Anti money laundering is the set of controls teams use to assess customers, screen risk signals, follow up when facts change, and document review decisions. It matters at onboarding, during periodic review, and when trigger events such as sanctions exposure, ownership changes, or unusual activity change the risk picture. Record source + timestamp + rationale + policy version + owner role for every material outcome.

Quick answer

• It applies when a relationship starts, when existing customers are reviewed again, and when new risk facts change the basis for an earlier decision.
• Keep the record that shows which facts were collected, which internal logic applied, what the reviewer concluded, and who owned the outcome.
• A common mistake is treating a screening result as the final answer instead of as one input to a documented AML decision.
• Strong AML work makes follow-up faster and makes later decisions easier to explain, compare, and revisit.

Records to keep (for traceable control)

• Customer due diligence sources: Show which facts the assessment relied on — Store as: Source log with timestamp
• Screening rule or policy version: Make the outcome reproducible against the right internal logic — Store as: Policy ID and version reference
• Decision note and risk rationale: Explain why the outcome was accepted, escalated, or reopened — Store as: Review note with rationale field
• Responsible role and decision date: Show accountability and timing — Store as: Decision record with owner and date

Definition and scope

Anti money laundering is usually shortened to AML. In day-to-day work, it covers customer due diligence, screening, ongoing follow-up, and the review decisions that follow when risk facts change.

That scope matters because AML is broader than a single check. Teams need to gather facts, assess what those facts mean, decide whether the outcome is acceptable, and return to the same customer when sanctions exposure, ownership, PEP status, or company data changes later.

When those steps are linked clearly, the organisation can explain what happened and why. When they are fragmented, similar customer profiles are handled differently across teams, channels, or review cycles.

Why it matters

AML controls shape who you onboard, what you escalate, how often a relationship is revisited, and what evidence you need to keep for later challenge or follow-up. They affect customer due diligence, sanctions screening, PEP screening, ownership analysis, and the judgement that ties those signals together.

Weak documentation creates avoidable remediation work. If a reviewer cannot reconstruct why a customer was approved, why enhanced measures were or were not used, or which policy version applied at the time, the organisation is left arguing from memory instead of from evidence.

A risk-based AML approach also depends on consistency. Similar customer types should be reviewed against similar logic unless there is a documented reason to treat them differently.

What AML covers in operations

For most teams, AML starts before the first decision is made. Customer due diligence sets the baseline facts, screening adds risk signals, and follow-up checks whether those signals change over time.

That means the topic cannot be framed only as documentation discipline. It also includes which person or company data to collect, which lists or attributes to screen against, when a new review should start, and how to separate evidence from the final judgement.

It also includes how decisions are reopened. A change in ownership, sanctions exposure, PEP status, or company status should not force the team to start from scratch, but it should give the team enough context to assess whether the earlier outcome still holds.

Common pitfalls

• Screening outputs are treated as final answers instead of evidence that still needs context and review.
• Customer due diligence is documented at onboarding but not revisited when new risk information appears.
• Teams use different thresholds for similar scenarios because the policy logic is not explicit enough.
• Ownership, sanctions, and PEP findings are stored, but the reasoning behind the final outcome is too thin.
• Follow-up events reach the organisation, but they do not arrive with enough context for the right team to act quickly.

These failures are usually operational, not theoretical. The issue is rarely lack of awareness. The issue is that evidence sits in one place, policy logic in another, and review notes somewhere else.

A practical process

1) Define the control model

Set out what AML needs to cover in your organisation: customer due diligence, screening scope, trigger events, escalation rules, and evidence requirements. This prevents tooling choices from silently becoming policy choices.

2) Separate evidence from decision

Keep source data, screening outputs, and the reviewer’s conclusion distinct. A hit, a gap, or a risk signal should support a decision, not become the decision by default.

3) Store rationale and ownership

For each material outcome, keep the reasoning, the rule or policy version used, and the responsible role. This is what makes a decision understandable in audit, remediation, or later follow-up.

4) Re-review when facts change

AML is not only an onboarding activity. New sanctions exposure, updated ownership information, PEP status changes, or company changes should trigger follow-up under the same logic used in the original review.

A practical process should also be realistic about exceptions. Some records will be incomplete, some entities will need additional verification, and some findings will require more than one data point before the team is ready to proceed.

Roaring field guide

• Define what triggers review, enhanced measures, or renewed due diligence before live cases reach the team.
• Store source references, timestamps, policy versions, and decision notes so outcomes can be replayed later.
• Keep thresholds and exception logic aligned across channels, not only inside separate policy documents.
• Route new risk events to the right team or process with enough context to support a decision.
• Track sanctions, PEP, ownership, and company-data changes instead of relying on one-off checks.

How Roaring can help

• The API platform (Integration Suite) can bring person and company data into existing AML workflows so teams can automate collection, screening inputs, and decision support in the same process.
• Lookup can act as the entry path for teams that have not automated yet, or want to inspect the data first before deciding how an integration should work.
• Monitoring and webhooks can support follow-up when sanctions exposure, ownership, or other risk facts change after onboarding.
• Selected sanctions and ownership datasets can make re-review easier because the same evidence inputs can be compared over time.