’s risk of criminal activity. For example, FinCEN’s CDD Rule requires financial institutions to:
Institutions must apply enhanced due diligence (EDD) procedures to fully assess the AML/CFT threat posed by high-risk customers. These measures are not limited to those on sanctions or PEP lists. Anti-money laundering programs must also evaluate the risks presented by high-net-worth individuals, people living in high-risk countries, or those accessing risky financial services.
Regulators cannot monitor the financial system directly. Instead, they rely on financial institutions to monitor their internal systems and report unusual activity that could support money laundering and other financial crimes.
When institutions detect unusual transaction patterns, they must submit suspicious activity reports (SAR) to their regulator. The definition of “suspicious” is not set in stone, varying between institutions, transaction types, and customer risk profiles.
Some transactions trigger reports whether or not there are signs of suspicious activity. Currency transaction reports (CTRs) let regulators see every large deposit, withdrawal, or other transaction. US regulators set this threshold at $10,000. To prevent criminals from structuring transactions to avoid the CTR limit, institutions must submit an SAR when they detect multiple transactions over several days that combine to exceed the threshold.
AML laws assign responsibility for compliance to the institution’s board of directors and senior management. They must ensure the company has controls to monitor, identify, and enforce AML practices. Typically, a compliance officer will oversee these AML compliance efforts. These officers report to senior management and the board, giving them enough independence to avoid undue influence from within the organization.
In July 2023, Bank of America’s Merrill Lynch brokerage arm paid a $6 million fine to the Financial Industry Regulatory Authority (FINRA) and a $6 million penalty to the Security and Exchange Commission (SEC) for failing to meet the BSA’s AML reporting requirements.
Merrill Lynch and other broker-dealers must submit SARs for transactions exceeding a $5,000 threshold. However, Bank of America and other national banks must file a SAR for suspected criminal transactions of $25,000 or more.
After the two companies combined in 2009, the merged company’s AML program applied the higher threshold to all Merrill Lynch transactions. In the ten years before discovering the error, Merrill Lynch failed to file reports for roughly 1,500 suspicious transactions.
Financial institutions increasingly rely on data analytics to overcome challenges in the fight against money laundering. Rapid identification of suspicious activity requires near real-time analysis of financial transactions, which the complexity of modern data architectures undermines. Moving and copying data through pipelines takes time and makes data less relevant to immediate action. In this regard, filtering false positives is a particular challenge as it requires access to data in disparate stores and locations.
Another challenge is reconciling hundreds of national and regional AML/CTF regulations with hundreds of data privacy and sovereignty regulations. Identifying, investigating, and reporting suspicious activities requires speedy access to KYC, CDD, and EDD data. However, privacy regulations require strict limits on who may access personally identifiable information (PII). Likewise, data sovereignty regulations limit the transfer of PII across national boundaries.
Starburst Stargate creates a virtual gateway for cross-cloud data analytics. Applying Stargate’s query abstraction layer over your institution’s globally-dispersed data architecture lets you create virtual data warehouses for your AML programs.
Through a single interface, compliance officers can query and analyze data from anywhere in the company without slow, complex ETL processes.
All data remains at the source, so there’s no need to invest in additional storage infrastructure.
Stargate’s single point of access applies compliance rules to queries at runtime, allowing AML teams to get the data they need without compromising privacy and sovereignty compliance efforts.
See how a global investment bank used Starburst to reduce false positives, speed investigations, and minimize the risk of AML non-compliance. For more information about the Stargate platform, check out our solution brief.
Up to $500 in usage credits included
Up to $500 in usage credits included