How to Conduct Effective AML Investigations

January 19, 2022

The yearly amount of money laundered is a staggering number, larger than the annual GDP of Russia, Canada, or Italy.

However, money laundering does not occur in a vacuum: the fact is, these criminals would not succeed at disguising the illegal source of their funds without the criminal use of financial institutions.

That is why Anti-Money Laundering (AML) legislation such as BSA, and regulations such as KYC compliance are strict, and penalties, severe. If a financial services company aids a criminal in their money laundering activities – even unknowingly – the impact on the company can be devastating.

Severe fines and loss of customer confidence are just the beginning.

Having an AML program is table stakes. It needs to be effective to ensure an organization’s compliance. The backbone of a robust AML compliance program is an organization’s process for uncovering and reporting suspicious activity.

Typically, this involves identifying suspicious behavior and conducting an investigation to determine if it is indeed a threat. Once an alert has been raised and an investigation ensues, the alert becomes a case, and the investigation process is known as case management.

In this post, we’ll take a look at what it means to conduct a successful AML investigation as part of an effective case management process.

New call-to-action

What is an AML Investigation?

An AML investigation is the formal analysis of suspicious or red-flag activities to determine if customers or other persons or entities are using the financial institution in question for money laundering purposes.  

Of course, not all suspicious activities end up being money laundering activities, but many organizations feel it best to err on the side of caution rather than be found in non-compliance, which means that the AML system is set up to trigger alerts based on a broad set of transaction monitoring rules.

What Triggers AML Investigations?

Every company's AML compliance program has, or should have, a list of suspicious activities that could trigger an investigation. And often, a move that is harmless by itself may become suspicious when combined with others. For example, cashing a $9,000 check may not raise any eyebrows. But cashing $9,000 checks for fifteen days in a row might be a different story.

Of course, not every company or person listed in the Pandora Papers or Panama Papers was laundering money. But some were. And when it comes to KYC and Ultimate Beneficial Owners, if your customers were one of the 29,000 UBOs listed in the Pandora Papers, odds are your compliance investigator has some work to do.

If your customer starts wiring money to an account in a Financial Action Task Force (FATF) blacklist or greylist country, you might have an issue. Or, if they begin doing business in a country on the top 10 Basel AML Index of most significant money laundering risk, you might want to update their KYC file.

Some other triggers include:

  • Government Investigations
  • Negative SEC reports
  • Internal audits
  • Whistleblower activities or lawsuits
  • Financing due diligence M&A reports
  • Smurfing activities
  • Transaction Monitoring alerts


AML Investigation Process

Once an alert is raised, it is the responsibility of the risk and compliance team to follow up. Here are the five main steps of an AML investigation process to note.

Step One: Determine If the Alert Should Be Investigated

The investigation begins when the triggering event is flagged within the organization’s transaction monitoring software. But full-blown investigations are often costly and time-consuming.  

So the first step is to ask, "Is this investigation necessary?"

At this point, an analyst might do a basic manual review of the flagged account and activities before determining if it warrants further investigation. If it does, the alert becomes a case for investigation by the case manager or the AML investigator.

Step Two: Revisit Your Customer’s Profile

Knowing your customer's identification details and understanding your customer's business practices are two different issues. Both are necessary.

AML programs all have KYC components. Your company has pertinent KYC information already, so what has changed? Is someone else hiding behind a digital profile? Was the original information accurate, and is it still valid? Is there now a question about the Ultimate Beneficial owner (UBO)?

As established by your KYC program, you need to know their true identity, work background, and risk factors. For example, what is their occupation or business, and how do they earn their money? Where have they lived and done business? Do they have associations with known criminals?

Since money laundering is a multi-stage process — placement, layering, and integration of illicit money — it is essential that you know where and from whom your customer is getting money and to whom and where they are sending money.

In their ordinary course of business, how much money do they spend or make? Is it seasonal, geographical, online, and how do they take payments? Do you have relevant information on family members, business associates, vendors, and lenders?

Taking a deeper look into the customer’s background will help to answer questions like these and provide more pertinent information.

Step Three: Establish a Baseline and Eliminate the Normal

You can usually eliminate transactions for those expected behaviors as you uncover your customer's historically normal baseline behavior. For example, case managers can quickly discard regular payments like mortgage, rent, utilities, groceries, and car payments, as these are typical and not outside of the baseline.

Customary business expenses, within historical ranges, like payroll, vendor payments, supplies, IT, and more, are also excluded. It is imperative to establish what uniquely is normal and abnormal for each customer.

Step Four: Check for Behavioral and Activity Changes

Now that the normal transactions have been accounted for, another thing to look out for is any changes to a customer’s standard behavior.

One day they are a great customer, the next day, they are under investigation.

What changed?

This is a high-level review of the customer's business and monetary activity to determine what has changed during the relevant period and why. Are they suddenly donating large sums to overseas charities? As their expected business revenue declines, are they setting up accounts to buy and sell high-priced NFTs?

Are they taking multiple trips to Luxembourg or Cyprus?

Did their business take in a prominent investor from outside the US?

If it appears that the customer’s behavior has drastically shifted, that is a suspicious sign that must be added to the case.


Step Five: Determine if the Activity is a True Threat

After reviewing the triggers, the analysis, investigation notes, and more, the case manager must decide if this activity rises to the level of filing a SAR (Suspicious Activity Report). The thinking and analysis performed by the case manager is the cornerstone of the report.

The report is not just a compilation of facts and documents. If you can establish a predicate crime, any money movement into the banking system is textbook money laundering. If not, your analysis will be on the moving, placing, disguising, and layering of the funds.

Regardless, once a suspicious activity has been observed, you have 30 days for the initial SAR filing with FinCEN, with an additional 90 days for the final filing. If your company detects a violation of the BSA or potential money laundering, filing a report with FinCEN is required.

FinCEN penalties for non-compliance can be severe. As an example, for more than six years, BitMex, a currency derivatives exchange, violated the BSA and "failed to implement and maintain a compliant anti-money laundering program and a customer identification program, and it failed to report certain suspicious activity." In August 2021, they were fined $100 million.

Earlier in January 2021, FinCEN fined Capital One $390 million for "willfully failed to file thousands of suspicious activity reports (SARs), and negligently failed to file thousands of Currency Transaction Reports (CTRs)."

New call-to-action


AML Investigation Challenges

Every business's AML program is unique to them and their specific needs. But all risk and compliance teams face particular common challenges when conducting investigations. Some of those challenges are:

  • Changing Laws and Regulations - AML laws and regulations are already complex, but they are also constantly evolving. For example, as of 2021, the "Corporate Transparency Act" requires institutions to verify customer information against FinCEN's Ultimate Business Owner (UBO) registries. And, the revised BSA now includes crypto assets and other changes. Stricter crypto laws are coming, and new compliance updates are expected in 2022.
  • Smarter Criminals - Money laundering criminals are constantly finding new ways to abuse the system. Criminals may be smart, but your team must be smarter. That is why your risk and compliance team must be armed with the right know-how and tools to get the job done.
  • False Positives - Labor accounts for 60% of most companies' costs as they try to comply with financial crime-related regulations. Ineffective KYC and monitoring processes can lead to a high number of false positives, resulting in unnecessary investigations and skyrocketing labor costs for compliance.
  • The Volume of AML Case Management - Investigations take time, lots of time. Oceans of data, hundreds to thousands of pages and reports to analyze, SAR filings to FinCEN, report filings, and inefficient workflows cost companies time and revenue.


3 Best Practices for Running Effective Investigations

In order to navigate the common challenges facing investigators, here are three best practices to consider.

Best Practice 1: Define Your AML Investigation Process

The AML investigation is your company's formal analysis of a suspected suspicious activity to determine what happened, what remedies need to be enacted, and if a SAR must be filed with FinCEN.

All investigations have a beginning and an end. The process for getting to the conclusion needs to be clearly defined. Determine what records, data, files, parties, relationships, or other pertinent factors you need to review to create a scalable process.

The best way to properly define your program is to know the main threats you're facing. Running a neoank? Learn about the top money laundering typologies you should know about - and be preventing.

Best Practice 2: Use State-of-the-Art AML Case Management Software

Managing AML investigations is complex and impossible to do timely without software. But not all software is created equal.

With the volume of data and documents associated with each case, you need case management software that is user-friendly and flexible to act as your system of record.

Having the ability to file reports automatically and export alerts and cases into the system with ease helps save time and allows team members to focus on analysis rather than administrative tasks.

Best Practice 3: Be Proactive and Ready to Pivot

The best way to reduce AML investigations is to be proactive with vigilant AML practices that prevent money launderers from using your institution as a means to a nefarious end. This includes understanding and accounting for economic changes that might impact “normal” customer behavior.  

For example, COVID-19 has disrupted the behavior of people across the globe, especially as it relates to purchasing decisions and payment processing. As a result, transaction monitoring strategies need to be adjusted to account for this shift and align with risks that are relevant by using more effective parameters.

As changes happen, the focus must be placed on the most relevant existing or new scenarios.

Be aggressive and answer red flag issues quickly and definitively. Discard the harmless customer anomalies and quickly attack any remaining red flag issues before they grow.


Conducting Efficient Anti-Money Laundering Investigations: Final Thoughts

Financial services are caught in the middle in the fight against money laundering.

Criminals are on one side as they dupe consumers and use financial institutions for fraud and money laundering. The government is on the other side as they pass more and more regulations and laws, and step up enforcement.  

Financial institutions and financial services companies are drafted by the government as the front-line soldiers in the war on money laundering. Compliance is mandatory, and non-compliance is costly. But financial non-compliance penalties aside, having a robust system for flagging suspicious activities, reviewing these alerts, and managing each resulting investigation also lends itself to good business and excellent customer service.

Running an AML compliance program is costly itself, making it extremely important to have an efficient compliance tool that reduces costs by limiting fraud losses and false positives.

It is critical to modernize your case management now more than ever. If you are ready to streamline your investigations with a highly flexible system of record for your customer risk and reviews, schedule a demo of Unit21’s case management platform to learn more.

And if you're not quite convinced, check out this short video that explains what makes Unit21 the best fit possible for AML compliance operations.

Subscribe to our Blog!

Please fill out the form below:

Related Articles

Getting started is easy

See first-hand how Unit21
can help bolster your risk & compliance operations