How does AML regulations affect your business and what is required to ensure compliance?
With Roaring APIs, web platform and monitoring service you can easily screen your customers.
Money laundering explained
Money laundering is the process of trying to conceal the origin of money obtained illegally, by letting them pass through a sequence of transfers and transactions. The goal of the process is to "clean" the money, making them available for usage in the legal economy.
How does money laundering work in practice?
Money laundering can be done in several ways. At a basic level, the washing process is described in the following steps by the FATF (Financial Action Task Force);
- In the initial stage - placement - of money laundering, someone introduces their illegal profit into the financial system. This can be done, for example, by dividing large amounts of cash into less conspicuous smaller sums, which are then deposited directly into a bank account.
- After the funds have entered the financial system, the second step takes place - layering. In this phase, the money is put through a series of transactions or transfers to distance them from the original source.
- After successfully processing their criminal profits through the first two phases, the money launderer moves to the third step - integration - where the funds re-enter the legal economy. The criminals can invest the funds in, for example, real estate, luxury assets or business investments.
AML, anti-money laundering and compliance
Anti-money laundering refers to laws, regulations and procedures designed to prevent criminals from concealing illegally obtained funds as legitimate income. Although anti-money laundering laws cover a limited range of transactions and criminal behavior, their consequences are far-reaching.
”With Roarings monitoring service we can continuously update data, which has made the AML process more efficient.”
Who are covered by AML regulations?
AML regulations are quite harmonized in the EU, where guidelines have been provided to members of the union. In Sweden, The Money Laundering and Terrorist Financing (Prevention) Act (the Anti-Money Laundering Act) is the administrative framework applying to firms in certain sectors. The purpose of the regulations is to prevent firms from being used for money laundering and terrorist financing.
Examples of sectors covered by the act, include banks and financial institutions, real estate brokers, auditors and accountants, lawyers and insurance among others.
Read more on covered industries here.
Manual labour costly for covered companies
On average, roughly 50% of costs associated with compliance work, regardless of the company's size or type, originate from manual labour. For smaller companies in Europe and the USA that are affected by the regulations, the figures are even higher, where the average cost of manual work is estimated at 62% and 74% of the total costs for compliance respectively.
Studies also show that increased compliance requirements have a negative impact on areas such as customer onboarding, employee experience and productivity, which creates a vicious circle that is difficult to break.
Manual work related to AML compliance is therefore a huge "pain" for the organizations covered by the Money Laundering Act, which has created an increased demand for services automating and digitizing management and assessment of customer data.
Customer Onboarding & Compliance
Trying to combine anti-money laundering compliance and customer onboarding has given financial institutions some headache. An increase in KYC (know-your-customer) requirements have led to more information needing to be collected and verified from customers.
Gathering information in the customer onboarding process, has led to a lot of companies putting the data collection in forms and documents, where the potential customer has to fill in, sign and send it manually. This impairs customer experience, as well as being time-consuming and costly, leading to an increase in churn and onboarding abandonment.
Automated collection and verification through, for example, API solutions, has therefore increased in demand. KYC information such as PEP (and RCA) status, sanctions lists screenings, company information, financial information, signatory rights, beneficial owners and much more can be collected today through companies like Roaring.
Guide: How to ensure AML compliance
- Risk assessment
- Risk classification
- Reporting to authorities
Organizations covered by the Money Laundering Act need to have routines and guidelines in place regarding measures for customer knowledge, monitoring, reporting and processing of personal data. In general, routines and guidelines for counteracting money laundering and terrorist financing must be based on the organization's general risk assessment. Meaning, they need to be designed to be able to handle and counteract the risks identified by the organization.
Furthermore, the following functions need to be in place:
- A specially appointed executive with responsibility for, among other things. a. create and update the general risk assessment, ensure that there are common guidelines and routines (and that these are updated), check and follow up measures and routines, and report to the board or CEO.
- A central function manager within the company with responsibility for, among other things. a. check that the company complies with the law, provide advice and support as well as inform and train, provide information to authorities on request, check that routines and guidelines are effective, and be responsible for reporting to authorities.
- An independent audit function with responsibility for, among other things, reviewing and evaluating efficiency and effectiveness in terms of organization, IT and systems, internal control, risk management and more.
As regulatory requirements are being updated and changed regularly, an important part of the work is to ensure that employees have the right training and thus current skills. Take into account the following current education:
- Individually adapted training based on the employee's role and tasks / responsibilities regarding money laundering issues.
- Base training and education on the company's general risk assessment.
- Set a plan for continuous education, but also perform external monitoring and audits in order to be able to adapt the activities and education to current events.
3. Risk assessment
An important part of the process is to create a general risk assessment for your business to be used in money laundering activities. It shall take into account the following:
- What types of products and services you offer
- Your customers and distribution channels
- Geographical risk factors
How extensive the general risk assessment should be is determined by the size and nature of the business. Turnover, number of employees, number of places of business, what activities are conducted, what goods or services are provided and how complex these goods and services are, are factors to take into account for example.
To avoid unnecessary risk, organizations covered by the law need to have a solid knowledge of their customers businesses. This part of the AML process is called KYC or know your customer, and normally involves a series of checks and screenings of new and existing customers.
Measures to achieve the required knowledge of your customers shall be based on the company's general risk assessment in combination with an assessment of the risk of the individual customer. Checks and screenings usually include basic information about the customers business, such as address, top executives, etc., but also information such as board members, beneficial owners, PEP status (politically exposed person), sanctions lists status and various questions regarding the business.
5. Risk classification
As mentioned above, measures to achieve customer knowledge must be adapted on the basis of an assessment of the extent of the risk of being used for money laundering and terrorist financing. The risk assessment must be based on your company's general risk assessment and what the organization knows about the individual customer in question.
This means that the organization in practice needs to classify risk regarding:
- The customer's products and services
- The geographical location of the business
- The company's type of customers
- The company's distribution channels
The classification is usually made on the basis of the assessment levels low, medium and high. An example where a higher risk classification may be relevant is products and services with a complex structure or if a company turns to an international market.
In addition to the general risk assessment, the organization must also assess the risk of the individual customer and the business relationship. The result of that assessment determines what measures need to be taken to achieve customer knowledge. If the risk with the business relationship is assessed as low, the company can apply simplified KYC measures. If the risk is assessed as high, stricter KYC measures must be taken.
An organization covered by the Money Laundering Act must review transactions, in order to be able to detect transactions and other activities that may be suspected of being part of money laundering or terrorist financing. This means concrete follow-up of two parts:
- Continuous analysis and updating of customer knowledge.
- Monitoring of transactions to detect any discrepancies.
It is also worth noting that documents and information about measures taken to achieve customer knowledge must as a rule be kept by the organization for five years. If the documents or information may indicate money laundering or terrorist financing, if a suspicion has been reported to the Financial Police and if an authority has alerted the organization that they should be saved, they must be kept for ten years.
7. Reporting to authorities
You are required to review and report suspicious transactions or conduct to authorities according to the law. There does not have to be evidence that money laundering or terrorist financing has actually taken place to report, but suspicious activity is sufficient.