Anti-Money Laundering (AML) Guidance in Banking and Finance

Anti-money laundering (AML) is a subset of an organization's overall compliance program. In this guide, we will boost your understanding of how it works, and how to bring context to AML compliance.

Brian Ferro
Brian FerroAML Solutions Manager
Jan 22nd, 2024
15 min read

Money laundering is a process whereby money that has been generated illegally is made to look legitimate. It is a serious financial crime. Although offenses in the US have decreased by 12% since fiscal year 2018, it remains vital that banks and other financial institutions are vigilant for any signs of criminal activity. Anti-money laundering (AML) prevents illegally obtained money from entering the economy, stabilizing financial systems nationally and globally.

What is anti-money laundering?

Anti money laundering helps to prevent an organization from being used as a vehicle for criminals to access the financial system, so they can make their illicit funds appear to be from legitimate business dealings. It is an umbrella term used by many institutions to encompass their entire AML program, typically made up of several components:

  • Transaction Monitoring and Investigations

  • Model Risk Governance

  • Regulatory Reporting

  • Know Your Customer (KYC)

  • Customer Lifecycle Management (CLM)

  • Sanctions screening at both entity and payment level

Each of these components will ensure an institution is addressing the AML regulations that have been established in their region and globally (depending on the size of the organization). AML is a subset of an organization's overall compliance program.

How does money laundering happen in banking and financial institutions?

There are three basic categories of money laundering: placement, layering, and integration. Institutions are vulnerable to each of these, but are likely the most vulnerable during placement.

Block img


Placement is where a criminal looks to inject their illicit funds into the financial ecosystem. This can be done by depositing cash or attempting to exchange currency. Institutions will look at the volume of cash deposited or if the transactions are in line with expected behavior of the customer.

Block img


The layering stage is where the money is moved between accounts, possibly through shell companies, to give the appearance that the funds are from legitimate business dealings.

Block img


Once they are fully integrated into the financial system, the “cleaned” funds can then be used by the criminal to purchase anything they like.

For institutions, it’s important to know who controls companies, what the focus of the business is, where they operate, and what would be considered normal activity. Criminals know simple thresholds that banks employ and how to avoid them. By looking at the pattern and movement of funds, banks can better identify suspicious activity. 

What is the importance of AML compliance in banking?

There are numerous reasons why institutions should be vigilant in the fight to prevent money laundering. The most obvious reasons are the economical and reputational consequences – the fines imposed by regulators against banks found to have deficient AML programs is in the billions of dollars. AML and related fines increased by 52% in 2022, and these fines are only part of the overall cost to the banks – as a rule of thumb, the true cost is about 3x the fine due to legal fees and internal costs the banks must account for. The US had the highest enforcement actions in 2022, of $3bn, up 151% from the previous year.

Historically, once a fine is made public, there is a direct correlation to a drop in both the stock price and customer base for the bank. These directly impact the bank's profitability and resonate with shareholders.

Beyond the financial impact, banks play a role in the very real, human element of preventing money laundering. Criminal activity such as elder abuse, drug trafficking or human trafficking, negatively impact society and destroy families. By looking for behaviors that are indicative of these criminal schemes, banks can prevent criminals from profiting from these crimes, or even have funds frozen to be later seized by law enforcement. Creating friction for criminals discourages them from using banks to hide their money. 

Banks require an intricate partnership of technology and people to meet the ever-changing AML requirements. From a technological standpoint, banks need to utilize technology to automate manual tasks and provide meaningful insights into the activity conducted by their customers, and even their non-customers, so that investigators can use the data to make more informed and confident decisions. Banks are racing against the clock with mounting alerts and cases that have short periods of time to be adjudicated. Technology can create more efficiencies, giving investigators time to properly look into potential financial crimes.

How do AML policies affect financial institutions? 

AML policies are ever-changing and increasingly demanding on institutions. As the gatekeepers of the global financial system, banks are charged with monitoring the activity of their customers and the money that moves through their institutions. The way in which they do so seems to evolve continuously. The cause for this is largely related to regulatory updates.

Initially AML regulations were basic, but, over time, these regulations have been updated and require the institutions to adhere to them in parallel. Institutions must meet the requirements of the guidelines, which could mean investments in new technology, additional headcount to tackle increased workloads, or creating new teams dedicated to the new regulations. Failure to do so could mean deficiency findings, consent orders or even fines to the institutions.  

How is AML in banks regulated? 

AML banking regulations are in place across the globe. Their purpose is to identify and prevent money laundering from entering legitimate financial systems. This keeps these systems stable in a world where it’s easier than ever to move money between accounts and countries. The presence of regulations results in greater levels of trust between institutions, as the risk of money laundering succeeding is lowered if each institution carries out its due diligence.

AML in banks is regulated through multiple bodies:

European Union (EU). The EU has AML regulations its member states must adhere to, known as the Anti-Money Laundering Directive (AMLD). The directives are updated in order to keep up with different threats. Six directives have been issued at present. The most recent one was issued in 2018 and came into force in 2021, formalizing the different crimes under money laundering. 

Financial Action Task Force (FATF). The FATF set global recommendations for AML regulations (the FATF Recommendations), which countries are encouraged to implement with their oversight. There are 40 recommendations divided into seven categories:

  • AML/CFT policies and coordination

  • International cooperation

  • Money laundering and confiscation

  • Powers and responsibilities of competent authorities and other institutional measures

  • Preventative measures

  • Terrorist financing and financing of proliferation

  • Transparency and beneficial ownership of legal persons and arrangements  

United Nations (UN). The UN’s Global Programme Against Money Laundering, Proceeds of Crime and the Financing of Terrorism (GPML) helps to prevent money laundering by requiring members of the UN to implement laws and strengthen their regulations. They must also help fellow members investigate related crimes.

These regulatory bodies provide frameworks for countries to base their AML regulations on, but each nation has specific issues they need to address.

For example, the US has the Bank Secrecy Act (BSA), under which banks must:

  • Keep detailed records of cash transactions above $10,000 (daily aggregate amount)

  • Keep detailed records of cash purchases of negotiable instruments

  • Report activity that is indicative of money laundering or other financial crimes

There is also the USA Patriot Act, which was introduced after the events of 9/11 to strengthen efforts against terrorist financing. A key element of the law requires financial institutions to report suspicious customer activity.

Notable AML measures across the world include:
  • Proceeds of Crime Act (POCA) (UK), a legal framework for confiscating the proceeds of criminal activity.

  • Money Laundering, Terrorist Financing and Transfer of Funds Regulations (UK), laws to follow the identification and prevention of money laundering and terrorist financing. All suspicious activity must be reported to the National Crime Agency.

  • National Strategy for Countering the Financing of Terrorism, introduced in 2022 by the Monetary Authority of Singapore, which aims to improve coordination between international law enforcement agencies and ensure AML/CFT frameworks meet international standards.

  • The Hong Kong Monetary Authority (HKMA) identified fraud as the main threat in 2022. The following year it named AML risk as one of its priorities in combating fraud, with a focus on sharing information, using data, and keeping regulations up to date.

  • Following an inquiry into Australia’s AML/CFT regulations, the Australian Transaction Reports and Analysis Centre (AUSTRAC) updated regulations that previously excluded multiple industries, including real estate and gambling, from some AML/CFT reforms. 

  • The Central Bank of the UAE has a department dedicated to AML/CFT measures: Anti-Money Laundering and Combating the Financing of Terrorism Supervision Department (AMLD). The department ensures all AML regulations and recommendations are followed and identifies new risks and threats as they develop.

  • South Africa follows the regulations and recommendations set out by the Financial Intelligence Center Act (FICA). They also work with the Southern African Development Community (SADC) to ensure cooperation between regions.

How much does anti money laundering compliance cost banks?

AML operations are a required area of the bank’s overall operations. It is not a money-generating line of business for the banks. How much each institution invests is highly dependent on the size of the bank. For example, an American Tier 1 bank could spend over $100M, while a mid-tier bank could spend approximately $1M.

What are the mandatory AML requirements for banks?

First, banks must have an AML program in place to obtain and maintain a bank charter. Institutions are prohibited from conducting correspondent or inter-bank transactions with institutions that do not have a certified AML program. 

For all institutions, the AML program must have five main components: 
  1. Appoint a compliance officer

  2. Complete risk assessments

  3. Prepare anti-money laundering policies and a procedure manual

  4. Monitor and maintain your AML program

  5. Implement customer due diligence

There are intricacies in each of these that drive what an AML program does at each bank. For example, the risk assessment will look to drive the types of rules and scores a transaction monitoring solution would utilize for surveillance of transactional activity.

Best features for AML tools and systems in banking

Utopia for a bank is to be able to get a complete 360 view of their customers.

What are the profiles, products, activity and expected behavior for their customer? Who is the customer connected to? For example, do they have joint accounts, or owners of other businesses that have additional connections? Do they live at the same address as other customers?

Enhancing the bank’s data with up-to-date external data is also critical. Many times, a bank will get information on a customer at a point in time that might have been done years ago (i.e., a college savings account opened for a customer who is now 20 years removed from graduating and still uses the same account). 

Additionally, it’s important that banks are able to understand patterns of behavior conducted by their customers – do the transactions make sense? Do they fit within the expected activity? Who are the associated counterparties they conduct business with? Is there risk in the activity? 

What are the benefits of AML solutions?

AML solutions enable you to understand the risk and how to mitigate the bank’s exposure to risk. It’s all about risk management, not eliminating all risk.

AML provides banks the means to know who a customer is, what is expected of the customer, and how to effectively monitor the anticipated behavior, while alerting on activity that is considered to be consistent with criminal activity, or outside of normal behavior. In doing so, banks can help protect innocent people from falling victim to scams or being taken advantage of by criminal rings (such as those involved with mules or trafficking).

Additionally, having a strong AML program helps to safeguard the overall health of the global financial system and stop abuse.

AML solutions for banks should enable them to make more informed, confident decisions about onboarding, offboarding, and ongoing monitoring.

Shifting to an automated AML end-to-end solution provides:
Block img

The ability to transform a risk policy into a digital AML workflow

Block img

Access to the data needed for customer due diligence

Block img

Dynamic risk profiling (i.e., creating a picture of risk associated with customers)

Block img

Collaboration and communication methods, both for cross-team work and work with customers

Block img

Analytics and reporting tools to gauge efficiency and track audit history

What are the challenges driving AML compliance?

Changing regulations

Keeping track of and up to date with regulations is important to ensure compliance. However, changes can create knowledge gaps and confusion if they’re not explained and applied in good time.

Operational costs

Financial institutions can direct a lot of their costs towards AML measures. If these measures aren’t satisfactory enough to keep up with today’s demands then these expenses can quickly spiral, as the institution tries to fill the gap.

Increased transaction volumes and alert volumes

A good AML compliance solution should be able to scale as your alerts do, and see a more holistic picture of risk in order to mitigate alert volumes and false positives. If not, this can quickly lead to analysts dealing with false positive alerts and having less time to spare on legitimate cases.

Employee satisfaction and retention

If employees who work as investigators are treated like substitute content aggregators, this can take away from their investigative work and cause dissatisfaction, making it more likely they will seek work elsewhere.

Increased risk

The sophistication of criminals and global networks of activities has increased. Networks are complicated, with cross-border transactions, domestic and global transfers, so there are lots of ways to move money around without it raising a red flag.

Technological requirements

Incumbent systems are just not satisfactory anymore. Transformative technologies and processes, like Contextual monitoring, are the only way forward. Contextual monitoring helps institutions to go beyond a single transaction to better understand the relationships between counterparties by looking at who the originating counterparty is, who the beneficiary counterparty is and what they already know about them both. This information can help investigators learn whether either of the parties are connected to criminal activity.

What role do suspicious activity report (SAR) play in AML in banking?

Suspicious activity reports, or SARs as they’re commonly known, are regulatory reports that are completed by financial institutions, insurance companies, or casinos to report any suspicious activity that took place at their institution. SARs sometimes go by other acronyms – suspicious transaction reports, or suspicious matter reports.

No matter what, the report is titled, they all have the same goal – providing the regional regulator with information on who, what and how suspicious activity, usually indicative of a predicate criminal offense, took place within the institution. These reports will provide names, accounts, transactions that were identified, and a summary of what the investigator believes the money movement to mean.

SARs are the only output created by AML shops at institutions and are critical in helping law enforcement initiate or support their ongoing investigations. SARs are collected by a central agency and then distributed to local law enforcement to review and determine if the information is useful for an active investigation, or warrants kicking off a new one. 

A good SAR goes into detail on the movement of money, with both how and why the activity may be indicative of criminal activity. These include the source of the funds, where the money went, and who handled the money along the way. The types of transactions and the amounts that were received and sent are all important to understand the story. They help law enforcement, as they can tie into their own investigations as evidence for eventual prosecution. 

AML by the numbers

  • As stated in the 2023 AiteNovarica report, in the US, firms are likely to spend more on AML compliance if their Assets Under Management (AUM) is higher.

    • 76% of firms with between $60 billion and $100 billion AUM spend over $5 million on AML compliance annually.

    • 57% of firms with between $1 billion and $10 billion spend less than $1 million on AML compliance annually.

  • 45% of respondents to the Thomson Reuters Regulatory Intelligence 2023 Cost of Compliance survey said they did not monitor the cost of compliance with regulations across their organizations.

  • However, 33% still said they expected their compliance teams and the associated costs to grow, with 73% expecting an increase in regulatory activity.

  • A recent study into global compliance by LexisNexis Risk Solutions found that the cost of financial crime compliance in the US rose by 15.6% from 2020 to 2022.

  • These increases occurred worldwide. The highest increase was in Chile (52%), while the lowest were in Brazil, India and Malaysia (5.5% each).

  • The study found that the three factors which contributed most to AML compliance costs were:

    • Increased geopolitical risk

    • Increasing AML regulation

    • Evolving criminal threats

  • Trade-based money laundering schemes and financial crime involving digital payments were the most common types of financial crime institutions were exposed to.

According to a report by Global Investigations Review, despite a global decrease in AML enforcement actions and penalties in 2021, they more than tripled in Europe, the Middle East, and Africa (EMEA) compared with the years before. Previously, US AML penalties were significantly higher than those in other regions, but this is no longer the case.

How banks can accelerate their AML processes with Quantexa

Data fusion

At Quantexa, we use data fusion, which means we’re able to enrich a bank’s own data with external sources. This gives banks more up-to-date information on a customer’s address, who they are connected to and any adverse media. Additionally, third-party data can establish relationships that might not be obvious to the bank.

Complex threats

Complex threats provide the ability to look at those previously hidden relationships to see patterns of activity that are not immediately known to banks. Do customers share a connected counterparty that is a beneficial owner to a company outside the bank’s walls? Quantexa eliminates a lot of the manual steps an investigator would do as they follow the money (or flow of funds) to understand the nature of the activity.

Reducing false positives

This involves being able to use risk factors and mitigating factors to either escalate or hibernate alerts. Not all rules are designed to be one size fits all, but by having more granularity with detection scores, banks can determine what is truly suspicious behavior to filter out the noise for more productive alerts.