Certified Anti-Money Laundering Specialist (CAMS) Study Notes

Certified Anti-Money Laundering Specialist (CAMS) Certification

Understanding the Risks and Methods of Financial Crime

Money Laundering and Financial Crime: Introduction

This module provides an introduction to money laundering and other financial crimes, including their consequences and inherent risks. It covers how criminals exploit financial institutions and trade networks, leverage emerging technologies to launder illicit funds, and obscure ownership to evade detection. Understanding these aspects helps in strengthening compliance programs, enhancing transaction monitoring alert management systems, and implementing risk-based strategies to prevent financial crime and ensure institutional and individual accountability.

Case Example: Linguistix's Suspicious Transactions

Joyce, working in a bank's AFC department, observed a significant and surprising increase in transaction volume for Linguistix, a translation service, over six months, contradicting initial Know Your Customer (KYC) revenue projections. The operations team confirmed this surge, noting many transactions originated from high-risk jurisdictions. Further investigation revealed a large transfer from an account linked to an organized drug trafficking group, suggesting drug trafficking as the predicate crime funding potential money laundering. Joyce escalated the case to the financial crime compliance team, which used advanced analytical tools to confirm Linguistix was a front for laundering drug trafficking proceeds. Key takeaways include acknowledging that revenue increases beyond KYC projections indicate risk, common predicate crimes like drug trafficking generate illegal funds, financial transactions from high-risk jurisdictions and unusual revenue patterns are suspicious, and collaboration with specialist teams is crucial for uncovering criminal activity.

Money Laundering

What is Financial Crime?

Financial crime involves illegal activities that exploit financial systems for personal or organizational gain, often compromising economic and market integrity. This includes money laundering, fraud, tax evasion, sanctions evasion, and bribery and corruption. These crimes necessitate robust regulatory measures and compliance to protect financial systems and ensure transparency.

Money Laundering Defined

Money laundering is generally understood as the process of concealing or disguising the existence, source, movement, destination, or illegal application of criminally derived property or funds to make them appear legitimate. Crimes that generate these funds are called predicate crimes, such as arms sales, narcotics trafficking, embezzlement, insider trading, bribery, and fraud. Jurisdictions determine which crimes qualify as predicate offenses for Anti-Money Laundering (AML) prosecutions.

There are three basic stages of money laundering:

Placement: "Dirty money" from criminal activity is initially introduced into the financial system, for example, through a bank account.
Layering: Activities are undertaken to obscure the origin of these funds, such as transferring them to holding companies, paying false invoices, or making private loans to other companies.
Integration: The laundered proceeds are used by the criminal to purchase legitimate goods and services in the economy.

These stages may not always occur sequentially; sometimes they overlap, but the ultimate goal is to legitimize criminal proceeds.

Common Techniques for Money Laundering

Criminals use various techniques to obscure illegal proceeds and integrate them into the financial system, exploiting regulatory loopholes, trade networks, financial markets, and vulnerable individuals. Common techniques include:

Structuring, Microstructuring, Smurfing: Large illicit funds are divided into small transactions to bypass AML reporting thresholds. This involves using multiple accounts, financial institutions, and intermediaries. Microstructuring is a digital asset equivalent.
Digital Asset Laundering: Cryptocurrencies, non-fungible tokens (NFTs), and Decentralized Finance (DeFi) enable pseudonymous cross-border fund transfers. Mixers and privacy coins enhance anonymity, and illicit proceeds are often laundered and cashed out through Digital Asset Service Providers in jurisdictions with weak AML/Countering the Financing of Terrorism (CFT) regulations.
Money Muling Networks: Individuals (mules) are recruited through scams, social engineering, or coercion to transfer illicit funds between accounts, making tracing difficult.
Trade-Based Money Laundering (TBML): Utilizes methods like over-invoicing, under-invoicing, multiple invoicing, and phantom shipments to obscure fund sources by manipulating trade invoices, customs declarations, and pricing.
Market-Based Money Laundering (MBML): Exploits financial instruments such as stocks, bonds, hedge funds, derivatives, and private equity to create complex transaction chains that mask fund origins.
Commodity-Based Money Laundering: High-value commodities (gold, diamonds, luxury watches, fine art) are bought with illicit funds, then resold or smuggled to transfer value anonymously and avoid scrutiny.
Shell Companies and Front Businesses: Shell companies facilitate illicit financial flows without real business, and front businesses mix illegal proceeds with legitimate revenue (e.g., a restaurant inflating cash sales) to complicate tracing.

Case Example: Tamayo's Money Mules

In December 2019, Yamel Guevara Tamayo was sentenced to 63 months for conspiring to commit money laundering. Tamayo recruited over 15 money mules as part of an international operation that stole over US1.5 million from individual and corporate victims from November 2016 to June 2019. The scheme involved creating fraudulent emails to trick victims into wiring funds to mule-controlled bank accounts. Tamayo and associates rapidly withdrew funds via in-person withdrawals, Automated Teller Machine (ATM) transactions, and debit card purchases, often transferring money to foreign accounts. Tamayo structured cash deposits below the US10,000 reporting threshold and used microstructuring (deposits under US1,000 across many accounts) to evade detection. He also directed mules to transfer funds across banks and jurisdictions, creating layers to obstruct tracing. Ultimately, they attempted to launder over US1.4 million and successfully laundered more than US700,000 before banks froze accounts. Tamayo pleaded guilty and was sentenced to prison, three years of supervised release, and ordered to pay US700,474.97 in restitution. Key takeaways for financial institutions include enhancing cybersecurity awareness, strengthening KYC, and monitoring transaction patterns for structuring and microstructuring.

Types of Financial Crime

Predicate Crimes and Money Laundering

Predicate crimes are specific unlawful activities whose proceeds can lead to money laundering prosecution. Individuals or organizations committing these crimes aim to "clean" or launder the proceeds to integrate them legitimately without attracting law enforcement attention. The Financial Action Task Force (FATF) identifies 21 categories of predicate offenses for AML compliance, though classifications may vary by jurisdiction, complicating cross-border AML efforts. For example, laws against human trafficking differ globally.

The 21 FATF-designated predicate crimes include:

Participation in an organized criminal group and racketeering: Engaging in systemic financial crimes.
Terrorism, including terrorist financing: Providing financial support to these operations.
Trafficking in human beings and migrant smuggling: Generating illicit profits through human exploitation.
Sexual exploitation, including that of children: Crimes linked to forced prostitution and human trafficking.
Illicit trafficking in narcotic drugs and psychotropic substances: Production, transportation, and sale of illegal substances.
Illicit arms trafficking: Illegal trade and smuggling of firearms and explosives.
Illicit trafficking of stolen and other goods: Black market trade of stolen and counterfeit items.
Corruption and bribery: Abuse of power in public or private sectors for financial gain.
Fraud: Financial deception, scams, and identity theft schemes.
Counterfeiting currency: Illegal manufacturing of banknotes.
Counterfeiting and piracy of products: Violations of intellectual property, including counterfeit goods.
Environmental crime: Logging, poaching, and waste disposal.
Murder and grievous bodily injury: Violent crimes motivated by financial gain.
Kidnapping, illegal restraint, and hostage-taking: Crimes involving ransom demands.
Robbery or theft: Large-scale property crimes driven by financial motives.
Smuggling (including in relation to customs and excise duties and taxes): Illegal movement of goods to evade duties.
Tax crimes (related to direct and indirect taxes): Tax fraud and false reporting schemes.
Extortion: Coercing for financial gain through threats or intimidation.
Forgery: Falsifying documents, financial records, or identities.
Piracy: Maritime or cyber-based hijacking for financial gain.
Insider trading and market manipulation: Illegal use of nonpublic information to achieve profits.

Sanctions Evasion

Economic sanctions, including asset freezes and sector-specific restrictions, impose significant financial, reputational, and operational costs on targeted individuals and entities. Consequently, sanctions targets often attempt to evade or circumvent these restrictions to secretly engage in prohibited activities, such as continuing to use an asset or receive economic benefits (e.g., obscuring luxury yacht ownership).

Sanctions evasion can be either internal (with organizational personnel assistance) or external (bypassing internal controls independently). Common methods include:

Payment-related evasion: Removing or stripping identifying information from payment instructions (e.g., via nested and payable accounts) to process prohibited transactions, sometimes with insider help.
Trade-related evasion: Illegally importing or exporting goods without proper licensing or despite trade bans, often using shell companies, transshipment (switching cargo at sea), or neutral/opaque jurisdictions for transit.
Ownership-related evasion: Obscuring asset ownership by designated persons through complex corporate structures, proxies, and bearer shares or by diluting ownership.

Regulated entities must implement robust AML and sanctions compliance programs with strong policies, procedures, and internal controls to detect and prevent sanctions evasion. Noncompliance can result in civil monetary penalties, civil and criminal prosecution of individuals, and designation as a sanctions target.

Case Example: Komarov's Tactics

Businessman Alexei Komarov, whose Volkof Industries distributed high-tech goods globally, primarily to a foreign government engaged in nuclear weapons development, faced UN sanctions. To evade these sanctions after losing global market access, Komarov created RedStar Solutions, a shell company incorporated in a lax regulatory jurisdiction, masked as a technical support provider. Through RedStar, he resumed exports to the foreign government, using transshipment points in permissive jurisdictions and falsified invoices labeling export-controlled semiconductors as “industrial machinery and spare parts.” RedStar also employed local distributors to distance Komarov from transactions and ensure unquestioned shipments. To launder proceeds, Komarov routed payments through offshore accounts and shell companies, crediting Volkof Industries with laundered funds. The scheme aimed to hide RedStar's profits and sustain Volkof Industries' operations, meeting loan obligations, retaining employees, and strengthening ties with the foreign government. The scheme unraveled when a bank's compliance officer flagged irregular payment flows to RedStar, revealing Komarov's role in sanctions evasion, proliferation financing, money laundering, and foreign bribery and corruption. Key takeaways: Sanctions evasion is a predicate offense for money laundering, criminals use shell companies and complex strategies to mask illicit activities, and financial institutions need robust compliance to detect such schemes.

Bribery and Corruption

Bribery involves giving or receiving money or other assets in exchange for the improper use of delegated power. Bribes can be cash, gifts, entertainment, business events, hiring, padded invoices, political donations, or kickbacks. Corruption is the misuse of delegated power for personal benefit, encompassing bribery, embezzlement, extortion, graft, and influence peddling, often affecting public officials. While gift-giving is culturally accepted in some business contexts, organizations must define acceptable gifts in their Anti-Bribery and Corruption (ABC) policies. Examples of bribery include providing expensive tickets for project bidding. Corruption can manifest as embezzlement (e.g., a CFO stealing from a state-owned firm) or graft (e.g., a government official hiring and overpaying their own company for road construction). Bribery and corruption are frequently linked to other financial crimes like money laundering, as organizations risk customers laundering bribes through their accounts.

Case Example: FullTechGlobal Corruption Scandal

Sophie, an AFC manager, discovered negative news regarding FullTechGlobal Services, a US-headquartered subsidiary of a UK company, facing widespread bribery and corruption accusations due to overseas sales. The UK Bribery Act 2010, with extraterritorial reach, made the UK parent liable. Sophie's investigation revealed FullTechGlobal used intermediaries in high-risk jurisdictions, obscuring illicit financial flows via inflated consultancy fees, fabricated invoices, and opaque shell companies. Evidence also suggested lavish inducements to public officials and executives to influence decisions. Her audit found deficiencies in FullTechGlobal’s ABC framework and internal controls, facilitating prolonged corruption. Bribery was identified as the predicate crime, leading to money laundering through complex financial networks designed to evade scrutiny. FullTechGlobal faces severe financial penalties, increased regulatory scrutiny, and potential criminal liability. Sophie recognizes her institution must maintain compliance, mitigate risks, and enhance transaction monitoring for suspicious “consultancy fees” in high-risk jurisdictions, including anti-bribery clauses in intermediary models. Key takeaways: Multinationals using intermediaries in high-risk areas face increased bribery risks; corporate bribery often involves third parties, shell companies, and false invoicing; illicit funds are frequently laundered, and financial institutions should conduct audits, enhance transaction monitoring for suspicious activities, and include anti-bribery clauses for intermediary models.

Tax Avoidance Versus Tax Evasion

Tax avoidance, or tax planning, is legal and involves legitimately reducing tax obligations through lawful means. Some jurisdictions encourage this with pre-tax savings options. Tax evasion, however, is illegal, using illicit practices like not declaring taxable income or hiding assets from authorities; it leads to criminal charges and substantial penalties. While aggressive tax avoidance (interpreting law without regard for intent, e.g., multinational companies charging royalty fees to reduce subsidiary profitability and local tax) is legal, it should be scrutinized by AFC professionals. Tax evasion is a predicate offense for money laundering. Unusual account activity, like excessive personal expense claims on a small business account, can signal tax evasion. The Common Reporting Standard (CRS), developed by the Organisation for Economic Co-operation and Development (OECD) in response to G-20 requests, mandates annual automatic exchange of financial account information between jurisdictions to combat tax evasion. It details reportable information, reporting financial institutions, covered accounts and taxpayers, and due diligence procedures.

Fraud

Fraud is an intentional act of criminal deception used to gain an unjust or illegal advantage, typically resulting in financial or personal gain. It involves deceitful practices and can be committed by individuals at any level, from employees to government officials, in any country or business type. Understanding the common features, motivations, and red flags of fraud is crucial for combating this crime.

Fraud is often explained by the "Fraud Triangle," composed of three elements:

Pressure (or Incentive): Financial problems, like gambling debts, drive individuals to commit fraud.
Opportunity: Often arises from a lack of effective internal controls within an institution (e.g., unattended confidential documents).
Rationalization: The fraudster convinces themselves that their actions are justified or not truly harmful.

There are many types of fraud schemes, each with unique red flags, including:

Promises that sound "too good to be true."
Guarantees of high returns for low investment.
Demands for upfront payments.
Deliberate creation of artificial shortages of opportunities.
An element of secrecy.
A sense of urgency.
Pressure to act immediately.

Cyber-Enabled Crime

Cyber-enabled crime is a multi-billion-dollar industry, defined by the Financial Crimes Enforcement Network (FinCEN) as "Illegal activities carried out or facilitated by electronic systems and devices, such as networks and computers." This includes fraud, identity theft, and other crimes. Cybercriminals use technology to gain access to funds, but still need to launder their illicit gains. The foundation of cyber-enabled crime is trust, used to gain the target's confidence. Technologies employed by savvy cybercriminals include:

Social engineering.
Impersonation methods like phishing and spoofing.
Installation of malicious software (malware, ransomware).

Effective methods leading to cyber-enabled crime encompass:

Disruption or destruction of networks.
Fraudulently obtaining funds.
Extortion for ransom payments.
Committing identity theft for other nefarious purposes.

These deceptive practices succeed by creating urgency and perceived source reliability. If the objective is spying, corruption, or extortion, malicious programs can infect the target's operating system. Examples are broad, including hacking, account takeovers, payment card fraud, and fraudulent wire transfers. Given pervasive electronic systems, most crimes are now cyber-enabled in some way. There's a direct link between cyber-enabled crime, money laundering, and terrorist financing; proceeds and payments can move rapidly through numerous accounts and institutions, requiring similar concealment techniques.

Examples of Predicate Crimes

Human Trafficking and Human Smuggling

Human trafficking involves exploitation, affecting domestic citizens or foreign nationals. Human smuggling, conversely, only involves foreign nationals and transportation across borders. Both are often linked to transnational criminal organizations (TCOs), generating illicit proceeds laundered through various methods, which are then reinvested into their operations (e.g., purchasing transportation and residences). Detecting these crimes requires multiple indicators from different sources. While distinct, both exploit individuals' desperation for profit.

Human smuggling, involving voluntary border crossing by foreign nationals, relies on law enforcement at borders and within countries for identification. Victims of smuggling can become trafficking victims, though not all trafficked individuals are smuggled. Smuggling and trafficking enterprises are structured, often collaborating with other TCOs for transportation or laundering. The logistics of these billion-dollar industries necessitate housing, vehicles, withheld/false identities, and effective laundering of proceeds from both smuggling and exploitation.

Primary and secondary indicators include:

Initially fragmented proceeds from unknown sources.
Use of funnel accounts, trade-based money laundering (TBML) schemes, shell companies, and cash-intensive businesses for laundering.
Reinvestment of profits back into the criminal business model, with fees potentially fueling other TCO schemes.

Environmental Crime

Environmental crimes, unlike other financial crimes, have lasting effects. FinCEN defines them as "…illegal activity that harms human health, and harm nature and natural resources by damaging environmental quality. This can include driving biodiversity loss, and causing the overexploitation of natural resources, and thereby increasing carbon dioxide levels in the atmosphere." Wildlife trafficking is a subcategory but a standalone crime for enforcement. Environmental crimes are complex to prosecute due to involvement of TCOs, difficulty in detection pre- and during activity, and global regulatory complexities. TCOs exploit environmental crimes for earning and laundering funds simultaneously. For example, a TCO might co-own a waste management front company, inflating contracts to place illicit funds, then executing them with complicit accountholders to layer funds. Hazardous waste disposal is then done cheaply (e.g., dumping byproducts in drinking reservoirs) to maximize profit. Similarly, TCOs may initiate or extort legitimate-appearing fishing, logging, and mining operations, illegally harvesting resources or expanding legitimate ones. Investigations are often hindered by corrupt government officials bribed to obstruct inquiries.

Drug Trafficking

Drug trafficking involves the illegal production, distribution, and sale of controlled substances like heroin, cocaine, cannabis, and synthetic drugs (fentanyl, methamphetamine). The dual legal status of some drugs (e.g., fentanyl, cannabis) complicates enforcement. Operating as a structured, multinational network with a global supply chain, money laundering can occur at sourcing, manufacturing, or distribution stages.

Sourcing Stage: Payments for chemical precursors and logistics are often made through fraudulent trade invoices, offshore shell companies, cryptocurrency mixing services, and hawala networks to obscure fund origins.
Manufacturing Stage: Proceeds are funneled through agribusiness, real estate acquisitions, shell logistics firms, and TBML to integrate illicit funds.
Distribution Stage: Consolidated cash from drug sales is laundered through shell companies, appearing legitimate. FinCEN notes Colombian drug traffickers' historical use of the Black Market Peso Exchange (BMPE) to convert US dollars to Colombian pesos, settling drug debts and buying shipments while obscuring origins. Legal implications arise as proceeds are "dirty money." Integration methods include real estate in global cities, luxury asset purchases (art, gold, yachts, diamonds), and crypto-laundering via exchanges and NFT platforms.

Terrorism Financing

Terrorism Financing Compared to Money Laundering

Terrorism financing and money laundering are both financial crimes exploiting the global financial system, but their objectives and fund pathways diverge significantly. Money laundering aims to conceal the origins of illegally obtained funds, while terrorism financing provides financial support to terrorist organizations, which can come from legitimate or illegitimate sources. Money laundering transactions are typically circular, with criminals expecting to regain control of the funds. Terrorism financing follows a linear pathway, supporting terrorist activities.

Feature	Terrorism Financing	Money Laundering
Funding Type	Legitimate and illegitimate	Illegitimate
Revenue Source	Fronts, donations, criminal activities	Corruption, fraud, organized crime
Counterstrategy	Detection of funding stream	Tracking suspicious transactions

Terrorism financing draws from legitimate sources (business fronts, charitable donations from sympathizers) and illegitimate sources (kidnapping, drug trafficking, smuggling proceeds). In contrast, money laundering solely involves obscuring the illegal origins of money from crimes like corruption, fraud, or organized crime, progressing through placement, layering, and integration.

Counterstrategies vary:

Terrorism Financing: Focuses on detecting funding streams and preventing funding to terrorist groups, with stringent scrutiny of nonprofit organizations and remittance services.
Money Laundering: Emphasizes transparency and tracking suspicious transactions within financial institutions to uncover and deter the integration of illegitimate funds.

How Terrorists Move and Store Funds

Terrorists and terrorist organizations utilize various methods to move and store funds across jurisdictions, contingent on transaction size, urgency, and detection risks. They exploit any available channel, regardless of its financial system involvement (e.g., trade, commerce, or outside). Banks must thoroughly understand their customers and transaction nature due to the exploitative nature of terrorism financing.

Terrorists may use:

Traditional Banking: Including correspondent banking, which is high-risk due to potential nested transactions paying unrelated third parties or different lines of business.
Legitimate Money Service Businesses (MSBs) and Cash: Exploited for transfers.
Prepaid Cards: Purchased with minimal KYC using false identities, illicit cash, or stolen credit cards.
Cryptocurrencies and Stablecoins: Used in financing. Red flags include numerous, seemingly unrelated crypto deposits quickly converted to stablecoins or fiat currency and withdrawn via a virtual asset service provider (VASP) or in jurisdictions with weak AFC controls.
Alternative Remittance Systems (ARS): Legal in some jurisdictions, these involve value exchange without physical cash movement. Red flags for illegal use include repeated deposits in one jurisdiction followed by immediate ATM withdrawals in another.

Case Example: Mr. Wolfe's Scheme

Mr. Wolfe, a wealthy businessman, conducted a terrorist financing scheme to support ISIS in Syria, diverting legitimate income from his import-export firms, travel agencies, and retail businesses through privacy-centered cryptocurrencies to avoid detection. Simultaneously, his associates raised illicit funds via cybercrimes (ransomware, hacking, credit card fraud) and traditional criminal enterprises (narcotics trafficking, large-scale fraud), directing funds to terrorist networks. Facilitators then laundered these funds through sophisticated methods:

Trade-based money laundering (false invoicing, fictitious commodity transactions).
Layering through unregulated fintech platforms, cryptocurrencies, and peer-to-peer (P2P) payment networks using digital wallets for obfuscation.
Smuggling physical bulk cash across borders outside conventional banking.
Utilizing hawala brokers for cross-border transfers via informal networks.

Financial institutions detected illicit activity through transaction monitoring flagging structured deposits, rapid inter-jurisdictional layering, and anomalous fund movements linked to terror-affiliated wallets. Blockchain analytics firms mapped illicit cryptoasset flows through darknet marketplaces and high-risk exchanges. Financial Intelligence Units (FIUs) synthesized bank Suspicious Activity Reports (SARs) with cross-border financial activity, triggering international alerts. Law enforcement (Europol, Interpol, national counterterrorism task forces) conducted surveillance, coordinated asset freezes (seizing digital wallets, dismantling Wolfe's companies), leading to lengthy prison sentences and heavy fines. This case highlights the crucial role of intelligence-led investigations, interagency collaboration, and advanced analytics. Key takeaways: terrorist financing increasingly uses crypto and unregulated fintech, legitimate funds are often diverted (complicating detection), law enforcement needs conventional and cyber-enabled strategies (blockchain analysis, trade finance scrutiny), and organizations must enhance transaction monitoring across digital and cash systems, collaborating with tech firms, law enforcement, and global regulators.

Consequences of Financial Crime

Financial crime is a global problem with severe consequences, weakening governments and economies, and lowering living standards, particularly for developing nations. Worldwide proceeds are estimated at up to 5\% of global Gross Domestic Product (GDP), or US2 trillion. It shifts financial control from governments to criminals, discourages foreign investment due to instability, and causes massive tax revenue loss as criminals don't report income, also damaging national reputations.

The loss of income and diversion of funds to combat financial crime deplete resources for vital social programs (services, education, healthcare), exacerbating poverty. International agencies and donors are less likely to provide aid where financial crime is rampant.

Financial crime also harms organizations by giving an unfair advantage to illicit actors, threatening operations and reputations (intentional or unintentional involvement), and potentially leading to market share loss or bankruptcy. Legitimate companies struggle against tax-evading fronts for illegal activity. Financial institutions suffer from destabilization, direct losses, regulatory fines, and legal/compliance costs when used by criminals, damaging their market reputation and customer trust.

Social Consequences of Financial Crime

Financial crime has extensive social and economic consequences. It erodes public trust in institutions (governments, public bodies) responsible for improving infrastructure and healthcare, leading to reduced civic engagement and discouraging foreign investment. Money laundering facilitates human trafficking, drug cartels, terrorism, and arms smuggling, fostering crime and societal disruption. In regions with weak anti-money laundering (AML) measures, these risks are magnified, leading to higher crime rates, capital flight, and even civil unrest.

Jurisdictions with lax AML enforcement suffer reputational damage, leading to international sanctions and trade restrictions, hindering economic growth and job creation. Other countries may avoid business with high-financial-crime nations, isolating them politically and economically, severely impacting their global market effectiveness.

Financial crime disrupts businesses, forcing significant resource allocation (compliance, legal issues) away from core operations, limiting growth and innovation. Victims of scams, fraud, and identity theft experience severe personal setbacks, including financial losses, psychological distress, depression, and loss of security. Elderly populations are disproportionately affected, facing financial ruin and social isolation due to lost money, trust, and stigmatization.

Institutional Accountability to Prevent Financial Crime

Financial crime undermines economic stability and has broader negative societal consequences if ignored. Imposing strict legislative and regulatory obligations on institutions to prevent illicit funds from entering and flowing through the financial system is a key strategy. How regulations are applied differs significantly between regulated entities and obliged entities.

A regulated entity is directly supervised by financial regulators (banks, Money Service Businesses (MSBs), financial institutions) and must comply with detailed AML/CFT requirements: implement comprehensive AML programs, conduct customer due diligence (CDD), real-time transaction monitoring, and promptly report suspicious activity.

An obliged entity is a broader category including regulated entities and nonfinancial organizations subject to other financial crime laws (ABC, sanctions). Sectors like energy, mining, logistics, pharmaceuticals, and real estate, though not directly financially regulated, must perform risk assessments and have adequate controls to deter financial crime. They are expected to prevent illicit activities and implement remediation measures after enforcement actions (fines, leadership changes). An entity can be both regulated and obliged, subject to all relevant financial crime laws.

Regulatory developments like the US AML Act, UK Economic Crime and Corporate Transparency Act 2023, EU AML Package, and updated FATF guidelines have heightened industry standards. Non-compliance results in severe consequences: heavy fines, operational restrictions, substantial reputational damage, market disqualification, loss of operating licenses, or deferred prosecution agreements (e.g., overhauling AML/CFT programs).

All institutions, regulated or obliged, must invest in effective compliance strategies, staff training, and advanced monitoring technologies to combat financial crime in a complex environment. These measures protect the institution from scrutiny, safeguard consumers/investors, build confidence, and support long-term business sustainability.

Individual Impact of Violations of AFC Regulations

Compliance professionals are held accountable under financial crime laws and applicable criminal statutes. Anti-Money Laundering (AML) professionals can face prosecution for aiding or failing to prevent financial crimes, and more recently, for deficiencies in their firm's compliance program, for which they bear ultimate accountability. Senior leaders, such as Money Laundering Reporting Officers (MLROs) or Bank Secrecy Act (BSA) officers, have the greatest personal responsibility.

An individual's accountability and consequences typically align with their role's seniority and their involvement in non-compliance. Breaches by first Line of Defense (LOD) or operational staff are more likely to result in administrative penalties or monetary fines, unless there is clear evidence of intentional wrongdoing or collusion. The regulatory landscape varies: in many European countries, severe compliance failures can lead to temporary disqualification from senior roles, asset freezes, or travel restrictions. US regulators, like the Department of Justice and the Securities and Exchange Commission (SEC), actively pursue individual accountability.

For example, Samantha, an MLRO, was investigated for compliance failures involving unreported suspicious transactions. Regulatory scrutiny found she deliberately neglected alerts, failed to report suspicions, and inadequately documented activities. Samantha faced substantial fines, professional disqualification, and potential criminal charges for obstruction of justice and conspiracy.

Non-compliance with AFC regulations poses serious individual legal and reputational risks. All compliance professionals must adhere to rigorous standards and maintain accurate documentation of their decisions, but personal consequences for senior individuals can be significantly more severe than for junior staff.

Financial Crime Risks in Relation to Other Types of Risks

Financial Crime Risks

Institutions handling money or transferable assets (banks, nonbank financial institutions, payment service providers, legal firms, accountants) have greater exposure to financial crime risks as criminals exploit them to move illicit funds and obscure ownership. These "obliged" entities are subject to stringent regulations.

Financial crime risks are multifaceted, extending beyond direct financial losses:

Operational Risk: Inadequate or failed internal processes, people, systems, or external events.
Legal Risk: Criminal penalties, lawsuits, or unenforceable contracts.
Concentration Risk: Over-exposure to a single customer or related group.
Reputational Risk: Damage to an institution's credibility due to weak controls, targeting by criminals, or loss of stakeholder confidence.
Systemic Risk: Criminal misuse of financial systems destabilizing entire markets.
Cybersecurity Risk: Increased with digital transactions and threats like ransomware/deepfake fraud.
Geopolitical Risk: Arises from intersection with international sanctions, trade restrictions, or Politically Exposed Persons (PEPs), complicating compliance.
Regulatory Fragmentation: Varying global compliance requirements creating enforcement inconsistencies.
Technological Risk: New digital platforms, cryptocurrencies, and DeFi introducing unquantified financial crime risks.

To address these, obliged entities must implement proactive AFC compliance programs: transaction monitoring (using AI), Enhanced Due Diligence (EDD), real-time fraud detection, strengthened governance, and improved inter-agency collaboration. These measures ensure resilience against financial crime, regulatory compliance, and market stability.

Case Example: A Lasting Lesson

In 2012, HSBC faced a money laundering scandal, one of the most significant AML compliance failures. Due to inadequate transaction monitoring and a fragmented compliance framework, HSBC facilitated laundering of over US880 million by drug cartels in Mexico. US federal regulators imposed a record US1.9 billion fine, including US665 million in civil penalties. The US Department of Justice (DOJ) entered a five-year deferred prosecution agreement, mandating a comprehensive overhaul of HSBC's global compliance operations. Senior executives, including the Global Head of Compliance, were forced to resign, reflecting regulatory criticism of the bank's AFC culture, which prioritized local business interests over central compliance.

The operational repercussions were profound, causing immediate regulatory backlash and lasting reputational damage, undermining credibility and market position. HSBC was compelled to rebalance power, strengthening central oversight and compliance while limiting local business unit autonomy. This restructuring aimed to restore financial crime risk management integrity and reduce exposure to high-risk jurisdictions through de-risking.

The HSBC case serves as a severe lesson on operational and reputational risks from weak financial crime controls, underscoring the critical importance of a strong compliance culture and robust AML controls. Neglect results in severe financial penalties, operational disruption, and irreparable reputational harm, ultimately undermining long-term viability.

Key takeaways:

AML compliance failures expose financial institutions to regulatory and reputational risks.
Weak AML controls can lead to severe penalties and business restructuring.
Leadership accountability helps mitigate financial crime risks.
Ongoing compliance investment ensures resilience against evolving financial crime threats.
Strong AML frameworks protect institutions from enforcement actions and market exclusion.

Operational, Legal, Concentration, and Reputational Risks

Organizations face key risks across various categories: operational, legal, concentration, and reputational.

Operational Risk: Direct or indirect loss from inadequate or failed internal processes, people, systems, or external events. This is complex and includes maintaining AFC controls in an evolving multi-jurisdictional regulatory environment. Global organizations typically use their home regulator's policies as a base standard, adapting to host country laws, and constantly updating compliance programs due to evolving regulations.
Legal Risk: The possibility of criminal penalties, lawsuits, or unenforceable contracts harming an organization. This stems from potential violations of regulations, laws, and ethical practices. Governments can issue administrative penalties or fines, and third parties (e.g., damaged customers) may file lawsuits. Adequate AFC controls provide protection against crime and inappropriate relationships.
Concentration Risk: Stems from over-exposure to a single customer or group of related customers. AFC controls and strategic diversification reduce this risk. Customer due diligence, often supported by technology, helps manage exposure. Concentration can occur in borrowing, funding, purchasing, key service provision, or any business relationship, intensifying through customer actions or external events involving a customer.
Reputational Risk: Occurs when an institution known for weak controls is targeted by criminals or avoided by stakeholders due to lost confidence. This risk is difficult to quantify, as trust is hard-earned but easily lost (e.g., from a single negative news story, even if false). Reputations, good or bad, often reflect chosen business practices and ethics.

Although non-AFC risk management teams usually handle these risks, understanding their correlation with financial crime risk is essential.

Money Laundering Risks in Financial Services

Introduction

This module delves into various money laundering risks within financial services, a sector integral to the global economy and highly vulnerable. Understanding these risks is crucial for compliance, safeguarding the financial system's integrity, and protecting institutional reputations. By mastering these topics, students will be better prepared to identify vulnerabilities, implement effective controls, and manage/mitigate risks, ensuring their organizations remain secure and trusted.

Student Note: Sector-Specific Case Studies

This module covers key money laundering (ML) risks across various sectors, products, and services. For a detailed explanation and analysis of a specific sector, additional sector-specific case study courses are recommended.

Case Example: A New Corporate Banking Role

Elena, an experienced AML compliance officer, is transitioning to oversee the AFC team in corporate banking. To succeed, she needs to grasp the sector's unique risks and implement effective controls. Her first step is a thorough risk assessment of corporate banking products and services, identifying inherent risks and evaluating the customer base (industries, geographical locations, typical transaction activity). She must then assess existing systems and controls for adequacy against money laundering (ML) and terrorist financing (TF) risks. Effective Customer Due Diligence (CDD) is crucial in corporate banking due to high-value, complex transactions often involving multiple financial institutions and third parties (lawyers, accountants). This necessitates a robust transaction monitoring system capable of analyzing patterns and detecting anomalies. She also plans to learn from past compliance failures, like TD Bank's US3 billion settlement in October 2024 for ML issues, and commit to continuous AFC training for herself and her team to stay updated on best practices.

Key takeaways:
To understand and control financial crime risks associated with banking products, you should:

Conduct a thorough risk assessment of your organization’s banking products and services.
Assess the systems and controls currently in place to determine if they are adequate for the level and type of risk your organization faces.
Learn from past compliance failures to ensure you avoid similar ones in the future.
Pursue continuing training so you can stay up-to-date on best practices in banking compliance.

Student Note: Financial Crime Risk

In this context, "risks" refers specifically to financial crime risks, encompassing money laundering risk, terrorist financing risk, and other related types of financial crime risk.

Money Laundering Risks Associated with Banking

Banks are especially vulnerable to money laundering because they can be involved in all three stages of the laundering cycle: placement, layering, and integration. Their dynamic environment, handling millions of rapid, cross-border transactions daily, offers numerous opportunities for criminals to disguise illicit funds. The complexity of certain banking products further increases this risk.

Placement: Illicit funds enter the financial system via bank deposits or monetary instrument purchases.
Layering: Funds are moved through various accounts and transactions to obscure their origins.
Integration: Laundered funds re-enter the economy as legitimate investments or business ventures, facilitated by banks.

Different banking services—retail, commercial, private, and correspondent—present unique vulnerabilities:

Retail Banking: Individual customers may engage in small, frequent transactions to avoid detection; the sheer volume makes suspicious activity difficult to identify.
Commercial Banking: Business accounts can be used to launder large sums through trade finance, loans, and other commercial activities.

Several factors contribute to banking's vulnerability:

Volume and Scale: High transaction volumes make it easy to blend illicit funds with legitimate activities.
Global Reach: International operations enable cross-border fund movement and exploitation of regulatory differences.
Complex Products: Wire transfers, investments, trade finance, and correspondent banking can be exploited.
Customer Relationships: Emphasis on strong relationships can sometimes lead to insufficient scrutiny of high-risk customers.

Shell and Shelf Companies Risks

A shell company is a company incorporated without significant assets or operations. A shelf company is a dormant, previously registered corporation held for sale. Both are often kept dormant to appear legitimate while masking the beneficial owner. A front company conducts some legitimate business while concealing illicit activity (e.g., a car wash laundering drug profits). While legitimate uses exist, these entities are considered high-risk in customer research and acceptance.

Shell companies' primary objectives can be claiming crime proceeds as legitimate revenue or commingling illicit and legitimate funds. FATF identifies their use as a well-documented money laundering typology. They can be onshore or offshore, with ownership structures including registered or bearer shares (whoever holds them is the owner). Some are single-purpose; others are multipurpose. Often legally incorporated but lacking legitimate business purpose, they are convenient for bribery, corruption, money laundering, and sanctions evasion, frequently purchased from lawyers or corporate service providers. Tax havens and their secrecy laws can further conceal true ownership, often held by professionals claiming secrecy. FATF's review found shell corporations and nominees widely used to launder crime proceeds, consequently deeming them high-risk for financial crime.

Case Example: Estonian Bank Branch

Danske Bank, Denmark's largest financial institution, was embroiled in a significant money laundering case involving its Estonian branch. Reuters reported that between 2007 and 2015, approximately €200 billion of suspicious funds, primarily from Russia, Estonia, Latvia, Cyprus, and Great Britain, flowed through the bank. The 2018 scandal revealed extensive use of shell and shelf companies to conceal illicit activities. United Kingdom Limited Liability Partnerships (LLP) and Scottish Limited Partnerships (SLP), with minimal disclosure requirements, allowed criminals to hide behind complex ownership structures. Fictitious transactions and false invoices were used to justify fund movements, complicating tracing efforts.

The laundering process involved multiple layering and integration steps. Money was deposited into shell/shelf company accounts at Danske Bank's Estonian branch, then transferred through a complex web of transactions spanning multiple jurisdictions. False documentation provided legitimacy. An additional finding was Danske Bank's head office's unawareness of AML compliance failures in Estonia, including the absence of an MLRO for over a year, indicating inadequate oversight.

The scandal had far-reaching consequences. According to the US Department of Justice, Danske Bank faced significant regulatory scrutiny, leading to executive resignations, a guilty plea to bank fraud conspiracy, and over US2 billion in fines. The case underscored the importance of robust AML controls, enhanced transparency, and adequate supervision of remote or overseas subsidiary operations in high-risk jurisdictions.

Key takeaways:

Intricate shell and shelf company structures can facilitate money laundering.
Financial institutions must be vigilant and implement stringent AML controls, including robust Enhanced Customer Due Diligence (EDD) and transaction monitoring.
Strong beneficial ownership verification capabilities are needed for complex ownership structures.
Adequate oversight and regular audits of overseas subsidiaries, with timely reporting of deficiencies, are crucial.

Politically Exposed Person Risks

A Politically Exposed Person (PEP) is an individual holding a prominent political function, along with their immediate family, close associates, and associated businesses. Identifying PEPs is challenging due to varied jurisdictional guidance. Organizations must follow local regulations but may enforce higher standards based on their risk appetite.

FATF identifies three types of PEPs:

Foreign PEPs: Individuals entrusted with prominent public functions by a foreign country.
Domestic PEPs: Individuals entrusted domestically with prominent public functions.
International Organization PEPs: Individuals holding prominent functions in international organizations (e.g., secretary general, executive director).

High-position individuals and their associates are vulnerable to corruption (e.g., directing government contracts for kickbacks, influencing legislation for bribes, fleeing with government funds). A broad definition of PEP includes:

Persons in prominent decision-making or influential roles.
Persons in royal, military, legislative, judicial, executive, or similar government positions.
Immediate family, close friends, or associates.
Businesses owned or held by these individuals.

Under a risk-based approach, PEP risk is manageable. Some organizations adopt a "once a PEP, always a PEP" policy due to continued influence, while others consider current influence (e.g., ability to award contracts) and duration since leaving office. The PEP designation's purpose is vital; organizations must adapt transaction monitoring and KYC reviews, escalating based on their risk appetite.

Control and Ownership for AML Compliance

Control and ownership are vital for AML efforts, as they can be obscured, enabling illicit activities. A beneficial owner (BO) is an individual or entity with ownership of a legal entity via shareholding or other means. The ultimate beneficial owner (UBO) is one or more natural persons who ultimately own a substantial shareholding. A BO might own without control, while a UBO might control without direct shares; this distinction is crucial for regulatory requirements.

AML regulations typically require UBO identification at a threshold of 25\% or more in most jurisdictions. Organizations set appropriate thresholds based on a risk-based approach; for high-risk customers, this could be as low as 10\% or even 5\% (e.g., high-risk financial institutions with correspondent banking in high-risk jurisdictions).

To identify UBOs of Company A, indirect ownership stakes are considered alongside direct ownership. For example, if Individual D owns 10\% of Company A directly and 72\% indirectly (via owning 90\% of Company B, which owns 80\% of Company A), Individual D is a UBO with 82\% shareholding. Individual C, with 10\% direct and 8\% indirect ownership (via Company B), is not a UBO.

In companies without a natural beneficial owner (e.g., publicly listed with thousands of shareholders), a controller or notional beneficial owner (e.g., president, CEO) should be identified and verified to understand who controls decision-making when natural UBOs are absent.

Concentration Accounts

A concentration account aggregates funds from various sources into a central account, also known as a settlement, sweep, suspense, or collection account. This streamlines fund management, optimizes cash flow, reduces transactions, and simplifies reconciliation. Despite legitimate uses, these accounts are vulnerable to money launderers due to high transaction volumes and fund pooling, which obscure origins and destinations, facilitating the mixing of illicit and legitimate funds.

Money launderers can exploit concentration accounts in:

Retail banking: Small deposits from multiple sources aggregated into a single account, making individual illicit fund origins hard to trace.
Corporate banking: Large transaction volumes masking the movement of illegal funds, blending them with legitimate corporate flows.

To mitigate risks, financial institutions should implement robust controls and monitoring:

Prohibit direct customer access to concentration accounts.
Ensure concentration account transactions are captured in customer statements.
Implement segregation of duties to prevent unauthorized access and internal fraud (separate personnel for initiation, approval, reconciliation).
Frequently reconcile concentration accounts by independent personnel.
Conduct regular internal and external audits to identify control weaknesses.
Regularly train employees on concentration account risks and AML regulations.

Money Laundering Risks Associated with Retail and Commercial Banking

Retail and Commercial Banking Products and Risks

Retail and commercial banking offer diverse products to individuals and businesses, each with specific money laundering and financial crime risks. Retail banking serves individual consumers with products like loans, debit cards, and checking/savings accounts. Its unique risks stem from the large volume of individual accounts and transactions and include:

Remote Onboarding: Digital channels can introduce risks in identity verification, making it easier for criminals to use fake or stolen identities and exploit technological weaknesses.
Diverse Customer Backgrounds: Wide range of customer profiles makes establishing typical behaviors or transaction patterns difficult, allowing illicit activities to go unnoticed.
Synthetic Identities: Easy to create, they enable criminals to open multiple accounts under false pretenses, facilitating money laundering.

Commercial banking serves businesses, small/medium corporations, and governments with products like business loans, merchant services, corporate credit cards, and cash management. It supports business financial health and is vulnerable due to large transaction volumes and complex corporate structures:

Front Companies: Legitimate businesses used to obscure illegal fund movements.
Complex Ownership Structures: Challenging to identify beneficial owners, hiding Specially Designated Nationals (SDNs) or other bad actors in intricate webs.
Volume and Value of Transactions: Large volumes and high values can obscure illicit fund movements, blending them with legitimate cash flows.

These inherent risks necessitate robust AML controls.

High-Risk Retail and Commercial Banking Products

Both retail and commercial banking face significant money laundering risks due to evolving financial crime. Increased remote onboarding in retail banking introduces new risks, particularly synthetic identities, which are difficult to detect, especially with deepfake technology exploiting selfies and videos for identity verification.

Mule accounts are another high-risk area in retail banking. Criminals recruit vulnerable individuals to transfer illicit funds through their accounts, making fund origins challenging to trace.

Credit-related products, including credit cards, pose money laundering risks: criminals make large purchases or cash withdrawals, then repay credit with illicit funds, converting illegal proceeds into seemingly legitimate money.

In commercial banking, front companies are legitimate businesses used as covers for money laundering. They mix legal and illegal operations, making detection difficult (e.g., a nail salon with unusually high profits). Commercial banking also serves cash-intensive businesses (restaurants, convenience stores, casinos, car dealerships), which handle large cash volumes, vulnerable to money laundering. The diverse commercial banking portfolio complicates transaction monitoring rulesets.

High-value transactions in commercial banking, combined with large volumes, can obscure illicit fund movements by blending them with legitimate cash flows. Financial institutions should deploy sophisticated tools and analytics to flag suspicious cash or high-value transactions.

Trade Finance Products and Risks

Trade finance involves financial products and services facilitating cross-border movement of goods and services, ensuring prompt payments for exporters and agreed goods for importers. Due to its complexity and global nature, money launderers exploit it, using TBML (misrepresenting price, quantity, or quality of imports/exports) to disguise crime proceeds and move value. Risks include:

Remotely booked trades within related entities to obscure nature and purpose.
Pre-arranged trading creating artificial volumes and obscuring fund origins.
Third-party instructions/involvement adding complexity, hindering tracing.
Nonstandard settlement arrangements disguised to obscure true nature.
Uneconomic/irrational trading strategies.
Unusual trading patterns (counterparty concentration, win-loss rates, flat/neutralizing activity).
Factoring and forfaiting exploited to convert illicit receivables into legitimate funds.
Supply chain financing used to obscure origin and flow of illicit funds.

Certain trade finance products are especially vulnerable:

Letters of credit: Misused for fictitious trades to move illicit funds.
Bills of exchange: Manipulated to disguise transaction nature.
Trade credit insurance: Fraudulent claims for money laundering.

Understanding these features and risks is crucial for financial institutions, regulators, and businesses to implement robust AML/CFT measures and ensure trade finance integrity.

Credit-Related Product Risks

Credit-related products (lending, personal loans, home ownership finance, secured/unsecured loans) are fundamental to retail and commercial banking, supporting customers, driving economic growth, and promoting financial stability. However, they also present significant money laundering risks.

Early loan repayment is a method criminals use to disguise illicit fund origins, converting illegal proceeds into ostensibly legitimate funds. This complicates detection, as early repayments often appear as financial health.

Banks face challenges in closing customer accounts due to money laundering concerns when credit products are outstanding. A primary difficulty is the potential need to write off the loan balance, causing financial loss. Complications include:

Recovery of funds: If illicit funds are suspected for loan repayment, default becomes a secondary risk. Banks should not accept funds from illegal activities for loan repayment.
Risk appetite: Exiting relationships exceeding risk tolerance is complicated by loan balances, requiring extensive justification for write-offs.
Reputational risk: Failure to manage these challenges effectively can damage the bank's reputation, eroding trust with regulators and customers, impacting long-term operations and compliance.

Card Risks

Retail and commercial banks offer various card products: debit, gift, prepaid, and credit cards. Prepaid cards, not linked to bank accounts, are bearer instruments purchased and reloaded anonymously with minimal KYC, posing a high money laundering risk due to exploitation for illicit fund movement.

Gift cards, popular for gifting, are typically prepaid with limited reloadability and use at specific retailers/merchants. Their limited use and lower values generally pose a lower misuse risk than prepaid cards.

Debit cards are directly linked to bank accounts, with transactions immediately deducted. Money laundering risk is somewhat mitigated by this direct association and regulatory/AFC oversight.

Credit cards allow borrowing up to a limit. They are less prone to money laundering in the initial placement stage but more likely used in layering and integration. While lower risk than prepaid cards, vigilance is needed due to potential for overpayments, rapid paydowns, or use for high-value/luxury goods purchases.

Credit Unions and Building Societies Risks

Credit unions and building societies are member-owned financial institutions. Credit unions are typically non-profit, serving members with a common bond (employment, residency). Building societies serve a broader geographical customer base. FATF classifies both as financial institutions, subjecting them to similar regulatory frameworks and AFC obligations as other financial institutions. Depending on their size, they offer products (savings, loans, home ownership finance, payment services) similar to retail banks, thus facing comparable money laundering risks.

The United Kingdom’s Joint Money Laundering Steering Group (JMLSG) guidance suggests credit unions and building societies pose lower ML/TF risks due to restricted/localized customer bases and fewer, more limited products than larger retail banks. However, these limitations may not fully deter terrorist financiers.

Unique challenges include:

Membership Structure: Member-centric models can hinder strict AML/CFT implementation; mutual trust may lead to less rigorous scrutiny.
Smaller-Scale Operations: Smaller institutions may lack resources and expertise for comprehensive AML/CFT programs, resulting in weaker AFC controls.

Private Banking and Wealth Management Risks

Money Laundering Risks Associated with Private Banking and Wealth Management

Private banking and wealth management (PBWM) provide personalized, confidential services (checking/current accounts, savings, investment portfolio management, estate planning, legacy services) to high-net-worth (HNW) and ultra-high-net-worth (UHNW) individuals. Fees are often based on assets under management (AUM). PBWM often operates semi-autonomously within banks, with financial crime risks stemming from perceived high profitability and a culture of discretion, potentially leading relationship managers (RMs) to overlook warning signs. Competition for HNW individuals increases pressure on RMs to acquire new customers and AUM, and their compensation structure (based on AUM) can create a conflict of interest, leading them to overlook AFC risks in customer activities.

Other financial crime risks in private banking include:

Customers using private investment companies or complex ownership structures to reduce UBO transparency.
Customers maintaining personal and business wealth in multiple jurisdictions without justification, to evade tax.
Customers who are PEPs or have close PEP associates, increasing bribery and corruption risk.

To mitigate these, the compliance department must be robust in its oversight and challenge of the business. Business leaders should use balanced scorecards for performance evaluation, ensuring risk management is a fundamental part of the private banker's role.

High-Risk Private Banking and Wealth Management Products

Trust funds are high-risk PBWM products, used legitimately for estate planning and tax efficiency, but susceptible to money laundering due to their complexity and opacity, making fund origins and UBO identification difficult. Sovereign wealth funds (SWFs), state-owned investment funds, carry ML risks due to large sums, cross-border transactions, and PEP involvement.

High-value assets (real estate, art, antiquities, jewelry, precious metals, luxury goods) are attractive to money launderers due to their worth, value appreciation potential, and easy ownership transfer, obscuring illicit fund origins. Secured loans, with collateral in one jurisdiction and the loan from another, increase ML risks by concealing illicit fund sources. The risk profile of PBWM customers also varies by residence, operations country, and business structure. Customers from jurisdictions with weak AML regulations or high corruption, or those operating in sanctioned countries, pose higher jurisdictional risks. Complex business structures can obscure beneficial owners, hindering due diligence.

Trust Risks

Trusts are legal arrangements separating legal title and control of assets, often considered legal persons in most jurisdictions. Assets are legally owned by natural person trustees. Trusts cannot directly conduct transactions or hold property but must do so through trustees. Trusts have legitimate uses, such as succession planning, wealth protection, confidentiality, legal tax avoidance in tax havens, and charitable trusts. The settlor (donor, grantor, trustor, trust maker) legally transfers asset control to trustees, who manage the trust for beneficiaries. In some trusts, the settlor can also be a trustee, beneficiary, or both. Corporate service providers often guide trust creation.

Researching a trust requires identifying the settlor, trustees, beneficiaries, and anyone controlling the trust. The settlor's legal title transfer is typically documented by a trust instrument or deed. However, many jurisdictions don't require trust registration, viewing them as private arrangements. FATF is concerned about the ease of creating/dissolving corporate vehicles. Trusts offer an aura of legitimacy due to separated legal and beneficial ownership, which attracts those disguising financial crime connections. Settlors can influence trustees, even with independent investment companies. Trusts are often the final layer of secrecy in complex structures designed to hide criminal connections to illicit funds, frequently spanning multiple jurisdictions with scattered assets and management firms (e.g., a bribed government official using an offshore advisory company owned by a trust for his family).

Offshore Financial Center Risks

An offshore financial center (OFC) is a jurisdiction providing sophisticated financial services to non-residents, acting as a stable, convenient hub with favorable regulatory environments. While useful for cross-border transactions, OFCs are vulnerable to illicit uses like tax evasion or hiding funds. Red flags include:

Complex ownership structures.
Use of shell companies for asset holding.
Lack of transparency due to less stringent reporting requirements.
Unusual transaction patterns (sudden large flows, round tripping, rapid asset transfers).
Use of cash-intensive businesses by OFC-registered customers.
Transactions involving Politically Exposed Persons (PEPs).

While some are legitimate, these red flags, without clear business purpose, often signal illicit activity. Round tripping, for example, involves moving funds in and out of an OFC without legitimate economic reason (e.g., investor sending funds to OFC then reinvesting in home country). Enhanced Due Diligence (EDD) and transaction monitoring are essential to detect and mitigate potential misuse of OFCs.

Special Purpose Vehicle Risks

Special purpose vehicles (SPVs) are legal entities created for specific, limited purposes (mergers/acquisitions, joint ventures, real estate, infrastructure, energy projects, intellectual property management, securities, asset-backed financing). However, SPVs pose financial crime risks:

Opaque Structures: They can have complex and opaque structures that disguise true beneficial ownership.
Obscuring Illicit Funds: SPVs can layer illicit proceeds through a series of transactions, transferring funds to/from financial institutions, creating a complex web to evade detection by law enforcement and regulators.

Red flags for illicit SPV use include:

Complex ownership structures with multiple company layers.
Lack of transparency.
Unclear purpose of the SPV.
Selection of jurisdictions with lenient regulatory oversight or tax-friendly environments.

Pooled investment vehicles (PIVs), small investments aggregated from many investors, can be used in Ponzi schemes and insider trading. Criminals may also use SPVs and PIVs for trade-based money laundering (TBML) by manipulating prices in trade transactions between them, moving illicit funds disguised as legitimate trade. Financial institutions must conduct EDD on SPVs and PIVs, ensuring compliance with CDD rules (like FinCEN's CDD rule), identifying ultimate beneficial owners, and understanding their true purpose to mitigate financial crime risks.

Corporate and Investment Banking Risks

Corporate and investment banks engage in diverse activities susceptible to money laundering and financial crimes. The sheer volume and value of transactions, complex financial instruments, and global operations create numerous opportunities for illicit activities to go undetected.

Corporate lending poses money laundering risks due to difficulties in identifying beneficial owners within complex corporate structures (including shell companies and multiple ownership layers). It often involves third parties (guarantors, intermediaries, contractors), making their legitimacy difficult to verify.

Mergers and acquisitions (M&A), involving company/asset consolidation and significant funds, increase money laundering risks if due diligence on counterparties is inadequate (e.g., verifying business legitimacy, financial statements, ownership structure, and health). Investment banks may inadvertently facilitate money laundering by acquiring companies with prior illicit activities (laundering, sanctions evasion, fraud, Foreign Corrupt Practices Act (FCPA)/UK Bribery Act violations). Shell companies and complex ownership structures obscure true beneficiaries, complicating ML risk identification. M&A activities span multiple jurisdictions and cross-border transactions with varying regulatory oversight, further challenging due diligence. To mitigate these risks, investment banks need specialized due diligence:

Enhanced CDD: Comprehensive background checks on all parties for red flags.
Transaction monitoring: Continuous monitoring for unusual/suspicious activities.
Beneficial ownership verification: To ensure transparency and accountability.
Jurisdictional risk assessment: Evaluating regulatory environments and risks of involved jurisdictions.
Legal and compliance reviews: Ensuring adherence to laws, including for acquired companies.

Investment banking activities and brokerage are vulnerable to market manipulation and insider trading, used to disguise illicit funds. Examples include:

Front-running: Trading on advance knowledge of customer orders for unfair profits.
Tailgating: Trading immediately after large customer orders to profit from expected market movement.
Churning: Excessive trading for broker commissions, obscuring illicit activities.
Spoofing: Placing fake orders to manipulate securities prices, creating false supply/demand.
Insider trading: Using nonpublic, material information for profits, undermining market integrity.

Wire Transfer Risks

A wire transfer is an electronic funds transfer between two parties, typically conducted over a secure payment network like SWIFT, both domestically and cross-border. A bank transfer, using an Automated Clearing House (ACH) system, is usually domestic and between two banks. Wire transfers are risky because they can be used to send money to criminals, are international (attractive for cross-jurisdictional transfers), can transfer funds immediately (difficult to reverse), and handle large amounts.

Illicit activities facilitated by wire transfers include:

Financing of terrorism.
Breach of sanctions.
Concealing crime proceeds.
Facilitating fraudulent wire transfers.

Red flags include:

High-risk jurisdictions.
Sanctioned individuals or entities.
Unusual wire transfer activity (volume, amount, timing, complex paths).
Unusual instructions (sequence of transfers, unrelated party names).
Concealing information (inadequate beneficiary details).

Organizations should use controls such as payment screening, transaction monitoring technology, and fraud detection to reduce wire transfer risks, ensuring regulatory adherence and customer fund protection.

Fundraising Risks

Fundraising is crucial for corporate growth, providing capital for expansion, but it also attracts money launderers. An Initial Public Offering (IPO), involving public share issuance to raise capital, is heavily regulated, but the initial capital influx can mask illicit funds if not properly scrutinized. Sponsorships, where companies fund events for advertising, though usually transparent, can be exploited by launderers using legitimate business guises to move illicit funds. Sponsorships and donations are also high-risk for bribery/corruption if aimed at influencing decision-makers.

Bond issuance, a method for companies to raise funds by issuing debt securities, can be manipulated for money laundering by disguising fund origins through complex financial transactions. Crowdfunding platforms, soliciting small contributions from many people via the internet, are attractive to launderers due to their decentralized, less regulated nature and difficulty in tracing numerous small donations. Debt issuance (notes, bonds) in response to investor requests carries financial-crime risks beyond credit risk, including:

Lack of transparency: Complex debt instruments can obscure UBOs.
High-value transactions: Efficient for laundering significant illicit funds quickly.
Cross-border transactions: International investors add complexity and potential regulatory arbitrage.

Mergers and Acquisitions Risks

Mergers and acquisitions (M&A) involve complex, often large-scale transactions that provide numerous opportunities to disguise illicit proceeds. Money launderers may acquire companies with clean financial records to blend illicit money with legitimate revenue, making it difficult for regulators to detect suspicious activities. The intricate structures of M&A deals can also obscure true asset ownership, further complicating tracing efforts.

Investment banks might inadvertently facilitate money laundering by acquiring companies that have previously engaged in illicit activities (laundering, sanctions evasion, fraud, violations of the US Foreign Corrupt Practices Act or UK Bribery Act). The use of shell companies and complex ownership structures can obscure the true beneficiaries, making it difficult to identify potential money laundering risks. M&A activities often span multiple jurisdictions and cross-border transactions, each with varying levels of regulatory oversight, increasing due diligence challenges.

To mitigate these risks, investment banks should implement specialized due diligence procedures, including:

Enhanced Customer Due Diligence (CDD): Comprehensive background checks on all parties to identify red flags.
Transaction Monitoring: Continuous monitoring of M&A-related transactions for unusual or suspicious activities.
Beneficial Ownership Verification: Identifying ultimate beneficial owners to ensure transparency.
Jurisdictional Risk Assessment: Evaluating regulatory environments and risks of involved jurisdictions.
Legal and Compliance Reviews: Ensuring adherence to relevant laws and regulations, including for Target Companies.

High-Risk Corporate and Investment Banking Products

Certain corporate and investment banking products and services are inherently high-risk for money laundering and other financial crimes, including:

Trade Finance: Complex and global (letters of credit, trade loans) making them vulnerable to ML through over-/under-invoicing, multiple invoicing, and phantom shipments.
Structured Products: Complex financial instruments (derivatives, structured notes) used to layer and integrate illicit funds. Their opacity hinders tracing fund origins and flows.

High-risk customer types associated with these products, from high-risk sectors or due to their structure, include:

Embassies and Diplomatic Missions: Enjoy privileges and immunities that can shelter transactions from scrutiny, aiding illicit fund movement under diplomatic guise.
Special Purpose Vehicles (SPVs): Created for specific, often secretive financial transactions. Their opaque nature complicates tracing funds, making them attractive for ML.
Charities and Non-Governmental Organizations (NGOs): Operate globally with significant funds, increasing exposure to PEPs or groups linked to terrorist financing/sanctioned activities. Lax oversight in some jurisdictions allows exploitation to channel illicit funds.
Defense Sector: High-value transactions and complex supply chains manipulable for ML. Sensitive nature limits scrutiny. Increased sanctions risks for dual-use goods trades.

Correspondent Banking Risks

Correspondent banking is when one bank acts as an agent for another bank in a foreign country, enabling international financial transactions for the respondent bank's customers where it has no physical presence. Non-foreign correspondent banking relationships also allow smaller local banks to use services of larger banks.

The indirect nature of correspondent banking means the correspondent bank provides services for individuals and entities whose identities it hasn't verified firsthand ("at arm's length"). The significant money flow through these accounts poses a threat because the correspondent processes large transaction volumes for the respondent's customers. Before establishing a relationship, a bank should know the respondent bank's owners and regulatory oversight. Lower-risk respondents may get broad services (cash management, international transfers, check clearing, payable-through accounts), while higher-risk ones might be restricted to non-credit cash management.

Correspondent banking is higher risk because the correspondent bank:

Cannot conduct typical due diligence on the respondent's end customers.
Lacks data on respondent transactions for effective transaction monitoring (TM).
May identify regulators but not always the degree of supervision for the respondent.
Has limited information on the respondent's anti-financial crime controls, yet relies on their sufficiency.
May encounter "nesting," where respondent banks are also correspondents to third-party banks, further shielding parties.
Recently, some extended services to MSBs or Payment Service Providers (PSPs), increasing risks due to regulatory discrepancies.

Capital Markets Risks

Capital markets pose significant money laundering risks due to their complexity, liquidity, and high transaction volumes. Products include commodity trading, foreign currency exchange (FX), securities, and derivatives.

Commodity Trading: Buying/selling raw materials (oil, gold) with illicit funds, then reselling for clean money. Daily value fluctuations make it attractive for laundering.
Foreign Exchange Market (FX): The world's largest financial market (over US6 trillion daily). Launderers move money cross-border, exploiting exchange rate fluctuations to obscure origins. Products like FX forwards and options add complexity, enabling obscured transactions.
Securities: Stocks, bonds, other financial instruments. Launderers buy with illicit funds, hold, then sell for clean money.
Derivatives: Financial contracts whose value derives from an underlying asset (stocks, bonds, commodities, currencies, e.g., futures, options, swaps). Their complexity and leverage potential make them susceptible to ML schemes, allowing convoluted, hard-to-trace transactions.

Money laundering risks differ between primary and secondary markets:

Primary Market (new securities issuance): Launderers may invest illicit funds in IPOs or bond offerings to convert dirty money into legitimate financial assets.
Secondary Market (trading existing securities): High transaction volumes facilitate blending illicit funds. Electronic transactions, with limited party transparency, enhance anonymity, easing money laundering.

Money Laundering Risks in Nonbank Financial Institutions

Introduction

This module addresses significant money laundering risks confronting nonbank financial institutions (NBFIs), which are increasingly targeted by criminals seeking to disguise illicit fund origins. Unlike heavily regulated banks, NBFIs often face distinct challenges in identifying and mitigating ML risks. Learners will explore different NBFI types and their specific challenges in combating money laundering, equipping them to address these issues within their organizations.

Case Example: CashBayou's Risk Management Challenges

Emma, the new head of AML compliance at CashBayou, an e-commerce platform holding buyer funds and converting them to seller currency (requiring an MSB license), discovered unusual transaction patterns: a new buyer making high-frequency, low-value transactions with many sellers in the same jurisdiction, raising a money laundering red flag. Emma realized inadequate KYC governance and execution exposed CashBayou to financial crime, fraud, and regulatory issues. The primary payment service provider (PaySecure, a UK EMI) requested more information on these transactions due to frequency, expressing concern over CashBayou's policies and stressing collaboration. CardGuard, a card issuer partner, later demanded CashBayou align its due diligence with CardGuard's standards for referred cardholders, threatening partnership termination otherwise.

This example shows how NBFIs navigate multifaceted relationships with financial entities, each posing compliance challenges. Emma aims to create a secure transaction environment by proactively identifying and addressing AML/KYC deficiencies, fostering open communication with partners, and mitigating risks. Key takeaways: NBFIs face distinct risks, inadequate KYC governance heightens financial crime/operational liabilities, ongoing due diligence on partners is critical, collaboration enhances oversight, and proactive AML/KYC measures fulfill regulatory obligations and safeguard reputation.

Money Laundering Risks Associated with MSBs, Payment Service Providers, and E-Commerce

Payment Service Providers

The payment industry is rapidly evolving, often outstripping licensing and regulatory oversight development. Many organizations leverage Money Service Business (MSB) or e-money licenses to expand operations within the payments ecosystem. Payment Service Providers (PSPs) are central, enabling digital payments across industries with tailored products (payment aggregation, card issuance, mobile wallets, cross-border payments). Some financial institutions refer to MSBs and PSPs as "Third-Party Payment Processors" (TPPPs) due to their shared function.

A typical PSP payment transaction flow involves:

Verification: PSP verifies customer's payment information with the issuing bank.
Approval: PSP communicates with the issuing bank for transaction approval.
Transfer: PSP transfers funds from customer's account to business's account.

Services include online payment gateways, mobile wallet solutions, and cross-border payment systems, with payment gateways crucial for fund transfers. As digital demand grows, PSPs must expand product offerings, adapt to customer needs, and comply with changing regulations to remain at the forefront. Examples of PSPs and their offerings:

PSP Type	Description	Products and Services
Payment Aggregators	Aggregate payments for multiple merchants without requiring direct bank relationships.	Online payment processing, recurring billing.
Card Issuers	Provide credit, debit, and prepaid cards to consumers, typically branded with major card networks (e.g., Visa, MasterCard, American Express).	Credit cards, debit cards, prepaid cards.
Payment Processors	Handle technical aspects of transaction processing between merchants and customers, managing authorization, settlement, and clearing.	Mobile payment solutions, Point of Sale (POS) systems.
Payment Collectors	Focus on managing payments on behalf of businesses, particularly for collections and settlements.	ACH payments, bill payment services, invoicing solutions, remittance processing, direct bank account transfers.
Mobile Wallet Providers	Enable users to securely store payment information on their smartphones or other devices for easy access and transactions.	Digital wallets, peer-to-peer payments.
Alternative Payment Providers	Offer non-traditional payment methods that go beyond credit/debit cards and bank transfers.	E-wallets, facilitation of cryptocurrency payments, installment payment options.
Cross-border Payment Providers	Facilitate international transactions, including currency exchange and international payment processing.	International payment platforms.

More developed e-commerce platforms often establish their own PSPs to reduce costs and enhance user experience.

Payment Service Providers Risks

Managing risks is crucial for PSPs due to their complex, diverse, and primarily remote services. Risk varies by product offering, but key risks include:

Fraud: Deceptive practices leading to financial loss.
Chargebacks: Customer disputes impacting revenue.
Data Breaches: Unauthorized access to sensitive customer information.
Regulatory Noncompliance: Failure to adhere to legal requirements.
Operational Failures: Service disruptions.
Financial Losses: Overall profitability impact.

PSPs' customer risks are mainly indirect; they don't directly engage in customer financial activities but are responsible for ensuring compliant transactions and Anti-Financial Crime (AFC) program controls. Partnership risks are higher due to reliance on banks, financial institutions, card networks, and tech providers. PSPs must understand partners' AFC controls.

Regulatory compliance risk: Partners' noncompliance (e.g., with EU Payment Services Directive for strong customer authentication) can indirectly facilitate money laundering by creating control gaps, leading to repercussions for PSPs.

Operational risks: Many PSPs depend on third-party infrastructure (e.g., cloud storage). Service outages or poor customer support are red flags, indicating potential lapses in partner transaction monitoring and compliance.

Cybersecurity and fraud risks: Heightened by multiple collaborations. Different cybersecurity standards create integration gaps. PSPs are often responsible for customer communication and damage control post-breach. Partner's weak cybersecurity facilitates unauthorized data access, fraud, and money laundering.

Money Services Business

A Money Services Business (MSB) is a nonbank financial institution providing financial services involving money or value transfer, holding funds on behalf of others. Many jurisdictions require MSBs to comply with local AML and CFT regulations, including registration and establishing an AML compliance program. MSB services (currency exchange, money transfers, money orders, stored-value products, bill payments) can be delivered online, via mobile apps, or through physical branches. Originally licensed for currency exchange, their scope expanded to cross-border money transfers and other services. Businesses performing MSB services need a license to operate legally. Historically, MSBs served individuals needing quicker, cheaper cross-border transactions. Today, they also serve small/medium businesses often overlooked by larger financial institutions. This expanded usage brings stringent jurisdictional registration and regulations.

FinCEN classifies hawala, an informal value transfer system (IVTS), under the money transmitter category of MSBs. Hawala differs primarily by operating outside regulation, relying on trust, while traditional MSBs are regulated by the banking system.

Feature	MSB	Hawala
Regulation	Typically licensed and regulated by government authorities, ensuring transparency, accountability, and compliance with local AML and CFT laws.	Relies on trust between the parties involved and typically operates outside of the formal banking system.
Mechanism	Typically (and should) employ formal systems, such as bank accounts, financial institutions, and electronic platforms to facilitate transactions.	Operates through a network of brokers who transfer money based on mutual trust and informal agreements.
Transparency	Required to maintain records of transactions, report suspicious activity, and comply with AML regulations.	Often has little to no regulatory oversight and might circumvent compliance and AML/CTF regulations, such as currency transfer reporting.

Risks Associated with Banking MSBs

MSBs navigate complex jurisdictional licensing (varying fees, compliance) and AML regulations, leading to operational burdens and cross-border compliance challenges. Noncompliance, intentional or accidental, can incur severe penalties (fines, consent orders, license loss). MSBs often serve customers overlooked by traditional financial institutions, posing AML/TF risks due to:

Lack of financial history: Unbanked customers often lack records, making transaction legitimacy assessment difficult.
Cash transactions: Reliance on cash creates vulnerabilities for MSBs in tracking high volumes and fund sources.

These risks often exceed traditional financial institutions' risk appetite, especially for cross-border remittances. MSBs need additional strategic money laundering and operational controls, like Enhanced Due Diligence (EDD), and should limit high-risk customer exposure. Cross-border transactions complicate compliance due to varying laws on fund movement, currency controls, sanctions, and tax reporting. Red flags include unusual customer behavior (reluctance to provide information, falsified data), suspicious transaction patterns (large round dollar amounts, rapid fund movements, inconsistent sizes), transactions involving high-risk jurisdictions, and structuring/smurfing. Trusted correspondent banking relationships can mitigate risks, as correspondent banks assess MSB compliance programs and align activities with their own risk appetite.

E-commerce

E-commerce platforms facilitate online buying/selling, acting as intermediaries. Various types cater to different business models (B2C, B2B, C2C, C2B, D2C). Revenue models include transaction-based (eBay), subscription-based (Amazon Prime), freemium (Spotify), advertising (Google), direct sales (Amazon), affiliate marketing (beauty blogs), and licensing (Shopify). Developed e-commerce platforms often establish their own Payment Service Providers (PSPs) to reduce costs and enhance user experience. Criminals exploit e-commerce to generate and launder funds, which are eventually deposited with Financial Institutions (FIs). FIs must prevent and detect financial crime through their roles as payment processors, card issuers, and merchant account openers.

E-commerce Risks

E-commerce platforms facilitate legitimate global commerce but also offer criminals venues for illegal activities and concealing illicit fund movements. Key financial crime risks include:

Consumer fraud: Seller failing to deliver goods after payment.
Use of stolen credit/debit cards: For purchases.
E-commerce business as a front: For illicit transactions or laundering illicit funds.

Financial institutions should be aware of threats like e-commerce businesses acting as fronts for dark market activities and trade-based money laundering (TBML). For example, an online clothing store covertly sold illegal drugs using codewords like “T-shirt size.” Terrorists also transfer funds via PSPs under the guise of purchasing goods on marketplaces. Red flags include:

Prices inconsistent with fair market value.
Sales of difficult-to-value goods/services.
Customer attempts to hide identity/location (e.g., Virtual Private Network (VPN)).
Unusual counterparty pairs.
Involvement of potential shell companies.

Case Example: LotusMall and Illegal Gambling

LotusMall, a Chinese e-commerce platform, was implicated in facilitating illegal online gambling and associated money laundering. Gambling sites like LuckyBet directed users to fund accounts via QR code payments processed through a PSP, appearing as legitimate LotusMall merchant transactions. LuckyBet orchestrated a network of fake storefronts, recruiting individuals with real IDs as sellers for everyday goods; no products shipped, and gambler funds funneled directly to LuckyBet. Product listings often had inflated prices (a red flag) or many low-value products with extremely high daily transactions (another red flag). LuckyBet operated from offshore servers, adding anonymity and hindering tracing.

Authorities uncovered the operation when two individuals were arrested for selling over 90,000 fake delivery records. Over CNY¥10 billion (approx. US1.38 billion) was laundered. LotusMall reported CNY¥3.4 billion (approx. US468 million) in financial losses and faced legal action against senior executives. Authorities urged e-commerce platforms to improve risk monitoring, flag high-risk patterns (e.g., multiple seller accounts linked to single entity), and proactively combat fraud and collusion. Key takeaways: large e-commerce platforms are exploitable by launderers, common typologies include low-value/high-frequency transactions and buyer-seller collusion, red flags include inflated prices and false delivery records, and platforms should adopt proactive risk control and stricter monitoring.

Money Laundering Risks Associated with Insurance, Securities, Brokerage, and Custodian Services

Insurance Products Risks

The insurance sector, a financial services industry contributor, provides risk management solutions and enhances stability through diverse products (life, property, casualty, medical, travel, liability insurance). Regarding money laundering, it is primarily involved in the integration stage. Its inherent AML risk is generally lower than banking due to less liquid transactions, simpler product nature, and structured payout schedules. However, supervisory authorities warn that certain high-risk accounts and products still require attention. Specifically, insurance products with high cash values or flexible payment options can obscure fund sources, facilitating money laundering and terrorist financing.

High-risk products like high-value life insurance and investment-linked policies pose AML concerns. Criminals exploit these by making large, irregular premium payments, cashing out prematurely, or having unrelated third parties make payments. Red flags include early policy termination after the cooling-off period, premium overpayments from third parties, claims filed soon after policy effectiveness, and early cash surrenders. These actions can indicate attempts to convert illicit funds into legitimate assets (e.g., buying high-value life insurance with illicit funds, then surrendering it for a higher cash value).

Maritime insurance is often linked to trade-based money laundering (TBML). Criminals may misclassify goods or submit fraudulent declarations to trigger insurance payouts, enabling illicit value transfers involving money laundering and insurance fraud. Examples include falsely declaring electronic components as “used clothing,” phantom shipping (reporting non-existent shipments), or undershipment (shipping fewer goods than declared) to file claims for lost/damaged non-existent/missing goods. This combination facilitates illicit value transfers while obscuring true activities.

Case Example: Investment Product Misuse

Peter, a recent retiree in the Cayman Islands, invested his US100,000 pension lump sum in an investment-linked insurance (ILI) policy with premium financing, as recommended by broker Tom. The US100,000 policy required only US30,000 upfront, with the remaining US70,000 financed at 10\% interest, promising 15\% annual returns. A year later, Peter's investment halved. Unable to contact Tom, he complained to the insurance company. Mary, the compliance manager, whose recent AML/AFC framework strengthening flagged Tom's unusual transactions, investigated. Several red flags emerged: Tom’s brother owned the premium finance company, Tom and his wife owned an unlicensed offshore investment firm managing policy funds, and the promised 15\% returns were unrealistic. Mary reported findings and recommended EDD for brokers/affiliated entities, ownership structure monitoring for conflicts/collusion, mandates for employees to declare external business interests, and targeted AML training for brokers. Tom was dismissed for collusion and misrepresentation. Key takeaways:

ILI red flags include ownership conflicts, unlicensed companies, and unrealistic returns (indicating fraud).
Monitoring ownership structures identifies conflicts and prevents collusion.
Training agents/brokers on ML risks promotes compliance and ethics.

Securities and Brokerage Risks

According to FATF, securities providers range from retail stockbrokers and wealth managers to institutional market players like clearing members and global custodians. They offer services (capital market research, portfolio management, investment funds distribution) to direct customers and intermediaries. Transactions involve diverse financial instruments (transferable securities, money-market instruments, investment funds, options, futures, swaps, etc.). This sector is particularly vulnerable during the layering and integration stages of money laundering. FATF notes it can be used both to launder illicit funds and to generate them through fraudulent activities within the industry. High interaction levels with investors/brokers, substantial transaction volumes, rapid execution, and some anonymity create opportunities for criminals.

Complex financial products obscure fund sources and complicate transaction monitoring.
Offshore accounts provide anonymity, facilitating money laundering and exploitation of lax regulatory jurisdictions.
High-risk customers (PEPs, intermediaries) require careful risk assessment; PEPs are susceptible to corruption, intermediaries may facilitate illicit transactions.
Electronic trading platforms emphasize speed and volume, challenging monitoring and mitigation controls.

Continuous monitoring of trading activities (large/unusual trades, rapid patterns, high-frequency transactions, high-risk jurisdictions) helps identify unusual behaviors. Robust transaction monitoring systems flagging suspicious transactions are crucial. Conducting CDD ensures legitimate fund sources and proper customer segmentation for expected/historical trading patterns.

Asset Managers

Asset managers invest and handle assets for customers, facing money laundering risks due to large capital volumes, multiple jurisdictions, diverse/evolving asset classes, transaction anonymity, complex financial products, and third-party involvement. They provide various financial products and services:

Exchange-Traded Funds (ETFs): Traded on stock exchanges, offer diversification/liquidity but can obscure underlying investors.
Derivatives: Financial instruments (options, futures) whose value derives from underlying assets. Complexity and leverage potential can be exploited for money laundering.
Hedge Funds: Pooled investment funds using various strategies. Opaque structures and high minimums attract illicit actors.
Private Equity: Direct investment in private companies or public company buyouts. Lack of transparency poses ML challenges.
Commodity Trading Advice: Guidance on trading physical commodities, susceptible to manipulation and illicit activities.
Real Estate Investments: Involve various stakeholders (sellers, buyers, renters, property managers, agents), all requiring vetting to mitigate ML risks.
Crowdfunding: New asset management form, allowing individuals to invest in projects/startups. Less regulatory oversight and investor anonymity create ML risks.

The complexity and variability of these products make ML detection difficult. Asset managers face complex, evolving CDD processes requiring knowledge of all transaction parties (fund managers, portfolio managers, alternative investment fund managers). A risk-based approach with strong CDD controls and continuous monitoring meets regulatory requirements and demonstrates commitment to sector integrity, addressing risks from new asset classes like cryptocurrencies.

Custodial Services Risks

A custodian bank safeguards customer assets (stocks, bonds), typically serving banks and other financial institutions, including securities intermediaries. Services include securities safekeeping, settlement processing, transition management, and funds distribution, often for a customer's account and/or its underlying clients with various beneficial owners. This complexity requires custodian banks to know their customers and underlying clients' AML policies, geographical footprint, country of incorporation, and information exchange transparency. Money laundering risks are inherent, especially with shell companies or nominee accounts, which conceal true ownership and complicate asset tracing and suspicious activity identification. Custodian banks may also be used to layer transactions.

Financial crime risks stem from relying on other banks for KYC checks, creating a false sense of security. If other banks fail, the custodian could inadvertently facilitate illicit transactions, leading to regulatory scrutiny. Multiple customers in a chain add complexity, obscuring beneficial ownership and complicating transaction tracing. Regulators, like the UK's FCA in 2024, are increasing scrutiny on custodial services, citing common AML shortcomings: discrepancies between registered and actual activities, inadequate AML resources, and failure to assess customer activity risks.

Money Laundering Risks Associated with Cryptoassets and Other FinTechs

Cryptoassets Industry Ecosystem

The cryptoassets industry ecosystem is a dynamic, interconnected network for creating, exchanging, and managing digital assets, continuously evolving with new participants and services. Key structures include:

Blockchains: Distributed Ledger Technology (DLT) providing infrastructure for decentralized applications and smart contracts.
Decentralized Finance (DeFi): Financial services on smart contract protocols, replicating traditional systems (lending, borrowing, exchanges) without intermediaries.
Miners: Validate transactions on blockchain networks by solving mathematical problems, earning newly created cryptoassets.
Virtual Asset Service Providers (VASPs): Cryptocurrency exchanges, wallet providers, etc., facilitating virtual asset activities and subject to strict regulations in many jurisdictions.
- Wallet Providers: Digital wallets for storing, sending, receiving cryptoassets (hot for online access, cold for enhanced security).
- Cryptocurrency Exchanges: Platforms for buying, selling, trading cryptoassets (centralized or decentralized).
Access and Infrastructure Providers: Cryptocurrency ATMs for exchanging cryptoassets and fiat currency, facilitating P2P transactions.

These elements form the operational backbone, revolving around diverse digital assets with distinct characteristics:

Cryptocurrencies: Primarily for transactions and value storage (Bitcoin, Ethereum, Solana).
Stablecoins: Digital currencies pegged to traditional assets (US Dollar) to reduce volatility, facilitating crypto-fiat connection and cross-border payments (Tether, USD Coin).
Tokens: Represent assets, rights, or access within a blockchain ecosystem, tradable cross-border, bypassing traditional finance, potentially obscuring illicit fund origins/destinations.
Non-Fungible Tokens (NFTs): Unique digital assets representing ownership (digital art, collectibles). Uniqueness makes true market value assessment difficult. ML risks include overpricing and anonymity in selling NFTs with illicit funds, especially on decentralized platforms.

Supporting elements include:

Regulatory Bodies: Monitor legal/compliance aspects to deter illegal activities.
DeFi: Financial services on smart contract protocols, replicating traditional finance without intermediaries.

Blockchain

A blockchain is a decentralized, distributed public ledger, an immutable database storing chronologically chained, encrypted data blocks. It serves as a single, tamper-proof data source for recording transactions and tracking tangible (machinery, land) or intangible (patents, bonds) assets. Blockchain offers user benefits due to its characteristics.

Every blockchain consists of:

Nodes: Computers accessing blockchain networks.
Miners: Users who verify transactions and add new blocks.
Blocks: Structures of transaction data for cryptocurrency transactions.

Each data chain has multiple data-filled blocks. Block data is permanently sealed, attached to a random "nonce," and a cryptographic "hash." Each block has a unique nonce and hash, making manipulation extremely difficult; changing a block requires re-mining it and subsequent blocks, demanding immense time and computing power. Mined blockchains must also be verified by other network nodes.

Blockchain technology's benefits:

Immutability: Permanent and unalterable records.
Transparency: All users can access a copy of the ledger.
Decentralization: No central governing authority.
Security: Individually encrypted records.
Faster Settlements: Quicker than traditional banking transactions.

Cryptoasset Risks

Cryptoassets include volatile virtual currencies (Bitcoin, Ethereum) and stablecoins (Tether, USD Coin) pegged to traditional assets to minimize price volatility. Stablecoins are better for cross-border payments, while volatile cryptoassets suit investment/speculation. Cryptoassets often require Virtual Asset Service Providers (VASPs) for fiat conversion, which is a key money laundering vulnerability point needing CDD checks and monitoring.

Public ledgers (blockchains) secure transaction data via cryptography, enabling fast, peer-to-peer transactions without central authority. This permissionless oversight facilitates payments for unbanked individuals but also attracts criminals. Despite blockchain transparency, tracing ownership can be challenging, making it attractive for illicit activities with minimal traceability. Some privacy coins use nonpublic blockchains for anonymous fund transfers, further complicating transaction attribution and heightening illicit activity risk.

Criminal exploitation of cryptoassets raises red flags:

Transactions involving sanctioned or illicit wallet addresses.
Large purchases within 24 hours, withdrawn as fiat via multiple small transactions.
Repeated transfers to fiat exchanges in weak regulatory jurisdictions.
Customer purchases cryptoassets with funds significantly exceeding known wealth.

Stablecoin, Token, and NFT Risks

The rising popularity of stablecoins, tokens, and non-fungible tokens (NFTs) in the cryptoasset ecosystem introduces significant money laundering and illicit financial activity risks due to pseudonymity, cross-border reach, and lack of regulatory oversight. While offering transactional benefits, they create new ML/TF opportunities.

Stablecoins, pegged to stable assets like the US dollar to reduce volatility, include:

Fiat-collateralized stablecoins: 1:1 backed by fiat reserves in custodial accounts. Risks include easy conversion to fiat and regulatory gaps, making them ML targets.
Crypto-collateralized stablecoins: Backed by other cryptocurrencies. Volatility can cause liquidity issues. Criminals may use decentralized exchanges to obscure fund origins through complex transactions.
Algorithmic stablecoins: Maintain their peg via algorithms and supply/demand adjustments. Launderers may use them for rapid fund movement, leveraging value fluctuations to disguise illicit asset transfers and complicate tracing.
Central Bank Digital Currency (CBDC): Government-issued, regulated digital fiat. Not a stablecoin due to direct state backing. While stable, weak AML/KYC can pose financial crime risks, allowing criminals to exploit payment system vulnerabilities.

Unlike stablecoins, tokens and NFTs are highly volatile. Their price fluctuations make them prone to speculation and carry greater ML risks due to their capacity to obscure transaction trails.

Central Bank Digital Currency

A Central Bank Digital Currency (CBDC) is a digital version of a country's fiat currency, issued and regulated by its central bank, and functioning as legal tender. Distinct from cryptocurrencies (which operate independently of government), CBDCs combine digital payment advantages (speed, convenience) with traditional currency stability. Central banks issue CBDCs for several reasons:

Payment Efficiency: Faster, more efficient domestic and international payments.
Cost Reduction: Reduces costs of physical cash production/handling and traditional banking clearing/settlement.
Monetary Policy Implementation: Direct influence on monetary policy by adjusting digital currency supply/demand, enabling quicker response to economic changes.
Financial Inclusion: Can provide banking access to individuals excluded from traditional systems, especially in countries with underdeveloped infrastructure, improving economic opportunities for unbanked populations.
Illicit Activity Deterrence: Real-time monitoring capability of CBDCs provides greater transaction transparency, aiding in combating money laundering, tax evasion, and terrorist financing.

Several countries are researching, piloting, or implementing CBDCs:

The Bahamas: The Sand Dollar, launched in October 2020, improving financial inclusion and security against illicit activities.
Nigeria: The eNaira, launched in October 2021, facilitating digital payments and streamlining cash management.
Jamaica: Jamaica Digital Exchange (Jam-Dex), launched in May 2022, enabling secure P2P transactions and reducing cash handling costs.

Mixers and Tumblers

Cryptoasset mixers and tumblers are widely used to conceal the source of cryptoasset funds, making transaction tracing almost impossible. Wasabi Wallet (CoinJoin), for instance, mixes multiple users' Bitcoin (BTC) and returns funds to original users from different crypto addresses. Other mixers work similarly. Such mixing services make tracing funds extremely difficult, or impossible.

There are two types: centralized and decentralized. Both obfuscate transactions; decentralized mixers use protocols (coordinated or P2P), while centralized mixers are companies accepting cryptoassets and returning different coins for a fee (usually 1\% to 3\%. Funds are returned from new, untraceable addresses. Criminals widely use mixers and tumblers to launder illicitly acquired funds, including sanctioned entities and dark web users, to hide trails between illegal funding sources and destinations. While some users seek privacy legitimately, Virtual Asset Service Providers (VASPs) should treat transactions linked to mixers and tumblers as high risk and apply appropriate diligence.

Money Laundering Risks in Designated Nonfinancial Businesses and Professions (DNFBPs) and Other High-Risk Sectors

Introduction

This module delves into money laundering risks associated with Designated Nonfinancial Businesses and Professions (DNFBPs) and other high-risk factors. Despite not being primarily financial institutions, DNFBPs are vulnerable to criminal exploitation for money laundering and terrorist financing due to their roles in handling large sums of money, assets, and legal structures. These lessons will explain different DNFBP types and how they can be misused, providing knowledge to establish safeguards and mitigate DNFBP risks.

Case Example: DNFBP Risks in the Hendricks Case

Josh, a US lawyer and Anti-Financial Crime (AFC) professional, joined his jurisdiction’s Financial Risk Review Task Force to examine regulatory needs for DNFBPs and high-risk sectors. A key case involved Kurt Hendricks, a Russian customer charged with bank fraud and money laundering tied to two California condominiums. Hendricks used a corporate nominee and multi-tiered shell companies to conceal his identity from US financial institutions, wiring nearly US4 million from overseas accounts in Latvia and Switzerland (jurisdictions with lower AML/CFT regulatory expectations) to fund a US3 million real estate transaction via a British Virgin Islands corporate entity set up by the nominee. Remaining funds were invested in a nominee-maintained brokerage account and used for condominium expenses.

The Hendricks case highlighted multiple DNFBPs presenting unique risks:

Real estate agents: Facilitating high-value transactions with unclear ultimate beneficial owners (UBOs).
Lawyers and Trust or Company Service Providers (TCSPs): Creating complex corporate structures to obscure fund sources.
Accountants: Enabling illicit transactions to appear legitimate.

The task force noted US attorneys are self-regulated with recommended but non-mandatory reporting rules. Real estate agencies and TCSPs lack AML/CFT regulations or audit requirements. Given these complexities, the task force recommended comprehensive AML/CFT regulations for DNFBPs, bridging gaps, requiring AML/CFT frameworks, and balancing customer privacy with reporting to deter financial benefits of illicit activities.

Key takeaways:

DNFBP risks vary widely by business type and clientele.
Multiple DNFBPs are often involved in money laundering cases.
A comprehensive, tailored AML/CFT control framework for DNFBPs enhances financial system integrity.

Money Laundering Risks Associated with DNFBPs

Risks of Banking Designated Nonfinancial Businesses and Professions

Designated Nonfinancial Businesses and Professions (DNFBPs), often called "gatekeepers," are entities not primarily financial institutions but vulnerable to money laundering and terrorist financing abuse. Without safeguards, they can be exploited to hide illicit fund origins, create legal structures, or handle high-value goods. Examples and their inherent risks include:

Real Estate Agents: Property transactions can launder money by inflating values or creating opaque ownership structures, especially with international buyers and high-value assets in lax regulatory markets. Red flags include corporate entities, trusts, or nominees without clear justification, particularly from jurisdictions known for corporate secrecy (e.g., Cayman Islands, Bahamas) or uncooperative countries lacking local presence. Cash transactions increase risk; buyers uninterested in property specifics are suspicious. Collaboration with lawyers and accountants is crucial for legitimacy checks.
Lawyers: May assist in establishing complex structures (trusts, shell companies) to conceal UBOs. Risk increases with international connections or high-value transactions. Legal privilege can hide financial crime.
Dealers in Precious Metals and Stones: High-risk due to portability of valuable goods, easily converted to cash or moved cross-border. Criminals exploit for high-value purchases/resales without scrutiny, making it one of the higher-risk DNFBP types.
Casinos: Highly vulnerable to ML due to high-cash volumes. Criminals buy chips anonymously, gamble minimally, and cash out, "cleaning" money. Anonymity complicates fund tracing.
Accountants: May inadvertently legitimize illicit transactions (e.g., structuring) by verifying fund sources or facilitating layering. Overly complex transactions are red flags. Risk of supporting tax evasion, which fuels money laundering. Duties include due diligence, reporting suspicious activities, identifying red flags, and adhering to ethical standards.
Trust or Company Service Providers (TCSPs): Create structures that obscure beneficial ownership and fund origins, attracting money launderers. Nominee services (third parties acting as directors/shareholders) provide anonymity, masking UBOs. Shelf companies (pre-registered) with clean histories facilitate illicit activities. Offshore company formation in low-tax/high-secrecy jurisdictions without strong AML regulations allows criminals to obscure true ownership, making TCSPs crucial gatekeepers.

Gaming Sector Risks

The gaming sector (physical/virtual casinos, internet gaming, betting/gambling) faces inherently high financial crime risks due to its fragmented regulatory environment, cross-border activities, offering of quasi-financial services, and high volume/frequency/variety of transactions. The rapid growth of online gaming, with non-face-to-face interactions and emerging technologies, introduces additional vulnerabilities.

Online gaming operators are exposed to high-risk jurisdictions due to remote onboarding. Quick onboarding appeals to criminals, and identity fraud escalates without proper controls. Operators may inadvertently allow out-of-jurisdiction participation via IP spoofing or failed geolocation safeguards (e.g., VPN use).

Physical casinos, though not financial institutions, offer quasi-financial services (accepting funds, foreign currency exchange, money transfers, stored-value, check cashing, safe deposit boxes), exposing them to similar risks as financial institutions. Junkets (sponsored trips) are high-risk due to cross-border movement of funds/people, particularly HNW individuals. Junket operators refer clients without sharing KYC details with casinos, raising transparency concerns about identification and fund sources.

Both physical and online gaming are susceptible to organized crime, loan sharking, prostitution, drug dealing, and human trafficking—all predicate offenses. They are also at risk of transaction structuring to evade reporting thresholds (using third parties, multiple transactions) and collusion gaming (e.g., poker players intentionally losing to transfer value).

Real Estate Sector Risks

The real estate sector is highly susceptible to money laundering due to the substantial sums involved in property transactions and the tangible nature of assets. Criminals integrate illicit funds by purchasing high-value tangible assets, realizing profits upon sale, which then appear legitimate through sale documentation. Lawyers and other third parties often legitimize fund movements.

Obscured ownership structures (corporate entities, trusts, nominees without clear justification for direct individual purchase) are red flags, especially if the entity has minimal business activity or is based in a corporate secrecy jurisdiction (e.g., Cayman Islands, Bahamas). The global nature of the market, with international buyers and cross-border transactions, complicates detection. Buyers from high-risk or uncooperative jurisdictions without established local presence or legitimate reason for purchase pose additional risk.

Cash transactions, still common in some markets, increase ML potential as cash is harder to trace. Red flags include buyers paying wholly or primarily in cash, especially where bank financing is normal, or buyers showing little concern for property specifics, prioritizing swift transaction completion. Properties with frequent or rapid ownership changes also raise suspicion. Real estate professionals should collaborate with other DNFBPs (lawyers, notaries, accountants) to confirm legitimacy of ownership, contracts, and fund sources, enhancing market integrity and mitigating ML risks.

Accountancy and Audit Sector Risks

Money laundering poses substantial risks in the accounting and auditing sectors due to professionals' access to sensitive financial information and their roles in financial management, reporting, and advising. Accountants often detect suspicious activities but must remain vigilant not to inadvertently facilitate illegal practices, such as structuring, if they design overly complex or opaque transactions.

A consequential risk for accountants is inadvertently supporting tax evasion, where subsequent transactions become money laundering conduits. Tax avoidance is legal; tax evasion (falsifying records, concealing income) is illegal. Complicity in tax evasion schemes can lead to assisting money laundering as illicit funds are concealed through fraudulent tax practices. Accountants provide various services, each with corresponding money laundering risks:

Accountancy Role	Services	Money Laundering Risks
Auditors	Examine financial statements to ensure compliance with accounting standards and laws.	Overlooking financial discrepancies during reviews might conceal suspicious activities.
Consultants	Provide advice on financial strategies and operational efficiencies.	Might inadvertently aid in facilitating money laundering through transaction structuring.
Risk Advisors	Help organizations identify and manage financial and compliance risks.	Failure to identify money laundering risks could facilitate illicit activities.
Tax Advisors	Advise on tax planning and compliance with regulations.	The line between legal tax avoidance and illegal tax evasion is slim, risking facilitation of money laundering.

Accountants have a responsibility to detect and prevent money laundering, which includes conducting due diligence (understanding customer business, reviewing transactions), reporting suspicious activities (legally obligated in many countries), identifying red flags, and adhering to ethical/professional standards.

Legal Services Sector Risks

Money laundering is a significant concern in the legal sector due to lawyers' and notaries' influential roles in managing financial transactions, providing legal advice, and knowing their clients. Criminals often exploit legal professionals to conceal illicit funds, facilitate fraudulent transactions, or structure deals to obscure money origins. Legal professionals provide various services, each with corresponding money laundering risks:

Service	Description	Money Laundering Risks
Advisory Services	Provide legal advice on issues such as business formation, mergers, estate planning, and tax matters, ensuring compliance with laws.	Might inadvertently assist in structuring transactions that disguise illicit activities, such as advising on using offshore accounts or trusts that hide the beneficial ownership of assets, enabling tax evasion, or concealing illicit wealth.
Case Handling	Represent clients in legal disputes, including civil, criminal, and commercial cases, handling litigation, negotiations, or settlements.	Might be exposed to suspicious transactions, particularly involving large sums of money, international transactions, or disputes over high-value assets.
Due Diligence	Conduct due diligence for transactions, investments, mergers, or acquisitions by investigating business partners, verifying deal legitimacy, and assessing legal risks.	If a client provides false information, undetected discrepancies could lead to fraudulent deals. Another risk is advising on transactions where the true beneficial owner is concealed.
Verification of Assets	Assist in verifying the legitimacy of assets during transactions, such as property sales, confirming lawful ownership, and transferability.	Money launderers often use the purchase and sale of assets to legitimize illicit funds. Lawyers risk involvement if they do not thoroughly assess the origin of funds or the ownership history of the assets.
Notary Public Services	Notaries provide services such as witnessing document signings to ensure the legitimacy of documents used in legal transactions.	Might unknowingly participate in money laundering if they fail to verify identities or allow fraudulent documents to be notarized, enabling criminals to legitimize documents that conceal illicit activities or assets.

Trust and Company Service Provider and Company Secretary Sector Risks

Trust and Company Service Providers (TCSPs) offer business services like nominee services, shell company establishment, and onshore/offshore company incorporation. Company secretaries ensure compliance with corporate governance and regulations (maintaining records, filing reports, organizing board meetings). Both roles inherently carry money laundering risks. Criminals exploit TCSPs to obscure asset ownership or structure transactions to disguise illicit fund origins. For secretaries, heightened ML risks arise from failing to vet stakeholders or identify red flags in corporate structures. A lack of due diligence in record-keeping or governance can enable criminals to obscure Ultimate Beneficial Owner (UBO) identities, unwittingly facilitating illicit activities.

TCSPs often provide nominee services (third parties acting as directors/shareholders) to conceal UBO/operator identities, adding anonymity and increasing money laundering risks through obfuscation. Criminals use this to distance themselves from illicit activities and move funds across jurisdictions with weak regulations. Shelf companies pose increased ML risk as pre-registered entities with clean histories, easily established with fake ownership, complicating UBO identification for financial institutions and regulators. Offshore company formation in low-tax/high-secrecy jurisdictions, with weak AML regulations and limited public records, increases ML risks, making TCSPs crucial gatekeepers.

High-Risk Business Sectors

High-Value Asset Risks

High-value assets (art, antiques, jewelry, precious metals, jets, yachts) pose financial crime risks because they are often easy to move, hide, and are of high value. Criminals use them to launder money, converting illicit funds into seemingly legitimate investments or expensive items. Financial institutions must understand these assets to effectively assess risks and implement robust due diligence and transaction monitoring systems.

Red flags for money laundering with high-value assets include:

Transactions involving funds from unknown or suspicious sources.
Large cash purchases without clear fund sources or sufficient documentation.
Loan agreements between unrelated third parties lacking legitimate connection or economic justification, serving to transfer illicit funds.
Use of complex ownership structures, including shell companies, to obscure true beneficial owner and fund source.
Transactions between or in jurisdictions known for money laundering (favorable environments for criminal schemes).
Inconsistent valuations (asset priced higher or lower than market value) to manipulate financial transactions and obscure fund origins.

Robust due diligence (comprehensive background checks) and transaction monitoring (detecting suspicious patterns) are crucial to identify these red flags.

Case Example: Suspicious Transactions at Goodwish Jade

Goodwish Jade (GJ), a Macau jade retailer and TRF Bank customer, raised AML officer suspicions during a review. Several cash transactions over US500,000 occurred at midnight, inconsistent with GJ's website operating hours (10 a.m. to 6 p.m., no online store). KYC showed GJ owned by an offshore British Virgin Islands company (high-risk for tax secrecy) with Teh Ong as UBO, a businessman linked to sauna parlors (brothels) and nightclubs (drug sales, "Cash Only" signs), intensifying suspicions about GJ's fund source. Further investigation revealed GJ's midnight buyers were managers from Ong’s businesses, despite monthly salaries of ~US2,500, making high-value purchases suspicious. The AML officer suspected illicit funds from drug trafficking and prostitution laundered through high-value assets. The case was escalated to the MLRO with a SAR recommendation and a review of GJ's risk assessment and network companies. Key takeaways: High-value retailers need close monitoring; large cash/credit transactions outside normal hours indicate illegal activity; negative media triggers customer review and risk assessment refresh; diversified businesses in high-risk sectors require Enhanced Due Diligence (EDD).

Import/Export Businesses Risks

Trade-based money laundering (TBML) involves criminals disguising crime proceeds and transferring value through trade transactions to legitimize illicit origins. Import and export businesses are frequently exploited, using various methods:

Under-invoicing: Invoicing goods/services below fair market value, transferring value to the buyer.
Over-invoicing: Selling goods/services above fair market value, allowing seller to receive more than actual worth.
Multiple invoicing: Issuing multiple invoices for the same shipment to justify numerous payments.
Short-shipping: Actual quantity shipped is less than invoiced, benefiting the seller financially.
Over-shipping: Actual quantity shipped is more than invoiced, benefiting the buyer financially.
Ghost-shipping: Fictitious trades with no real buyer/seller or collusion to create shipping documents for non-existent goods.
Letters of credit (L/C) fraud: Misusing L/C to transfer money by manipulating import/export prices or facilitating payments for non-existent goods.

Trading dual-use goods (military and civilian uses) poses unique money laundering risks, as criminals may evade sanctions to facilitate illicit trade and disguise transactions. The proceeds then need laundering. Source of funds risk affects all businesses, but import/export sectors are particularly vulnerable due to cross-jurisdictional transactions. Differing AML regulations globally allow criminals to exploit jurisdictions with weak enforcement, using import/export businesses as entry points to the financial system.

Free-Trade Zones Risks

A Free-Trade Zone (FTZ) is a designated area within a country, considered outside its customs territory, allowing businesses to import, store, handle, manufacture, and distribute goods without customs duties until entering the domestic market. Established to attract foreign direct investment and create jobs, often in developing countries, FTZs offer cost savings, improved cash flow, increased competitiveness, and special exemptions from immigration and foreign investment restrictions. As of 2025, approximately 4,500 FTZs exist in over 130 countries.

However, their business-friendly features attract criminals. The EU notes FTZs have high incidences of corruption, tax evasion, fraud, and sanctions evasion. The European Commission also highlights emerging threats to trade system integrity from FTZs storing artwork, antiquities, precious metals, and wine.

FATF identifies systemic weaknesses in FTZs:

Inadequate AML/CFT safeguards.
Minimal oversight by local authorities.
Weak procedures for inspecting goods and legal entities (inadequate recordkeeping, IT systems).
Lack of cooperation between FTZs and local customs authorities.

FTZs facilitate TBML by importing consignments with counterfeit/tampered paperwork and re-exporting them while disguising origin/nature. This environment supports illegal trades (drug trafficking, ivory, stolen art, people smuggling). Inadequate enforcement of FTZ regulations can facilitate tax evasion and VAT fraud by obscuring beneficial owners of crime-derived assets, hindering authorities from tracing and recovering proceeds.

Alternative Remittance Systems

An Alternative Remittance System (ARS) is a commonly used method for transferring value, globally existing in various forms across numerous jurisdictions, characterized by trust. ARS operators do not hold an MSB license or equivalent. The hawala is the best-known ARS; it is an informal system for international value transfer outside legitimate banking, relying on trust and often debt. It arranges for equivalent currency amounts to be transferred at customer instruction, rather than actual funds.

Before wire transfers, ARSs were born of necessity due to theft risk in physical money transport. Merchants would agree on terms and arrange payment via trust-based systems. Today, hawala brokers maintain ledgers of collaborative transferors with available funds/currencies. The "remitter" gives local currency plus fees to the broker, who uses their network to forward the equivalent amount in local currency. These transferors may be repaying a debt to the broker or charging the payee a service fee. Thus, value and currency are transferred overseas without involving a bank or MSB.

Hawalas are popular among:

Marginalized communities (refugees, conflict zones) lacking access to or trust in banks.
Individuals desiring no digital transaction record.

Consequently, terrorist financiers leverage hawalas' trust and anonymity to transfer money to high-risk geographies or domestic terrorist groups.

Charity and NGO Risks

Charities and nongovernmental organizations (NGOs) are indispensable for societal needs. NGOs are nonprofit and independent of specific governments, providing services and humanitarian functions like charities. Many jurisdictions grant them tax-exempt status, allowing donors deductions, encouraging public contributions. However, these organizations can be misused for laundering illicit funds or breaching sanctions. Hence, their legitimacy requires scrutiny.

Charities and NGOs' characteristics make them vulnerable:

Enjoying public trust.
Often having a global presence.
Access to considerable funds from unknown/undisclosed sources.
Being cash-intensive.
Often in or near terrorist activity areas.
Subject to little/no regulation or few creation obstacles.

Most are legitimate, but terrorist organizations have used them for illicit funding. Private foundations were also used for tax evasion. Bribery and corruption schemes might use fake charities to disguise corporate payments as charitable. When researching, confirm their exempt status and tax filings with registration authorities and consult unbiased evaluation websites. Larger organizations likely have approved research websites.

Military Organization and Goods Risks

Military organizations as transaction parties and military goods/services pose specific financial crime risks. Military organizations include armed forces, government-owned/controlled military research facilities, defense manufacturers, and private-sector defense suppliers. Military goods/services are articles, services, and technology for national defense, routinely subject to embargoes/export controls due to their threat to international security and human rights. Dual-use goods have both military and civilian uses. Military goods/services include firearms, missiles, tanks, aircraft, biological/chemical agents, nuclear weapons, defense services, data, and technology.

Military-related financial crime risks include bribery/corruption, arms embargo/export control evasion, and financing terrorism/weapons of mass destruction (WMD). Many military organizations are government-owned/controlled, overseen by government officials (PEPs), posing a higher risk for bribery/corruption. Arms embargoes are international sanctions banning military/dual-use goods export/import for targeted jurisdictions. Export controls regulate critical item trade for foreign policy/international security, requiring licenses. Evading these controls is profitable and serves sanctioned national interests, creating high risk. Trade in military goods/services also risks supplying terrorist organizations and state actors with WMD materials.

Red flags related to military organizations and goods include:

Links to a high-ranking military official.
Purchasing military or dual-use goods without a license.
Trade transactions involving high-risk jurisdictions or unclear final destinations.

Providing Financial Services to Embassies, Foreign Consulates, and Missions

Foreign embassies, consulates, and missions are common in host countries. An embassy, typically in the capital, houses the foreign ambassador and diplomatic staff, handling political and economic matters. Consulates are embassy branches in major cities, providing similar administrative and governmental functions on a smaller scale. A foreign mission is a group conducting diplomatic business to serve its home country's interests, encompassing embassies and consulates.

These organizations require financial services for operational expenses (payroll, rent, utilities) and intergovernmental transactions (commercial, military payments). Some banks offer ancillary services/accounts to government personnel (staff, families, former officials). Each governmental relationship poses different risk levels as individuals are often classified as PEPs in host countries, increasing bribery/corruption risk.

Embassy, foreign consulate, and mission accounts can pose higher risk in specific circumstances:

Accounts in jurisdictions designated as high ML/corruption risk by FATF or regulators.
Substantial cash transactions potentially indicating illicit activities.
Account activity inconsistent with its purpose (e.g., unusual amounts/types of transactions).
Accounts directly funding personal expenses of foreign nationals (e.g., education fees), mixing official and personal finances.
Official embassy business conducted through personal accounts, raising transparency/legitimacy concerns.

Drug-Related Businesses Risks

Money laundering risks associated with drug-related businesses, particularly those involving cannabis and marijuana, present complex challenges for regulatory authorities, financial institutions, and the businesses themselves. Even legitimate production, sale, and distribution for pharmaceutical purposes carry serious risks due to ties to illicit activities. The dual-use nature of these substances (medical/recreational vs. illegal) complicates money laundering detection and prevention. A major complication for financial institutions banking cannabis businesses is the conflict between state-level legality and federal-level illegality in some countries.

Drug-related products with legitimate pharmaceutical applications, such as CBD oils or medical marijuana, risk diversion to the illegal market. Consequently, their production, trade, and distribution are often heavily regulated. Governments impose sanctions on regions, entities, or countries involved in drug trade to thwart illegal drug proliferation. Pharmaceutical companies must navigate strict import/export controls and international restrictions. Sanctions-related risks emerge from cross-border transactions with sanctioned regions.

Transactions in drug-related businesses are highly complex, often involving multiple parties and jurisdictions across convoluted production, distribution, and sale chains (e.g., cannabis cultivated in one area, processed in another, sold in a third, with numerous intermediaries). This multi-layered approach obscures illicit fund sources. Financial institutions struggle to identify suspicious transactions dispersed across locations and stages. Additionally, high transaction volumes or transfers, sometimes involving shell companies or fictitious business partners, further complicate illicit activity tracking.

Global AFC Frameworks, Governance, and Regulations

After completing this learning experience, you will be able to:

Describe the AFC guidance from international bodies.
Explain the major AFC regulations and how they can impact your organization.
Explain how organizations use reports and guidance from different authorities and collaborate with various agencies.

Global AFC Standards and Guidance

Introduction

This module outlines key global Anti-Financial Crime (AFC) frameworks and guidelines that define compliance standards worldwide. It covers FATF-style regional bodies (FSRBs) like MONEYVAL, which facilitate the implementation of FATF's 40 Recommendations setting global AML/CFT standards. FATF reports and activities measure effectiveness, and its guidance helps assess risks. You will learn about high-risk jurisdiction reports issued by international bodies (UN, OECD, Basel Committee, Egmont, Wolfsberg) and their impact on financial institutions' risk management. Additional AFC guidance from the G20, Transparency International, and the Tax Justice Network focuses on corruption and tax justice. Applying this knowledge to compliance processes and risk assessments ensures adherence to international standards, mitigates money laundering and terrorism financing risks, and safeguards the global financial system.

Case Example: Implementing AFC Standards at FinTrust

Amina, a manager at FinTrust, a US financial institution, explained to a new graduate trainee, Drew, their protocol for high-net-worth customers from sanctioned jurisdictions. These applications require immediate Enhanced Due Diligence (EDD), PEP screening, and enhanced monitoring for unusual transactions to mitigate money laundering and sanctions risks. Amina highlighted that international bodies establish AFC standards, which jurisdictions then tailor into laws FinTrust incorporates.

She described the evolution of financial crime concern, from the Palermo Convention (2000) addressing organized crime, money laundering, and corruption, to the post- ext{September 11, 2001} expansion of FATF's mission to include terrorism financing. In response, the US enacted the USA PATRIOT Act (stricter KYC, enhanced transaction monitoring), and the EU and UN Security Council followed with similar measures. Today, organizations like FATF, Basel Committee on Banking Supervision, and Wolfsberg Group continue to shape AFC compliance (CDD, transaction screening). Amina stressed that ignoring these standards leads to severe consequences: regulatory fines, reputational damage, loss of global banking access, and potential criminal prosecution, asset forfeitures, and imprisonment for willful violations by executives and compliance officers, citing agencies like OFAC, SEC, and OCC.

Key takeaways:

Understanding the evolution of AFC regulations ensures compliance and financial system protection.
Knowing how international AFC standards impact your AFC controls is essential.
Noncompliance can lead to regulatory fines, reputational damage, loss of global banking access, penalties, operational restrictions, criminal prosecution, and imprisonment.

Financial Action Task Force

The G-7 established the Financial Action Task Force (FATF) in 1989 to coordinate anti-money laundering efforts. Starting with 15 countries and the EU, it now includes nearly 40 countries and a global network of regional groups. Within a year, FATF issued its original 40 Recommendations for fighting money laundering. After the September 11 attacks, FATF added nine Special Recommendations on terrorist financing. FATF's work includes:

Assessing implementation: Conducts evaluations to determine if jurisdictions effectively implemented standards, monitoring action plans and publicly reporting progress. Identifies deficiencies.
Monitoring methods and trends: Continuously tracks how criminals and terrorists raise/move funds, publishing reports to raise awareness of techniques and trends. Over 200 countries commit to FATF standards.
Identifying high-risk jurisdictions: Designates jurisdictions with implementation failures as under increased monitoring ("grey list") or high-risk ("black list"). Inclusion on these lists can severely isolate jurisdictions from the global financial system.

FATF-Style Regional Bodies

FATF-style regional bodies (FSRBs) are autonomous regional organizations that aid in implementing FATF's standards. They align with FATF objectives and functions but operate independently, also serving as FATF associate members. FATF relies on FSRB input for standard-setting. FSRBs ensure effective global AML/CFT efforts by identifying financial system threats, facilitating regional cooperation, assisting mutual evaluations, and providing technical assistance. Each FSRB adopts FATF's 40 Recommendations, working with members on regional issues and solutions. Membership numbers vary based on political decisions.

Common FSRB objectives include ensuring member compliance with international AML/CFT standards. Their functions comprise:

Evaluating AML/CFT measures through assessments and recommendations.
Strategizing priorities (e.g., improving financial sector supervision, enhancing private sector compliance, increasing convictions and asset confiscations).
Publishing reports on AML/CFT typologies impacting FATF members.
Collaborating with global institutions to strengthen AML/CFT frameworks.

FATF 40 Recommendations

The FATF Recommendations are crucial for guiding and coordinating the fight against financial crime. FATF expects members to implement them as legally binding laws or regulations tailored to local circumstances, and assesses their implementation and effectiveness. FATF also provides guidance on implementation. The 40 Recommendations and 9 Special Recommendations (now integrated) cover high-level guidance, as well as specific sectors and topics, grouped into seven categories:

AML/CFT policies and coordination
Money laundering and confiscation
Terrorist financing and financing of proliferation
Preventive measures
Transparency and beneficial ownership
Powers and responsibilities of competent authorities and other institutional measures
International cooperation

To assess compliance, FATF conducts periodic mutual evaluations (formal reviews by AML/CFT authorities from other jurisdictions). Resulting mutual evaluation reports are public, providing in-depth assessments of technical compliance and effectiveness (rated low, moderate, substantial, or high). FATF requires members to address deficiencies, subjecting them to post-assessment monitoring. Deficiencies can lead to designation on the "grey" or "black" lists, prompting financial institutions to flag them as high-risk in internal assessments.

FATF Recommendations 1-8

FATF Recommendations 1 to 8 mandate comprehensive legal and regulatory frameworks in member jurisdictions to combat money laundering, terrorist financing, and weapons of mass destruction (WMD) proliferation. These recommendations are grouped as follows:

Recommendations 1 and 2: Jurisdictions must assess and understand ML/TF risks, adopting a risk-based approach for effective mitigation. National cooperation and coordination are essential, requiring AML/CFT policies informed by risk assessments and designated implementation authorities or mechanisms.
Recommendations 3 and 4: Jurisdictions should criminalize money laundering, applying it to all serious crimes and a broad range of predicate offenses. Measures should empower authorities to identify, trace, freeze, seize, and confiscate criminal property and equivalent assets, ensuring effective asset recovery.
Recommendations 5 to 8: Jurisdictions must criminalize terrorist financing as per the Terrorist Financing Convention, covering financing of acts, organizations, and individuals, even without a direct link to a specific act. Targeted financial sanctions (UN Security Council resolutions) must be implemented for immediate asset freezing against designated persons/entities. Similar sanctions apply to WMD proliferation financing. Lastly, jurisdictions should identify non-profit organizations susceptible to terrorist financing abuse and implement proportionate, risk-based measures to protect them while ensuring legitimate activities remain unaffected.

FATF Recommendations 9-23

FATF Recommendations 9 to 23 focus on ensuring the effectiveness of member jurisdictions' measures to detect and prevent illicit financial activities.

Recommendation 9: Jurisdictions must ensure financial institution secrecy laws do not impede FATF Recommendation implementation.
Recommendations 10 and 11: Financial institutions must conduct CDD when initiating business relationships, processing occasional transactions above a set threshold, suspecting ML/TF, or questioning existing customer identification data. They must also retain transaction records and CDD information for at least five years for timely authority requests.
Recommendations 12 to 16: Provide additional measures for specific customers and activities:
- Identify PEPs, obtain senior management approval for business relationships, and verify their sources of wealth and funds.
- Assess respondent institutions' AML/CFT controls before correspondent relationships.
- License and monitor Money or Value Transfer Service Providers.
- Assess risks from new technologies and ensure accurate originator/beneficiary data in wire transfers.
Recommendations 17 to 19: Jurisdictions should allow financial institutions to rely on third-party CDD if it meets criteria. Financial institutions must implement AML/CFT programs, facilitate information sharing, and apply EDD to relationships/transactions with persons/institutions from FATF-identified high-risk jurisdictions.
Recommendations 20 to 23: Discuss suspicious transaction reporting obligations:
- Financial institutions must report suspicious transactions to the relevant FIU.
- Laws should protect financial institutions/employees from liability and prohibit disclosing suspicious transactions.
- Designated Nonfinancial Businesses and Professions (DNFBPs) must implement internal controls, report suspicious transactions, and be subject to regulatory/supervisory measures for AML/CFT compliance.

FATF Recommendations 24-40

FATF Recommendations 24 to 40 outline key measures to enhance transparency, institutional oversight, and global cooperation in AML/CFT efforts.

Recommendations 24 and 25: Jurisdictions must assess the risk of legal person and arrangement misuse. They should ensure competent authorities have access to accurate, up-to-date beneficial ownership information on legal persons and trusts, requiring trustees to maintain such data. Jurisdictions should prohibit new bearer shares/warrants and take measures to prevent misuse of these stock types.
Recommendations 26 to 35: Jurisdictions must ensure financial institutions are properly regulated/supervised to implement FATF Recommendations. Supervisors need sufficient authority, resources, and independence for compliance monitoring, inspections, and sanctions. DNFBPs should be subject to licensing, registration, and supervision. Jurisdictions must establish an FIU to analyze suspicious transaction reports (STRs) and support law enforcement. Authorities need powers to track, freeze, seize criminal assets, enforce cross-border currency controls, and collect AML/CFT statistics. Clear guidelines, feedback, and proportionate sanctions are needed for compliance and enforcement.
Recommendations 36 to 40: Jurisdictions must swiftly adopt/implement the Vienna, Palermo, and Terrorist Financing Conventions, and other international agreements. They should provide broad mutual legal assistance for ML/TF cases, ensuring efficient request handling. Rapid action is needed to identify, freeze, seize, and confiscate criminal assets upon foreign authority requests. Extradition for ML/TF is required, including prosecuting nationals if extradition is impossible. Authorities should facilitate international cooperation through information exchange and joint investigations to combat financial crimes globally.

FATF 11 Immediate Outcomes

FATF mutual evaluation reports assess member jurisdictions on technical compliance and overall program effectiveness, using 11 Immediate Outcomes (IOs). Each IO receives an effectiveness rating (low, moderate, substantial, or high). For low/moderate ratings, FATF recommends actions and tracks progress. The IOs are a starting point for assessors to determine AML/CFT framework effectiveness, using judgment and experience. The table below outlines the focus areas and specific outcomes:

IO #	Area of Focus	Outcomes
1	Risk, policy, and coordination	• A deep understanding of money laundering and terrorist financing risks • Authorities implementing targeted measures and coordinating responses, ensuring proactive threat mitigation
2	International cooperation	Effective collaboration with foreign counterparts enhancing the ability to track and disrupt transnational financial crimes by: • Sharing intelligence • Enforcing cross-border legal actions
3	Supervision	Strong oversight ensuring that financial and nonbank institutions comply with AML/CFT regulations, reducing vulnerabilities in the financial system
4	Preventive measures	DNFBPs implementing preventative measures, including: • Conducting due diligence • Monitoring transactions • Reporting suspicious activity to authorities
5	Legal persons and arrangement	Transparency in corporate structures: • Preventing criminals from using shell companies and trusts to conceal illicit financial activities • Enabling authorities to trace ownership and hold bad actors accountable
6	Financial intelligence	Analysis and use of financial intelligence to help law enforcement: • Identify patterns • Detect criminal networks • Initiate investigations to combat financial crimes effectively
7	Money laundering investigation and prosecution	Holding offenders accountable through prosecution and sanctions leading to: • Deterring future financial crimes • Strengthening the credibility of the legal framework
8	Confiscation	Recovering illicit assets leading to: • Disrupting criminal enterprises • Removing the financial incentive for crime • Reinforcing the rule of law
9	Terrorist financing investigation and prosecution	Taking legal action against those financing terrorism, which: • Weakens terrorist networks • Prevents the funding of violent activities
10	Terrorist financing preventive measures and financial sanctions	Restricting terrorists' financial access and preventing the exploitation of NPOs, which ensures resources do not reach entities that support violence and extremism
11	Proliferation financial sanctions	Cutting off financial support for weapons proliferation, which: • Reduces global security threats • Prevents the use of funds to develop or distribute weapons of mass destruction

FATF Mutual Evaluation

FATF mutual evaluations are peer reviews among member jurisdictions, producing comprehensive reports that analyze AML procedures and their effectiveness. These reports describe and analyze a jurisdiction’s legal and regulatory framework for preventing criminal abuse of its financial system and offer recommendations for strengthening capabilities. Jurisdictions are deemed compliant only upon proving so to other FATF members. A complete evaluation averages 18 months to two years.

Mutual evaluations have two components:

Effectiveness: The main focus, assessed during an on-site visit where the team collects evidence that measures are operational and deliver results (e.g., a jurisdiction is achieving outcomes).
Technical Compliance: The assessed member provides information on its laws and regulations to combat money laundering and WMD proliferation. Initially, this was FATF's main focus but shifted to effectiveness after numerous money laundering scandals revealed technical compliance alone was insufficient.

Expectations vary by jurisdiction based on financial crime risks. FATF uses an elaborate assessment methodology for consistent, fair assessments. The seven-stage process includes:

Getting started: Assessor and jurisdiction training, assessor selection.
Technical review: Assessment team analyzes laws/regulations.
Scoping note: Team identifies on-site visit focus areas.
On-site visit: Team reviews AML regulations' effectiveness.
Draft MER: Finalizes the mutual evaluation report.
FATF plenary adoption: Plenary discusses findings, votes on ratings, final quality review before publishing.
Publication and follow-up: Jurisdiction addresses issues and strengthens AML measures.

Poor evaluations risk placement on FATF’s grey or black lists, leading to increased scrutiny, reputational damage, and economic consequences (higher transaction costs, reduced foreign investment). Jurisdictions then address shortcomings by enacting/amending laws, strengthening AML/CFT regimes, enhancing compliance frameworks (technology, training, personnel), bolstering national FIUs, and improving cross-border cooperation. Post-assessment monitoring tracks progress, with public warnings for insufficient improvement.

FATF High-Risk and Noncooperative Jurisdictions

FATF identifies high-risk and noncooperative jurisdictions through a comprehensive review process overseen by its International Cooperation Review Group. This group assesses AML/CFT measures to identify threats, vulnerabilities, and risks.

FATF reviews jurisdictions for noncooperation if they:

Do not participate in an FSRB.
Delay or prohibit FSRB mutual evaluation result publication.
Are nominated by a FATF member or FSRB for ML, TF, or proliferation financing risks.
Achieve poor mutual evaluation results:
- 20 or more noncompliant or partially compliant ratings for technical compliance.
- Noncompliant or partially compliant ratings on three or more of Recommendations 3, 5, 6, 10, 11, and 20.
- Low or moderate effectiveness for 9 or more of the 11 IOs, with a minimum of two lows.
- Low effectiveness for 6 or more of the 11 IOs.

FATF uses 25 criteria, categorized into four broad areas, to identify detrimental rules and practices inconsistent with the 40 Recommendations:

Loopholes in financial regulations.
Obstacles from other regulatory requirements.
Obstacles to international cooperation.
Inadequate resources for preventing and detecting money laundering.

Based on these criteria, FATF identifies noncooperative jurisdictions in two public documents published thrice yearly:

"Jurisdictions Under Increased Monitoring" (grey list): Identifies jurisdictions with strategic AML/CFT system deficiencies actively working with FATF to address them.
"High-Risk Jurisdictions Subject to a Call for Action" (black list): Identifies jurisdictions with significant AML/CFT deficiencies, requiring all FATF members to apply Enhanced Due Diligence (EDD) and potentially countermeasures.

Impact of FATF Mutual Evaluation Reports on Jurisdictions

Upon completion of the plenary discussion and final quality review, FATF publishes the mutual evaluation report. Jurisdictions performing poorly risk being placed on FATF’s grey list or black list. A poor evaluation can lead to increased scrutiny from international banks, reputational damage, and economic consequences such as higher transaction costs and reduced foreign investment.

After receiving Recommendation ratings, jurisdictions should address identified shortcomings, enacting new or amending existing regulations to strengthen their AML/CFT regime. This encourages financial institutions, law enforcement, and regulatory bodies to enhance compliance frameworks through greater investment in technology, training, and personnel for financial crime detection and prevention. National FIUs and cross-border cooperation mechanisms are also often strengthened.

According to FATF, all jurisdictions are subject to post-assessment monitoring, including regular improvement reports for largely compliant jurisdictions addressing remaining shortcomings, and public warnings for insufficient progress. The UAE's journey, placed on the grey list in 2022 and removed in 2024, exemplifies the process: it amended legislation, criminalized money laundering, improved financial transparency, updated guidelines for financial institutions/DNFBPs, engaged in legal/regulatory campaigns, increased assessment frequency and sanctions, created a dedicated financial crime court, adopted a new penal code, and streamlined suspicious activity reporting. These national-level impacts also affect regulated organizations, which must implement control frameworks and resources accordingly.

FATF Guidance for Risk Assessment

FATF Recommendation 1 requires jurisdictions to identify, assess, and understand their money laundering and terrorist financing risks, then implement effective mitigation measures. FATF promotes a risk-based approach (RBA) to enhance efficiency by prioritizing high-risk threats, optimizing resource allocation, improving compliance flexibility, strengthening AML/CFT measures, and adapting to evolving financial crimes. There is no universal risk assessment approach; jurisdictions tailor the national risk assessment (NRA) process based on capacity, exposure, and context.

FATF provides a six-step best-practice framework for jurisdictions:

Environmental scan: Evaluate economic, political, and legal factors.
Analytical scan: Collect and analyze ML/TF data.
Threat analysis: Identify key ML/TF actors and methods.
Vulnerability analysis: Assess financial system weaknesses.
Risk assessment: Assign risk levels and develop mitigation plans.
Horizon scanning: Monitor emerging trends and future threats.

According to FATF's 2024 guidance, sectoral and thematic risk assessments help authorities develop typologies to understand exploitation of specific sectors for ML/TF, complementing the NRA. Enterprise-wide risk assessments (EWRAs) ensure organizations identify/assess ML/TF risks across all operations, strengthening compliance, internal controls, regulatory alignment, and risk management. Supranational risk assessments (by groups of jurisdictions) and subnational risk assessments (by sector, region, or function) provide targeted strategies, facilitate information sharing, and promote standardized methodologies.

AFC Guidance from Leading International Organizations

United Nations AFC Guidance

The UN is a global organization of Member States focused on peace, security, humanitarian aid, human rights, and international law. While promoting cooperation, it is not a world government and doesn't make laws. The UN Office on Drugs and Crime (UNODC) assists members in combating money laundering, terrorist financing, and other financial crimes, implementing UN terrorism programs, and aiding criminal justice reform and transnational organized crime/corruption efforts. The UN Office of Counter-Terrorism (UNOCT) offers CFT resources through its Counter-Terrorism Centre.

The Global Programme Against Money Laundering (GPML), a UN General Assembly initiative, helps Member States develop robust AML programs (legal frameworks, institutional infrastructure, technical skills) and coordinates national, regional, and international AML cooperation. The UN Vienna 1988 Convention defined money laundering offenses and addressed drug trafficking, encouraging cross-border and cross-sector regulatory cooperation and enhanced information sharing. The UN Charter empowers the UN Security Council to impose sanctions as part of its risk management. UNODC published studies demonstrating international cooperation in fighting organized crime/money laundering, sharing lessons learned and recommendations. UNOCT provides guidance for implementing the UN Global Counter-Terrorism Coordination Compact and building Member States' terrorism threat capacity.

Case Study: The 1999 Convention and UNSC Resolutions for CFT

On March 11, 2004, coordinated bombings in Madrid’s commuter train system killed 193 and injured over 2,000. Spanish authorities initially suspected Euskadi Ta Askatasuna (ETA), but forensic evidence pointed to Islamist extremists linked to al-Qaeda. The 1999 International Convention for the Suppression of the Financing of Terrorism and UN Security Council (UNSC) Resolution 1373 (2001) (requiring criminalization of terrorist financing and asset freezing) enabled Spanish authorities to track financial transactions and disrupt perpetrators’ networks. Resolution 1267 (1999), establishing sanctions against al-Qaeda and Taliban associates, led to asset freezes and support network disruptions. This attack influenced global counterterrorism policies, highlighting existing measures' effectiveness and the need for new ones. Spain strengthened counterterrorism laws and intelligence-sharing. Post-attack, the UN passed: Resolution 1624 (2005) (countering extremist ideology), Resolution 2396 (2017) (biometric data collection, Advance Passenger Information/Passenger Name Record (API/PNR) data-sharing, foreign terrorist fighter monitoring), and Resolution 2462 (2019) (reinforcing state obligations to prevent terrorism financing through banks, charities, informal networks). Key takeaways: The international counterterrorism framework facilitates intelligence-sharing, financial tracking, and legal actions to dismantle terrorist support networks; a strong framework enables financial transaction tracking and asset freezes; UNSC resolutions strengthen laws and cooperation; and resolutions require ongoing adaptation to evolving terrorism threats.

World Bank and International Monetary Fund AFC Guidance

The World Bank provides funding, policies, and technical assistance to developing countries. The International Monetary Fund (IMF) monitors the global economy, maintains monetary stability, and lends to member countries. Since the early 2000$s, they have cooperated to combat money laundering and terrorist financing, requiring effective AML/CFT controls from program beneficiaries. They collaborate with FATF, incorporating FATF compliance into their Financial Sector Assessment Program (FSAP) reviews and holding Observer status with FATF.

Their role in combating ML/TF focuses on four areas:

Raising awareness.
Developing a universal assessment methodology.
Building institutional capacity.
Researching and analyzing global economic aspects.

The World Bank and IMF jointly publish the Reference Guide to Anti-Money Laundering and Combating the Financing of Terrorism, their primary AML/CFT resource. This guide overviews global/regional bodies, preventive measures, and FIU roles, including a detailed section on terrorist financing. Guidance is primarily jurisdictional, not for individual institutions.

Each institution also provides its own resources. The World Bank publishes ad hoc reports on trade finance, training, and risk assessments. The IMF publishes periodic AML/CFT strategy reviews with extensive background papers on specific topics, provides publications on emerging issues (beneficial ownership, virtual assets), hosts roundtables, and administers the AML/CFT Thematic Fund for Capacity Development to strengthen national regimes.

Organisation for Economic Co-operation and Development AFC Guidance

The Organisation for Economic Co-operation and Development (OECD), an intergovernmental organization founded in 1961, collaborates with policymakers, stakeholders, and citizens to establish evidence-based international standards. It comprises three sections:

The Council: Decision-making body, with one representative from each member country plus the EU, chaired by the Secretary-General.
Substantive Committees: Over 300 committees proposing solutions, developing standards, assessing data, and reviewing policy actions.
The Secretariat: Over 3,500 employees (economists, lawyers, scientists, analysts, digital experts, statisticians) carrying out OECD's work.

In November 1997, the OECD adopted the Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. This Convention mandates signatory countries to criminalize bribery of foreign public officials in international business and establishes an open-ended, peer-driven monitoring mechanism to ensure thorough implementation. It is the first and only international anti-corruption instrument focused on the "supply side" of bribery (the person/entity offering, promising, or giving a bribe).

The OECD Working Group on Bribery in International Business Transactions evaluates and recommends on a jurisdiction’s Convention implementation and enforcement, issuing reports detailing achievements, challenges, and progress. Many organizations use OECD guidance to identify risks in digital currencies, beneficial ownership, transnational organized crime, tax crime, gold flow-related corruption/conflict financing/money laundering, and weaknesses in combating ML/tax evasion/foreign bribery, as well as identifying, freezing, and returning stolen assets.

Basel Committee on Banking Supervision AFC Guidance

Established in 1974 by the G-10 countries, the Basel Committee on Banking Supervision (BCBS) is the primary global standard-setter for bank regulation and a forum for international cooperation. Its mandate is to enhance the global banking system by strengthening banking regulation, supervision, and practices. It lacks enforcement authority, relying on members' commitment. BCBS members include banking supervisory authorities and central banks from 28 countries. BCBS issues:

Standards: For incorporation into local legal frameworks.
Guidelines: For implementing standards in areas desirable for bank safety, soundness, and conduct, especially for internationally active banks.
Sound practices: Describing observed practices to promote common understanding and improve supervisory/banking approaches.

In 1988, BCBS issued Prevention of Criminal Use of the Banking System for the Purpose of Money Laundering, principles still useful for AML/CFT: customer identification, compliance with laws, high ethical standards, full cooperation with law enforcement (within confidentiality limits), staff training, recordkeeping, and audits. This was followed by Core Principles for Effective Banking Supervision (1997), including KYC rules (customer identification, risk management, customer acceptance policy, ongoing monitoring). These principles are periodically updated, but key KYC elements remain.

In 2014, BCBS issued Sound Management of Risks Related to Money Laundering and Financing of Terrorism (updated in 2020). These guidelines:

Support banks and supervisors in implementing FATF Recommendations for AML/CFT.
Advocate for banks to implement risk analysis and governance arrangements.
Describe three lines of defense in bank AML efforts: (1) business units identifying/assessing/controlling risks, (2) AML compliance and internal controls, and (3) internal audit functions. These guidelines provide banks with an AML framework foundation.

Egmont Group AFC Guidance

The Egmont Group is an international network of national Financial Intelligence Units (FIUs) established in 1995. Its purpose is to facilitate cooperation and intelligence sharing among members to combat money laundering, terrorist financing, and other financial crimes. Composed of organizational groups including the Heads of FIUs (governing body), Egmont Committee, Regional Groups, Working Groups, Egmont Secretariat, and the Center of FIU Excellence and Leadership, the group's policies and guidance focus on improving cooperation and trust for secure sharing of sensitive information, operationalizing AML/CFT strategy.

The Egmont Group's key functions are:

Information sharing: Enables FIUs to share intelligence on suspicious financial activities.
Capacity building: Provides training and technical assistance to enhance FIU capabilities.
Collaboration: Promotes cooperation among FIUs, law enforcement, and international organizations.
Standard-setting: Develops guidelines to improve the efficiency and effectiveness of financial intelligence operations, promoting FIU operational autonomy.

The Egmont Group has produced governing documents to standardize international cooperation and information exchange:

Egmont Charter (2013): Outlines purpose, composition, structure, and budget.
Egmont Principles for Information Exchange (2013): Documents concepts and practices for bilateral and multilateral information exchange.
Operational Guidance for FIUs (2013): Binding document outlining FIU operations in international cooperation, information exchange, and other tasks.

The group regularly produces guidance and information, often including case studies to help AML professionals identify suspicious activities and determine reporting needs.

Wolfsberg Group AFC Guidance

The Wolfsberg Group, an association of global banks, develops policies and guidance for managing financial crime risk. Formed in 2000 in Switzerland with Transparency International representatives, it comprises senior financial crime compliance personnel from member banks across the US, UK, Switzerland, Germany, France, Netherlands, Italy, Spain, and Japan. The group issues guidelines to help members manage risks and make sound client decisions, protecting operations from criminal abuse. It has no enforcement powers; publications serve as guidance notes adaptable to organizational risk, regulatory standards, and business profiles.

In 2000, the Wolfsberg Group published the Wolfsberg Anti-Money Laundering Principles for Private Banking, routinely revised to outline best practices for detecting/mitigating risks from high-net-worth clients, PEPs, and offshore entities. Key provisions:

KYC: Banks verify client identities and assess risk profiles.
Due Diligence: Enhanced scrutiny for high-risk customers, especially PEPs.
Source of Wealth and Funds: Investigate and document how clients acquired wealth.
Ongoing Monitoring: Continuous transaction reviews for suspicious activities.

In 2006, Guidance on a Risk Based Approach for Managing Money Laundering Risks emphasized resource allocation based on customer, transaction, or jurisdiction risk. In 2014, Wolfsberg Financial Crime Principles for Correspondent Banking (updated since) established best practices:

Considering 11 specific risk indicators for due diligence (jurisdiction, ownership, regulatory compliance).
Applying stricter scrutiny to high-risk relationships (shell banks, offshore financial centers).

International Organization of Securities Commissions AFC Guidance

The International Organization of Securities Commissions (IOSCO) is the global standard-setter for financial market regulation, with over 200 members from 130 jurisdictions, including governmental bodies, regulators, self-regulatory organizations, and securities exchanges. IOSCO's principles guide regulatory standards and serve as the basis for IMF and World Bank securities sector evaluations.

IOSCO's three main objectives are:

Enhancing investor protection: Through cooperation and enforcement.
Ensuring fair and efficient markets: By providing transparent access to market information.
Promoting financial stability: By managing systemic risks and facilitating international information exchange during instability.

IOSCO supports members with technical assistance, education, and training. In 2005, it published Anti-Money Laundering Guidance for Collective Investment Schemes, specifically for mutual funds and ETFs, outlining policies, procedures, and client identification measures. In 2003, BCBS, International Association of Insurance Supervisors (IAIS), and IOSCO jointly published a note on AML/CFT initiatives, overviewing common standards, assessing gaps, and examining relationships between institutions and customers.

In 2023, IOSCO issued Policy Recommendations for Crypto and Digital Asset Markets, with 18 policy recommendations for greater consistency in regulatory frameworks, addressing market integrity and investor protection concerns in cryptoasset markets. These 18 recommendations cover six areas:

Conflicts of interest from vertical integration of activities/functions.
Market manipulation, insider trading, and fraud.
Cross-border risks and regulatory cooperation.
Custody and client asset protection.
Operational and technological risk.
Retail access, suitability, and distribution.

AFC Guidance from Other Organizations

G-20 Anti-Corruption Working Group AFC Guidance

Founded in 1999, the G-20 is an informal forum for finance ministers and central bank governors of industrialized and developing economies. Its membership includes 19 countries, plus the EU and the African Union. Initially focused on economic and financial stability, it expanded to include anti-corruption issues after the 2007 global financial crisis, elevating participation to heads of state. The G-20 Anti-Corruption Working Group (ACWG), established in 2010, recommends ways the G-20 can contribute to international anti-corruption efforts. ACWG collaborates with the World Bank, OECD, UNODC, IMF, and FATF, with the World Bank and UNODC also involved through the Stolen Assets Recovery Initiative (StAR), which advises on asset recovery, AML/CFT, transparency, beneficial ownership, and income/asset disclosures.

As of 2025, the G-20 ACWG Action Plan focuses on:

Strengthening the public sector by promoting transparency, integrity, and accountability.
Increasing the efficiency of asset recovery measures.
Enhancing inclusive participation of the public sector, private sector, civil society, and academia to prevent and combat corruption.
Enhancing whistleblower protection mechanisms.

The G-20 has authored documents providing guidance on anti-corruption, financial transparency, and international cooperation, outlining strategies for combating illicit financial activities, recovering stolen assets, and enhancing regulatory frameworks. These include country-specific beneficial ownership guides, international cooperation, recovery of corruption proceeds, combating money laundering, enhancing asset disclosure, tackling foreign bribery, public sector corruption prevention, and promoting business/government collaboration.

Transparency International AFC Guidance

Transparency International (TI) is a non-governmental organization founded in 1993, operating in roughly 100 countries, dedicated to stopping corruption and promoting transparency, accountability, and integrity globally. TI advocates for policies holding powerful individuals and organizations accountable, conducts research into corruption causes, and initiates innovative, evidence-based projects to prevent and stop corruption.

TI's two featured priorities are:

Political integrity: Ensuring political power is held accountable.
Dirty money: Identifying and closing loopholes in the global financial system that enable corruption and money laundering.

Other AFC priorities include asset recovery, business integrity, extractive industries, foreign bribery enforcement, grand corruption, judiciary and law enforcement, and whistleblowing.

The TI Corruption Perceptions Index (CPI), globally recognized since 1995, assesses perceived public sector corruption in approximately 180 jurisdictions. It scores countries from 0 (highly corrupt) to 100 (very clean) based on expert assessments and business surveys, using data from 13 sources (bribery, misuse of public office, weak anti-corruption measures). The CPI ranks countries by perceived corruption, providing insights for policymakers, investors, and organizations by highlighting governance challenges and accountability gaps, raising awareness and encouraging transparency reforms. TI's Bribe Payers Index (BPI) ranks exporting countries by bribery propensity. TI's annual Global Corruption Report combines CPI and BPI, ranking countries by overall corruption, aiding financial institutions in determining jurisdictional risk.

Basel Institute on Governance AFC Guidance

The Basel Institute on Governance's core mission is to contribute to global efforts in preventing and combating corruption and strengthening governance. It is an independent organization, associated with the University of Basel, staffed primarily by practitioners with anti-corruption prevention or law enforcement experience. The Institute's main areas of expertise include asset recovery assistance, anti-corruption research/training/assessments, engagement with the private sector on anti-corruption, countering environmental corruption, and technical assistance for public finance management.

The International Centre for Asset Recovery (ICAR), established in 2006 as a specialized division of the Basel Institute on Governance, works through four main lines:

Case advice, mentoring, and international cooperation facilitation.
Capacity building and training.
Institutional development and legal/policy advice.
Global policy dialogue and innovation.

The Basel AML Index, developed by the Basel Institute through ICAR, is an independent ranking and risk assessment tool evaluating a country's vulnerability to money laundering and related financial crimes, and its capacity to counter these threats. It does not measure actual ML activity but helps policymakers, regulators, and researchers understand vulnerabilities. It assigns risk scores using a composite methodology with 17 indicators across five domains:

AML/CFT and counter-proliferation financing framework quality.
Corruption and fraud risks.
Financial transparency.
Public transparency and accountability.
Legal and political risks.

The Index uses data sources such as FATF mutual evaluation reports, US State Department International Narcotics Control Strategy Report, and Transparency International.

Tax Justice Network AFC Guidance

The Tax Justice Network (TJN), launched in 2003, is an independent advocacy organization combating global tax avoidance, evasion, and financial secrecy. It researches tax havens, offshore finance, and illicit financial flows, promoting policies for greater transparency and fairer tax systems. TJN publishes the Financial Secrecy Index, the Corporate Tax Haven Index, and the State of Tax Justice annual report to highlight jurisdictions enabling tax abuse. Its work influences policymakers, AFC professionals, journalists, and activists in fighting global economic inequality. These indices can inform financial institutions' risk-based approach to customer transactions.

The Financial Secrecy Index ranks 141 jurisdictions every two years based on their financial secrecy levels and financial services provided to non-residents. Higher ranks indicate greater roles in enabling wealthy individuals and criminals to hide and launder money.
The Corporate Tax Haven Index ranks 70 jurisdictions whose tax policies allow multinational corporations to underpay corporate income tax; higher ranks indicate greater risk of corporate tax abuse.
The State of Tax Justice annual report details the amount of tax jurisdictions lose each year due to corporate tax abuse and private tax evasion. The 2023 report projects US4.8 trillion lost to tax havens over the next 10 years.

Organizations can incorporate TJN indices into customer risk assessments to evaluate the risk of a customer engaging in tax evasion or financial crime based on their residence or business operations. Higher rankings suggest increased risk for associated customers.

AFC Regulations and Regimes

Introduction

This module introduces the regulatory environment impacting AFC professionals, covering major regulators, their requirements, and how they assess risk, provide guidance, and cooperate with each other and law enforcement to enforce AML/CFT laws. This context is crucial for understanding how regulatory requirements cascade from international guidance to national legislation and ultimately to operational requirements within covered entities impacting AFC professionals.

Student Note: Regulatory Framework Elective Courses

This module will provide a high-level overview of key global AFC rules and regulations across various jurisdictions. For detailed explanations and analyses of specific regulatory landscapes, please refer to the AML regulatory framework elective courses.

Case Example: Drafting Policies for an AFC Department Based in APAC

Hiroshi, tasked with setting up policies for a newly incorporated APAC financial institution, must first understand its financial crime risks (corruption, fraud, money laundering, sanctions) and relevant laws (CDD, AML standards). His research for cross-border transactions leads him to consult US and EU regulations and virtual asset regulations. He includes data-related regulations in his policies, noting the EU GDPR's higher standard than most APAC jurisdictions and China's Data Security Law prohibiting certain commercial data transfers out of China.

Hiroshi also considers emerging topics like ESG and AI in AFC. He identifies which business products and services these controls will affect in his proposed policies. He emphasizes continuous review and monitoring of guidance, enforcement actions, and policy changes, incorporating results into the enterprise-wide risk assessment (EWRA), training plan, and new business due diligence processes. Key takeaways for an organization's policies: consider key financial crime risks, implement relevant AFC regulations from other jurisdictions (US, EU), consider other AFC areas (data protection, ESG), and enforce thorough risk assessments before launching new products, services, or technologies.

US AML/CFT Regulatory Landscape

Bank Secrecy Act

The Bank Secrecy Act (BSA), enacted in 1970, is the US's most important AML regulation, introduced due to criminals exploiting US banks for money laundering. It imposed significant recordkeeping and reporting obligations on US banks and financial institutions, aiding law enforcement in investigations and prosecutions. In 2001, the USA PATRIOT Act extended BSA's scope to include counter-terrorist financing obligations.

Key BSA reporting requirements:

Currency transaction reports (CTRs).
Suspicious activity reports (SARs).
Foreign bank account reports (FBARs) for US citizens holding foreign accounts.
Currency and monetary instrument reports (CMIRs) for cash purchases of monetary instruments.

The BSA requires obliged entities to develop, implement, and maintain an effective AML program based on five pillars:

Internal policies, procedures, and controls to ensure regulatory compliance.
Designation of an AML officer for daily program activities.
Employee education and training on program responsibilities.
Independent audit for program adequacy, with risk-based frequency.
Ongoing CDD program using a risk-based approach.

The BSA extends to non-US banks, MSBs, and cryptocurrency firms dealing with US customers or utilizing the US financial system. US-based branches of foreign banks, and MSBs/cryptocurrency firms with US customers, must comply. Foreign financial institutions with correspondent bank accounts in US banks are subject to some BSA requirements, including recordkeeping and providing records upon US authority requests.

USA PATRIOT Act

Enacted in 2001, the USA PATRIOT Act strengthened AML/CFT measures, significantly influencing global financial regulations, particularly after 9/11. Key global obligations derived from the Act:

CDD and KYC: Financial institutions must verify customer identities, monitor transactions, and assess business relationship risks, impacting global AML frameworks like FATF Recommendations.
Jurisdictions of Primary Money Laundering Concern: Section 311 empowers the US Treasury to designate foreign jurisdictions, institutions, or transactions as ML risks, prompting financial institutions to cease dealings.
EDD for Foreign Correspondent Banking: Section 313 prohibits shell bank relationships, and Section 312 mandates EDD for correspondent accounts of foreign financial institutions (affecting cross-border banking) and private banking accounts for non-US persons.
Forfeiture from US Correspondent Account: Permits the US government to seize funds from a foreign bank's US correspondent account, subject to owner contestation.
Information Sharing: Section 314 allows banks to cooperate with each other, law enforcement, and international agencies for financial crime combat, providing safe harbor liability protections.
Records for Foreign Bank Correspondent Accounts: Allows the US government to request various records, grants subpoena authority, and requires foreign banks to designate a US-registered agent.

The Anti-Money Laundering Act of 2020

The Anti-Money Laundering Act of 2020 (AML Act) primarily aimed to modernize US banking laws for AML compliance, broadening AML practices for national security and intelligence goals through greater transparency and enforcement. This included creating a national Beneficial Ownership database for entities to register ownership, with future rules for access and usage. The Act expanded AML compliance to cryptocurrencies, art, and antique dealers, and introduced new investigative powers regarding foreign financial institutions and criminal penalties for hiding transactions related to senior foreign political figures. It represents a strategic update, incorporating new financial technologies and national security.

The AML Act requires shell companies and previously unregulated legal entities to disclose beneficial owners and register with FinCEN. It extends whistleblower protection for AML violations, aiming to broaden investigative powers to connect shell companies with correspondent banks globally. It updates AML regulations to include cryptocurrency exchanges as Money Service Businesses (MSBs), with similar licensing and reporting requirements. A key goal is to transform SARs from simple reporting to intelligence-gathering tools, expecting "high usefulness" for law enforcement and national security, and facilitating cross-border SAR sharing within financial institutions.

The AML Act also mandates developing further regulations to enhance strategic priorities concerning drug trafficking, corruption/fraud, cybercrime, terrorist financing, transnational criminal activity, human trafficking, and nuclear proliferation financing. FinCEN has issued proposed rulemakings for mandatory risk assessment processes and incorporating national priorities into AML/CFT programs, with further rulemaking anticipated.

Financial Crimes Enforcment Network

The Financial Crimes Enforcement Network (FinCEN) is a bureau within the US Department of the Treasury, reporting to the Under Secretary for Terrorism and Financial Intelligence. Its mission is to protect the financial system from illicit activities, combat financial crimes, and enhance national security. Congress designated FinCEN as the central authority for collecting, analyzing, and disseminating financial transaction data to support law enforcement, regulatory agencies, and policymakers. FinCEN's data analysis is crucial for combating AML/CFT, tracking fraud, tax evasion, narcotics trafficking, and terrorist financing.

Operating under the Bank Secrecy Act (BSA) and its USA PATRIOT Act amendments, FinCEN has authority to issue regulations, enforce compliance, and oversee AML programs in financial institutions. It sets suspicious activity standards and ensures proper filing of useful reports for criminal, tax, and counter-terrorism investigations. FinCEN also manages BSA data collection, processing, storage, dissemination, and protection, partnering with law enforcement for financial crime investigations.

As the US FIU, FinCEN collaborates globally with over 100 Egmont Group FIUs, sharing financial intelligence. It maintains a government-wide access service for financial crime data, assisting federal, state, local, and international partners. Key functions include:

Issuing and enforcing AML/CFT regulations.
Supporting law enforcement investigations/prosecutions.
Managing and protecting BSA data.
Coordinating with foreign FIUs on cross-border financial crime.
Identifying financial crime risks and assisting with resource allocation.

Other US Regulators

US financial regulators collectively ensure the financial system's stability, integrity, and efficiency. The Office of the Comptroller of the Currency (OCC), Federal Reserve System (FRS), Federal Deposit Insurance Corporation (FDIC), and Securities and Exchange Commission (SEC) create a framework to safeguard financial institutions and consumers, mitigating economic stability risks. They enforce compliance, promote transparency, and protect investors/depositors, ensuring trust in financial markets.

OCC: Independent bureau within the US Treasury, charters, regulates, and supervises national banks, federal savings associations, and US branches of foreign banks. Ensures safe operations, fair access, and legal compliance.
FRS: Central bank of the US, ensures financial system stability by minimizing systemic risks. Conducts examinations for soundness, enhances payment/settlement system security, and provides services to banking industry/US government.
FDIC: Independent agency established by Congress to uphold US financial system stability and public confidence. Insures deposits, supervises for safety/consumer protection, and ensures orderly restructuring/liquidation of failing institutions.
SEC: Oversees the securities industry, ensuring investor protection, fair/efficient markets, and capital formation. Five presidentially appointed commissioners (with Senate consent) lead the agency.

Collectively, these regulators foster a resilient financial industry. Violations of US financial crime laws can lead to civil monetary penalties, forfeiture, business restrictions, and criminal charges against the bank or its officers.

Case Study: US Regulatory Enforcement Actions

Between 2023 and 2024, Wells Fargo & Company faced significant enforcement actions from the Federal Reserve Board, SEC, and OCC for compliance deficiencies. In March 2023, the Federal Reserve Board fined Wells Fargo US67.8 million for providing a trade finance software platform used by a foreign bank for transactions involving US-sanctioned parties. Wells Fargo had insufficient policies for US sanctions compliance. In August 2023, the SEC charged Wells Fargo affiliates (Clearing Services LLC, Advisors Financial Network LLC) US35 million for overcharging over 10,900 investment advisory accounts by US26.8 million; financial advisers reduced fees but didn't update billing systems. In September 2024, the OCC issued an enforcement action against Wells Fargo for deficiencies in financial crimes risk management and AML controls, including suspicious activity reporting, currency transaction reporting, CDD, and customer identification programs. The OCC agreement required approval for new moderate/high-risk products and services, though no monetary penalties were imposed.

Key takeaways:

Regulatory enforcement actions highlight the critical need for enhanced internal controls, compliance policies, and risk management.
They span multiple agencies and regulated entities.
They include financial penalties for compliance failures and operational restrictions for risk management deficiencies.

Office of Foreign Assets Control

The Office of Foreign Assets Control (OFAC), created in 1950 within the US Department of the Treasury, administers and enforces economic and trade sanctions based on US foreign policy and national security goals. These sanctions target foreign jurisdictions, regimes, terrorists, narcotics traffickers, WMD proliferators, and other threats. OFAC's legal authority stems from US laws, executive orders, and regulations. Its sanctions programs prohibit transactions with listed persons/organizations and may require asset blocking within US jurisdiction.

OFAC sanctions lists primarily include:

Jurisdiction-based sanctions: Against entire jurisdictions (e.g., North Korea, Iran, Cuba), prohibiting nearly all transaction types.
List-based sanctions: Target specific entities and individuals involved in illicit activities or posing national security threats (e.g., Specially Designated Nationals (SDN) List, Consolidated Sanctions List, Foreign Sanctions Evader List).
Secondary sanctions: Directed at non-US persons for specified dealings with counterparties subject to certain OFAC sanctions (e.g., Iranian and Russian SDNs).
Sectoral sanctions: Applied against entire sectors of an economy (e.g., energy, finance, defense) rather than specific individuals/entities.

OFAC relies on private sector collaboration for enforcement. Non-compliance can result in civil/criminal penalties, including multimillion-dollar fines for organizations and imprisonment for individuals.

EU AML/CFT Regulatory Landscape

History of AML Regime in Europe

The EU is a political and economic union of jurisdictions. Norway, Iceland, and Liechtenstein are in the European Economic Area (EEA) and must comply with EU AML/CFT legislation, even without legislative participation. EU legislation can be regulations (immediately applicable) or directives (setting principles, requiring national transposition).

Since 1991, the EU has used directives for its AML/CFT regime. The first AML Directive (1AMLD) applied mainly to banks and criminalized money laundering. Subsequent amendments (2AMLD 2001, 3AMLD 2005, 4AMLD 2015, 5AMLD 2018) addressed challenges like delayed or non-compliant transposition by member states, insufficient bank compliance, and deficiencies in cross-border supervision, which fragmented effectiveness and led to AML breaches. The 5AMLD strengthened cooperation between AML and banking supervisors and expanded regulatory scope to include NBFIs, DNFBPs, and cryptoasset service providers. Until 2018, predicate offenses for money laundering differed among member states. Directive ext{2018/1673} (the "AML Criminal Law Directive") established minimum rules for defining criminal offenses and penalties for money laundering. In 2024, this directive was amended to criminalize violations of EU restrictive measures. The EU also introduced the EU AML Single Rulebook, including the 6AMLD, combining a regulation with a directive for increased harmonization and effectiveness.

EU AML Package

In 2024, the EU adopted the "Single Rulebook" AML legislation package, comprising:

Directive (EU) ext{2024/1640} (6AMLD).
Regulation (EU) ext{2024/1624} (AMLR).
Regulation (EU) ext{2024/1620} (AMLA-R).
Regulation (EU) ext{2023/1113} (FTR).

6AMLD builds on previous directives (e.g., 4AMLD), requiring financial institutions and other obligated entities to implement comprehensive CDD, maintain central beneficial ownership registers, and conduct national/supranational risk assessments. It enhances FIU roles and strengthens cooperation between national FIUs and AML authorities. Member states must transpose 6AMLD provisions into law.

AMLR aims to harmonize CDD and risk assessment requirements across member states. It sets a €10,000 cash transaction limit, strengthens rules on PEPs, beneficial ownership, and beneficial owner disclosure for firms purchasing high-value assets in developing nations. AMLR mandates assessment of all AML staff for skills, repute, honesty, and integrity, and strengthens SAR rules and penalties. It expands obliged entities to include soccer agents, professional football clubs, and investment migration operators. Provisions for the football sector, real estate information access, and bank account register interconnection take effect after most AMLR provisions.

AMLA-R establishes the EU Anti-Money Laundering Authority (AML Authority/AMLA), responsible for direct supervision of selected high-risk financial sector obliged entities. It coordinates National Competent Authorities (NCAs) supervision and drafts level-2 regulations/guidelines. Most AMLA-R provisions took effect in July 2025.

FTR implements FATF's cryptoasset recommendations, prohibiting anonymous cryptoasset accounts/transactions. It's a recast of Regulation (EU) ext{2015/847} on fund transfer information. FTR and Markets in Cryptoassets Regulation (MiCA) took effect in December 2024.

The Role of AML Authority

Before 2021, the EU's AML regime, based on directives, suffered fragmentation in supervision and enforcement due to inconsistent member state implementation, leading to AML breaches and deficient supervision for cross-border entities. To mitigate this, the EU established an Anti-Money Laundering Authority (AML Authority) as a cornerstone for harmonized rule implementation and coordination among AML and financial sector supervisors.

The AML Authority is mandated to:

Develop and update the EU's AML Single Rulebook: A set of harmonized AML requirements for the EU/EEA.
Directly supervise up to 40 high-risk financial institutions: Ensuring compliance with the Single Rulebook, conducting onsite inspections, imposing corrective measures for deficiencies, and levying penalties for serious/repeated breaches. It operates through joint-supervisory teams.
Monitor National Competent Authorities (NCAs): To ensure consistent application of the Single Rulebook, providing guidance and support, and acting on systematic supervision failures (e.g., improper national law application). (Note: AML Authority is not the EU FIU, but supports/coordinates its network).
Conduct regular assessments of ML/TF risks within the EU: Identifying emerging threats, vulnerabilities, and providing mitigation recommendations.
Facilitate information sharing between NCAs and FIUs: Acting as a central hub for collecting/disseminating information and managing the EU central database of financial institution deficiencies and imposed remedial measures.

The AML Authority is expected to commence direct supervision from its Frankfurt, Germany headquarters.

Markets in Cryptoassets Regulation

The Markets in Cryptoassets Regulation (MiCA), also known as MiCAR, established the EU's legislative framework for transparency, disclosure, authorization, and supervision of cryptoasset issuers and virtual asset service providers (VASPs) as of December 2024. The European Commission created MiCA to address risks of unregulated cryptoassets to investors and financial markets, focusing on cryptoassets not previously regulated by existing financial services legislation. MiCA covers the issuance and trading of cryptoassets other than electronic money tokens (EMT) and asset-referenced tokens (ART).

MiCA restricts EMT issuance to licensed entities (banks, electronic money institutions) already subject to the EU's AFC regime. To issue ARTs, a license is required, generally granted only to EU-established firms with qualified shareholders/directors of good repute (no financial crime convictions) and an effective AFC program. Applications are rejected if the business model poses serious financial crime risks or shows AFC program deficiencies.

When admitting cryptoassets to trading, VASPs must assess technical solutions' reliability, issuer/development team reputation, and potential cryptoasset risks. They should reject cryptoassets with inbuilt anonymization functions unless token holders and transaction history can be identified. MiCA prohibits market abuse (insider trading, market manipulation). VASPs must have controls to prevent/detect market abuse and immediately report reasonable suspicions to relevant regulatory authorities.

Other Regional AML/CFT Regulatory Landscapes

Local AML Regulations and Cross-Jurisdictional Impact

International financial institutions operate in complex environments, facing challenges in implementing a global AML program alongside diverse local regulations. For example, the US Bank Secrecy Act (BSA) requires US branches of foreign financial institutions to comply, meaning group-wide policies must meet BSA minimum standards, despite varying AML standards globally. To address these differences, institutions often append jurisdiction-specific addenda to their global AML policies. If a host jurisdiction has a higher AML standard than the home jurisdiction (e.g., Hong Kong's 10\% beneficial ownership rule vs. US's 25\% from 2012-2018), the higher standard is documented in the addendum.

Information sharing within international financial institutions is crucial but complicated by banking secrecy and data protection laws (e.g., FATF's Private Sector Information Sharing guidance). FATF Recommendation 18 states that where permitted, financial institutions should apply its principles to overseas branches and subsidiaries. Maintaining a balance between global policy and multiple local addenda, while adhering to management oversight and governance obligations, is key to success.

UK AML Regulations

The UK's AML/CFT regulatory landscape has changed post-Brexit (January 2020), no longer obliging adherence to EU AML Directives (e.g., 6AMLD). However, the UK remains a FATF member and implements legislation aligning with FATF's global AML/CFT standards. Key legislation includes:

Proceeds of Crime Act 2002.
The Terrorism Act 2000.
Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

Major UK authorities responsible for guidance, investigations, and enforcement:

Financial Conduct Authority (FCA): Regulates financial services firms' conduct, sets standards, promotes competition, and prevents consumer harm. Established April 2013, its primary focus is ethical and fair treatment of customers.
Prudential Regulation Authority (PRA): Part of the Bank of England, prudential regulator for ~1,500 banks, building societies, credit unions, insurers, and major investment firms. Established 2013, focuses on financial institution safety and soundness, collaborating with FCA.
His Majesty's Revenue and Customs (HMRC): Supervisory body for money laundering regulations, tackles economic crime with other agencies and departments, helping businesses protect themselves.
Office of Financial Sanctions Implementation (OFSI): Part of HM Treasury, implements UN and EU financial sanctions. Established March 2016, improves understanding, implementation, and enforcement of financial sanctions.
UKFIU: Operating independently within the National Economic Crime Command (NECC) as part of the National Crime Agency (NCA). Receives, analyzes, and disseminates intelligence from SARs to law enforcement. The NCA has arrest powers, can seek warrants/court orders, and freeze/confiscate assets suspected in money laundering, terrorism financing, or other criminal activities.

Australia AML Regulations

Australia's primary AML/CFT legislation is the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act 2006), requiring reporting entities to implement AML/CFT compliance programs (risk assessment, internal CDD controls, regulatory reporting, employee training, independent reviews). Australia recently passed the AML/CTF Amendment Act 2024, significantly enhancing its framework to align with FATF international standards and combat money laundering, terrorism financing, and proliferation financing. Key provisions include:

Extending AML/CFT obligations to DNFBPs: Real estate agents, legal professionals, accountants, and precious metals/stones dealers must identify/verify customers, conduct ongoing monitoring, and report suspicious activities to AUSTRAC.
Granting AUSTRAC enhanced enforcement powers: Imposing higher penalties, issuing remedial directions, and pursuing civil/criminal actions for non-compliance.
Amending tipping off provisions: Facilitating greater information sharing among regulatory bodies, law enforcement, and international counterparts.
Emphasizing the risk-based approach: Allowing entities to tailor AML/CFT measures based on risk levels for efficient resource allocation.

Reporting entities must comply with new obligations by March 2026. AUSTRAC is the principal regulatory authority, acting as both national FIU and regulatory agency, collecting/analyzing financial transaction reports, monitoring compliance, and enforcing actions. The Australian Sanctions Office (ASO) within the Department of Foreign Affairs and Trade (DFAT) administers Australia's sanctions regime (UNSC and autonomous), coordinating with AUSTRAC to ensure compliance.

Singapore AML Regulations

Singapore's National AML Strategy, updated in October 2024, outlines a three-pillar framework: prevention, detection, and enforcement, with a risk-based approach to AML/CFT compliance. Financial institutions and DNFBPs must implement CDD, EDD for high-risk clients, ongoing transaction monitoring, and suspicious transaction reporting. Key legislation includes the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 (criminalizing ML, mandating STRs) and the Terrorism (Suppression of Financing) Act 2002 (addressing CFT).

Singapore's major regulators:

Monetary Authority of Singapore (MAS): Regulates financial institutions, DNFBPs, NPOs; issues AML/CFT guidelines; supervises compliance.
Commercial Affairs Department of the Singapore Police Force: Investigates financial crimes.
Accounting and Corporate Regulatory Authority: Oversees corporate entities; enforces AML/CFT on corporate service providers.
Casino Regulatory Authority and Gambling Regulatory Authority: Monitor AML/CFT compliance in gaming.
DNFBP sectors are regulated by their licensing, registration, or self-regulatory bodies (except precious stones/metal dealers other than pawnbrokers).

The Suspicious Transaction Reporting Office (STRO) is Singapore's FIU, part of the Singapore Police Force, receiving/analyzing financial intelligence.

Useful resources for AFC professionals:

MAS notices and guidelines (compliance obligations).
AML/CFT Industry Partnership guidelines and best practice papers (collaborative risk identification/mitigation, strengthening banking industry by delivering benefits to customers).

Hong Kong (China) AML Regulations

The Hong Kong Special Administrative Region of China (HKSAR) has been a FATF member since 1991 and a founding member of the Asia-Pacific Group. Its main AML/CFT regime legislation is the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, complemented by other laws (Organized and Serious Crimes Ordinance, Drug Trafficking Ordinance, Theft Ordinance, United Nations Ordinance, United Nations Sanctions Ordinance). This legislation mandates a risk-based approach for CDD, ongoing monitoring, and recordkeeping, with regulations and guidance from relevant authorities. Financial institutions and DNFBPs must comply with CDD, with non-compliance potentially being a criminal offense (imprisonment, fines). Financial institutions include banks, securities brokerages, MSBs, insurance companies, and payment companies.

Several HKSAR regulators oversee financial institutions and DNFBPs: Hong Kong Monetary Authority, Securities and Futures Commission, Insurance Authority, Customs and Excise Department, and Company Registry. The Joint Financial Intelligence Unit acts as Hong Kong's FIU, collecting, analyzing, and referring suspicious transaction reports to law enforcement for investigation and prosecution.

China AML Regulations

China revised its AML Law, effective January 1, 2025, reflecting commitment to FATF Recommendations and addressing digital finance/cross-border crime risks. The revised law expands scope to include any criminal activity as a predicate offense and covers law firms, real estate agencies, and precious gems dealers. It has extraterritorial application, extending jurisdiction to activities outside China threatening China or its citizens. Obliged entities must enhanced compliance (internal controls, CDD, suspicious transaction reporting), emphasizing ongoing monitoring and simplified CDD for low-risk clients to balance efficiency. The law strengthens enforcement and escalates penalties for noncompliance. Simultaneously, it safeguards legitimate financial activities and privacy, restricting excessive risk measures and allowing judicial redress for unjustified account freezes.

The People’s Bank of China is the primary supervisory body under the State Council, overseeing AML enforcement, coordinating interdepartmental efforts, and conducting financial monitoring via the Anti-Money Laundering Monitoring and Analysis Center. Sector-specific regulators (China Banking and Insurance Regulatory Commission, China Securities Regulatory Commission) collaborate with the People's Bank of China. The Ministry of Public Security investigates and prosecutes money laundering and terrorist financing offenses.

Japan AML Regulations

Japan's AML/CFT framework aligns with FATF Recommendations and evolving financial crime risks, comprising the Act on Prevention of Transfer of Criminal Proceeds, the Act on Punishment of Organized Crimes and Control of Crime Proceeds, and the Foreign Exchange and Foreign Trade Act. Japanese legislation mandates financial institutions and DNFBPs to adhere to CDD requirements, report suspicious transactions, and implement risk-based AML programs. EDD for high-risk customers, including PEPs, is also required. Noncompliance can result in administrative penalties or criminal sanctions. Financial institutions must continuously monitor customer transactions for unusual patterns and regularly update risk assessments. Obliged entities are encouraged to invest in technological solutions like AI and machine learning for improved transaction monitoring and fraud detection. Recent legislative updates include strengthening digital asset regulations, increasing oversight of money transfer service providers, and enhancing beneficial ownership transparency. Japan also focuses on international cooperation with FATF and other global regulators.

Primary AML/CFT regulators in Japan:

Financial Services Agency: Supervises financial institutions, ensures AML/CFT compliance.
National Police Agency: Investigates financial crimes, coordinates with other agencies.
Japan Financial Intelligence Center: Japan's FIU, receives/analyzes suspicious transaction reports, shares intelligence.

The Japanese government established an Inter-Ministerial Council for AML/CFT/CPF Policy to coordinate/advance efforts and formulated a National AML/CFT/CPF Action Plan in April 2024, monitoring its progress.

South Korea AML Regulations

South Korea's AML framework rests on three primary laws:

The Financial Transaction Reports Act: Guarantees the independence and autonomy of the Korea FIU, making it the primary authority for collecting, analyzing, and disseminating financial transaction information. It provides a legal framework for financial companies to report suspicious and high-value cash transactions to the FIU, which may then share relevant information with law enforcement.
The Proceeds of Crime Act: Criminalizes money laundering and sets legal measures to punish/prevent concealment of criminal proceeds. Article 3 criminalizes disguising acquisition/disposition, origin, or concealment of criminal proceeds, with penalties of imprisonment and fines. Articles 8 and 10 outline requirements for confiscating criminal proceeds and property of equivalent value.
The Act on Prohibition Against the Financing of Terrorism and Proliferation of Weapons of Mass Destruction (Terrorist Financing Prohibition Act): Took effect in 2008, implementing the International Convention for the Suppression of the Financing of Terrorism and UNSC resolutions on WMD proliferation. It imposes obligations on financial institutions to prevent terrorism financing through identifying, reporting suspicious transactions, and freezing assets.

South Korea's AML/CFT regime began in 2001 with the Korea FIU's establishment and the enactment of the Financial Transaction Reports Act and Proceeds of Crime Act. In 2008, the Financial Services Commission was established, with the Korea FIU operating as its primary agency for AML/CFT matters, analyzing SARs and sharing information with law enforcement. Under the Commission, the Financial Supervisory Service examines/supervises financial institutions for AML compliance, collaborating with the FIU.

United Arab Emirates AML Regulations

The UAE aligns its regulatory approach with FATF requirements, including FATF Recommendations, to strengthen oversight, risk-based monitoring, and enforcement mechanisms. Federal Decree No. 20 of 2018, amended by Decree-Law No. 26 of 2021, is a fundamental pillar of the UAE’s AML/CFT framework, defining offenses, enforcement, and penalties. It mandates an AML/CFT committee and an independent FIU to receive and investigate all reports. Cabinet Decision No. 10 of 2019, amended by Decision No. 24 of 2022, enhances the legal/institutional AML/CFT framework, establishing compliance obligations, risk-based due diligence, and regulatory oversight.

All regulated entities (financial institutions, DNFBPs) must conduct CDD/KYC (verifying customer identity, beneficial ownership, risk classification, source of funds), monitor transactions, and report suspicious activity to the UAE FIU. They must also implement sanctions screening programs aligned with UN, UAE, and FATF sanctions lists. The 2024-2027 National Strategy aims to strengthen risk-based supervision, enforcement, and international cooperation to support the FATF Mutual Evaluation set for 2025 to 2027.

The UAE’s regulators and their roles:

The Central Bank of the UAE: Oversees financial institutions (banks, exchange houses, money service providers, insurance companies).
The UAE FIU: Receives/analyzes suspicious activity reports, conducts risk assessments, provides feedback, disseminates data.
The Securities and Commodities Authority, Dubai Financial Services Authority, and Abu Dhabi Global Market: Regulate capital markets, securities firms, and financial free zones.
The Executive Office for AML/CFT: Coordinates AML policies, strategic planning, and international cooperation.

Other AFC Regulations That Impact Organizations

Major ABC Regulations

Anti-bribery and corruption (ABC) compliance is crucial for AFC, as corruption is a major source of criminal proceeds and a key predicate offense for money laundering. Most jurisdictions criminalize bribery locally, but fewer have comprehensive ABC laws. The US, UK, and France have extraterritorial ABC legislative frameworks.

US Foreign Corrupt Practices Act (FCPA) (1977): Makes it illegal for US persons and certain foreign securities issuers to make payments to foreign government officials for business obtainment/retention. Since 1998, it applies to foreign firms indirectly causing corruption in the US. The Foreign Extortion Prevention Technical Corrections Act (effective July 2024) complements FCPA by criminalizing bribe acceptance by foreign officials. Unlike UK/French laws, FCPA generally exempts facilitation payments to expedite routine official actions.
UK Bribery Act 2010 (2011): Defines five key UK bribery offenses and introduced strict liability for commercial entities engaging in bribery via associated persons, unless sufficient anti-bribery safeguards (proportionate procedures, senior management commitment, risk assessment, due diligence, communication/training, monitoring/review) are demonstrated.
French Sapin II (2016): Mandated anticorruption programs for large companies and public entities meeting specific criteria. Established the French Anticorruption Agency to oversee private/public sector efforts (imposing administrative penalties, referring findings to National Financial Prosecutor). Created deferred prosecution agreements for corruption cases.

Major Sanctions Regimes

The UN Security Council uses sanctions, based on Article 41 of Chapter VII of the UN Charter, to promote international peace and security. Member States are obligated by Article 25 to implement Security Council decisions. After a resolution passes, a UN sanctions committee monitors implementation. The UN maintains the United Nations Security Council Consolidated List of sanctioned persons and entities.

In the EU, sanctions are restrictive measures prepared by the European External Action Service and approved by the Council of the EU. The EU implements all UNSC sanctions, transposing them into EU law via Council Decisions and Council Regulations. EU member states are responsible for enforcing sanctions and adopting national legislation.

The US has a comprehensive sanctions framework, with both executive and legislative branches able to introduce sanctions. Due to the US dollar's global importance, US sanctions have broad impact, presenting compliance concerns worldwide. Congress can impose sanctions directly or delegate broad powers to the president through the International Emergency Economic Powers Act and the Trading with the Enemy Act. OFAC is the main US regulatory authority for administering and enforcing economic and trade sanctions.

The UK’s Foreign, Commonwealth and Development Office sets UK sanctions policy and reports to Parliament. The Office of Financial Sanctions Implementation (OFSI) applies and administers financial sanctions, and grants licenses. The Financial Conduct Authority requires regulated firms to comply with UK financial sanctions to prevent financial crime misuse.

Other Sanctions Regimes

Beyond major sanctions regimes, organizations may need to comply with others depending on their geographical footprint and jurisdictional exposure from customers, suppliers, and third parties.

China: Since 2020, China has an autonomous (non-UN) sanctions framework, adopting the Anti-Foreign Sanctions Law in 2021. The Ministry of Foreign Affairs and Ministry of Economy co-share responsibility for administration and enforcement.
Japan: Enforces autonomous sanctions against North Korea and aligns with G-7 jurisdictions (e.g., sanctions against Russia) for international peace. The Ministry of Finance maintains a list of sanctioned persons and, with the Ministry of Economy, Trade and Industry, licenses prohibited activities.
South Korea: The Financial Services Commission is the principal regulator for economic and financial sanctions, especially terrorist financing, with extensive licensing authority. It has implemented autonomous sanctions against Russia, coordinating with Western allies.
Canada: Implements autonomous sanctions under the Special Economic Measures Act and the Justice for Victims of Corrupt Foreign Officials Act (Sergei Magnitsky Law). The Minister of Foreign Affairs administers/enforces sanctions and may issue permits.
Australia: Implements autonomous sanctions through the Autonomous Sanctions Act and Regulations. The Department of Foreign Affairs and Trade maintains a consolidated list of sanctioned persons/entities.
Singapore: In addition to UN sanctions (via United Nations Act and Monetary Authority of Singapore Act), applies targeted financial sanctions against designated individuals/entities under the Terrorism (Suppression of Financing) Act.

Other Laws and Regulations That Impact Organizations

Data Security and Privacy

Financial institutions have a high duty to care for, and often a legal obligation to ensure, the security and privacy of customer data. Customer data must be securely stored and shared only with authorized parties. Many jurisdictions prohibit using data collected for one purpose (e.g., AML) for another (e.g., marketing). Once its purpose is served, data must be securely destroyed, adhering to retention laws. Organizations must have policies on data categorization, storage duration, and destruction. Many jurisdictions have specific national privacy/data security laws for financial institutions; the EU GDPR is among the strictest for protecting EU citizens' personal data and privacy.

These laws impose challenging requirements on financial institutions collecting data. Data privacy laws may restrict cross-jurisdictional personal data transfers unless conditions are met to ensure equivalent protections. Institutions must meet these conditions to avoid violating laws if a data breach occurs. Collected data is comprehensive and purposeful. Physical data must be protected (e.g., not left on desks). Electronically stored data must adhere to approved databases; many organizations prohibit desktop folders or USB sticks due to loss risk. Data should not be retained indefinitely and must be destroyed per policy.

Digital Operational Resilience Act

Digitalization has increased interconnections and dependencies within the financial sector and with third-party service providers, escalating Information and Communications Technology (ICT) risk as illicit actors exploit ICT infrastructures to attack financial institutions. Recognizing digital resilience's importance, the EU passed the Digital Operational Resilience Act (DORA), effective January 2025, to strengthen the EU financial services sector's cybersecurity. DORA sets requirements in:

ICT Risk Management: Financial institutions must implement a robust control system coordinated by an independent ICT risk control function, responsible for the data operational resilience strategy, including risk tolerance levels. A management body approves this, making arrangements for critical AFC function continuity (secondary processing site).
Incident Reporting: Promptly report significant ICT incidents to designated competent authorities.
Resilience Testing: Yearly vulnerability assessments by financial institutions; threat-led penetration tests every three years by competent authorities. The financial institution using third-party services is primarily responsible for remediating identified vulnerabilities.
Third-Party Risk Management: Financial institutions must conduct ex-ante (preventative) due diligence and ongoing vendor monitoring, prohibiting dealings with vendors having insufficient security standards. To mitigate concentration risk, an exit strategy for critical AFC function vendor services (sanction screening, transaction monitoring) is required. Critical ICT third-party service providers are under EU-level supervision and must establish an EU subsidiary.
Information Sharing: Financial institutions can regularly share threat/vulnerability intelligence to prevent incidents, allowing others to contain impacts and recover faster.

By meeting DORA's enhanced cybersecurity and risk management, financial institutions reduce exploitation of digital vulnerabilities for money laundering.

EU General Data Protection Regulation

The General Data Protection Regulation (GDPR) is an EU law safeguarding the privacy and data protection rights of individuals in its jurisdiction. Unlike directives, GDPR is a legislative act directly and uniformly applicable across all member states without national legislation. It builds on previous EU privacy laws with its legal structure, scope, accountability, and enforcement mechanisms. GDPR applies to the entire EEA (EU member states plus Norway, Iceland, Liechtenstein) through established procedures.

An organization falls under GDPR scope if established in the EU/EEA, or if it offers goods/services to, or monitors behavior of, data subjects in the EU/EEA. If established in the EU/EEA, GDPR applies to personal data of data subjects regardless of location. If not established in EU/EEA, it applies to personal data of data subjects located in EU/EEA. GDPR clearly defines data collectors and processors, with differing duties.

Key GDPR provisions:

Strengthen data protection rights: Individuals (data subjects) have rights (access, correction, deletion, portability, rectification) regarding personal data use.
Implement strict cross-border transfer requirements: Data transfer mechanisms needed if personal data is transferred outside EU/EEA to a jurisdiction with inadequate data protection deemed by European Commission.
Increase accountability of in-scope organizations: Required to notify supervisory authority of breaches without undue delay, appoint a data protection officer (if applicable), create/maintain Data Protection Impact Assessments.
Introduce a two-tier fining system: Based on infringement types (less serious for controllers/processors, certification/monitoring bodies; more serious for privacy/right-to-be-forgotten principles).
Modernize privacy approach: Technology-neutral, applying to personal data processing regardless of technology.
Provide lawful reasons for obtaining/processing personal data: Organizations must inform data subjects of one or more lawful reasons (consent, contractual obligation, legal obligation, public interest, vital interests, legitimate interests).

The GDPR and the Balance Between Privacy and Transparency

GDPR applies to all data processing activities, including when an organization processes personal data for AML compliance. AML obligations require organizations to obtain and process personal data for KYC tasks, such as gathering Ultimate Beneficial Ownership (UBO) information and customer identification (name, date of birth for directors). GDPR applies to all organizations using personal data that are established in the EU or fall within its extraterritorial scope; therefore, organizations must adhere to both AML obligations and GDPR.

GDPR obliges organizations to provide data subjects with rights regarding their personal data, including access, deletion, and the right to information (transparency). Organizations must inform data subjects why and how their personal data will be used. Articles 75 and 76 of Regulation (EU) ext{2024/1624} also reference these requirements, stating permissible instances for sharing/processing personal information for AML compliance.

For lawful processing, organizations need at least one lawful reason. GDPR lists lawful grounds for standard personal data (ID, proof of address) and provides exemptions for special/sensitive data (race, ethnicity, political beliefs from KYC, criminal convictions). AML regulation permits using these forms of personal data provided appropriate transparency measures are applied. Data subject rights are not absolute; the offense of "tipping off" under AML law impacts how much information an organization can share about its processing activities with a data subject.

Consumer Protection and Inclusive Banking

Consumer protection regulations safeguard private individuals from deceptive, unfair, or harmful marketplace practices, providing dispute resolution and redress mechanisms. Addressing consumer risks is key to promoting trust and stability in financial markets. While global regulatory approaches vary, they typically establish frameworks ensuring fairness, transparency, and accountability (e.g., US Consumer Financial Protection Act, UK Consumer Rights Act 2015, EU Directives like Consumer Credit, Mortgage Credit, Payment Service, Markets in Financial Instruments, and Markets in Crypto Assets Regulation).

AFC compliance initiatives indirectly enhance consumer protection by combating laundering of proceeds from consumer-targeting offenses (fraud, ransomware). Compliance also strengthens consumer confidence in the financial system's security and integrity. Inclusive banking is part of consumer protection, ensuring all individuals, especially the disadvantaged, have access to affordable financial services (savings, loans, insurance, payment systems, fraud protection). It empowers economically, reduces poverty, supports entrepreneurship, and improves economic opportunities overall. It also counters de-risking, where financial institutions terminate/restrict services to avoid risk, leading to financial exclusion. FATF initiatives promote financial inclusion by preventing overreach of CDD standards.

Governments and financial authorities promote inclusive banking via policies (e.g., US federal/state fairness laws, UK FCA's oversight); these ensure accessible/affordable services.

AI Regulations

AI regulations have emerged due to the rapid adoption and advancement of AI across industries, coupled with concerns regarding its transparency, accountability, privacy, and safety. FATF's 2021 report, Opportunities and Challenges of New Technologies for AML/CFT, noted technology's potential to improve customer experience but cautioned against unconsidered risks. Regulators identify risks in unregulated AI, such as biased decision-making, data misuse, and fundamental rights violations. AI regulations typically emphasize transparency (requiring disclosure of AI use), and accountability (governance frameworks, oversight). Some adopt a risk-based approach, categorizing AI systems by potential risks and imposing stricter obligations for higher risks. The Financial Stability Board calls for AI regulation harmonization.

In 2025, the US issued Executive Order ext{14179}, Removing Barriers to American Leadership in Artificial Intelligence, promoting innovation over regulation. The EU AI Act, part of the EU's digital strategy, targets AI development/deployment, categorizing models by risk levels and imposing corresponding requirements. It emphasizes human oversight, transparency, nondiscrimination, and accountability, applying to AI systems in service in the EU regardless of provider location. The UK opts for a principles-based AI approach, with a 2023 white paper outlining general principles flexible for specific sectors. Other jurisdictions vary: China has AI regulations aligned with its national plan (e.g., deep synthesis provisions for "deepfake" content), Hong Kong uses sector-specific guidelines focusing on ethical/privacy concerns (HKMA's 2024 Ethical Artificial Intelligence Framework for banks), Japan relies on existing laws and governance guidelines (AI Strategy 2022 emphasizing safe, human-centric innovation; 2025 interim report emphasized business governance over government), and Singapore focuses on a trusted, inclusive AI ecosystem (National AI Strategy 2.0).

ESG Regulations

Environmental, Social, and Governance (ESG) is a framework guiding business practices toward sustainable development. "Environmental" covers planetary impact (carbon emissions, resource use, waste, climate initiatives). "Social" refers to stakeholder relations (employees, customers, communities, labor practices, diversity, human rights). "Governance" addresses leadership, board composition, transparency, ethical practices, and legal compliance. The UN has initiatives to advance ESG, such as the Sustainable Development Goals (17 objectives for poverty, inequality, environment, peace, prosperity), adopted by all Member States, and influencing many organizations. Other UN initiatives: Guiding Principles on Business and Human Rights, Environment Program Finance Initiative, Global Compact.

ESG regulations vary but trends include increased mandatory disclosure, accountability, and transparency. ESG intersects with AML/CFT:

Environmental Crime: Noncompliance with anti-pollution rules for economic gain, illegal mining, often involving bribery/corruption.
Social Impact: Forced labor, corruption for business objectives.
Governance and Compliance: Governance failures leading to financial crime within organizations (demonstrated by regulatory enforcement).

ESG and AML/CFT regulations are converging. Strong governance frameworks under ESG prevent corruption, fraud, and illicit financial activity. ESG's social responsibility emphasis helps identify human rights threats linked to financial crimes (e.g., money laundering from human trafficking/modern slavery). Integrating ESG into AML/CFT compliance enhances risk identification/mitigation. Both ESG and AML/CFT frameworks rely on a risk-based approach for effective compliance. ESG requires identifying/assessing/managing risks (environmental impact, social responsibility, governance integrity), prioritizing resources on high-risk areas (high carbon emissions, human rights violations). AML/CFT requires assessing/managing ML/TF risks, prioritizing resources on high-risk clients, jurisdictions, and services. Both require ongoing due diligence, monitoring, and responsiveness to emerging risks.

Use of Guidance and AFC Cooperation

Introduction

This module examines reports and documents from public authorities, focusing on how financial institutions can integrate this information into their AFC programs, particularly the central role of government-produced risk assessments. Guidance from public authorities is crucial for communicating priorities and ensuring uniform approaches to financial crime threats, aiding professionals in their duties. The module also covers AFC cooperation: between public authorities (regulators, national FIUs, law enforcement), innovative public-private partnerships, and private sector collaboration to address financial crime.

Case Example: Using Typology Reports to Enhance AML Controls

Law enforcement in Isabella's jurisdiction observed a rise in money laundering via cryptoassets and banking, suspecting money mule recruitment. A working group (FIU, regulator, bank, virtual assets sectors) was formed to improve intelligence and private sector controls. Isabella's organization joined. The group issued a typology report detailing how students open VASP accounts and move crime proceeds via local bank accounts. The group asked participants to review data for alignment.

Isabella found many student accounts and, with the data team, used strategy to segment and identify unusually behaving accounts, also noting VASP/cryptoasset mentions in payment references/customer communication. She reported findings to senior management, filed SARs (notifying the FIU about the public-private partnership context), and confirmed the typology's soundness to the working group. Isabella presented findings and recommendations (KYC/client risk profile changes, transaction monitoring adjustments) to a senior internal committee to better protect the organization. Key takeaways: Using authority reports/guidance requires a structured approach to understanding expectations, applying reports efficiently, and using knowledge to meet AML/CFT requirements.

Using the Reports and Guidance from Different Authorities

Using AFC Reports, Guidance Notes, and Policy Papers

National and international authorities produce three main types of documents useful for managing and improving an AFC program: AFC reports, official guidance notes, and policy papers. AFC reports explain the operation of the AFC regime or its parts. For example, national FIUs often publish annual reports with statistics, case studies on reporting levels/nature from different sectors, and threat/risk reports. Typologies, describing financial crime instances, are produced by national FIUs, law enforcement, and other government agencies. Red flag/indicator documents explain what to look for in detecting financial crime. Some governments, national FIUs, and law enforcement also produce strategic intelligence/analysis reports, taking a broad view of financial crime types or trends from multiple sources to understand threats.

Using Reports, Guidance Notes, and Policy Papers in Your AML/CFT Controls

Reports, guidance notes, and policy papers can improve AML/CFT controls through a structured assessment process. Organizations should:

Review the document: Identify information relevant to the business's sector, products, geography, customer base, and delivery channels, disregarding irrelevant content.
Assess existing controls: Determine if appropriate controls already exist for relevant areas.
Conduct further analysis for gaps: For missing controls, analyze the impact of introducing changes (distinguishing simple vs. substantial changes requiring resources, potentially impacting customer experience or costs).
Consult stakeholders and obtain approval: Before making changes, consult all relevant stakeholders and secure approval (e.g., from the MLRO). Develop a communication plan and training if scope/impact warrant it.
Document changes: Record that external information led to control, policy, or procedure changes (e.g., in a change log) to demonstrate compliance. Adjust the Enterprise-Wide Risk Assessment (EWRA) to reflect new risks, referring to the source document and showing mitigation measures.

For example, if a report identifies a product as high-risk that your organization offers, the EWRA should reflect this, referencing the source and detailing applied controls. Key takeaways: Proactively review red flags and indicators in reports, guidance, and policy papers; review them against existing controls; and plan/communicate implementation of changes.

Case Example: Terrorist Financing Red Flags

A regulator issues a report detailing new terrorist group financing methods, including red flags. The MLRO considers how to integrate these into the bank's AML/CFT controls. Although not legally required to implement the guidance, the regulator expects consideration. The MLRO reviews existing controls and processes for impact and identifies gaps. One red flag concerns import/export companies connected to certain jurisdictions. The bank, with many such clients, has EDD procedures for extra scrutiny and annual reviews. Clients trading with higher-risk jurisdictions provide additional documentation. However, the new red flag includes an additional jurisdiction not on the bank's list.

The MLRO consults risk management and other stakeholders on changes to the risk profile or operations. She informs relevant business areas to update procedures for the new jurisdiction, assesses case generation likelihood, and ensures teams are resourced. No immediate training is needed, but future training will reflect new information. The MLRO commissions a retrospective review of existing clients trading with the jurisdiction to identify past risks and actions. Upon completion, she ensures the change is documented in the financial institution. Key takeaways: Be proactive in reviewing red flags in reports, guidance, and policy papers; review them against existing controls; and plan/communicate implementation of changes.

National, Sectoral, and Thematic Risk Assessments

A national risk assessment (NRA) is a document produced by a jurisdiction to identify ML/TF threats and vulnerabilities, determine risk levels, and develop response strategies. NRAs are comprehensive, drawing on wide data, and often include reviews of high-risk sectors and areas. FATF Recommendation 1 requires jurisdictions to identify, assess, understand, and mitigate ML/TF/proliferation financing risks, using an NRA to consolidate knowledge. FATF encourages NRAs, and EU jurisdictions are legally obliged by the Fourth EU AML Directive. FATF, the World Bank, and the Council of Europe provide methodologies, or jurisdictions develop their own.

NRAs analyze risk across emerging sectors or areas of increasing risk. Jurisdictions can supplement NRAs with sectoral risk assessments (SRAs) or thematic risk assessments. SRAs focus on specific sectors (e.g., gaming), while thematic assessments examine issues like emerging technologies. These are conducted if new risks arise or in response to new regulations. International organizations also provide methodologies for SRAs/thematic assessments. FATF Recommendation 2 requires policies to align with identified risks. Jurisdictions should produce public or confidential action plans to mitigate risks found in NRAs, SRAs, or thematic assessments. Public assessments provide organizations with governmental risk levels and priorities for their sector.

Case Study: SRA on Decentralized Finance

In 2023, the US government published an illicit finance risk assessment on decentralized finance (DeFi) services, which are virtual asset protocols accessible without intermediaries via blockchain. Many jurisdictions have conducted SRAs on virtual assets, where risks can be highly specific. The US Treasury produced the document after its 2022 NRAs found illicit actors misused DeFi services lacking mitigation. The document overviews DeFi's market structure, assesses threats and vulnerabilities, and discloses significant risk areas. It recommends strengthening AML/CFT supervision of virtual assets activities and assessing enhancements to the US AML/CFT regulatory regime for DeFi, aligning with FATF recommendations for policy response to articulated risk. When published, SRAs inform organizations about government risk views and response plans. Key takeaways: SRAs describe/assess AML/CFT risks of specific sectors in detail, complement NRAs, and provide organizations with government risk views and response plans.

Cooperation Between Authorities

Roles of Regulators, Law Enforcement, and FIUs

A regulator sets detailed rules, ensures compliance, and confirms the effectiveness of private sector preventive controls. They authorize regulated businesses via licenses/registrations, then conduct risk-based supervision, using tools like fines and enforcement actions for noncompliance. Law enforcement investigates to bring money launderers to justice, seize assets, and disrupt operations, working with prosecution authorities (whose relationship varies by jurisdiction). Asset recovery is a crucial part of AML/CFT systems, ensuring crime doesn't pay. Law enforcement agencies have varying scopes of authority (local vs. national/federal) and may have other responsibilities (e.g., tax authorities investigating tax crime and setting tax policy). National FIUs receive, analyze, and disseminate financial intelligence, producing strategic analysis (trends, typologies, threats) and operational analysis (for law enforcement investigations into money laundering, terrorist financing, and predicate offenses, leading to disruptions and asset recovery). FIUs disseminate intelligence packages to law enforcement, which may be refined or urgent (e.g., terrorism finance). FIUs obtain SARs and other information from reporting entities and domestic/international counterparts (under FATF standards and Egmont Group principles), incorporating this data into cross-border ML operational analysis for law enforcement. FIU-disseminated material is often for intelligence use only, typically not direct court evidence.

In some cases, the same organization can be both a regulator and an FIU, and FIUs can be part of law enforcement agencies. The main point is active cooperation and information sharing among these agencies, and with international counterparts, for cross-border money laundering and terrorist financing. Information sharing channels vary for intelligence, evidence, or regulatory information.

Case Study: J5-US Law Enforcement Collaboration

International cooperation among public sector authorities is vital for fighting transnational financial crime. Law enforcement, regulators, and national FIUs form strategic partnerships and cooperate at the case level. The Joint Chiefs of Global Tax Enforcement (J5), comprising tax authorities from Australia, Canada, the Netherlands, the UK, and the US, is a strategic partnership recognizing the transnational nature of tax crime and money laundering. The J5 investigates those enabling and benefiting from transnational tax crime and money laundering, and collaborates to reduce threats from cryptocurrencies and cybercrime.

The J5 has been instrumental in cases like defeating an international boiler-room scheme where a US citizen, operating overseas, conspired to defraud investors of nearly US2 million through fake securities pitches. The criminals used high-pressure tactics, emotional manipulation, and sham shell companies with US bank accounts (in New York, Hong Kong, Singapore) to receive and launder victims' payments (savings, loans, mortgages). The US citizen was sentenced to 10 years and ordered to pay US700,474.97 in restitution. The judge praised US agencies and J5 partnership for disrupting this serious criminal group. Key takeaways: International public sector cooperation is vital because financial crime operates across borders, enabling authorities to collaborate, share intelligence, and enforce law, leading to disruption of serious criminal groups. International bodies like Eurojust and Europol play a key coordinating role.

Cooperation Between Regulatory Authorities

When an organization offers a range of regulated products or operates internationally, multiple regulators often supervise it. This necessitates coordination among regulators during examinations and other activities. Regulators clarify their scope of authority to avoid overlap, and coordinate at a policy level to prevent compliance gaps. They compare risk assessments and risk-based approaches to ensure integrated supervision and share information.

Coordinating scheduled work allows for complementary scheduling among regulators. Joint examinations may be considered for warranted areas to reduce organizational impact. If an examination identifies issues, the regulator informs relevant counterparts. Joint actions, resulting in combined enforcement, can occur. Regulators cooperate domestically and internationally. For financial institutions with international footprints, problems in one jurisdiction may prompt scrutiny from regulators elsewhere. In Europe, AML/CFT colleges are permanent structures enhancing cooperation among regulators overseeing cross-border institutions. The EU's new AML Authority will coordinate supervision among EU regulators and directly supervise the most high-risk entities.

Law Enforcement and FIU AFC Cooperation

FATF requires jurisdictions to have FIUs that receive, analyze, and disseminate financial intelligence. National FIUs produce strategic analysis (trends and patterns) and operational analysis (focusing on specific targets). Operational analysis provides law enforcement with intelligence for investigations into money laundering, terrorist financing, and predicate offenses, potentially leading to disruptions, arrests, prosecutions, convictions, and asset recovery. National FIUs disseminate intelligence packages to law enforcement based on operational analysis. The level of analysis varies; FIUs may conduct detailed work using multiple sources or disseminate less refined intelligence quickly for urgent issues like terrorism finance. FIUs obtain SARs and other information from reporting entities and diverse domestic sources. They also access other FIUs internationally, expected to disseminate financial intelligence spontaneously or upon request under FATF standards and Egmont Group principles. This data can be incorporated into cross-border money laundering operational analysis and disseminated to law enforcement. Often, FIU material for law enforcement is for intelligence use only, typically not direct court evidence.

Case Study: Law Enforcement and FIU Cooperation

Collaboration between national Financial Intelligence Units (FIUs) and law enforcement leads to concrete action. For instance, the French FIU, TRACFIN, issued an alert, combined with a complaint from the Directorate General of Public Finance, initiating a large investigation into money laundering. This focused on a group that laundered €200 million and evaded €3 million in income tax. French police led the investigation, with Eurojust (an EU body coordinating transnational crime investigations among EU members and other jurisdictions) coordinating international activity due to the cross-border focus. Eight European countries participated: Denmark, Germany, Estonia, Spain, France, Latvia, Lithuania, and Switzerland, involving coordinated searches and asset seizures within and outside France. Europol, the EU's law enforcement agency, supported the investigation. Europol estimated €3.5 million in seized assets (financial, property, luxury vehicles). In another example, the FBI collaborated with FinCEN, analyzing SARs to investigate an illicit international arms dealer funding WMD proliferation (ballistic missile technology to Iran). Over 40 reports indicated the dealer laundered approximately US8.5 million through New York banks. Investigators identified over 20 front companies and bank accounts, seizing US6.5 million in assets and placing 17 front companies on OFAC/Commerce Department watchlists. The network leader was added to the FBI's most wanted list, and the network ceased operations. Key takeaways: FIU-law enforcement cooperation results in action; combating money laundering requires domestic/international information sharing; and international bodies like Eurojust/Europol are crucial for coordination.

Partnership Requirements and Mutual Legal Assistance Treaties

Due to increasingly global crime, mutual legal assistance is critical for supporting criminal investigations and proceedings between jurisdictions. Mutual legal assistance is a framework of conventions and agreements for obtaining information and evidence that cannot be shared directly between law enforcement agencies. Mutual Legal Assistance Treaties (MLATs) provide a legal basis for transmitting evidence for prosecution and judicial proceedings, often supplemented by Memoranda of Understanding (MOUs) to streamline procedures for joint investigations. In the absence of an MLAT, requests are made via formal international letters of request (commissions rogatoires in civil law, letters rogatory elsewhere) managed centrally by specific government departments.

Mutual legal assistance can obtain evidence for freezing or confiscating crime proceeds hidden overseas. Assistance may be denied for political/security reasons or if the offense isn't equally punishable in both jurisdictions. MLATs may not cover specific crimes (e.g., US-Caribbean agreements not covering US tax evasion, making them ineffective in tax havens). As a private sector investigator, you may receive information requests from law enforcement without knowing if it's for a local or international investigation, as content isn't disclosed outside government departments without requesting jurisdiction's authority.

The European Investigation Order (EIO) is an EU measure facilitating mutual legal assistance among participating member states, based on mutual recognition (executing authority must recognize/execute the request). Post-Brexit, the UK no longer accepts EIOs.

Cooperation Involving the Private Sector

Public-Private Partnership

Organizations recognize that greater collaboration between public and private sectors enhances the fight against financial crime. The AML/CFT system mandates interactions through SARs, court orders, and supervisory activity, but deeper collaboration is more effective. Many jurisdictions developed Public-Private Partnerships (PPPs) for information sharing (public-to-private and private-to-public), and sometimes to shape policy and strategy. PPP models vary based on jurisdictional appetite and legal framework. Successful PPPs have clear purpose, effective governance, and well-developed communication channels. Operational components include working groups, joint analysis teams, and training/capacity building. Inhibitors to PPP success include lack of commitment/resources, unclear aims, restrictive laws, and absence of communication channels. To counter these, jurisdictions should establish clear terms of reference, secure buy-in, and develop MOUs, policies, and procedures. Legal frameworks for information sharing address privacy and regulatory concerns, using secure communication for engagement. PPP participation is generally voluntary and beneficial for risk identification and shared priorities, but it doesn't replace mandated compliance obligations.

Case Study: AUSTRAC Fintel Alliance Investigation

AUSTRAC, the Australian FIU and AML regulator, established the Fintel Alliance in 2017 as a public-private partnership. Its goals are to enhance the financial sector's resilience to criminal exploitation and support law enforcement investigations. The Fintel Alliance comprises major banks, remittance service providers, gambling operators, and law enforcement/security agencies from Australia and overseas. They collaborate to develop shared intelligence and innovative solutions to detect, disrupt, and prevent serious crime and national security matters.

In 2024, the Fintel Alliance supported a complex Australian Federal Police (AFP) investigation into seven members of an alleged money laundering syndicate. The syndicate operated a prominent, multi-billion-dollar registered remittance business that allegedly offered a system for organized criminals to covertly transfer crime proceeds across borders. The AFP accused syndicate members of coaching criminals to create fake business paperwork, laundering at least AU229 million in three years. The Fintel Alliance and private industry partners provided collaborative financial analysis, tracking transactions across international borders and digital environments to identify suspicious activity, enabling the AFP to dismantle the transnational syndicate's financial structures. The AFP filed charges and obtained restraint orders over significant assets. AUSTRAC took regulatory action against one digital currency exchange and six remittance businesses linked to the charged individuals. This case highlights the combined strength of AUSTRAC's financial intelligence, regulatory authority, and strategic partnership with law enforcement. Key takeaways: PPPs enable public-private sector collaboration in fighting financial crime and provide intelligence/analysis leading to disruption.

Private Sector Collaboration

Money launderers and terrorists avoid detection by spreading activities across multiple financial institutions, bypassing individual alerts. Private sector collaboration is crucial to spot patterns evident only across institutions. Organizations collaborate via industry bodies (trade associations) or bespoke AML entities, producing guidance (e.g., Wolfsberg Group frameworks, Joint Money Laundering Steering Group guidance) or sharing best practices (e.g., for SARs). Many groups involve public sector bodies or collaborate closely with them, sharing typologies and risk information. Information sharing is a vital form of private-to-private collaboration, enabled by legislation in some jurisdictions (e.g., USA PATRIOT Act Section 314b, UK Economic Crime and Corporate Transparency Act 2023), providing safe harbor from liability. This sharing leads to better quality SARs and prevents exited customers from re-opening accounts elsewhere (e.g., Singapore's COSMIC platform). In the EU, Article 75 of Regulation (EU) ext{2024/1624} permits cross-border information sharing with national supervisor approval. Organizations joining these arrangements must consider local data protection laws and confidentiality, provide resources, and develop policies; national supervisor approval requires a Data Protection Impact Assessment. The significant benefits of appropriate private-to-private information sharing considerably enhance an AML/CFT program. Compliance officers can engage in informal collaboration, sharing perspectives with peers to benchmark controls and adopt best practices, always adhering to data privacy and confidentiality rules.

Private Sector Information Sharing

Private sector information sharing provides organizations with crucial data, enabling them to identify and mitigate risks they wouldn't otherwise detect. For example, if Bank A offboards a customer for suspected money laundering, information sharing prevents that customer from easily opening an account with Bank B to continue illicit activities. This prevents various typologies and significantly enhances the prevention and detection of money laundering and terrorist financing. Various methods of private sector information sharing exist, often developed through public-private partnerships.

USA PATRIOT Act Section 314b is an early example, allowing financial institutions to share customer or transactional information for AML/CFT compliance, offering safe harbor liability protection. US organizations widely use 314b to identify ML/TF and inform account decisions. In the UK, the Economic Crime and Corporate Transparency Act 2023$$ provides legal means for two regulated organizations to share information, exempting disclosures from civil liability and confidentiality obligations. Other global examples include Singapore’s COSMIC, a secure digital platform for financial institutions to share customer information if