Anti-money laundering (AML) laws and regulations are there to prevent criminals from laundering money. Criminals launder money to hide funds obtained via illegal or illegitimate means and pass it off as legitimate income.

It's up to financial institutions to monitor and assess customers for any potential money laundering and to flag any suspicious behavior to authorities. If financial institutions fail to do this they can face large fines, penalties or even jail time. 

Global AML regulations and directives

AML regulations require financial institutions to monitor customer transactions and deposits, and to flag any suspicious activities. Anti-money laundering initiatives came about in 1989 when organizations around the world created the Financial Action Task Force (FATF).

The FATF has 36 member states and its jurisdiction has a global impact. Every major financial institution must comply with FATF regulations and follow its guidance on AML measures. This includes:

  • Implement know your customer (KYC) measures. AML laws are closely related to know your customer (KYC) rules, but there are some key differences. KYC regulations require financial institutions to verify the identities of customers, while AML regulations cover the measures financial institutions must take to prevent and combat money laundering.
  • Conduct customer due diligence (CDD) in line with FATF recommendations.
  • Keep up-to-date records of any high-risk clients.
  • Conduct ongoing transaction monitoring and report any suspicious activity to local reporting authorities.

Read our what is KYC blog post to know more about KYC.

Financial institutions also need to comply with the AML directives of local regulators if they are based or are operating in that country.

US AML requirements

The Bank Secrecy Act (BSA) is the main AML regulation in the United States. The BSA focuses on money laundering, but its scope also covers other financial crime measures such as counter terrorist financing (CTF). 

The BSA outlines a number of requirements including a compliance program which include written policies and procedures, employee training and appointing a compliance officer, reporting and record keeping.

UK AML requirements

The Financial Conduct Authority (FCA) is responsible for regulating the UK financial services sector. The FCA’s powers include regulation and the setting of legal standards for UK banks and other financial institutions, as well as supervision and ensuring institutions comply with specific AML regulations. 

EU AML requirements

The European UNion’s anti-money laundering directives outline AML and CFT legislation across all member states. The EU’s fifth anti-money laundering directive (5AMLD) came into effect in January 2020 and the 6AMLD came into effect in June 2021.

AML fines and penalties

It’s up to financial institutions to monitor customer transactions and check they aren’t part of money-laundering schemes. Institutions must verify where large sums have come from, monitor any suspicious activity and report large cash transactions.

If financial institutions fail to comply with AML requirements they can face large fines, penalties or even jail time. 

Some of the reasons why banks and other financial institutions might face penalties are:

  • Failure to report suspicious monetary activity
  • Insufficient risk assessments relating to KYC, politically exposed persons (PEPs) and CDD requirements
  • Inadequate control systems that fail to identify risks related to money laundering or terrorist financing
  • Failure to establish and maintain policies and procedures and report them to financial regulators

What’s the penalty for non-compliance with AML transaction monitoring obligations?

AML transaction monitoring is a legal requirement of AML regulations and helps businesses comply with CFT laws. It’s one of the most effective ways for banks and financial institutions to combat money laundering and financial crime.

For AML transaction monitoring businesses create rule-based systems, and if a certain transaction triggers that, they will investigate. If a business detects any financial crime they will raise a suspicious activity report (SAR).

If businesses fail to conduct adequate AML transaction monitoring, regulators can impose harsh fines and penalties. The following fines illustrate why adequate transaction monitoring and compliance with other AML measures are so important.  

What are the largest AML fines?

According to regtech firm Fenergo, regulators issued $5.37 billion worth of AML fines in 2021.

Some of the largest AML fines include:

  • US investment bank fined $2.9 billion to resolve 1MDB bribery scheme
  • Australian bank fined $900 million by AUSTRAC for numerous AML violations
  • A German investment bank was involved in two separate scandals with EU and USA regulators in 2020 and received a $16 million penalty
  • A German bank was fined $50 million last year for failing to conduct adequate KYC on thousands of customers

Recent AML fines on banks

In 2021, the US, UK, Malaysia, France and the Netherlands were the top five countries in terms of the total monetary value of fines they issued. 

The last year also saw regulators targeting non-banking financial firms, such as crypto providers, with AML-related fines.

US banks AML fines

US regulators issued $673.2m in fines to foreign banks out of a total of $1.2 billion worth of enforcement actions. 

Preventing AML penalties and fines

Compliance is necessary in order to avoid fines and penalties. For businesses to comply with AML directives, there are a few things they should put in place.

  • Establish an AML program: All businesses that are subject to AML regulations should put in place and AML/CFT program. This includes conducting CDD and ongoing transaction monitoring in line with regulator mandates. Learn more about the different AML stages in our blog.
  • Hire the right people: Compliance departments (and the businesses as a whole) should make sure that the right people with the right knowledge are in place to oversee the businesses’ AML compliance program.
  • Report suspicious activity: Businesses should submit suspicious activity reports (SAR) to their local regulator if they detect and potential money laundering.
  • Train employees: Businesses have a responsibility to make sure all employees are trained on AML and CFT requirements and what to do if they suspect any suspicious activity.
  • Employ new technologies: To prevent money laundering and meet with AML directives, banks and other financial institutions can also embrace new technologies that help streamline compliance processes. 

Many of these solutions can help provide cost and efficiency benefits. For example, ensuring that analysis is built on reliable data. But not all databases are created equal. That’s where Onfido’s Watchlist solution comes in — it’s continually refreshed and indexed, so there’s no compromise on reliability or speed.

Interested in learning more about identity verification and regulatory compliance?

Our Compliance manager's guide to identity verification walks through the global regulatory landscape, and top considerations when choosing a solution.

Read the report