The ABCs of AML: A beginners guide to anti money laundering compliance

What is money laundering?

Serious organised crime, such as illegal arms sales, drug smuggling, people trafficking and prostitution rings, generate huge profits, as do white collar crimes such as insider trading, bribery and fraud. Those who are behind these illegal activities need to legitimise their profits so that they can use the money they are making. This process is of critical importance, as it enables criminals to enjoy their profits without jeopardizing their illegal source. The process of ‘cleaning’ dirty money, i.e. integrating it into the global economy so that it looks like it has been earned through legitimate means – is known as ‘money laundering’.

What are the three ways that money is laundered?

The money laundering process typically has three stages before the laundered
funds can be released into the legal financial system; placement, layering and
integration.

1. Placement

This is the process by which the illegal funds are removed from being directly
associated with the original crime. This is usually achieved by depositing the
dirty cash into a legitimate financial system.

Examples of placement – the placement stage typically involves the use of offshore accounts, false invoices, smurfing (breaking large sums into smaller amounts and making lots of different transactions) and blending (mixing criminal money with legitimate profits)- generally via cash based businesses like barbers, nail salons and, more traditionally, laundrettes – hence the term money laundering.

2. Layering

Layering is the process by which the ‘trail’ of the funds is hidden to disguise the original source. This stage can involve lots of different people and businesses to create a complex series of transactions to try and obscure the audit trail.

Examples of layering – the layering stage can be incredibly complex, and include moving money between countries, between banks and financial institutions, investing in property – this is a huge problem in the UK – converting into different financial instruments e.g. money orders, stock, bonds, life insurance, and creating shell companies. Creating shell companies is one of the most common techniques, as the owners of shell companies can remain anonymous making it easier to hide where the cash is coming from and who is benefiting from it.

3. Integration

This is where the illegitimate profits are fully integrated into the legal financial system. Also known as extraction, this stage enables the criminal to ‘extract’ the money from what would appear to be a legitimate source. Examples of integration – there are lots of different integration techniques, but some of the most common are through property deals, investment into high value items such as cars and art, and investments into legitimate financial products, such as pensions. In reality, each case may not include all three stages and sometimes, the stages are combined or repeated a number of times. There is no hard and fast rule, and this is what makes money laundering so difficult to identify.

What are the two types of money laundering scheme?

There are two main types of money laundering scheme - circular and linear. Circular schemes see the illegally earned – and cleaned – cash ending back with the person, people or organisation that generated it in the first place. This is the most common type of money laundering.

The second type is linear – this is where the money is generated in one place/by one person, group or organisation, but the laundered profits benefit someone or something else. The most common example of a linear scheme is where the cleaned cash is used to fund terrorism.

How big is the money laundering problem?

Money laundering in the UK – and across the world - is on the rise. It is difficult to put an exact figure on the amount of cash that is laundered every year, but the National Crime Agency estimates that around £100 billion is laundered through the UK annually, while according to the United Nations, the amount of money laundered globally each year could be as high as 5% of global GDP - $2 trillion in current US dollars.

Over the past few years, key global events, such as the pandemic and Geopolitical conflicts, as well as the emergence of a number of key financial and technical trends have created circumstances that financial criminals have taken advantage of. These include:

The rise of crypto: The crypto market is highly vulnerable to money laundering due to its accessibility and anonymity. Criminals exploit weak regulations to launder money through methods like nested services, high-risk countries, mixers, and fiat exchanges.

AI advances: Money launderers are using advanced technologies, including AI, to develop sophisticated methods for financial crime, such a deep fakes.

Increase in online gaming and gambling: The rise of online gaming and gambling apps has opened new avenues for money laundering. Many platforms fail to implement robust identity verification, leaving them vulnerable to financial crime.

Global conflicts and sanctions: The imposition of extensive sanctions on Russia as a result of its invasion of Ukraine, and Israel and Palestine as a result of the conflict in Gaza, has led to increased money laundering attempts by those individuals and groups who have found themselves financially restricted.

SmartSearch’s own research - EV Uncovered III – SmartSearch’s 3rd report into AML in the UK also shows that money laundering is on the rise; four in ten (41%) of the regulated firms survey for the report have seen a rise in money laundering and/or financial crime attempts in the past 12 months while more than a third (36%) have actually been a victim of financial crime in the past six months.

Which UK business sectors are at risk of money laundering?

Criminals need to use legitimate businesses to place, layer and integrate their dirty cash. Any business that deals with client money is at risk, but the key sectors that are exploited by money launderers are banks and financial institutions, legal and property firms.

While some businesses are ‘dirty’ themselves, and actively enable money launderers, the vast majority are clean, and are being exploited. Money launderers use a wide array of tactics to clean their cash through the banking system, from setting up shell companies from which to transfer funds into UK banks, to getting ‘mules’ to deposit dirty cash in low volumes, which then is moved around the world.

They also target estate agents and other property businesses, as buying property - particularly in the UK as properties can be bought by anonymous shell companies – is a popular money laundering technique. Accountants and legal firms are also targets because they offer a wide range of services that enable money laundering, for example conveyancing, trust and company services, the creation and management of corporate structures, accounting and bookkeeping, and being the ‘middle man’ in terms of depositing, transferring and withdrawing funds.

While financial institutions, property, accountancy and legal firms are still arguably the key targets for money laundering, areas such as gaming and gambling, investment and insurance, high value dealers – such as art dealers - and more recently, cryptocurrency, are also at high risk of exploitation due to the nature of their businesses, and the ability for money launderers to use them to hide their identities and the source of their funds.

What is anti-money laundering?

Anti-money laundering – AML - is the term given to the legislation and policy that’s put in place to prevent and deter money laundering. AML rules and regulations differ across the world, however, the Financial Action Task Force (FATF) is global, so the UK adheres to its definition of AML compliance.

In the UK, ‘regulated firms’ - those to whom AML regulations apply - must also follow the guidelines set out by the Financial Conduct Authority (FCA), and the EU’s 5th Anti-Money Laundering Directive (5MLD).

As the UK is no longer a part of the EU, the UK Government opted out of the 6th Money Laundering Directive (6MLD) however, the UK’s domestic AML regulations largely comply with the requirements laid out in 6MLD, and in some instances, supersede them. This is because the 2019 legislation – the Money Laundering and Transfer of Funds Information (Amendment) (EU Exit) Regulations – determines that the UK AML rules should mirror any future directives set out by the EU. Furthermore, any UK firms that operate in the EU must adhere to EU AML regulations.

In the UK, there are three main supervisory authorities for AML; the FCA, HMRC, and the Gambling Commission.

The FCA supervises:
Banks
Financial institutions

This includes a wide range of financial services businesses, including lending, leasing, payment services, foreign exchange and money broking; more information can be found on the FCA website.

Due to the vulnerability of the banking sector – and its critical importance to the stability, security and prosperity of the entire economy – banking and financial services is one of the most highly regulated sectors in the UK.

HMRC supervises:
High value dealers (e.g., art dealers)
Estate agents
Money service businesses that aren’t monitored by the FCA
Telecommunications, digital and IT payment services that aren’t monitored by the FCA
Bill payment service providers that aren’t monitored by the FCA

HMRC also oversees the Solicitors Regulation Authority (SRA), which provides AML supervision for legal firms and the Institute of Chartered Accountants in England and Wales (ICAEW), the AML regulatory authority for accountancy firms.

The Gambling Commission supervises:
Gambling businesses
Gaming businesses

How to be AML Compliant

The Proceeds of Crime Act (POCA) and the Money Laundering, Terrorist Financing and Transfer of Funds Regulations (MLR) are the primary pieces of AML legislation in the UK that form the basis for the UK’s money laundering regulations. The MLR is being updated regularly, and the latest update (2017) sets out the additional responsibilities of businesses that are at high risk of money laundering and requires them to take a ‘risk-based’ approach to AML. Regulated businesses have certain day to day responsibilities as part of their AML requirements. These include conducting Customer Due Diligence and risk assessing the business.

Customer due diligence involves taking measures to identify and verify customers to ensure two things: first, that they are who they claim to be, and second, that it is safe to establish a business relationship with them. This process should include the following steps:

Identification and verification: This step involves obtaining photo ID from the individual and verifying that the ID is legitimate and matches the person presenting it. This process includes checking the details against publicly available records, such as credit reference agency data, electoral roll data, etc.

Ultimate Beneficial Owner (UBO) checks: An ultimate beneficial owner – or UBO – is the party that stands to benefit the most from a business and/or transaction. Money launderers often use anonymous shell companies to conceal their identities and the source of their funds, so it is crucial that regulated businesses are able to identify the UBO to ensure they know exactly who they are dealing with.

Screening for sanctions and PEPs: After identifying and verifying the individual, regulated businesses must ensure that they are not subject to any sanctions or do not pose any other risks, such as being a Politically Exposed Person (PEP).

What is a sanction? Financial sanctions are legal restrictions put in place to limit or ban the provision of certain financial services and/or trading by specific individuals, organisations and even whole countries, who have committed financial crime or misconduct.

What is a Politically Exposed Person (PEP)? A PEP is anyone in a prominent position in public life; and is defined by FATF as “individuals who are or have been entrusted domestically with prominent public functions.” Examples of PEPs include MPs, high ranking military officials, and senior executives in publicly-owned corporations, such as the BBC.

Enhanced due diligence (EDD): If the screening process reveals a potential risk - i.e. the customer is a PEP, has a sanction against them, or are from a high-risk country - enhanced due diligence (EDD) must be conducted to determine, firstly if the match was a false positive, and secondly, if it wasn’t, they level of risk that match poses.

Source of Funds checks: Regulated businesses must review the banking activity of their clients (individual and business) to determine the source of any funds they are using to ensure that the money being used is legitimate and not linked to illegal activities.

Suspicious Activity Reporting: If the due diligence process uncovers anything suspicious, it must be reported to the appropriate authorities. A SAR, or Suspicious Activity Report, is the way in which a regulated firm informs financial authorities of any suspicions they have that a client may be involved – either knowingly or unwittingly - in financial crime.

Ongoing monitoring and hosting: An essential aspect of customer due diligence is that it is a continuous process. Completing the initial checks does not conclude AML responsibilities for regulated firms. A monitoring system must be in place to regularly review all customers for any changes in their risk level, while all data – and results of checks -must be hosted centrally both to inform the monitoring process, and prove to authorities that checks have been completed. A pertinent example of why hosting and monitoring are so important is the extra sanctions imposed on Russia over the past two years. Many individuals subject to these new sanctions might have passed their initial onboarding checks but would not pass now if rechecked. Therefore regulated firms must have the capability to reassess their customer database for any changes in their clients' status.

Red flags: A key part of the AML process is being aware of the ‘Red Flags’ that indicate money laundering could be taking place. FATF names 42 red flags, but the most common ones include: secretive clients, complex ownership structures and the use of shell companies, adverse media coverage, unusual transactions and suspicious source of funds and, as mentioned before, PEPs, RCAs, SIPs, and sanctions. An RCA is a Relative or Close Associate of a PEP and a SIP is a Special Interest Person, which is generally defined as someone who has been involved in - or is involved with - serious organised or financial crime. For more details on red flags read Unlocking AML Red Flags.

How can regulated firms meet their AML obligations?

UK AML controls determine that regulated firms must take a ‘risk-based’ approach to their AML, meaning there are no specific rules on how customer due diligence should be done.

Traditionally, firms have taken a manual approach i.e. checking physical photo ID such as passports and driving licenses, as well as proof of address documents such as bank statements to check a person’s identity, and then using publicly available databases and registers, such as the electoral register and Companies House to validate their ID.

While manual checks used to be the only option, for many years now, electronic verification has been possible, and the techniques for performing checks digitally have improved immeasurably over the past few years, both in terms of efficiency and accuracy.

At the same time, manual checks have become less reliable and more time consuming. For example, there is no single database for checking PEPs and sanctions, so businesses relying on manual processes will have to be prepared to search through thousands of sources, which can take anything from a few hours to a few months.

Furthermore, manual verification checks are open to error; mistakes are made, information is missed, and results are mis-recorded. And, perhaps most significantly, fake identification documents have now become so sophisticated – thanks to advances in AI, and biometric technology – that they can be almost impossible to detect through a manual check.

The risks of manual identification

As we have just determined, manual checks are no longer an accurate way to run an AML programme; they are time consuming, inaccurate, open to error, and almost impossible to use as part of an ongoing monitoring programme. However, a worryingly high number of firms still rely on it.

In fact, according to EV Uncovered III – SmartSearch’s 3rd report into AML in the UK, more than half (52%) of firms still rely on manual verification for either all (40%) or part (12%) of their AML processes while the majority admit they do not always check to see if new customers are on sanctions or PEP lists. As a result, almost two thirds (65%) admit they are worried about committing an AML breach.

And the consequences of getting it wrong are high. For example, the total amount of fines issued by the FCA alone between January and August 2024 was more than £43million, in April 2024, HMRC announced that 250 agents had been fined for non-compliance amounting to more than £1.3million while the Gambling Commission regulatory hands out huge penalties for AML failings, including a £6million fine in January 2024 for an online gaming operator.

The case for digital compliance

So, if manual verification is not reliable enough – what is the answer?

For many years now, it has been widely agreed by AML regulatory bodies, industry bodies and regulated firms that the only way to accurately assess the authenticity of an ID is through a digital check. This is because a digital check can determine – in seconds - not only if the document is real, but also, that it belongs to the person presenting it.

Digital checks are the most accurate, therefore the best way to run an accurate and compliant AML programme is through an automated digital compliance solution. These advanced AML platforms can do everything a regulated firm needs to comply with its legal obligations; identification, verification, screening, enhanced due diligence, source of funds checks, monitoring and hosting.

These sophisticated, digital platforms access data from global reference agencies to identify, verify and screen customers in a matter of seconds using just a few key details - name, date of birth and address. They also have access to global PEP and sanctions watchlists, so can check – again in a matter of seconds – if working with the individual or business puts them at risk.

How SmartSearch can help

SmartSearch offers one of the most sophisticated all-in-one digital compliance platforms on the market.

This unique electronic verification platform can deliver comprehensive AML checks on individual customers with automatic screening and enhanced due diligence, as well as running innovative business checks. These not only verify the business itself, but also determine the UBO and any directors, as well as the corporate structure of the organisation, identifying any ‘red flags’ such as shell companies, suspicious ownership structures or anonymous buyers.

Once the individuals and UBOs are identified, they are then checked using SmartSearch’s market-leading individual check, including screening for sanctions and PEPs and enhanced due diligence where needed.

The SmartSearch platform also includes hosting of all checks and information and ongoing monitoring – powered by the Dow Jones Watch List and run in real-time. This ensures any changes in a client’s status is immediately flagged, while anti-fraud and source of funds checks enable clients to detect any suspicious transactions or discrepancies. SmartSearch recently made a number of enhancements to its platform to make AML even more accurate, with functionality that not only improves efficiency where compliance is concerned but can actually help their businesses run more smoothly and cost-effectively.

The enhanced next generation platform includes:

Triple bureau data – SmartSearch has always been ahead of the curve when it comes to data driven results, and was the first compliance solution to offer dual bureau data when it launched with Experian and Equifax. Now, SmartSearch has added a third data partner – TransUnion – to inform its initial identification and verification checks, meaning it is able to offer the highest match and pass rate on the market – 97%.

Perpetual KYC (pKYC) – ongoing monitoring is an important part of any AML platform, while pKYC takes it a step further. The new platform includes pKYC functionality which means it automatically re-runs client searches and takes live data and information from data partners and watchlists, delivering instant access to the latest search outcomes and audit trails and identifying any red flags immediately.

Improved user management, configurability and automation – this part of the upgrade has been developed purely to help customers improve their own businesses’ efficiency by incorporating AML checks into their database. All users now have the capability to manage the entire customer journey from one place; solutions can be fully tailored, enabling firms to set up bespoke processes and automated workflows. Furthermore, all SmartSearch services are now available through RESTful APIs enabling them to be fully integrated with a client’s existing system within 24 hours.

Why work with SmartSearch?

SmartSearch is a pioneer in AML and compliance and was responsible for the first digital AML platform in the UK back in 2011. Since that first platform, SmartSearch has continually upgraded enhanced and, improved the platform to ensure it is always at the forefront of AML.

Award-winning customer service - with a dedicated Customer Success team that ensures personalized support for every client, SmartSearch offers a level of care typically seen in companies with triple its revenue size, fostering long-term relationships through tailored training, ongoing support, and client event days.

Technological and regulatory innovation - SmartSearch leads the market in AML innovation and continually updates its platform to meet AML regulations, ensuring clients never need to upgrade. The platform’s recent upgrade enhances user management, configurability, and automation, allowing clients to create bespoke workflows and maintain perpetual KYC compliance. All enhancements are provided as standard, keeping the platform at the forefront of compliance technology.

All-in-one solution - SmartSearch stands out as the only provider offering comprehensive identification, verification, and monitoring checks all in one platform, simplifying AML compliance for clients, which can also be integrated with a clients’ existing system. This flexibility allows clients to create a seamless and comprehensive compliance solution tailored to their specific needs.