Money laundering is a rampant issue in the financial world, defined as the conversion or transfer of financial assets for the purpose of concealing and disguising their illicit origin. According to the United Nations, 2-5% of the global GDP is estimated to be laundered annually.

As a result, regulators around the world have necessitated the implementation of anti-money laundering (AML) compliance programmes to make money laundering more challenging and reduce the cases of financing terrorism. And in order to help businesses and financial institutions build up a coherent AML programme, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) laid out 5 different pillars of an effective AML programme in the Bank Secrecy Act (BSA). 

While the BSA only applies in the US, the 5 pillars are known internationally and are being used by businesses and institutions everywhere during the formation of AML compliance programmes. 


Pillar 1: A system of internal controls to ensure ongoing compliance

In order for the AML compliance programme to remain effective, the institution has to start by ensuring that there is a comprehensive set of internal policies. From the definition of roles and responsibilities to documenting a series of protocols for the company to follow, these policies should work to help tailor the AML protocols to the specific needs of the company. 

At the same time, the internal policies should consider the risk profile of the company and ensure that there are reporting channels set up (to report suspicious activity up to the relevant agencies). 


Pillar 2: The designation of an individual responsible for day-to-day compliance

Even though a comprehensive AML compliance programme should involve multiple individuals and departments, there is a need for a designated AML compliance officer to manage the programme. 

This designated individual must also have adequate industry knowledge and be experienced enough to manage the programme effectively. The individual has to have enough authority and resources within the institution in order to help the institution take decisive action when there are reasonable levels of suspicion. 


Pillar 3: Training for appropriate personnel

As the internal policies set out in the first pillars lays out the roles and responsibilities of individuals in the institution, an essential next step is to provide sufficient training for each of these individuals. Only by ensuring that everyone is familiar with their roles and responsibilities can an AML compliance programme run smoothly without allowing gaps in the policies to form. 

The training cannot be a once and done event. The AML compliance officer must ensure that refresher training is held regularly to ensure that everyone understands AML processes. Training should also be provided whenever the AML compliance programme is updated and changed.


Pillar 4: Independent testing of AML compliance

The financial industry is constantly evolving as new technologies and capabilities are developed. As a result, organisations must ensure that there are processes in place to test the programme periodically to keep their AML compliance programme effective. 

By allowing for a third party (which can either be an accredited external auditing party or an internal staff with no responsibility in the programme) review of the compliance programme, the institution will be able to understand if the programme is effective enough to stop all cases of money laundering and understand if there are any gaps in the AML compliance programme that can be exploited. 

With the independent testing of the programme, the institution will also be able to spot any outdated practices and help streamline the AML processes. 


Pillar 5: Risk-based procedures for conducting ongoing customer due diligence

Lastly, an effective AML compliance programme should start by establishing the risk profile of every new customer. However, AML processes do not stop at the KYC process of onboarding. Instead, institutions have to conduct ongoing monitoring in order to identify any suspicious transactions that occur even after the customer has finished the onboarding process. As the risk profiles of customers might change, the programme should include periodic checks to maintain and update customer information. 

FinCEN has also listed out 4 core elements of a customer due diligence programme: 

  1. Customer identification and verification,
  2. Beneficial ownership identification and verification,
  3. Understanding the nature and purpose of customer relationships to develop a customer risk profile, and
  4. Ongoing monitoring for reporting suspicious transactions and, on a risk basis, maintaining and updating customer information.


Keeping Your Business Safe From Money Laundering

By including the 5 pillars in creating an AML compliance programme, your business can create a programme that will be effective in detecting and deterring money laundering.