AML best practices for financial institutions

What is Anti Money Laundering?

Illegal arms sales, smuggling, and organised crime such as drug trafficking, people trafficking and prostitution rings, can generate huge amounts of money, as can ‘white collar crimes’ including insider trading, bribery and fraud.

Those involved in these types of activities need to be able to ‘legitimise’ their ill-gotten gains so that they can benefit from the money they are earning. Money laundering is the process of ‘cleaning’ that cash, i.e., integrating it into the financial system so that it appears to have been earned legitimately. 

It is difficult to know exact figures, but it is estimated that at least £88billion of dirty money is laundered through the UK every year.

Why should banks and financial institutions be concerned about money laundering?

To launder their money, criminals need to use legitimate businesses – these include law, property, gaming and gambling firms as well as insurance and investment companies – basically any business that deals with client money. But one of the most common targets for money launderers is banks and financial institutions. 

Money launderers use a wide array of tactics to clean their cash via banks and financial institutions – from setting up shell companies from which to transfer funds into UK banks, to getting ‘mules’ to deposit dirty cash in low volumes, which then is moved around the world – through the banking system.

Due to the vulnerability of the banking sector – and its critical importance to the stability, security and prosperity of the entire economy - the financial services industry is one of the most highly regulated sectors in the UK in terms of anti-money laundering (AML) rules.

What are the AML rules for banks and financial institutions in the UK?

The primary AML legislation in the UK is The Proceeds of Crime Act (POCA) which came into force on 1 January 2003. POCA defines the offences that constitute money laundering and sets out the AML controls that banks and other financial institutions must have in place and the reporting requirements that they must comply with.
 
Banks and financial institutions must also comply with the Money Laundering, Terrorist Financing and Transfer of Funds Regulations (MLR). The MLR is being updated regularly, and the latest update (2017) sets out the additional responsibilities of businesses that are at high risk of money laundering, which includes the banking sector and requires regulated businesses to take a riskbased approach to AML.

In 2020, the UK Government further tightened AML controls to incorporate international standards set by the Financial Action Task Force (FATF) and to transpose the EU’s 5th Money Laundering Directive.

What are the AML requirements for banks and financial institutions?

For banks and financial institutions, there are certain day to day responsibilities that must be met in order to meet AML requirements. These include carrying out customer due diligence and risk assessing the business. Customer due diligence means taking steps to identify and verify customers to ensure, firstly that they are who they say they are, and secondly, to ensure it is safe to enter into a business relationship with them. This process should involve the following:

•    Identification and verification - This will require getting the person to provide photo ID and then checking that the ID is legitimate, and that the person providing the ID and the ID match. This involves checking the details against publicly available records, such as credit reference agency data, electoral role data etc. 

•    Ultimate Beneficial Owner checks – Banks and financial institutions need to have the capacity to run checks like this if their customer is acting on behalf of another person in a particular transaction, or if they are going into business with a company, partnership or trust and need to establish the ownership structure of that entity. This is particularly important as ‘shell companies’ are often used by money launderers as a way of hiding their identity, so identifying the true beneficial owner is vital.

•    Screening for sanctions and PEP - Once the individual has been identified and verified, banks and financial institutions will need to run checks to ensure they are not subject to any sanctions, or pose a risk for any other reason – for example, they are a Politically Exposed Person (PEP). 

•    Enhanced due diligence - If the screening process identifies a potential risk, enhanced due diligence needs to be run, firstly, to ascertain if the match was a false positive or not. If it was a true match, a more advanced check needs to be carried out to establish the level of risk associated with that potential customer.

•    Transaction / Source Of Funds checks - Banks and financial institutions also need to run checks on the individual’s banking activity to establish the source of any funds they are using, and identify any suspicious activity.

•    Suspicious Activity Reporting - If the due diligence process identifies anything suspicious, it must be reported to the relevant authorities.

•    Ongoing monitoring - A key part of customer due diligence is that it is an ongoing process. Once the initial checks are done, this is not the end of the AML responsibility as far as banks and financial institutions are concerned. There must also be a monitoring process in place whereby all customers can be checked regularly for any changes to their risk level. A good example of this is the recent sanctions imposed on Russia – many of those subject to the new sanctions would have passed their initial onboarding checks, but would not pass now were they to be checked again. Therefore, financial institutions must have the means to recheck their customer database for any changes to their clients’ status.

Who regulates AML for banks and financial institutions in the UK?

There are different AML regulators for different sectors – for example, the property sector is regulated by HMRC – but for banks and financial institutions, the Financial Conduct Authority is the AML regulator. All banks and financial institutions must register with the FCA and ensure they meet the FCA’s AML guidelines which are regularly updated to ensure they stay ahead of the criminals, and can be found here https://www.fca.org.uk/firms/financial-crime/ money-laundering-regulations. Recent amendments include rules around e-money and crypto activity. 

Who regulates AML for banks and financial institutions in the UK?

There are different AML regulators for different sectors – for example, the property sector is regulated by HMRC – but for banks and financial institutions, the Financial Conduct Authority is the AML regulator. All banks and financial institutions must register with the FCA and ensure they meet the FCA’s AML guidelines which are regularly updated to ensure they stay ahead of the criminals, and can be found here https://www.fca.org.uk/firms/financial-crime/ money-laundering-regulations. Recent amendments include rules around e-money and crypto activity. 

What are the consequences for not complying with AML rules?

As the AML regulator for banks and financial institutions, the FCA has a responsibility to protect consumers and the market and has repeatedly stepped in and penalised firms for poor management of their AML systems. A recent list of fines by the FCA against banks and financial institutions that have failed to comply with AML rules can be found here https://www.fca.org.uk/ news/news-stories/2023-fines.

How can banks and financial institutions meet their AML requirements?

Many banks and financial institutions still rely on manual AML checks, which means using physical documents such as driving licences, passports, and photographic ID cards to check someone’s ID. 

Unfortunately, as well as being hugely time consuming and expensive due to the administration involved, manual checks are also open to human error. Furthermore, fraudulent ID documents are now so sophisticated that even when businesses have proper procedures in place, if their checks are still predominantly manual, they would quite likely be unable to spot a fake.

The quickest, most efficient and most reliable way to run AML checks is electronically. SmartSearch’s unique platform can run an electronic AML check with identification and verification, PEP and sanction screening, enhanced due diligence and monitoring, within a matter of seconds – all from one place.

A SmartSearch is completed using the innovative online SmartSearch platform, which is the only Know Your Customer (KYC) solution that also provides full sanction and Politically Exposed Person (PEP) screening and ongoing monitoring as well as Source of Funds checks. This means clients need only use one piece of technology for all their AML compliance needs.

How can SmartSearch help?

•    Identification, verification and automatic screening

SmartSearch is a triple bureau platform – this means it uses global data from Experian, TransUnion and Equifax – the three largest credit reference bureaus in the world – and the Dow Jones Global Watchlist, which has access to more than 1,100 PEPs and Sanctions lists and is updated daily. 

Using the data provided by the customer and cross-referencing with these global data partners, SmartSearch is able to identify, verify and screen an individual or business in a matter of seconds. 

•    Enhanced due diligence

If SmartSearch finds a match, enhanced due diligence is triggered automatically. This will comprise of running extensive checks, including building up a comprehensive adverse media profile, on any SIPs (Special Interest Persons with links to financial crimes), anyone named on sanctions lists, as well as any PEPs or RCAs (Relatives and Close Associates of PEPs).

•    Source of Funds Checks

SmartSearch recently launched its new Source of Funds (SOF) service. This innovative technology uses open banking to determine the source of the funds the potential customers is using/planning on using. The SOF service can access an individual’s bank statements to gather key financial evidence in less than a minute, enabling banks and financial institutions to ascertain where their customers’ funds are coming from and identity anything suspicious.

•    Automatic record keeping and ongoing monitoring

As well as completing all the required checks, the SmartSearch platform automatically saves the results of every check on a central system, accessible at any time, to ensure watertight record-keeping and an always ‘audit ready’ clean and compliant position. The entire system is then monitored every night against Global Watchlists, meaning that any changes to any customers’ status or public position will be identified – an absolutely vital service following the additional sanctions against Russia – sending an alert if any identified changes impact the AML risk.

Why should banks and financial institutions use SmartSearch over other electronic AML providers?

There are many electronic solutions on the market that perform identification and verification checks, there are also a number of platforms that are able to screen for sanctions and PEPs, while other firms have programmes set up to monitor customer databases.

However, there is only one check that does all these things in one easy step, and that is SmartSearch. 

Furthermore, because the SmartSearch platform is constantly being updated and developed, with new features added regularly to ensure it meets with AML regulations, any client that uses SmartSearch for its AML compliance will never have to upgrade. 

This year - driven by the latest technology and customer feedback  -  SmartSearch launched its next generation platform which offers a number of key enhancements to set it apart from its competitors and offer banks and financial institutions the ‘gold standard’ in AML and KYC.

These include:

•    Multi bureau data – the upgrade saw the addition of a third data partner to offer triple bureau accuracy and the highest match and pass rate (97%) on the market. 
•    Perpetual KYC (pKYC) – the new platform not only runs initial identification and verification but also automatically re-runs client searches, delivering instant access to the latest search outcomes and audit trails. 
•    User Management - by having all compliance checks on one platform – and integrating this with clients’ existing systems - users can manage everything from one place.
•    Configurability - SmartSearch’s solutions can now be fully tailored to each businesses’ unique needs. 
•    Automation - the new enhanced platform offers the ability to create bespoke, fully automated workflows that are able to assign, notify and create applications based on rules. 
•    API functionality – as a result of the platform upgrade, all SmartSearch services are now available through RESTful APIs, meaning clients can be integrated quickly and efficiently. 
Other recent innovations that demonstrate why SmartSearch is one of the most advanced and trusted AML companies in the UK include:
•    Triple Check - an advanced verification check that uses the latest selfievideo technology and biometrics to ensure accuracy.
•    Batch upload – a unique service that enables businesses with compliance gaps to retrospectively perform full AML and screening on their entire customer database to ensure a clean compliant position.
•    International Business reports – an innovative service that can create comprehensive reports - including UBO information - on businesses in more than 200 countries worldwide.
•    Ultimate Beneficial Owner Checks – the ability to quickly and accurately identify UBOs, returning results on individual UBOs, Director UBOs and any additional entities in one search. 
 
SmartSearch’s track record in pioneering new and improved solutions and functionality – meaning it is never out of date - is why it is one of the most trusted AML solutions in the UK.